Report #10952 check_circle

  • Creation Date: Sept. 3, 2020, 1:41 a.m.
  • Last Update: Sept. 3, 2020, 2:02 a.m.
  • File: patched_Dropper.exe
  • Results:
Binary
DLL
False cancel
Size
233.00KB
trid
72.3% Win64 Executable
11.8% Win32 Executable
5.3% OS/2 Executable
5.2% Generic Win/DOS Executable
5.2% DOS Executable Generic
type
PE
wordsize
32
Subsystem
Windows CLI
Hashes
md5
8e61dee46ce5705a8256dc5f407b65dd
sha1
08a2df0231882053c816330f7911c899a1265ef7
crc32
0xa7d3b201
sha224
762d1c339e7f316c225a6848f798aa51a21dcb27e2557aa9d7c94110
sha256
23126e1b0ca589e7aee14795f792e0cf3f46948d577b03e5caebe80820545a04
sha384
1c31014a807d1d9bb07f03be2ff4fb218efd389035c1db6fed8262b1be4e6b34b7f734f4a931966e588ec9c59f9718fa
sha512
73d3d2eb0f89b9a139090b62e31acdd6b236faf66b7d9d53022e051b209a829758f4d401dd77b237650e30de04adac26d6f88432b758a98103641fda44583c75
ssdeep
6144:GsOvcVqlH+8oRDcf75tqB0ujlhfaR8sm:tAoq1WdwFEdjLaR8H
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
VC8_Microsoft_Corporation, domain, anti_dbg, IP, contentis_base64, Microsoft_Visual_Cpp_8, HasDebugData, IsConsole, IsPE32, HasRichSignature

Suspicious
True check_circle

Strings
List
C:\Users\Win\Documents\Visual Studio 2012\Projects\Dropper\Release\Dropper.pdb
System.IO
System.Security.Cryptography
98d30.png
98d30.png
MSVCR110.dll
@proc.exe
proc.exe
tFex256HtbePPBP.exe
tFex256HtbePPBP.exe
tFex256HtbePPBP.exe
2.0.0.0
}a%+o
milkTea
%elEP
System.Windows.Forms
mscoree.dll
get_Magenta
_crt_debugger_hook
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD4m[
<requestedPrivileges>
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
IsProcessorFeaturePresent
857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857AB1B65E80C75F28857ABB9C2880C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28F906
ResourceManager
IsDebuggerPresent
CreateProcessW
txtKillburnChoco
txtKillburnChoco
password
LoadResource
QueryPerformanceCounter
GetModuleHandleW
Binder
ComputeHash
%/#=
fprintf
HashAlgorithm
fopen
$9189263f-fcbd-42cb-929e-6a490a7d766e
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
add_PrintPage
txtKillburnChoco_Click
ComponentResourceManager
set_StartPosition
4+44494?4I4S4c4s4
MD5CryptoServiceProvider
E>7;H'X+POS
_CorExeMain
\\,WuTc80
%T*[pO6d!
+EhTP
Form1_Load
ec719.resources
ec719.resources
__crtTerminateProcess
button1_Click
button2_Click
button3_Click
set_Document
37S&G?I
timer1_Tick
set_AutoScaleMode
_commode
_initterm
get_Controls
set_ClientSize
get_ControlLightLight
get_ButtonFace
get_ControlDark
set_DisplayStyle
add_Tick
add_Load
set_Image
get_ASCII
get_Items
set_Location
txtLatte_Click
add_Click
txtCoffeCake_Click
get_NewLine
set_AutoSize
set_TabIndex
get_FileName
set_FileName
set_Icon
set_Font
set_Size
set_Name
set_Text
qinkL;tU
get_Text
set_ForeColor
set_BackColor
txtMocha_Click
set_Filter
txtValeCoffee_Click
get_Black
set_TextAlign

Foremost
Matches
0.exe, 233 KB, 61.png, 130 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: MSVCR110.dll, mscoree.dll, KERNEL32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 235520
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rdata, .data, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 6
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 6
Linker
Version: 11.0
Suspicious: False cancel
Subsystem
Version: 6.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 4951
Suspicious: False cancel

Anomalies
Anomalies: The Debug TimeDateStamp(s) and the file header TimeDateStamp do not match., The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: mscoree.dll, kernel32.dll
hasLibs: True check_circle
Suspicious: msvcr110.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2012-07-25 22:08:38
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
6304
Suspicious
True check_circle
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 71
.text: 1

pushpopmath
.rsrc: 40

garbagebytes
.rsrc: 24
.text: 1

software breakpoint
.rsrc: 1

fakeconditionaljumps
.rsrc: 2

programcontrolflowchange
.rsrc: 22
.text: 1

cpuinstructionsresultscomparison
.rsrc: 2
.rdata: 2

AVclass
remcos
1
VirusTotal
md5
8e61dee46ce5705a8256dc5f407b65dd
sha1
08a2df0231882053c816330f7911c899a1265ef7
SCANS (DETECTION RATE = 33.82%)
AVG
result: Win32:PWSX-gen [Trj]
update: 20200902
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20200902
version: 2.7.2019.1
detected: False cancel

MAX
update: 20200903
version: 2019.9.16.1
detected: False cancel

APEX
result: Malicious
update: 20200901
version: 6.66
detected: True check_circle

Bkav
update: 20200901
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20200902
version: 11.133.35146
detected: False cancel

ALYac
update: 20200902
version: 1.1.1.5
detected: False cancel

Avira
result: TR/Kryptik.hvdkh
update: 20200902
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
update: 20200902
version: 4.0.0.24
detected: False cancel

Cyren
result: W32/MSIL_Kryptik.AQG.gen!Eldorado
update: 20200902
version: 6.3.0.2
detected: True check_circle

DrWeb
result: Trojan.Siggen9.44167
update: 20200902
version: 7.0.48.8080
detected: True check_circle

GData
update: 20200902
version: A:25.26861B:27.20030
detected: False cancel

Panda
update: 20200902
version: 4.6.4.2
detected: False cancel

VBA32
result: TScope.Trojan.MSIL
update: 20200902
version: 4.4.1
detected: True check_circle

VIPRE
update: 20200902
version: 86398
detected: False cancel

Zoner
update: 20200902
version: 0.0.0.0
detected: False cancel

ClamAV
result: Win.Packed.Remcos-8070789-0
update: 20200902
version: 0.102.4.0
detected: True check_circle

Comodo
update: 20200728
version: 32668
detected: False cancel

Ikarus
result: Worm.Win32.AutoRun
update: 20200902
version: 0.1.5.2
detected: True check_circle

McAfee
result: GenericRXLE-RD!F5EFA81034D6
update: 20200902
version: 6.0.6.653
detected: True check_circle

Rising
result: Backdoor.Xtrat!1.6A25 (TFE:5:O0r80Ep3LQC)
update: 20200902
version: 25.0.0.26
detected: True check_circle

Sophos
update: 20200902
version: 4.98.0
detected: False cancel

Yandex
update: 20200901
version: 5.5.2.24
detected: False cancel

Zillya
update: 20200902
version: 2.0.0.4167
detected: False cancel

Acronis
update: 20200806
version: 1.1.1.77
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
update: 20200902
version: 1.0.0.881
detected: False cancel

Cylance
update: 20200903
version: 2.3.1.101
detected: False cancel

Elastic
result: malicious (high confidence)
update: 20200831
version: 4.0.8
detected: True check_circle

FireEye
result: Generic.mg.8e61dee46ce5705a
update: 20200903
version: 32.36.1.0
detected: True check_circle

Sangfor
update: 20200814
version: 1.0
detected: False cancel

TACHYON
update: 20200902
version: 2020-09-02.02
detected: False cancel

Tencent
update: 20200903
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20200902
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20200903
version: 1.0.0.403
detected: False cancel

eGambit
update: 20200903
detected: False cancel

Ad-Aware
update: 20200902
version: 3.0.16.117
detected: False cancel

AegisLab
update: 20200902
version: 4.2
detected: False cancel

F-Secure
result: Trojan.TR/Kryptik.hvdkh
update: 20200902
version: 12.0.86.52
detected: True check_circle

Fortinet
update: 20200902
version: 6.2.142.0
detected: False cancel

Invincea
update: 20200902
version: 1.0.1.0
detected: False cancel

Jiangmin
update: 20200902
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200903
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20200903
version: 1.0
detected: False cancel

Symantec
update: 20200902
version: 1.12.0.0
detected: False cancel

AhnLab-V3
result: Trojan/Win32.Xtrat.C3450632
update: 20200902
version: 3.18.1.10026
detected: True check_circle

Antiy-AVL
result: Trojan/Win32.Sonbokli
update: 20200902
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Backdoor.MSIL.Remcos.gen
update: 20200902
version: 15.0.1.13
detected: True check_circle

MaxSecure
result: Win.MxResIcn.Heur.Gen
update: 20200902
version: 1.0.0.1
detected: True check_circle

Microsoft
update: 20200902
version: 1.1.17400.5
detected: False cancel

Qihoo-360
update: 20200903
version: 1.0.0.1120
detected: False cancel

ZoneAlarm
result: HEUR:Backdoor.MSIL.Remcos.gen
update: 20200902
version: 1.0
detected: True check_circle

Cybereason
update: 20190616
version: 1.2.449
detected: False cancel

ESET-NOD32
result: a variant of MSIL/Kryptik.VSI
update: 20200902
version: 21926
detected: True check_circle

TrendMicro
result: TROJ_GEN.R002C0DG220
update: 20200902
version: 11.0.0.1006
detected: True check_circle

BitDefender
update: 20200902
version: 7.2
detected: False cancel

CrowdStrike
update: 20190702
version: 1.0
detected: False cancel

K7AntiVirus
update: 20200902
version: 11.133.35146
detected: False cancel

SentinelOne
update: 20200724
version: 4.4.0.0
detected: False cancel

Malwarebytes
update: 20200902
version: 3.6.4.335
detected: False cancel

TotalDefense
update: 20200902
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20200902
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Win32.Remcos.hnkppj
update: 20200902
version: 1.0.134.25140
detected: True check_circle

BitDefenderTheta
result: Gen:NN.ZexaE.34216.ouW@a4HlVSoO
update: 20200902
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
update: 20200902
version: 14.0.409.0
detected: False cancel

SUPERAntiSpyware
update: 20200828
version: 5.6.0.1032
detected: False cancel

TrendMicro-HouseCall
result: TROJ_GEN.R002C0DG220
update: 20200902
version: 10.0.0.1040
detected: True check_circle

total
68
sha256
23126e1b0ca589e7aee14795f792e0cf3f46948d577b03e5caebe80820545a04
scan_id
23126e1b0ca589e7aee14795f792e0cf3f46948d577b03e5caebe80820545a04-1599094650
resource
8e61dee46ce5705a8256dc5f407b65dd
positives
23
scan_date
2020-09-03 00:57:30
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
3/9/2020 - 1:45:42.575Unknown1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 1:45:42.575Read1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 1:45:42.575Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 1:45:42.575Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 1:45:42.575Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 1:45:42.575Open1480C:\malware.exeC:\Monitor
3/9/2020 - 1:45:42.575Unknown1480C:\malware.exeC:\Monitor
3/9/2020 - 1:45:42.575Open1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 1:45:42.575Unknown1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 1:45:42.575Open1480C:\malware.exeC:\
3/9/2020 - 1:45:42.575Unknown1480C:\malware.exeC:\
3/9/2020 - 1:45:42.575Open1480C:\malware.exeC:\Monitor
3/9/2020 - 1:45:42.575Unknown1480C:\malware.exeC:\Monitor
3/9/2020 - 1:45:42.575Open1480C:\malware.exeC:\Monitor
3/9/2020 - 1:45:42.575Unknown1480C:\malware.exeC:\Monitor
3/9/2020 - 1:45:42.575Open1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 1:45:42.575Read1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 1:45:42.575Open1480C:\malware.exeC:\Monitor\ui\SwDRM.dll
3/9/2020 - 1:45:42.575Open1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 1:45:42.575Open1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 1:45:42.575Unknown1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 1:45:42.575Open1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 1:45:42.575Unknown1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 1:45:42.575Unknown1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 1:45:42.575Read1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 1:45:42.575Read1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 1:45:42.575Unknown1480C:\malware.exeC:\Windows
3/9/2020 - 1:45:42.575Unknown1480C:\malware.exeC:\Monitor
3/9/2020 - 1:45:42.590Open1488C:\Monitor\proc.exeC:\Windows\Prefetch\PROC.EXE-5509F567.pf
3/9/2020 - 1:45:42.590Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 1:45:42.590Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:45:42.590Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:45:42.590Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:45:42.590Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:45:42.590Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:45:42.590Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:45:42.590Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 1:45:42.590Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 1:45:42.590Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 1:45:42.590Open1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 1:45:42.590Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 1:45:42.590Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 1:45:42.590Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:45:42.590Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:45:42.590Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\MSCOREE.DLL.local
3/9/2020 - 1:45:42.590Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 1:45:42.590Unknown1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 1:45:42.590Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
3/9/2020 - 1:45:42.590Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
3/9/2020 - 1:45:42.606Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:45:42.606Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:45:42.606Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:45:42.606Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:45:42.606Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:45:42.606Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:45:42.606Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.config
3/9/2020 - 1:45:42.606Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:45:42.606Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:45:42.606Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:45:42.606Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:45:42.606Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 1:45:42.606Unknown1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 1:45:42.606Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 1:45:42.606Unknown1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 1:45:42.606Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 1:45:42.606Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 1:45:42.622Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 1:45:42.637Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 1:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:45:42.637Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 1:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 1:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 1:45:42.637Open1488C:\Monitor\proc.exeC:\
3/9/2020 - 1:45:42.637Unknown1488C:\Monitor\proc.exeC:\
3/9/2020 - 1:45:42.637Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 1:45:42.637Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 1:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:45:42.637Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:45:43.934Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 1:45:43.981Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:45:43.981Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:45:43.981Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:45:43.981Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:45:43.981Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:45:43.981Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:45:43.981Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.config
3/9/2020 - 1:45:43.981Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
3/9/2020 - 1:45:43.981Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
3/9/2020 - 1:45:43.981Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
3/9/2020 - 1:45:43.981Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
3/9/2020 - 1:45:43.981Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
3/9/2020 - 1:45:43.997Open1488C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 1:45:43.997Unknown1488C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 1:45:43.997Open1488C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:45:43.997Open1488C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:45:43.997Unknown1488C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:45:43.997Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:45:43.997Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:45:43.997Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:45:43.997Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
3/9/2020 - 1:45:43.997Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
3/9/2020 - 1:45:43.997Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
3/9/2020 - 1:45:43.997Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 1:45:44.43Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:44.43Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 1:45:44.43Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:44.90Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:44.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:44.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:44.231Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:44.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:44.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:44.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:44.418Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:44.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:44.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:44.559Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:44.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:44.653Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:44.700Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:44.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:44.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:44.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:44.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:44.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:44.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:45.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:45.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:45.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:45.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:45.215Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:45.262Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:45.309Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:45.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:45.403Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:45.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:45.543Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:45.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:45.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:45.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:45.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:45.872Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:45:45.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:45:45.965Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:45:45.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:46.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:46.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:46.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:46.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:46.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:46.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:46.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:46.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:46.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:46.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:46.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:46.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:46.668Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:45:46.668Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:45:46.668Open1488C:\Monitor\proc.exeC:\
3/9/2020 - 1:45:46.668Unknown1488C:\Monitor\proc.exeC:\
3/9/2020 - 1:45:46.668Open1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 1:45:46.668Unknown1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 1:45:46.668Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:45:46.668Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:45:46.668Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
3/9/2020 - 1:45:46.668Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 1:45:46.668Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 1:45:46.668Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 1:45:46.668Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 1:45:46.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:46.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:46.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:46.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:46.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:46.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:46.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:46.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:46.715Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 1:45:46.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:46.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:46.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:46.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:46.715Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 1:45:46.715Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 1:45:46.715Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.config
3/9/2020 - 1:45:46.715Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:45:46.715Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:45:46.715Open1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 1:45:46.715Unknown1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 1:45:46.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:46.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:46.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:46.731Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:45:46.731Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:45:46.731Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 1:45:46.731Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 1:45:46.731Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 1:45:46.747Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 1:45:46.747Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:45:46.747Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:45:46.747Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:45:46.747Open1488C:\Monitor\proc.exeC:\Windows\assembly\pubpol4.dat
3/9/2020 - 1:45:46.747Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
3/9/2020 - 1:45:46.747Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 1:45:46.747Unknown1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:45:46.747Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 1:45:46.747Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:45:46.747Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:45:46.747Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:45:46.747Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:45:46.747Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:45:46.747Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 1:45:46.747Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:46.747Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 1:45:46.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:46.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:46.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:46.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:46.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:46.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:46.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:46.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:46.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:46.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:46.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:46.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:46.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:46.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:46.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:46.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:46.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:46.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:46.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:46.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:46.809Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:46.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:46.903Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:46.950Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 1:45:47.90Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:47.90Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 1:45:47.90Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:47.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:47.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:47.231Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:47.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:47.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:47.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:47.418Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:47.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:47.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:47.559Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 1:45:47.700Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:47.700Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 1:45:47.700Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:47.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:47.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:47.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:47.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:47.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:48.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:48.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:48.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:48.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:48.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:48.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:48.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:48.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:48.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:48.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:48.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:48.528Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:48.575Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:48.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:48.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:48.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:48.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:48.809Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:48.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:48.903Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:48.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:48.997Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:49.43Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:49.90Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:49.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:49.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:49.231Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:49.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:49.325Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:45:49.559Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:45:49.559Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:50.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:50.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:50.215Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:45:50.309Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:45:50.309Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:50.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:50.403Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:50.450Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:50.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:50.543Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:50.590Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 1:45:50.684Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 1:45:50.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:50.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:50.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:50.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:50.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:50.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:50.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:51.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:51.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:51.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:51.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:51.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:51.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:51.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:51.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:51.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:51.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:51.528Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:51.575Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:51.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:51.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:51.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:51.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:51.809Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:51.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:51.903Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:51.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:51.997Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:52.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:52.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:52.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:52.418Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:52.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:52.543Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:52.590Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:52.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:52.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:52.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:52.778Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
3/9/2020 - 1:45:52.825Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
3/9/2020 - 1:45:52.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 1:45:52.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 1:45:52.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 1:45:53.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 1:45:53.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:53.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:53.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:53.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:53.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:53.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:53.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:53.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:53.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:53.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:53.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:53.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:53.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:53.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:53.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:53.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:53.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:53.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:53.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:53.75Open1488C:\Monitor\proc.exeC:\Windows\Globalization\pt-br.nlp
3/9/2020 - 1:45:53.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:53.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:53.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:53.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:53.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:53.215Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:45:53.262Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:53.309Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:53.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:53.403Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:53.450Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:53.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:53.543Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:53.590Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:53.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:53.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:53.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:53.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:53.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:53.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:53.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:54.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:54.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:54.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:54.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:54.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:54.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:54.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:54.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:54.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:54.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:54.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:54.528Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:54.575Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:54.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:54.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:54.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:54.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:54.809Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:54.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:54.903Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:54.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:54.997Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:55.43Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:55.90Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:55.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:55.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:55.231Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:55.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:55.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:55.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:55.418Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:55.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:55.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:55.559Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:55.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:55.653Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:55.700Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:55.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:55.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:55.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:55.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:55.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:55.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:56.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:56.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:56.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:56.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:56.262Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:56.309Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:56.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:56.403Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:56.450Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:56.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:56.543Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:56.590Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:56.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:45:56.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:56.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:56.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:56.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:56.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:45:56.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:56.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:57.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:57.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:57.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:57.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:57.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:57.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:57.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:57.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:57.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:57.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:57.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:57.528Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:57.575Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:57.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:57.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:57.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:57.762Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 1:45:57.762Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 1:45:57.903Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 1:45:57.903Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 1:45:57.950Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:45:57.950Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 1:45:57.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:45:57.997Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:45:58.43Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:45:58.90Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:45:58.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:45:58.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:45:58.231Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:45:58.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:45:58.325Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 1:45:58.325Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 1:45:58.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:45:58.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:45:58.418Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:45:58.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:45:58.512Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 1:45:58.512Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 1:45:58.512Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:45:58.512Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 1:45:58.512Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:45:58.512Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:45:58.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:45:58.559Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
3/9/2020 - 1:45:58.559Open1488C:\Monitor\proc.exeC:\Monitor\VERSION.dll
3/9/2020 - 1:45:58.559Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 1:45:58.559Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 1:45:58.559Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 1:45:58.559Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:45:58.559Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:45:58.606Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 1:45:58.606Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:45:58.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:45:58.653Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:58.700Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:58.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:58.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:58.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:58.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:58.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:58.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:59.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:59.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:59.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:59.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:59.215Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:59.262Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:45:59.262Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
3/9/2020 - 1:45:59.262Open1488C:\Monitor\proc.exeC:\Monitor\bcrypt.dll
3/9/2020 - 1:45:59.262Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 1:45:59.262Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 1:45:59.309Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:59.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:59.450Open1488C:\Monitor\proc.exeC:\Monitor\CRYPTSP.dll
3/9/2020 - 1:45:59.450Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 1:45:59.450Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 1:45:59.450Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:45:59.450Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:45:59.450Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:45:59.450Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:45:59.450Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:45:59.450Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:45:59.450Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:45:59.450Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:45:59.450Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:45:59.450Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:45:59.450Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:45:59.450Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:45:59.450Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:59.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:59.543Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:59.590Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:59.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:59.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:59.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:59.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:59.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:59.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:45:59.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:0.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:0.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:0.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:0.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:0.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:0.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:0.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:0.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:0.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:0.528Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:0.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:0.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:0.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:0.997Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:1.43Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:1.90Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:1.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:1.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:1.231Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:1.278Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:46:1.278Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:46:1.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:1.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:1.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:1.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:1.559Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:1.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:1.653Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:1.700Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:1.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:1.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:1.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:1.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:1.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:1.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:2.28Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
3/9/2020 - 1:46:2.28Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 1:46:2.28Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 1:46:2.28Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 1:46:2.28Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 1:46:2.28Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 1:46:2.75Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 1:46:2.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:46:2.75Open1488C:\Monitor\proc.exeC:\Monitor\WindowsCodecs.dll
3/9/2020 - 1:46:2.75Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 1:46:2.75Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 1:46:2.75Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 1:46:2.75Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 1:46:2.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:2.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:46:2.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:2.231Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:46:2.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:2.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:2.418Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:2.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:2.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:2.559Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:2.653Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:2.700Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:2.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:2.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:2.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:2.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:2.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:3.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:3.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:3.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:3.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:3.215Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:3.262Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:3.309Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:3.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:3.450Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:3.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:3.543Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:3.590Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:3.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:46:3.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:3.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:3.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:3.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:3.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:3.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:3.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:4.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:4.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:4.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:4.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:4.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:4.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:4.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:4.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:4.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:4.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:4.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:4.528Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:4.575Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:4.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:4.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:4.715Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:46:4.715Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 1:46:4.856Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 1:46:4.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:4.997Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:5.43Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:5.90Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.config
3/9/2020 - 1:46:5.90Open1488C:\Monitor\proc.exeC:\Monitor\pt-BR\ReZer0V2.resources.dll
3/9/2020 - 1:46:5.90Open1488C:\Monitor\proc.exeC:\Monitor\pt-BR\ReZer0V2.resources\ReZer0V2.resources.dll
3/9/2020 - 1:46:5.90Open1488C:\Monitor\proc.exeC:\Monitor\pt-BR\ReZer0V2.resources.exe
3/9/2020 - 1:46:5.90Open1488C:\Monitor\proc.exeC:\Monitor\pt-BR\ReZer0V2.resources\ReZer0V2.resources.exe
3/9/2020 - 1:46:5.137Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 1:46:5.137Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 1:46:5.325Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 1:46:5.325Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 1:46:5.325Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:5.340Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:5.340Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:5.340Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:5.340Unknown1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/9/2020 - 1:46:5.340Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 1:46:5.340Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 1:46:5.340Open1488C:\Monitor\proc.exeC:\Windows\Globalization\pt.nlp
3/9/2020 - 1:46:5.340Open1488C:\Monitor\proc.exeC:\Monitor\pt\ReZer0V2.resources.dll
3/9/2020 - 1:46:5.340Open1488C:\Monitor\proc.exeC:\Monitor\pt\ReZer0V2.resources\ReZer0V2.resources.dll
3/9/2020 - 1:46:5.340Open1488C:\Monitor\proc.exeC:\Monitor\pt\ReZer0V2.resources.exe
3/9/2020 - 1:46:5.340Open1488C:\Monitor\proc.exeC:\Monitor\pt\ReZer0V2.resources\ReZer0V2.resources.exe
3/9/2020 - 1:46:5.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:46:5.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:46:5.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:5.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:5.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:5.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:5.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:5.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:5.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:46:5.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:46:5.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:5.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:5.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:5.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:5.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:5.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:5.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:5.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:5.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:5.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:5.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:5.372Open1488C:\Monitor\proc.exeC:\Windows\Globalization\en-us.nlp
3/9/2020 - 1:46:5.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:5.372Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 1:46:5.372Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 1:46:5.372Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 1:46:5.372Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 1:46:5.387Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 1:46:5.387Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 1:46:5.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 1:46:5.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 1:46:5.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 1:46:5.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 1:46:5.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 1:46:5.387Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 1:46:5.387Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 1:46:5.387Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 1:46:5.387Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 1:46:5.387Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 1:46:5.387Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 1:46:5.387Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 1:46:5.387Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 1:46:5.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 1:46:15.418Open1488C:\Monitor\proc.exeC:\Monitor\shfolder.dll
3/9/2020 - 1:46:15.418Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\shfolder.dll
3/9/2020 - 1:46:15.418Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\shfolder.dll
3/9/2020 - 1:46:15.653Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 1:46:15.653Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:15.700Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:15.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:15.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:15.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:15.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:15.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:15.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:16.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:16.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:16.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:16.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:16.215Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:16.262Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:16.309Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:16.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:16.403Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:16.450Open1488C:\Monitor\proc.exeC:\Monitor\ntmarta.dll
3/9/2020 - 1:46:16.450Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ntmarta.dll
3/9/2020 - 1:46:16.450Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ntmarta.dll
3/9/2020 - 1:46:16.450Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 1:46:16.450Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 1:46:16.450Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:16.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:16.543Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:16.590Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:46:16.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:16.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:46:16.731Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:46:16.731Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:46:16.731Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:46:16.731Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 1:46:16.731Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 1:46:16.731Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 1:46:16.731Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:46:16.731Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 1:46:16.731Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 1:46:16.731Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:46:16.731Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:46:16.731Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 1:46:16.731Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 1:46:16.731Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 1:46:16.778Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 1:46:16.778Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 1:46:16.778Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 1:46:16.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:16.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:16.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:16.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:16.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:17.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:17.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:17.153Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 1:46:17.153Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:46:17.153Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:46:17.153Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 1:46:17.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:17.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:17.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:17.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:17.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:17.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:17.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:17.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:17.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:17.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:17.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:17.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:17.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:17.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:17.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:17.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:17.168Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 1:46:17.168Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 1:46:17.168Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp871F.tmp
3/9/2020 - 1:46:17.168Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp871F.tmp
3/9/2020 - 1:46:17.168Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp871F.tmp
3/9/2020 - 1:46:17.168Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp871F.tmp
3/9/2020 - 1:46:17.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:17.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:17.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:17.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:17.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:17.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:17.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:17.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:17.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:17.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:17.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:17.168Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll
3/9/2020 - 1:46:17.168Open1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 1:46:17.168Unknown1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 1:46:17.168Open1488C:\Monitor\proc.exeC:\Monitor\PROPSYS.dll
3/9/2020 - 1:46:17.168Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 1:46:17.168Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 1:46:17.168Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 1:46:17.168Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 1:46:17.168Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 1:46:17.168Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 1:46:17.168Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 1:46:17.168Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 1:46:17.168Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 1:46:17.184Open1488C:\Monitor\proc.exeC:\Windows\WindowsShell.Manifest
3/9/2020 - 1:46:17.184Unknown1488C:\Monitor\proc.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
3/9/2020 - 1:46:17.184Open1488C:\Monitor\proc.exeC:\Monitor\apphelp.dll
3/9/2020 - 1:46:17.184Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 1:46:17.184Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 1:46:17.184Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 1:46:17.184Open1488C:\Monitor\proc.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 1:46:17.184Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:17.184Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:17.184Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 1:46:17.184Open1488C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:17.184Unknown1488C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:17.184Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 1:46:17.184Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 1:46:17.184Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:17.184Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:17.184Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:17.184Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:17.184Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 1:46:17.184Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 1:46:17.247Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 1:46:17.247Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 1:46:17.247Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 1:46:17.247Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 1:46:17.247Read1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 1:46:17.247Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 1:46:17.247Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 1:46:17.247Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 1:46:17.247Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 1:46:17.262Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 1:46:17.262Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 1:46:17.262Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 1:46:17.262Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 1:46:17.262Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 1:46:17.262Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 1:46:17.262Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 1:46:17.262Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 1:46:17.262Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 1:46:17.262Open1488C:\Monitor\proc.exeC:\Monitor\schtasks.exe
3/9/2020 - 1:46:17.262Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:17.262Open1488C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:17.262Unknown1488C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:17.278Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 1:46:17.278Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 1:46:17.278Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:17.278Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:17.325Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 1:46:17.325Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 1:46:17.325Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 1:46:17.325Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 1:46:17.340Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
3/9/2020 - 1:46:17.340Open1488C:\Monitor\proc.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 1:46:17.340Read1488C:\Monitor\proc.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 1:46:17.340Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 1:46:17.340Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 1:46:17.340Open1488C:\Monitor\proc.exeC:\Windows\System32\propsys.dll
3/9/2020 - 1:46:17.340Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 1:46:17.340Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 1:46:17.340Open1488C:\Monitor\proc.exeC:\Windows\System32\propsys.dll
3/9/2020 - 1:46:17.434Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\urlmon.dll
3/9/2020 - 1:46:17.434Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\urlmon.dll
3/9/2020 - 1:46:17.434Open1488C:\Monitor\proc.exeC:\Monitor\Secur32.dll
3/9/2020 - 1:46:17.434Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 1:46:17.434Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 1:46:17.434Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 1:46:17.434Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 1:46:17.434Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:17.434Open1488C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:17.434Unknown1488C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:17.434Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 1:46:17.434Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 1:46:17.434Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:17.434Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:17.434Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:17.434Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:17.434Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:17.434Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 1:46:17.434Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 1:46:17.434Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:17.434Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:17.434Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:17.434Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe:Zone.Identifier
3/9/2020 - 1:46:17.434Open1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 1:46:17.434Unknown1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 1:46:17.434Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:17.637Open1488C:\Monitor\proc.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 1:46:17.637Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:17.637Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:17.637Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:17.637Open1488C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:17.637Unknown1488C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:17.637Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 1:46:17.637Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 1:46:17.637Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:17.637Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:17.637Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:17.637Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:17.637Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:17.637Read1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:17.637Read1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:17.637Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ui\SwDRM.dll
3/9/2020 - 1:46:17.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:17.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:17.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:17.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:17.700Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\Prefetch\SCHTASKS.EXE-AD598958.pf
3/9/2020 - 1:46:17.700Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 1:46:17.700Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:17.700Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:17.700Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:17.700Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:17.700Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:17.700Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:17.700Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 1:46:17.700Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 1:46:17.700Unknown532C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 1:46:17.700Open532C:\Windows\SysWOW64\schtasks.exeC:\Monitor
3/9/2020 - 1:46:17.778Open1488C:\Monitor\proc.exeC:\Monitor\RpcRtRemote.dll
3/9/2020 - 1:46:17.778Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\RpcRtRemote.dll
3/9/2020 - 1:46:17.778Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
3/9/2020 - 1:46:17.778Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\RpcRtRemote.dll
3/9/2020 - 1:46:17.778Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
3/9/2020 - 1:46:17.934Read532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:17.934Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:17.934Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:17.934Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 1:46:17.950Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 1:46:17.950Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:17.950Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:17.950Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:17.950Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:17.950Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:17.950Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:17.950Read532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:17.997Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 1:46:17.997Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 1:46:17.997Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:17.997Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:17.997Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 1:46:17.997Unknown532C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 1:46:17.997Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:17.997Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:17.997Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 1:46:17.997Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 1:46:17.997Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 1:46:17.997Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 1:46:18.137Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 1:46:18.137Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 1:46:18.231Open532C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmp871F.tmp
3/9/2020 - 1:46:18.231Read532C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmp871F.tmp
3/9/2020 - 1:46:18.231Read532C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmp871F.tmp
3/9/2020 - 1:46:19.637Unknown532C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 1:46:19.637Unknown532C:\Windows\SysWOW64\schtasks.exeC:\Monitor
3/9/2020 - 1:46:19.684Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp871F.tmp
3/9/2020 - 1:46:19.684Open1488C:\Monitor\proc.exeC:\Monitor\Files\DeletedFiles
3/9/2020 - 1:46:19.684Delete1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp871F.tmp
3/9/2020 - 1:46:19.684Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp871F.tmp
3/9/2020 - 1:46:19.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:19.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:19.778Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:46:19.778Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:46:19.778Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:46:19.778Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:46:19.778Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:46:19.778Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:46:19.778Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:46:19.778Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:46:19.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exeC:\Windows\Prefetch\PROC.EXE-5509F567.pf
3/9/2020 - 1:46:19.825Read2264C:\Monitor\proc.exeC:\Windows\Prefetch\PROC.EXE-5509F567.pfPROC.EXE-5509F567.pf
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exe\Device\HarddiskVolume2
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exeC:\Users
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Users
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Users
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exeC:\Windows
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Windows
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Windows
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exeC:\Windows\assembly
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Windows\assembly
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Windows\assembly
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exeC:\Windows\assembly\GAC_32
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Windows\assembly\GAC_32
3/9/2020 - 1:46:19.825Read2264C:\Monitor\proc.exeC:\Windows\assembly\GAC_32
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Windows\assembly\GAC_32
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 1:46:19.825Read2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exeC:\Windows\Globalization
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Windows\Globalization
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Windows\Globalization
3/9/2020 - 1:46:19.825Open2264C:\Monitor\proc.exeC:\Windows\Globalization\Sorting
3/9/2020 - 1:46:19.825Unknown2264C:\Monitor\proc.exeC:\Windows\Globalization\Sorting
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\Globalization\Sorting
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\Microsoft.NET
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\Microsoft.NET
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\Microsoft.NET
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\System32
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\System32
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\System32
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\System32\user32.dll
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\System32\user32.dll
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\System32\apisetschema.dll
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\KernelBase.dll
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\System32\locale.nls
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\System32\locale.nls
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptbase.dll
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[2].XML
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[7].XML
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 1:46:19.840Unknown2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:19.840Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[2].XML
3/9/2020 - 1:46:19.856Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
3/9/2020 - 1:46:19.856Open2264C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:46:19.856Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
3/9/2020 - 1:46:19.856Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
3/9/2020 - 1:46:19.856Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].png
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
3/9/2020 - 1:46:19.856Open2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:46:19.856Open2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:19.856Open2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:46:19.856Open2264C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 1:46:19.856Read2264C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 1:46:19.856Read2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:19.856Read2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:46:19.856Read2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:19.856Read2264C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:46:19.856Read2264C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 1:46:19.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\System32\locale.nls
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:46:19.856Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[7].XML
3/9/2020 - 1:46:19.856Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
3/9/2020 - 1:46:19.856Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
3/9/2020 - 1:46:19.856Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
3/9/2020 - 1:46:19.856Read2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\System32\user32.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
3/9/2020 - 1:46:19.856Unknown2264C:\Monitor\proc.exe\Device\HarddiskVolume2
3/9/2020 - 1:46:19.856Open2264C:\Monitor\proc.exeC:\Windows
3/9/2020 - 1:46:19.856Open2264C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:19.856Open2264C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:19.856Open2264C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:19.856Open2264C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:19.856Open2264C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:19.856Open2264C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:19.856Open2264C:\Monitor\proc.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 1:46:19.872Open2264C:\Monitor\proc.exeC:\Windows
3/9/2020 - 1:46:19.872Unknown2264C:\Monitor\proc.exeC:\Windows
3/9/2020 - 1:46:19.872Open2264C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 1:46:19.872Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:19.872Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:19.872Open2264C:\Monitor\proc.exeC:\Monitor\MSVCP60.dll
3/9/2020 - 1:46:19.872Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\msvcp60.dll
3/9/2020 - 1:46:19.872Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\msvcp60.dll
3/9/2020 - 1:46:19.872Open2264C:\Monitor\proc.exeC:\Monitor\WINMM.dll
3/9/2020 - 1:46:19.872Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\winmm.dll
3/9/2020 - 1:46:19.872Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\winmm.dll
3/9/2020 - 1:46:19.872Open2264C:\Monitor\proc.exeC:\Monitor\version.DLL
3/9/2020 - 1:46:19.872Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 1:46:19.872Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 1:46:19.872Open2264C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 1:46:19.872Open2264C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 1:46:19.872Unknown2264C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 1:46:19.872Open2264C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 1:46:19.872Open2264C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 1:46:19.887Open2264C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 1:46:19.887Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:19.887Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:19.887Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:19.887Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:19.887Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:19.887Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:19.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:19.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:46:19.887Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:46:19.887Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:46:19.887Open2264C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:19.887Unknown2264C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:19.887Open2264C:\Monitor\proc.exeC:\Users
3/9/2020 - 1:46:19.887Unknown2264C:\Monitor\proc.exeC:\Users
3/9/2020 - 1:46:19.887Open2264C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:46:19.887Unknown2264C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:46:19.887Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:19.887Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:19.887Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 1:46:19.887Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 1:46:19.887Open2264C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:46:19.887Unknown2264C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:46:19.887Open2264C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:46:19.887Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:19.887Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:19.887Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:19.887Read2264C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:46:19.887Write2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:19.887Write2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:19.887Read2264C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:46:19.903Read2264C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 1:46:19.903Write2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:19.903Write2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:19.903Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:19.903Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:19.903Write2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:19.903Open2264C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 1:46:19.903Unknown2264C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 1:46:19.903Open2264C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 1:46:19.903Unknown2264C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 1:46:19.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:19.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:19.965Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 1:46:19.965Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 1:46:19.965Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 1:46:19.965Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 1:46:19.965Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:19.965Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:19.965Open2264C:\Monitor\proc.exeC:\Monitor\PROPSYS.dll
3/9/2020 - 1:46:19.965Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 1:46:19.965Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 1:46:19.965Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 1:46:19.965Open2264C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 1:46:19.965Open2264C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 1:46:19.965Unknown2264C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 1:46:19.965Open2264C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 1:46:19.965Open2264C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 1:46:19.965Open2264C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 1:46:19.965Open2264C:\Monitor\proc.exeC:\Windows\WindowsShell.Manifest
3/9/2020 - 1:46:19.965Unknown2264C:\Monitor\proc.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
3/9/2020 - 1:46:19.965Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 1:46:19.965Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 1:46:19.981Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 1:46:19.981Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 1:46:19.981Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
3/9/2020 - 1:46:19.981Open2264C:\Monitor\proc.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 1:46:19.981Read2264C:\Monitor\proc.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 1:46:19.981Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 1:46:19.981Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 1:46:19.981Open2264C:\Monitor\proc.exeC:\Windows\System32\propsys.dll
3/9/2020 - 1:46:19.981Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 1:46:19.981Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 1:46:19.981Open2264C:\Monitor\proc.exeC:\Windows\System32\propsys.dll
3/9/2020 - 1:46:19.981Open2264C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:19.981Unknown2264C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\Users\desktop.ini
3/9/2020 - 1:46:19.997Read2264C:\Monitor\proc.exeC:\Users\desktop.ini
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\Users
3/9/2020 - 1:46:19.997Unknown2264C:\Monitor\proc.exeC:\Users
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:46:19.997Unknown2264C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\Users\Behemot\Searches\desktop.ini
3/9/2020 - 1:46:19.997Read2264C:\Monitor\proc.exeC:\Users\Behemot\Searches\desktop.ini
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:19.997Unknown2264C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\Users
3/9/2020 - 1:46:19.997Unknown2264C:\Monitor\proc.exeC:\Users
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:46:19.997Unknown2264C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\Users\Behemot\Videos\desktop.ini
3/9/2020 - 1:46:19.997Read2264C:\Monitor\proc.exeC:\Users\Behemot\Videos\desktop.ini
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:19.997Unknown2264C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\Users
3/9/2020 - 1:46:19.997Unknown2264C:\Monitor\proc.exeC:\Users
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:46:19.997Unknown2264C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\Users\Behemot\Pictures\desktop.ini
3/9/2020 - 1:46:19.997Read2264C:\Monitor\proc.exeC:\Users\Behemot\Pictures\desktop.ini
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:19.997Unknown2264C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\Users
3/9/2020 - 1:46:19.997Unknown2264C:\Monitor\proc.exeC:\Users
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:46:19.997Unknown2264C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:19.997Unknown2264C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\Users
3/9/2020 - 1:46:19.997Unknown2264C:\Monitor\proc.exeC:\Users
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:46:19.997Unknown2264C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\Users\Behemot\Contacts\desktop.ini
3/9/2020 - 1:46:19.997Read2264C:\Monitor\proc.exeC:\Users\Behemot\Contacts\desktop.ini
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:19.997Unknown2264C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\Users
3/9/2020 - 1:46:19.997Unknown2264C:\Monitor\proc.exeC:\Users
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:46:19.997Unknown2264C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\Users\Behemot\Favorites\desktop.ini
3/9/2020 - 1:46:19.997Read2264C:\Monitor\proc.exeC:\Users\Behemot\Favorites\desktop.ini
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:19.997Unknown2264C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\Users
3/9/2020 - 1:46:19.997Unknown2264C:\Monitor\proc.exeC:\Users
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:46:19.997Unknown2264C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\Users\Behemot\Music\desktop.ini
3/9/2020 - 1:46:19.997Read2264C:\Monitor\proc.exeC:\Users\Behemot\Music\desktop.ini
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:19.997Unknown2264C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\Users
3/9/2020 - 1:46:19.997Unknown2264C:\Monitor\proc.exeC:\Users
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:46:19.997Unknown2264C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\Users\Behemot\Downloads\desktop.ini
3/9/2020 - 1:46:19.997Read2264C:\Monitor\proc.exeC:\Users\Behemot\Downloads\desktop.ini
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:19.997Unknown2264C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\Users
3/9/2020 - 1:46:19.997Unknown2264C:\Monitor\proc.exeC:\Users
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:46:19.997Unknown2264C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\Users\Behemot\Documents\desktop.ini
3/9/2020 - 1:46:19.997Read2264C:\Monitor\proc.exeC:\Users\Behemot\Documents\desktop.ini
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:19.997Unknown2264C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\Users
3/9/2020 - 1:46:19.997Unknown2264C:\Monitor\proc.exeC:\Users
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:46:19.997Unknown2264C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\Users\Behemot\Links\desktop.ini
3/9/2020 - 1:46:19.997Read2264C:\Monitor\proc.exeC:\Users\Behemot\Links\desktop.ini
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:19.997Unknown2264C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\Users
3/9/2020 - 1:46:19.997Unknown2264C:\Monitor\proc.exeC:\Users
3/9/2020 - 1:46:19.997Open2264C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:46:20.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:20.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:20.59Unknown2264C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:46:20.59Open2264C:\Monitor\proc.exeC:\Users\Behemot\Saved Games\desktop.ini
3/9/2020 - 1:46:20.59Read2264C:\Monitor\proc.exeC:\Users\Behemot\Saved Games\desktop.ini
3/9/2020 - 1:46:20.59Open2264C:\Monitor\proc.exeC:\Monitor\apphelp.dll
3/9/2020 - 1:46:20.59Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 1:46:20.59Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 1:46:20.59Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 1:46:20.59Open2264C:\Monitor\proc.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 1:46:20.59Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:20.59Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:20.59Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 1:46:20.59Open2264C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:20.59Unknown2264C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:20.59Open2264C:\Monitor\proc.exeC:\Windows
3/9/2020 - 1:46:20.59Unknown2264C:\Monitor\proc.exeC:\Windows
3/9/2020 - 1:46:20.59Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:20.59Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:20.59Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:20.59Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:20.59Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 1:46:20.59Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 1:46:20.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:20.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:20.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:20.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:20.200Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
3/9/2020 - 1:46:20.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:20.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:46:20.247Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 1:46:20.247Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 1:46:20.247Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 1:46:20.247Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 1:46:20.247Read2264C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 1:46:20.247Read2264C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 1:46:20.262Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 1:46:20.262Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 1:46:20.262Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 1:46:20.262Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 1:46:20.262Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 1:46:20.262Open2264C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:46:20.262Unknown2264C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:46:20.262Open2264C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:20.262Unknown2264C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:20.262Open2264C:\Monitor\proc.exeC:\Users
3/9/2020 - 1:46:20.262Unknown2264C:\Monitor\proc.exeC:\Users
3/9/2020 - 1:46:20.262Open2264C:\Monitor\proc.exeC:\Monitor\Secur32.dll
3/9/2020 - 1:46:20.262Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 1:46:20.262Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 1:46:20.278Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 1:46:20.278Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 1:46:20.278Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 1:46:20.278Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 1:46:20.278Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:20.278Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:20.278Open2264C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:20.278Unknown2264C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:20.278Open2264C:\Monitor\proc.exeC:\Users
3/9/2020 - 1:46:20.278Unknown2264C:\Monitor\proc.exeC:\Users
3/9/2020 - 1:46:20.278Open2264C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:46:20.278Unknown2264C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:46:20.278Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:20.278Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:20.278Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 1:46:20.278Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 1:46:20.278Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 1:46:20.278Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 1:46:20.278Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:20.278Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:20.278Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 1:46:20.278Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 1:46:20.278Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 1:46:20.278Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 1:46:20.278Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:20.278Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:20.278Open2264C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:46:20.278Unknown2264C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 1:46:20.278Open2264C:\Monitor\proc.exeC:\Users
3/9/2020 - 1:46:20.278Unknown2264C:\Monitor\proc.exeC:\Users
3/9/2020 - 1:46:20.278Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:20.278Open2264C:\Monitor\proc.exeC:\Monitor\api-ms-win-downlevel-advapi32-l2-1-0.dll
3/9/2020 - 1:46:20.278Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
3/9/2020 - 1:46:20.278Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
3/9/2020 - 1:46:20.278Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
3/9/2020 - 1:46:20.278Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
3/9/2020 - 1:46:20.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:46:20.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:46:20.325Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.1488.1115515
3/9/2020 - 1:46:20.325Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.1488.1115515
3/9/2020 - 1:46:20.325Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.1488.1115531
3/9/2020 - 1:46:20.325Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 1:46:20.325Read1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 1:46:20.325Read1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 1:46:20.340Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 1:46:20.340Unknown1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 1:46:20.340Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:20.340Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:20.340Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 1:46:20.340Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 1:46:20.403Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:20.403Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:20.403Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:20.403Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:20.403Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:20.403Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs:Zone.Identifier
3/9/2020 - 1:46:20.403Open2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:20.403Read2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:20.403Read2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:20.403Unknown2264C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:20.403Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:20.403Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:20.403Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:20.403Open2264C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 1:46:20.403Unknown2264C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 1:46:20.403Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:20.403Open2264C:\Monitor\proc.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 1:46:20.403Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:20.403Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:20.403Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:20.403Open2264C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:20.403Unknown2264C:\Monitor\proc.exeC:\
3/9/2020 - 1:46:20.403Open2264C:\Monitor\proc.exeC:\Windows
3/9/2020 - 1:46:20.403Unknown2264C:\Monitor\proc.exeC:\Windows
3/9/2020 - 1:46:20.403Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:20.403Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:20.403Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:20.403Unknown2264C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:20.403Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:20.403Read2264C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:20.403Read2264C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:20.403Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\ui\SwDRM.dll
3/9/2020 - 1:46:20.418Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:20.418Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:20.418Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:20.418Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\en\WScript.exe.mui
3/9/2020 - 1:46:20.418Open2264C:\Monitor\proc.exeC:\Windows\System32\en\WScript.exe.mui
3/9/2020 - 1:46:20.418Open2264C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:20.418Unknown2264C:\Monitor\proc.exeC:\Windows
3/9/2020 - 1:46:20.418Unknown2264C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 1:46:20.418Unknown2264C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 1:46:20.418Unknown2264C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 1:46:20.481Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\Prefetch\WSCRIPT.EXE-9093C9D0.pf
3/9/2020 - 1:46:20.481Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 1:46:20.481Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:20.481Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:20.481Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:20.481Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:20.481Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:20.481Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:20.481Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 1:46:20.481Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 1:46:20.481Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 1:46:20.481Open1592C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 1:46:20.497Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:20.497Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:20.497Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 1:46:20.497Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 1:46:20.497Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:20.497Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:20.497Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:20.497Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:20.497Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:20.497Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:20.512Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 1:46:20.512Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 1:46:20.512Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 1:46:20.512Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 1:46:20.653Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:20.653Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:20.653Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:20.653Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:20.653Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:20.653Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:20.653Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:20.653Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 1:46:20.653Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 1:46:20.653Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:20.653Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:20.653Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:20.653Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:20.653Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:20.653Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:20.653Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:20.653Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:20.653Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:20.653Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:20.653Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:20.653Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:20.653Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:20.653Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\sxs.dll
3/9/2020 - 1:46:20.653Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\sxs.dll
3/9/2020 - 1:46:20.700Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\dwmapi.dll
3/9/2020 - 1:46:20.700Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\dwmapi.dll
3/9/2020 - 1:46:20.700Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\vbscript.dll
3/9/2020 - 1:46:20.700Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\vbscript.dll
3/9/2020 - 1:46:20.700Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:20.700Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:20.700Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 1:46:20.700Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 1:46:20.700Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:20.700Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:20.700Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:20.700Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:20.700Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:20.700Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:20.700Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:20.700Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:20.700Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 1:46:20.700Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 1:46:20.700Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 1:46:20.700Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 1:46:20.700Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 1:46:20.700Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 1:46:20.700Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 1:46:20.700Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 1:46:20.700Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 1:46:20.700Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 1:46:20.700Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 1:46:20.700Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 1:46:20.700Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 1:46:20.700Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 1:46:20.700Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 1:46:20.700Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 1:46:20.700Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 1:46:20.700Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:20.715Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:20.715Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:20.715Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:20.715Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 1:46:20.715Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 1:46:20.715Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 1:46:20.715Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 1:46:20.715Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 1:46:20.715Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 1:46:20.715Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 1:46:20.715Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 1:46:20.715Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:20.715Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 1:46:20.715Unknown1592C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 1:46:20.715Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 1:46:20.715Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:20.715Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 1:46:20.715Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 1:46:20.715Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 1:46:20.715Read1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:20.715Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:20.731Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\msisip.dll
3/9/2020 - 1:46:20.731Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\msisip.dll
3/9/2020 - 1:46:20.731Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:20.731Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:20.731Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:20.731Read1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:20.731Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:20.731Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshext.dll
3/9/2020 - 1:46:20.731Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshext.dll
3/9/2020 - 1:46:20.731Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\WScript.exe.Local
3/9/2020 - 1:46:20.731Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
3/9/2020 - 1:46:20.731Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
3/9/2020 - 1:46:20.731Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
3/9/2020 - 1:46:20.731Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
3/9/2020 - 1:46:20.731Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
3/9/2020 - 1:46:21.28Read1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:21.28Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrobj.dll
3/9/2020 - 1:46:21.75Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrobj.dll
3/9/2020 - 1:46:21.450Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\mlang.dll
3/9/2020 - 1:46:21.450Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\mlang.dll
3/9/2020 - 1:46:21.497Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:22.747Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 1:46:22.747Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 1:46:23.75Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 1:46:23.75Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 1:46:23.75Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 1:46:23.75Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\mpr.dll
3/9/2020 - 1:46:23.75Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\mpr.dll
3/9/2020 - 1:46:23.75Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 1:46:23.75Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 1:46:23.75Open1592C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 1:46:23.75Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 1:46:23.137Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 1:46:23.137Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 1:46:23.137Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 1:46:23.137Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\WScript.exe.Local
3/9/2020 - 1:46:23.137Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 1:46:23.137Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 1:46:23.137Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 1:46:23.137Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 1:46:23.137Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 1:46:23.137Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\WindowsShell.Manifest
3/9/2020 - 1:46:23.137Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
3/9/2020 - 1:46:23.137Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 1:46:23.137Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 1:46:23.137Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 1:46:23.137Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 1:46:23.137Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 1:46:23.137Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 1:46:23.137Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 1:46:23.137Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 1:46:23.153Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 1:46:23.153Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 1:46:23.153Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\WScript.exe.Local
3/9/2020 - 1:46:23.153Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 1:46:23.153Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 1:46:23.153Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 1:46:23.153Open1592C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 1:46:23.153Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 1:46:23.153Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:23.153Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:23.153Open1592C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 1:46:23.153Unknown1592C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 1:46:23.153Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 1:46:23.153Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 1:46:23.153Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:23.153Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:23.153Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 1:46:23.153Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 1:46:23.153Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 1:46:23.153Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 1:46:23.153Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 1:46:23.153Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 1:46:23.153Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
3/9/2020 - 1:46:23.153Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 1:46:23.153Read1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 1:46:23.168Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 1:46:23.168Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 1:46:23.168Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\propsys.dll
3/9/2020 - 1:46:23.168Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 1:46:23.168Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 1:46:23.168Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\propsys.dll
3/9/2020 - 1:46:23.168Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\urlmon.dll
3/9/2020 - 1:46:23.168Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\urlmon.dll
3/9/2020 - 1:46:23.168Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 1:46:23.168Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 1:46:23.168Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 1:46:23.168Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 1:46:23.168Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 1:46:23.168Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 1:46:23.168Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 1:46:23.168Open1592C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 1:46:23.168Unknown1592C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 1:46:23.168Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 1:46:23.168Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 1:46:23.168Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:23.168Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:23.168Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 1:46:23.168Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:23.168Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:23.168Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 1:46:23.168Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 1:46:23.168Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 1:46:23.168Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 1:46:23.168Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 1:46:23.168Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe:Zone.Identifier
3/9/2020 - 1:46:23.184Open1592C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 1:46:23.184Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 1:46:23.184Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 1:46:23.184Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 1:46:23.184Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 1:46:23.184Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 1:46:23.184Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:23.184Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:23.184Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 1:46:23.184Open1592C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 1:46:23.184Unknown1592C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 1:46:23.184Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 1:46:23.184Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 1:46:23.184Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:23.184Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:23.184Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:23.184Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:23.184Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 1:46:23.184Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 1:46:23.184Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 1:46:23.184Read1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 1:46:23.184Open1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\ui\SwDRM.dll
3/9/2020 - 1:46:23.200Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 1:46:23.200Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 1:46:23.200Open1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:23.200Open1592C:\Windows\SysWOW64\wscript.exeC:\Monitor\Files\DeletedFiles
3/9/2020 - 1:46:23.200Delete1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:23.200Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:23.215Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 1:46:23.215Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 1:46:23.215Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
3/9/2020 - 1:46:23.262Read2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
3/9/2020 - 1:46:23.262Read2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dll
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dll
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dll
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 1:46:23.262Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 1:46:23.262Open2496C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
3/9/2020 - 1:46:23.278Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 1:46:23.278Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 1:46:23.278Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
3/9/2020 - 1:46:23.278Read2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 1:46:23.278Read2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 1:46:23.278Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
3/9/2020 - 1:46:23.278Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 1:46:23.278Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 1:46:23.278Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 1:46:23.278Read2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 1:46:23.278Open2496C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
3/9/2020 - 1:46:23.278Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
3/9/2020 - 1:46:23.278Read2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 1:46:23.278Read2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 1:46:23.278Read2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 1:46:23.278Read2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 1:46:23.278Read2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 1:46:23.278Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 1:46:23.278Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:23.278Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:23.278Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:23.278Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 1:46:23.278Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 1:46:23.278Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
3/9/2020 - 1:46:23.278Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 1:46:23.278Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 1:46:23.278Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 1:46:23.278Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 1:46:23.278Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 1:46:23.278Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 1:46:23.278Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 1:46:23.278Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 1:46:23.278Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 1:46:23.278Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 1:46:23.278Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:23.278Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 1:46:23.278Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 1:46:23.278Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 1:46:23.278Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:23.278Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 1:46:23.278Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 1:46:23.278Unknown2496C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
3/9/2020 - 1:46:23.278Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 1:46:23.278Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:23.278Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:23.278Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:23.278Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:23.278Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:23.278Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:23.278Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 1:46:23.278Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 1:46:23.278Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 1:46:23.278Open2496C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 1:46:23.278Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 1:46:23.278Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 1:46:23.278Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
3/9/2020 - 1:46:23.278Unknown1592C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 1:46:23.497Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 1:46:23.497Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 1:46:23.497Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:23.497Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:23.512Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:23.512Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:23.512Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:23.512Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:23.512Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:23.512Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:23.512Read2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 1:46:23.512Open2496C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 1:46:23.512Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 1:46:23.512Open2496C:\Windows\SysWOW64\cmd.exeC:\
3/9/2020 - 1:46:23.512Unknown2496C:\Windows\SysWOW64\cmd.exeC:\
3/9/2020 - 1:46:23.512Open2496C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 1:46:23.512Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 1:46:23.512Open2496C:\Windows\SysWOW64\cmd.exeC:\
3/9/2020 - 1:46:23.512Unknown2496C:\Windows\SysWOW64\cmd.exeC:\
3/9/2020 - 1:46:23.512Open2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 1:46:23.512Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 1:46:23.512Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 1:46:23.512Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 1:46:23.512Open2496C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 1:46:23.512Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 1:46:23.512Open2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:23.512Read2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:23.512Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 1:46:23.512Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 1:46:23.512Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 1:46:23.512Open2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 1:46:23.512Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 1:46:23.512Open2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:23.512Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:23.512Open2496C:\Windows\SysWOW64\cmd.exeC:\
3/9/2020 - 1:46:23.512Unknown2496C:\Windows\SysWOW64\cmd.exeC:\
3/9/2020 - 1:46:23.512Open2496C:\Windows\SysWOW64\cmd.exeC:\Users
3/9/2020 - 1:46:23.528Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Users
3/9/2020 - 1:46:23.528Open2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
3/9/2020 - 1:46:23.528Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
3/9/2020 - 1:46:23.528Open2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:23.528Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:23.528Open2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:46:23.528Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:46:23.528Open2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 1:46:23.528Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 1:46:23.528Open2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 1:46:23.528Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 1:46:23.528Open2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:23.528Read2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:23.528Open2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\ui\SwDRM.dll
3/9/2020 - 1:46:23.543Open2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:23.543Open2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:23.543Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:23.543Open2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:23.543Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:23.543Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:23.543Read2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:23.543Read2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:23.606Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Prefetch\REMCOS.EXE-473216CB.pf
3/9/2020 - 1:46:23.606Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 1:46:23.606Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:23.606Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:23.606Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:23.606Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:23.606Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:23.606Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:23.606Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 1:46:23.606Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 1:46:23.606Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 1:46:23.606Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 1:46:23.606Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 1:46:23.606Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 1:46:23.606Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:23.606Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:23.606Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\MSCOREE.DLL.local
3/9/2020 - 1:46:23.606Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 1:46:23.606Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 1:46:23.606Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
3/9/2020 - 1:46:23.606Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
3/9/2020 - 1:46:23.606Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:23.606Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:23.606Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:23.606Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:23.606Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:23.606Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:23.606Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.config
3/9/2020 - 1:46:23.606Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:23.606Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:23.606Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:23.606Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:23.606Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 1:46:23.606Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 1:46:23.606Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 1:46:23.606Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 1:46:23.606Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 1:46:23.622Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 1:46:23.622Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 1:46:23.622Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 1:46:23.622Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:23.622Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:23.622Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:23.622Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 1:46:23.622Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 1:46:23.622Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 1:46:23.622Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 1:46:23.622Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 1:46:23.622Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 1:46:23.622Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 1:46:23.622Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 1:46:23.622Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 1:46:23.622Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 1:46:23.622Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:23.622Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:23.622Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 1:46:23.622Read2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:46:23.622Read2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:46:23.622Read2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:46:23.622Read2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:46:23.622Read2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:46:23.622Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.config
3/9/2020 - 1:46:23.622Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
3/9/2020 - 1:46:23.622Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
3/9/2020 - 1:46:23.622Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
3/9/2020 - 1:46:23.622Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
3/9/2020 - 1:46:23.622Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
3/9/2020 - 1:46:23.622Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 1:46:23.622Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 1:46:23.637Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 1:46:23.637Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 1:46:23.637Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 1:46:23.637Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:46:23.637Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:46:23.637Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:46:23.637Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
3/9/2020 - 1:46:23.637Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
3/9/2020 - 1:46:23.637Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
3/9/2020 - 1:46:23.637Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 1:46:23.637Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:23.637Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 1:46:23.637Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:23.637Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:46:23.637Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:46:23.637Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:23.637Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:23.637Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 1:46:23.637Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 1:46:23.637Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 1:46:23.637Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 1:46:23.637Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 1:46:23.637Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 1:46:23.637Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:23.637Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:23.637Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:46:23.637Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:46:23.637Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 1:46:23.637Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 1:46:23.637Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:23.637Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:23.637Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
3/9/2020 - 1:46:23.637Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 1:46:23.637Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 1:46:23.637Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 1:46:23.637Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 1:46:23.747Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 1:46:23.747Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 1:46:23.747Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 1:46:23.747Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.config
3/9/2020 - 1:46:23.747Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:23.747Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:23.747Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 1:46:23.747Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 1:46:23.747Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:23.747Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:23.747Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 1:46:23.747Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 1:46:23.747Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 1:46:23.747Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 1:46:23.747Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:23.747Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:23.747Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:23.747Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\pubpol4.dat
3/9/2020 - 1:46:23.747Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
3/9/2020 - 1:46:23.747Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 1:46:23.747Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:46:23.747Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 1:46:23.747Read2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:46:23.747Read2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:46:23.747Read2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:46:23.747Read2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:46:23.747Read2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:46:23.747Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:46:23.747Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 1:46:23.747Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:23.747Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 1:46:23.747Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:23.747Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 1:46:23.747Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:46:23.747Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 1:46:23.747Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:46:23.747Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 1:46:23.747Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:46:23.747Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 1:46:23.747Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:46:23.762Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:46:23.762Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:46:23.762Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:46:23.762Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:46:23.762Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 1:46:23.762Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 1:46:23.762Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
3/9/2020 - 1:46:23.762Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
3/9/2020 - 1:46:23.762Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 1:46:23.762Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\pt-br.nlp
3/9/2020 - 1:46:23.840Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 1:46:23.840Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 1:46:23.840Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 1:46:23.840Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 1:46:23.840Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:46:23.840Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 1:46:23.840Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 1:46:23.840Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 1:46:23.840Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 1:46:23.840Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 1:46:23.840Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:46:23.840Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 1:46:23.840Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:46:23.840Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:46:23.840Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
3/9/2020 - 1:46:23.840Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\VERSION.dll
3/9/2020 - 1:46:23.840Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 1:46:23.840Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 1:46:23.840Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 1:46:23.840Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:46:23.840Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 1:46:23.840Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:46:23.840Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
3/9/2020 - 1:46:23.840Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\bcrypt.dll
3/9/2020 - 1:46:23.840Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 1:46:23.840Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 1:46:23.840Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\CRYPTSP.dll
3/9/2020 - 1:46:23.840Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 1:46:23.840Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 1:46:23.840Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:23.840Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:23.840Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:23.840Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:23.840Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:23.840Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:23.840Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:23.840Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:23.856Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:23.856Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:23.856Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:23.856Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:23.856Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:23.856Read2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:23.856Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:23.856Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
3/9/2020 - 1:46:23.856Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 1:46:23.856Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 1:46:23.856Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 1:46:23.872Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 1:46:23.872Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 1:46:23.872Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 1:46:23.918Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\WindowsCodecs.dll
3/9/2020 - 1:46:23.918Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 1:46:23.918Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 1:46:23.918Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 1:46:23.918Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 1:46:24.12Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 1:46:24.12Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 1:46:24.12Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.config
3/9/2020 - 1:46:24.12Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt-BR\ReZer0V2.resources.dll
3/9/2020 - 1:46:24.12Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt-BR\ReZer0V2.resources\ReZer0V2.resources.dll
3/9/2020 - 1:46:24.12Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt-BR\ReZer0V2.resources.exe
3/9/2020 - 1:46:24.12Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt-BR\ReZer0V2.resources\ReZer0V2.resources.exe
3/9/2020 - 1:46:24.12Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 1:46:24.12Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 1:46:24.12Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 1:46:24.12Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 1:46:24.12Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:24.12Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:24.12Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:24.12Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:24.12Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 1:46:24.12Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 1:46:24.28Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\pt.nlp
3/9/2020 - 1:46:24.28Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt\ReZer0V2.resources.dll
3/9/2020 - 1:46:24.28Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt\ReZer0V2.resources\ReZer0V2.resources.dll
3/9/2020 - 1:46:24.28Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt\ReZer0V2.resources.exe
3/9/2020 - 1:46:24.28Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt\ReZer0V2.resources\ReZer0V2.resources.exe
3/9/2020 - 1:46:24.28Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\en-us.nlp
3/9/2020 - 1:46:24.28Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 1:46:24.28Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 1:46:24.28Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 1:46:24.28Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 1:46:24.28Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 1:46:24.28Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 1:46:24.28Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 1:46:24.43Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 1:46:24.43Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 1:46:24.43Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 1:46:24.43Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 1:46:24.43Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 1:46:24.43Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 1:46:24.43Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 1:46:34.43Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\shfolder.dll
3/9/2020 - 1:46:34.43Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shfolder.dll
3/9/2020 - 1:46:34.43Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shfolder.dll
3/9/2020 - 1:46:34.43Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 1:46:34.43Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 1:46:34.90Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 1:46:34.90Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 1:46:34.90Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpC939.tmp
3/9/2020 - 1:46:34.90Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpC939.tmp
3/9/2020 - 1:46:34.90Write2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpC939.tmp
3/9/2020 - 1:46:34.90Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpC939.tmp
3/9/2020 - 1:46:34.90Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll
3/9/2020 - 1:46:34.90Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 1:46:34.90Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 1:46:34.90Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\PROPSYS.dll
3/9/2020 - 1:46:34.90Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 1:46:34.90Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 1:46:34.90Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 1:46:34.90Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 1:46:34.90Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 1:46:34.90Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 1:46:34.90Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 1:46:34.90Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 1:46:34.90Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 1:46:34.90Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\WindowsShell.Manifest
3/9/2020 - 1:46:34.90Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
3/9/2020 - 1:46:34.90Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\apphelp.dll
3/9/2020 - 1:46:34.90Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 1:46:34.90Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 1:46:34.90Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 1:46:34.90Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 1:46:34.106Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 1:46:34.106Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 1:46:34.106Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 1:46:34.106Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 1:46:34.106Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 1:46:34.106Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 1:46:34.106Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 1:46:34.106Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 1:46:34.106Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 1:46:34.106Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 1:46:34.122Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\schtasks.exe
3/9/2020 - 1:46:34.122Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:34.122Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 1:46:34.137Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 1:46:34.137Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 1:46:34.137Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 1:46:34.137Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:34.137Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:34.137Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 1:46:34.137Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 1:46:34.137Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 1:46:34.137Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 1:46:34.137Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
3/9/2020 - 1:46:34.137Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 1:46:34.137Read2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 1:46:34.137Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 1:46:34.137Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 1:46:34.137Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\propsys.dll
3/9/2020 - 1:46:34.137Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 1:46:34.137Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 1:46:34.137Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\propsys.dll
3/9/2020 - 1:46:34.137Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\urlmon.dll
3/9/2020 - 1:46:34.137Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\urlmon.dll
3/9/2020 - 1:46:34.137Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\Secur32.dll
3/9/2020 - 1:46:34.137Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 1:46:34.137Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 1:46:34.153Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 1:46:34.153Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 1:46:34.153Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:34.153Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 1:46:34.153Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 1:46:34.153Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 1:46:34.153Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 1:46:34.153Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:34.153Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:34.153Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:34.153Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:34.153Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:34.153Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 1:46:34.153Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 1:46:34.153Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:34.153Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:34.153Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:34.153Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe:Zone.Identifier
3/9/2020 - 1:46:34.153Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 1:46:34.153Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 1:46:34.153Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:34.153Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 1:46:34.153Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:34.153Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:34.153Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:34.153Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 1:46:34.153Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 1:46:34.153Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 1:46:34.153Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 1:46:34.153Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:34.153Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:34.153Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:34.168Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:34.168Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:34.168Read2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:34.168Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ui\SwDRM.dll
3/9/2020 - 1:46:34.184Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\Prefetch\SCHTASKS.EXE-AD598958.pf
3/9/2020 - 1:46:34.247Read548C:\Windows\SysWOW64\schtasks.exeC:\Windows\Prefetch\SCHTASKS.EXE-AD598958.pfSCHTASKS.EXE-AD598958.pf
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exe\Device\HarddiskVolume2
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Users
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Users
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Users
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\user32.dll
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\user32.dll
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\apisetschema.dll
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\KernelBase.dll
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\locale.nls
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\locale.nls
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\cryptbase.dll
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\oleaut32.dll
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\oleaut32.dll
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 1:46:34.247Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:34.247Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:34.262Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 1:46:34.262Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 1:46:34.262Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 1:46:34.262Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 1:46:34.262Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\clbcatq.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\clbcatq.dll
3/9/2020 - 1:46:34.262Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 1:46:34.262Open548C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\TMP871F.TMP
3/9/2020 - 1:46:34.262Read548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 1:46:34.262Read548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\locale.nls
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\user32.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\oleaut32.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\clbcatq.dll
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exe\Device\HarddiskVolume2
3/9/2020 - 1:46:34.262Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 1:46:34.262Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:34.262Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:34.262Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:34.262Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:34.262Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:34.262Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:34.262Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 1:46:34.262Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 1:46:34.262Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 1:46:34.262Open548C:\Windows\SysWOW64\schtasks.exeC:\Monitor
3/9/2020 - 1:46:34.325Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\RpcRtRemote.dll
3/9/2020 - 1:46:34.325Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\RpcRtRemote.dll
3/9/2020 - 1:46:34.325Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
3/9/2020 - 1:46:34.325Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\RpcRtRemote.dll
3/9/2020 - 1:46:34.325Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
3/9/2020 - 1:46:34.481Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:34.481Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:34.481Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 1:46:34.497Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 1:46:34.497Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:34.497Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:34.497Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:34.497Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:34.497Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:34.497Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:34.497Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 1:46:34.497Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 1:46:34.497Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:34.497Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:34.497Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 1:46:34.497Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 1:46:34.497Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:34.497Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:34.497Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 1:46:34.497Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 1:46:34.497Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 1:46:34.497Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 1:46:34.684Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 1:46:34.684Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 1:46:34.731Open548C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmpC939.tmp
3/9/2020 - 1:46:34.731Read548C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmpC939.tmp
3/9/2020 - 1:46:34.731Read548C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmpC939.tmp
3/9/2020 - 1:46:34.731Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmpC939.tmp
3/9/2020 - 1:46:34.731Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
3/9/2020 - 1:46:34.731Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 1:46:34.731Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Monitor
3/9/2020 - 1:46:34.731Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.muiKernelBase.dll.mui
3/9/2020 - 1:46:34.793Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpC939.tmp
3/9/2020 - 1:46:34.793Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles
3/9/2020 - 1:46:34.793Delete2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpC939.tmp
3/9/2020 - 1:46:34.793Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpC939.tmp
3/9/2020 - 1:46:34.793Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpC939.tmp
3/9/2020 - 1:46:34.793Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:34.793Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:34.793Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:34.793Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:34.793Read2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:34.793Read2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:34.793Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:34.840Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
3/9/2020 - 1:46:34.840Read2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:34.840Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:34.840Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:34.840Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:34.840Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:34.840Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:34.840Read2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:34.840Read2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:34.840Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:34.887Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Prefetch\REMCOS.EXE-473216CB.pf
3/9/2020 - 1:46:34.887Read2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Prefetch\REMCOS.EXE-473216CB.pfREMCOS.EXE-473216CB.pf
3/9/2020 - 1:46:34.887Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Prefetch\REMCOS.EXE-473216CB.pfREMCOS.EXE-473216CB.pf
3/9/2020 - 1:46:34.887Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe\Device\HarddiskVolume2
3/9/2020 - 1:46:34.887Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 1:46:34.887Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 1:46:34.887Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 1:46:34.887Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 1:46:34.887Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 1:46:34.887Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 1:46:34.887Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:34.887Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:34.887Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:34.887Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:46:34.887Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:46:34.887Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:46:34.887Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 1:46:34.887Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 1:46:34.887Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 1:46:34.887Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 1:46:34.887Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 1:46:34.887Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 1:46:34.887Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly
3/9/2020 - 1:46:34.887Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly
3/9/2020 - 1:46:34.887Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly
3/9/2020 - 1:46:34.887Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32
3/9/2020 - 1:46:34.887Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32
3/9/2020 - 1:46:34.887Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32
3/9/2020 - 1:46:34.887Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 1:46:34.887Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 1:46:34.887Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 1:46:34.887Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:46:34.887Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:46:34.887Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:46:34.887Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 1:46:34.887Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 1:46:34.887Read2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 1:46:34.887Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:34.887Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:34.887Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:34.887Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:34.887Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:34.887Read2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:34.887Read2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:34.887Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:34.887Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Prefetch\REMCOS.EXE-473216CB.pf
3/9/2020 - 1:46:34.887Read780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Prefetch\REMCOS.EXE-473216CB.pfREMCOS.EXE-473216CB.pf
3/9/2020 - 1:46:34.887Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Prefetch\REMCOS.EXE-473216CB.pfREMCOS.EXE-473216CB.pf
3/9/2020 - 1:46:34.887Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe\Device\HarddiskVolume2
3/9/2020 - 1:46:34.887Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 1:46:34.887Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 1:46:34.887Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 1:46:34.887Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 1:46:34.887Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 1:46:34.887Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 1:46:34.887Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:34.887Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:34.887Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:34.887Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:46:34.887Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:46:34.887Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:46:34.887Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 1:46:34.887Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 1:46:34.887Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 1:46:34.887Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 1:46:34.887Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 1:46:34.887Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 1:46:34.887Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly
3/9/2020 - 1:46:34.887Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly
3/9/2020 - 1:46:34.887Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly
3/9/2020 - 1:46:34.887Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32
3/9/2020 - 1:46:34.887Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32
3/9/2020 - 1:46:34.887Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32
3/9/2020 - 1:46:34.887Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 1:46:34.887Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 1:46:34.887Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 1:46:34.887Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:46:34.887Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:46:34.887Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:46:34.887Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\user32.dll
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\user32.dll
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\apisetschema.dll
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\KernelBase.dll
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\locale.nls
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\locale.nls
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 1:46:34.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 1:46:34.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptbase.dll
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 1:46:34.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 1:46:34.965Read780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 1:46:34.965Read780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:46:34.965Read780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 1:46:34.965Read780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 1:46:34.965Read780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 1:46:34.965Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\locale.nls
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 1:46:34.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\user32.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 1:46:34.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe\Device\HarddiskVolume2
3/9/2020 - 1:46:34.965Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
3/9/2020 - 1:46:34.981Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 1:46:34.981Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources
3/9/2020 - 1:46:34.981Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 1:46:34.981Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms
3/9/2020 - 1:46:34.981Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:46:34.981Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 1:46:34.981Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 1:46:34.981Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 1:46:34.981Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 1:46:34.981Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 1:46:34.981Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 1:46:34.981Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 1:46:34.981Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 1:46:34.981Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 1:46:34.981Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization
3/9/2020 - 1:46:34.981Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting
3/9/2020 - 1:46:34.981Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET
3/9/2020 - 1:46:34.981Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 1:46:34.981Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 1:46:34.981Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 1:46:34.981Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/9/2020 - 1:46:34.981Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32
3/9/2020 - 1:46:34.981Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:34.981Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:34.981Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 1:46:34.981Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 1:46:34.981Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:34.981Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:34.981Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:34.981Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:34.981Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\user32.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\user32.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\apisetschema.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\KernelBase.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\locale.nls
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\locale.nls
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptbase.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 1:46:34.997Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 1:46:35.12Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:35.12Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:35.12Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:35.12Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:35.12Read2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:35.12Read2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:35.12Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Prefetch\REMCOS.EXE-473216CB.pf
3/9/2020 - 1:46:35.12Read2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Prefetch\REMCOS.EXE-473216CB.pfREMCOS.EXE-473216CB.pf
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Prefetch\REMCOS.EXE-473216CB.pfREMCOS.EXE-473216CB.pf
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe\Device\HarddiskVolume2
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:35.12Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:35.12Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\user32.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\user32.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\apisetschema.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\KernelBase.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\locale.nls
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\locale.nls
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptbase.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 1:46:35.28Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 1:46:35.28Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 1:46:35.43Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:35.43Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 1:46:35.43Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 1:46:35.43Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 1:46:35.43Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 1:46:35.43Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 1:46:35.43Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 1:46:35.43Open2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\locale.nls
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\user32.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 1:46:35.43Unknown2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe\Device\HarddiskVolume2
3/9/2020 - 1:46:34.997Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\locale.nls
3/9/2020 - 1:46:35.106Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:46:35.106Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 1:46:35.106Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 1:46:35.106Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 1:46:35.106Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 1:46:35.106Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 1:46:35.106Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 1:46:35.106Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:35.106Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:35.106Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:35.106Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 1:46:35.106Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 1:46:35.106Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\user32.dll
3/9/2020 - 1:46:35.106Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 1:46:35.106Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 1:46:35.106Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 1:46:35.106Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 1:46:35.106Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:35.106Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 1:46:35.106Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 1:46:35.106Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:35.106Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 1:46:35.106Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 1:46:35.106Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 1:46:35.106Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 1:46:35.106Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 1:46:35.106Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 1:46:35.106Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 1:46:35.106Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 1:46:35.106Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:35.106Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 1:46:35.122Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 1:46:35.122Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 1:46:35.122Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 1:46:35.122Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 1:46:35.122Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 1:46:35.122Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:35.122Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 1:46:35.122Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 1:46:35.122Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:35.122Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:46:35.122Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:46:35.122Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 1:46:35.122Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:46:35.122Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 1:46:35.122Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 1:46:35.122Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 1:46:35.122Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:35.122Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 1:46:35.122Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 1:46:35.122Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 1:46:35.122Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 1:46:35.122Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe\Device\HarddiskVolume2
3/9/2020 - 1:46:35.122Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Prefetch\REMCOS.EXE-473216CB.pf
3/9/2020 - 1:46:35.122Read2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Prefetch\REMCOS.EXE-473216CB.pfREMCOS.EXE-473216CB.pf
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Prefetch\REMCOS.EXE-473216CB.pfREMCOS.EXE-473216CB.pf
3/9/2020 - 1:46:35.122Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe\Device\HarddiskVolume2
3/9/2020 - 1:46:35.122Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 1:46:35.122Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 1:46:35.122Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:35.122Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:46:35.122Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 1:46:35.122Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 1:46:35.122Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly
3/9/2020 - 1:46:35.122Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32
3/9/2020 - 1:46:35.122Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 1:46:35.122Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:46:35.122Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 1:46:35.122Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
3/9/2020 - 1:46:35.122Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 1:46:35.122Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources
3/9/2020 - 1:46:35.122Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 1:46:35.122Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms
3/9/2020 - 1:46:35.122Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 1:46:35.122Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 1:46:35.122Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 1:46:35.122Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 1:46:35.122Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 1:46:35.122Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 1:46:35.122Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 1:46:35.122Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 1:46:35.122Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 1:46:35.122Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 1:46:35.122Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization
3/9/2020 - 1:46:35.122Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting
3/9/2020 - 1:46:35.122Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET
3/9/2020 - 1:46:35.122Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 1:46:35.122Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\user32.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\user32.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\apisetschema.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\KernelBase.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\locale.nls
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\locale.nls
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptbase.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 1:46:35.137Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:46:35.137Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 1:46:35.153Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:46:35.153Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 1:46:35.153Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 1:46:35.153Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 1:46:35.153Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:35.153Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 1:46:35.153Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 1:46:35.153Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 1:46:35.153Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 1:46:35.153Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 1:46:35.153Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 1:46:35.153Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\locale.nls
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\user32.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 1:46:35.153Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe\Device\HarddiskVolume2
3/9/2020 - 1:46:35.153Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 1:46:35.153Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:35.153Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 1:46:35.153Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:35.153Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 1:46:35.153Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:35.153Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 1:46:35.231Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
3/9/2020 - 1:46:35.231Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 1:46:35.231Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 1:46:35.231Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 1:46:35.231Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 1:46:35.231Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:35.231Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 1:46:35.231Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\MSVCP60.dll
3/9/2020 - 1:46:35.231Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcp60.dll
3/9/2020 - 1:46:35.231Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcp60.dll
3/9/2020 - 1:46:35.247Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\WINMM.dll
3/9/2020 - 1:46:35.247Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\winmm.dll
3/9/2020 - 1:46:35.247Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\winmm.dll
3/9/2020 - 1:46:35.247Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\version.DLL
3/9/2020 - 1:46:35.247Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 1:46:35.247Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 1:46:35.247Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 1:46:35.247Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 1:46:35.247Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 1:46:35.247Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 1:46:35.247Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 1:46:35.247Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 1:46:35.247Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 1:46:35.247Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 1:46:35.247Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:35.247Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:35.247Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:35.247Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:35.247Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:35.247Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 1:46:35.247Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:46:35.247Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:46:35.247Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 1:46:35.247Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 1:46:35.247Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 1:46:35.247Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 1:46:35.247Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 1:46:35.247Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 1:46:35.247Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:35.247Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:35.247Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 1:46:35.247Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:46:35.247Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:46:35.247Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 1:46:35.247Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 1:46:35.247Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 1:46:35.247Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 1:46:35.247Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 1:46:35.247Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 1:46:35.247Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:35.247Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:35.262Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 1:46:35.262Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 1:46:35.262Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mswsock.dll
3/9/2020 - 1:46:35.262Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mswsock.dll
3/9/2020 - 1:46:35.262Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
3/9/2020 - 1:46:35.262Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
3/9/2020 - 1:46:35.262Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\nlaapi.dll
3/9/2020 - 1:46:35.262Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\nlaapi.dll
3/9/2020 - 1:46:35.262Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\NapiNSP.dll
3/9/2020 - 1:46:35.262Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\NapiNSP.dll
3/9/2020 - 1:46:35.262Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2608.1155156
3/9/2020 - 1:46:35.262Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2608.1155156
3/9/2020 - 1:46:35.262Open2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2608.1155171
3/9/2020 - 1:46:35.262Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 1:46:35.278Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 1:46:35.278Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 1:46:35.278Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:35.278Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 1:46:35.278Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 1:46:35.278Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 1:46:35.278Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 1:46:35.278Unknown2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 1:46:35.278Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 1:46:35.278Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 1:46:35.278Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\pnrpnsp.dll
3/9/2020 - 1:46:35.278Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\pnrpnsp.dll
3/9/2020 - 1:46:35.278Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\DNSAPI.dll
3/9/2020 - 1:46:35.278Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\dnsapi.dll
3/9/2020 - 1:46:35.278Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\dnsapi.dll
3/9/2020 - 1:46:35.293Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\winrnr.dll
3/9/2020 - 1:46:35.293Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\winrnr.dll
3/9/2020 - 1:46:35.293Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\IPHLPAPI.DLL
3/9/2020 - 1:46:35.293Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
3/9/2020 - 1:46:35.293Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
3/9/2020 - 1:46:35.293Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\WINNSI.DLL
3/9/2020 - 1:46:35.293Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\winnsi.dll
3/9/2020 - 1:46:35.293Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\winnsi.dll
3/9/2020 - 1:46:35.293Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 1:46:35.293Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 1:46:35.356Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:46:35.356Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 1:46:35.356Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 1:46:35.356Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 1:46:35.356Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 1:46:35.356Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 1:46:35.356Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 1:46:35.356Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 1:46:35.356Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:35.356Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 1:46:35.356Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots
3/9/2020 - 1:46:35.356Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots
3/9/2020 - 1:46:35.356Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\WindowsCodecs.dll
3/9/2020 - 1:46:35.356Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 1:46:35.356Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 1:46:35.356Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 1:46:35.372Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 1:46:35.372Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184635.png
3/9/2020 - 1:46:35.372Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184635.pngtime_20180503_184635.png
3/9/2020 - 1:46:35.372Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184635.pngtime_20180503_184635.png
3/9/2020 - 1:46:35.372Write2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184635.pngtime_20180503_184635.png
3/9/2020 - 1:46:35.372Write2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184635.pngtime_20180503_184635.png
3/9/2020 - 1:46:35.372Write2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184635.pngtime_20180503_184635.png
3/9/2020 - 1:46:35.387Write2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184635.pngtime_20180503_184635.png
3/9/2020 - 1:46:35.387Write2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184635.pngtime_20180503_184635.png
3/9/2020 - 1:46:35.387Write2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184635.pngtime_20180503_184635.png
3/9/2020 - 1:46:35.387Write2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184635.pngtime_20180503_184635.png
3/9/2020 - 1:46:35.387Write2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184635.pngtime_20180503_184635.png
3/9/2020 - 1:46:35.387Write2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184635.pngtime_20180503_184635.png
3/9/2020 - 1:46:35.450Write2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184635.pngtime_20180503_184635.png
3/9/2020 - 1:46:35.450Write2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184635.pngtime_20180503_184635.png
3/9/2020 - 1:46:35.450Write2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184635.pngtime_20180503_184635.png
3/9/2020 - 1:46:35.450Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184635.pngtime_20180503_184635.png
3/9/2020 - 1:46:35.450Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184635.png
3/9/2020 - 1:46:35.450Read2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184635.pngtime_20180503_184635.png
3/9/2020 - 1:46:35.450Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184635.pngtime_20180503_184635.png
3/9/2020 - 1:46:35.450Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184635.png
3/9/2020 - 1:46:35.450Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184635.png
3/9/2020 - 1:46:35.450Write2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184635.pngtime_20180503_184635.png
3/9/2020 - 1:46:35.450Write2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184635.pngtime_20180503_184635.png
3/9/2020 - 1:46:35.450Write2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184635.pngtime_20180503_184635.png
3/9/2020 - 1:46:35.450Write2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184635.pngtime_20180503_184635.png
3/9/2020 - 1:46:35.450Write2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184635.pngtime_20180503_184635.png
3/9/2020 - 1:46:35.450Write2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184635.pngtime_20180503_184635.png
3/9/2020 - 1:46:35.450Write2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184635.pngtime_20180503_184635.png
3/9/2020 - 1:46:35.450Write2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184635.pngtime_20180503_184635.png
3/9/2020 - 1:46:35.450Write2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184635.pngtime_20180503_184635.png
3/9/2020 - 1:46:35.450Delete2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184635.pngtime_20180503_184635.png
3/9/2020 - 1:46:35.450Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184635.pngtime_20180503_184635.png
3/9/2020 - 1:46:35.450Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184635.pngtime_20180503_184635.png
3/9/2020 - 1:46:35.465Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184635.dat
3/9/2020 - 1:46:35.465Write2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184635.dattime_20180503_184635.dat
3/9/2020 - 1:46:35.465Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184635.dattime_20180503_184635.dat
3/9/2020 - 1:46:35.559Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
3/9/2020 - 1:46:35.559Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
3/9/2020 - 1:46:35.653Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\rasadhlp.dll
3/9/2020 - 1:46:35.653Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rasadhlp.dll
3/9/2020 - 1:46:35.653Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rasadhlp.dll
3/9/2020 - 1:46:45.293Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:46:45.293Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 1:46:45.293Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:46:45.293Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:46:45.293Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:46:45.293Write2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:46:55.309Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:46:55.309Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:47:5.340Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:47:5.340Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:47:15.340Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:47:15.340Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:47:25.340Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:47:25.340Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:47:35.356Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:47:35.356Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:47:45.356Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:47:45.356Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:47:55.387Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:47:55.387Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:48:5.418Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:48:5.418Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:48:15.450Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:48:15.450Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:48:25.481Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:48:25.481Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:48:35.497Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:48:35.497Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:48:45.528Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:48:45.528Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:48:55.559Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:48:55.559Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:49:5.590Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:49:5.590Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:49:15.622Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:49:15.622Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:49:25.637Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:49:25.637Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:49:35.668Open2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 1:49:35.668Unknown2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat

Process
Trace
3/9/2020 - 1:45:42.575Create1480C:\malware.exe1488C:\Monitor\proc.exe
3/9/2020 - 1:46:17.637Create1488C:\Monitor\proc.exe532C:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:19.637Terminate1488C:\Monitor\proc.exe532C:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:19.778Create1488C:\Monitor\proc.exe2264C:\Monitor\proc.exe
3/9/2020 - 1:46:20.340Terminate1480C:\malware.exe1488C:\Monitor\proc.exe
3/9/2020 - 1:46:20.403Create2264C:\Monitor\proc.exe1592C:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:20.418Terminate1488C:\Monitor\proc.exe2264C:\Monitor\proc.exe
3/9/2020 - 1:46:23.184Create1592C:\Windows\SysWOW64\wscript.exe2496C:\Windows\SysWOW64\cmd.exe
3/9/2020 - 1:46:23.278Terminate2264C:\Monitor\proc.exe1592C:\Windows\SysWOW64\wscript.exe
3/9/2020 - 1:46:23.512Create2496C:\Windows\SysWOW64\cmd.exe2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:34.153Create2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe548C:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:34.731Terminate2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe548C:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 1:46:34.793Create2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:34.840Create2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:34.887Create2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:34.981Terminate2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:35.12Create2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:35.122Terminate2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:35.153Terminate2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe2200C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:35.278Terminate2496C:\Windows\SysWOW64\cmd.exe2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 1:46:35.293Terminate1592C:\Windows\SysWOW64\wscript.exe2496C:\Windows\SysWOW64\cmd.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
3/9/2020 - 1:46:17.434Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 1:46:17.434Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 1:46:17.434Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 1:46:17.434Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 1:46:17.434Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 1:46:17.434Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 1:46:17.434Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 1:46:17.434Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 1:46:19.903Write2264C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Runremcos
3/9/2020 - 1:46:20.262Write2264C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 1:46:20.262Write2264C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 1:46:20.262Write2264C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 1:46:20.262Write2264C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 1:46:20.262Write2264C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 1:46:20.262Write2264C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 1:46:20.262Write2264C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 1:46:20.262Write2264C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 1:46:23.168Write1592C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 1:46:23.168Write1592C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 1:46:23.168Write1592C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 1:46:23.168Write1592C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 1:46:23.168Write1592C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 1:46:23.168Write1592C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 1:46:23.168Write1592C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 1:46:23.168Write1592C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 1:46:34.153Write2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 1:46:34.153Write2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 1:46:34.153Write2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 1:46:34.153Write2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 1:46:34.153Write2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 1:46:34.153Write2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 1:46:34.153Write2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 1:46:34.153Write2608C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 1:46:35.247Write2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Runremcos
3/9/2020 - 1:46:35.247Write2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Remcos-8CPBWMexepath
3/9/2020 - 1:46:35.247Write2420C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Remcos-8CPBWMlicence

File Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:DNS code mmiri1.ddns.net.
computer localhost arrow_forward computer gateway:50273 code mmiri1.ddns.net.

Response
computer gateway:DNS arrow_forward computer localhost code mmiri1.ddns.net. reply_all 0.0.0.0


TCP
Info

UDP
Info
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info

Summary
DNS
True check_circle

TCP
False cancel

UDP
True check_circle

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 27.00%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 94.77%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 65.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 47.18%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 93.04%
suspicious: False cancel

Add to Collection
Download