Report #10958 check_circle

  • Creation Date: Sept. 3, 2020, 12:06 p.m.
  • Last Update: Sept. 3, 2020, 12:11 p.m.
  • File: Dropper_xor.exe
  • Results:
Binary
DLL
False cancel
Size
233.00KB
trid
72.3% Win64 Executable
11.8% Win32 Executable
5.3% OS/2 Executable
5.2% Generic Win/DOS Executable
5.2% DOS Executable Generic
type
PE
wordsize
32
Subsystem
Windows CLI
Hashes
md5
0a298ee33aee6bacc6c0cf034f1beae7
sha1
443e346855e659c147d4cea32b8e5c5024a4ab17
crc32
0xc06407ee
sha224
d34ea47787e48ff6eafdf55c3e4e66fcb43b9e4e24da8c89c1a63170
sha256
63b4038e319c034f28b43aef32815392d07874072448026061d117d7746f9373
sha384
25d2a176da9a96cf1ab424969f94994a3f906c44385b9aed936b0256c8e42adfd6a4da7bab15ac847b9dc43a10f4aff7
sha512
82ecd91064b3efac3897044770c7a0e9c7977eac3323a77aa5eba19e20a479261f930778984a7aff180d59558c3821f93a4b086b9c2fd82503102fd384b0eec5
ssdeep
3072:3xZJlZhqCe/4OfEOEL52/sS6/LjfmLwVuChc9bXGCZ2cP396N/9NsEmCb4osyZNP:3xRg4OfEOUhSeuChobXGCZ22Tq
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
VC8_Microsoft_Corporation, domain, anti_dbg, contentis_base64, Microsoft_Visual_Cpp_8, HasDebugData, IsConsole, IsPE32, HasRichSignature, Big_Numbers0

Suspicious
True check_circle

Strings
List
C:\Users\Win\Documents\Visual Studio 2012\Projects\Dropper\Release\Dropper.pdb
CI.a.sj
k.Gg
MSVCR110.dll
@proc.exe
proc.exe
%%5<7
&E%eVi
_crt_debugger_hook
<requestedPrivileges>
IsProcessorFeaturePresent
IsDebuggerPresent
NfTP
CreateProcessW
QueryPerformanceCounter
LoadResource
GetModuleHandleW
fprintf
fopen
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
51555a5G5T5[5F5Y5T5A5\5Z5[5555555
w\AXTE45551qTAT277555<6555:6555&>757
55555}5!545|5[5A5P5G5[5T5Y5{5T5X5P555A5s5P5M5
5Y5E558E5T5[5P5Y5
55:g5P5V5P5\5E5A55:W5@5A5A5Z5[5
E5T5F5A5P5a5Z5Z5Y5f5A5G5\5E5w5@5A5A5Z5[558
E5T5F5A5P5a5Z5Z5Y5f5A5G5\5E5w5@5A5A5Z5[5
55.A5M5A5v5]5\5[5P5F5P5a5P5T55 A5M5A5x5\5Y5^5a5P5T55
5EZO55?Ad554ZN55?7N
5EZO55?Ad554ZN55?7N
5EZO55?Ad554ZN55?7N
5a5P5M5A558E5T5[5P5Y5
5.?K5D55545a95575o95545
55 G5A5S5g5P5V5P5\5E5A55 A5Z5Z5Y5f5A5G5\5E5
I55?ZH55?7Nu551G
5EZO55?Ad554ZN55?7Nu551
5EZO55?Ad554ZN55?7Nw551
5EZO55?Ad554ZN55?7Nv551
5EZO55?Ad554ZN55?7Ns551
75545f5A5G5\5[5R5s5\5Y5P5|5[5S5Z555
A5Z5Z5Y5f5A5G5\5E5f5P5E5T5G5T5A5Z5G55
A5Z5Z5Y5f5A5G5\5E5f5P5E5T5G5T5A5Z5G5
5e5G5\5[5A55
5#554555m5550555n555s555E555
5f5L5F5A5P5X558E5T5[5P5Y5
5}5A5W5P5e5e5w5e5
5}5A5W5P5e5e5w5e5
5v5H55>t5G5\5T5Y55la5P5M5A5
I55?ZH55?7Nv551GL
I55?ZH55?7Ns551GB
fAG\[RF5555E
T0555<E}lF55;
__crtTerminateProcess
;d7"UeRdA
55Ut",#FR55?Z]55?7N'551
55Ut",#FR55?Z]55?7N&551
55Ut",#FR55?Z]55?7N
55Ut",#FR55?Z]55?7N!551
55Ut",#FR55?Z]55?7N
55Ut",#FR55?Z]55?7N
55Ut",#FR55?Z]55?7N
55Ut",#FR55?Z]55?7N
55Ut",#FR55?Z]55?7N
55Ut",#FR55?Z]55?7N
55Ut",#FR55?Z]55?7N
55Ut",#FR55?Z]55?7N
55Ut",#FR55?Z]55?7N
55Ut",#FR55?Z]55?7N
55Ut",#FR55?Z]55?7N%551
55Ut",#FR55?Z]55?7N
55Ut",#FR55?Z]55?7N$551
55Ut",#FR55?Z]55?7N
55Ut",#FR55?Z]55?7N
55Ut",#FR55?Z]55?7N
55Ut",#FR55?Z]55?7N
55Ut",#FR55?Z]55?7N
55Ut",#FR55?Z]55?7N
55Ut",#FR55?Z]55?7N
55Ut",#FR55?Z]55?7N
55Ut",#FR55?Z]55?7N
3s545}3s545d3s545n3s545]3s545M3s545
1ePsn*8
_commode
55?7Nt551G
5]PYEaZZYfAG\Ew@AAZ[5a\XPG5A\XPG
5e5T5F5A5P55
_initterm
?(Pv8Fey6
5YWYaTM5YWYf@WaZATY5YTWPY
55Ut",#FR55?Z]55?7N3551
55Ut",#FR55?Z]55?7N 551
vGLEAZRGTE]L5xq
D5E&=GT
()(;()()14555154470544'<655;057;;;356;;;;1548;154;8057;;)
^655555}5557505
55E9Gr55E8G
}AWPeewe
__setusermatherr
4&4-444;4C4K4S4_4h4m4s4}4
_initterm_e

Foremost
Matches
0.exe, 233 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: MSVCR110.dll, KERNEL32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 235520
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rdata, .data, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 6
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 6
Linker
Version: 11.0
Suspicious: False cancel
Subsystem
Version: 6.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 5003
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: kernel32.dll
hasLibs: True check_circle
Suspicious: msvcr110.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-09-03 12:05:19
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 85
.text: 1

pushpopmath
.rsrc: 97
.reloc: 1

ss register
.rsrc: 2

garbagebytes
.rsrc: 28
.text: 1

hookdetection
.rsrc: 1

software breakpoint
.rsrc: 2

fakeconditionaljumps
.rsrc: 2

programcontrolflowchange
.rsrc: 26
.text: 1

cpuinstructionsresultscomparison
.rdata: 2

AVclass
xtrat
1
VirusTotal
md5
0a298ee33aee6bacc6c0cf034f1beae7
sha1
443e346855e659c147d4cea32b8e5c5024a4ab17
SCANS (DETECTION RATE = 31.88%)
AVG
result: Win32:PWSX-gen [Trj]
update: 20200903
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20200903
version: 2.7.2019.1
detected: False cancel

MAX
result: malware (ai score=84)
update: 20200903
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200901
version: 6.66
detected: True check_circle

Bkav
update: 20200903
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20200903
version: 11.133.35153
detected: False cancel

ALYac
update: 20200903
version: 1.1.1.5
detected: False cancel

Avast
result: Win32:PWSX-gen [Trj]
update: 20200903
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/Kryptik.hvdkh
update: 20200903
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
update: 20200903
version: 4.0.0.24
detected: False cancel

Cyren
result: W32/MSIL_Kryptik.AQG.gen!Eldorado
update: 20200903
version: 6.3.0.2
detected: True check_circle

DrWeb
result: Trojan.Siggen9.44167
update: 20200903
version: 7.0.48.8080
detected: True check_circle

GData
result: Gen:Variant.Razy.747407
update: 20200903
version: A:25.26871B:27.20039
detected: True check_circle

Panda
update: 20200903
version: 4.6.4.2
detected: False cancel

VBA32
update: 20200903
version: 4.4.1
detected: False cancel

VIPRE
update: 20200903
version: 86412
detected: False cancel

Zoner
update: 20200903
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20200902
version: 0.102.4.0
detected: False cancel

Comodo
update: 20200728
version: 32668
detected: False cancel

Ikarus
update: 20200903
version: 0.1.5.2
detected: False cancel

McAfee
update: 20200903
version: 6.0.6.653
detected: False cancel

Rising
result: Backdoor.Xtrat!1.6A25 (TFE:5:O0r80Ep3LQC)
update: 20200903
version: 25.0.0.26
detected: True check_circle

Sophos
update: 20200903
version: 4.98.0
detected: False cancel

Yandex
update: 20200901
version: 5.5.2.24
detected: False cancel

Zillya
update: 20200903
version: 2.0.0.4168
detected: False cancel

Acronis
update: 20200806
version: 1.1.1.77
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
result: Trojan.Razy.DB678F
update: 20200903
version: 1.0.0.881
detected: True check_circle

Cylance
update: 20200903
version: 2.3.1.101
detected: False cancel

Elastic
update: 20200831
version: 4.0.8
detected: False cancel

FireEye
result: Generic.mg.0a298ee33aee6bac
update: 20200903
version: 32.36.1.0
detected: True check_circle

Sangfor
update: 20200814
version: 1.0
detected: False cancel

TACHYON
update: 20200903
version: 2020-09-03.02
detected: False cancel

Tencent
update: 20200903
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20200903
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20200903
version: 1.0.0.403
detected: False cancel

eGambit
update: 20200903
detected: False cancel

Ad-Aware
result: Gen:Variant.Razy.747407
update: 20200903
version: 3.0.16.117
detected: True check_circle

AegisLab
update: 20200903
version: 4.2
detected: False cancel

F-Secure
result: Trojan.TR/Kryptik.hvdkh
update: 20200903
version: 12.0.86.52
detected: True check_circle

Fortinet
update: 20200903
version: 6.2.142.0
detected: False cancel

Invincea
update: 20200903
version: 1.0.1.0
detected: False cancel

Jiangmin
update: 20200903
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200903
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20200903
version: 1.0
detected: False cancel

Symantec
update: 20200903
version: 1.12.0.0
detected: False cancel

AhnLab-V3
result: Trojan/Win32.Xtrat.C3450632
update: 20200903
version: 3.18.1.10026
detected: True check_circle

Antiy-AVL
update: 20200903
version: 3.0.0.1
detected: False cancel

Kaspersky
update: 20200903
version: 15.0.1.13
detected: False cancel

MaxSecure
update: 20200902
version: 1.0.0.1
detected: False cancel

Microsoft
result: Trojan:Win32/Wacatac.C!ml
update: 20200903
version: 1.1.17400.5
detected: True check_circle

Qihoo-360
update: 20200903
version: 1.0.0.1120
detected: False cancel

ZoneAlarm
update: 20200903
version: 1.0
detected: False cancel

Cybereason
update: 20190616
version: 1.2.449
detected: False cancel

ESET-NOD32
result: a variant of MSIL/Kryptik.VSI
update: 20200903
version: 21929
detected: True check_circle

TrendMicro
result: TROJ_GEN.R002C0DG220
update: 20200903
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Gen:Variant.Razy.747407
update: 20200903
version: 7.2
detected: True check_circle

CrowdStrike
update: 20190702
version: 1.0
detected: False cancel

K7AntiVirus
update: 20200903
version: 11.133.35150
detected: False cancel

SentinelOne
update: 20200724
version: 4.4.0.0
detected: False cancel

Malwarebytes
update: 20200903
version: 3.6.4.335
detected: False cancel

TotalDefense
update: 20200902
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20200903
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Win32.Remcos.hnkppj
update: 20200903
version: 1.0.134.25140
detected: True check_circle

BitDefenderTheta
result: Gen:NN.ZexaE.34216.ouW@amwIL2hO
update: 20200902
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Razy.747407
update: 20200903
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200828
version: 5.6.0.1032
detected: False cancel

TrendMicro-HouseCall
result: TROJ_GEN.R002C0DG220
update: 20200903
version: 10.0.0.1040
detected: True check_circle

total
69
sha256
63b4038e319c034f28b43aef32815392d07874072448026061d117d7746f9373
scan_id
63b4038e319c034f28b43aef32815392d07874072448026061d117d7746f9373-1599145599
resource
0a298ee33aee6bacc6c0cf034f1beae7
positives
22
scan_date
2020-09-03 15:06:39
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
3/9/2020 - 11:45:42.481Open1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 11:45:42.497Write1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 11:45:42.622Unknown1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 11:45:42.622Read1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 11:45:42.622Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 11:45:42.622Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 11:45:42.622Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 11:45:42.622Open1480C:\malware.exeC:\Monitor
3/9/2020 - 11:45:42.622Unknown1480C:\malware.exeC:\Monitor
3/9/2020 - 11:45:42.622Open1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 11:45:42.622Unknown1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 11:45:42.622Open1480C:\malware.exeC:\
3/9/2020 - 11:45:42.622Unknown1480C:\malware.exeC:\
3/9/2020 - 11:45:42.622Open1480C:\malware.exeC:\Monitor
3/9/2020 - 11:45:42.622Unknown1480C:\malware.exeC:\Monitor
3/9/2020 - 11:45:42.622Open1480C:\malware.exeC:\Monitor
3/9/2020 - 11:45:42.622Unknown1480C:\malware.exeC:\Monitor
3/9/2020 - 11:45:42.622Open1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 11:45:42.622Read1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 11:45:42.622Open1480C:\malware.exeC:\Monitor\ui\SwDRM.dll
3/9/2020 - 11:45:42.622Open1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 11:45:42.622Open1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 11:45:42.622Unknown1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 11:45:42.622Open1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 11:45:42.622Unknown1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 11:45:42.622Unknown1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 11:45:42.622Read1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 11:45:42.622Read1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 11:45:42.622Unknown1480C:\malware.exeC:\Windows
3/9/2020 - 11:45:42.622Unknown1480C:\malware.exeC:\Monitor
3/9/2020 - 11:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\Prefetch\PROC.EXE-5509F567.pf
3/9/2020 - 11:45:42.637Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 11:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 11:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 11:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 11:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 11:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 11:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 11:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 11:45:42.637Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 11:45:42.637Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 11:45:42.637Open1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 11:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 11:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 11:45:42.653Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 11:45:42.653Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 11:45:42.653Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\MSCOREE.DLL.local
3/9/2020 - 11:45:42.653Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 11:45:42.653Unknown1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 11:45:42.653Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
3/9/2020 - 11:45:42.653Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
3/9/2020 - 11:45:42.653Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:45:42.653Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:45:42.653Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:45:42.653Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:45:42.653Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:45:42.653Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:45:42.668Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.config
3/9/2020 - 11:45:42.668Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:45:42.668Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:45:42.668Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:45:42.668Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:45:42.668Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 11:45:42.668Unknown1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 11:45:42.668Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 11:45:42.668Unknown1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 11:45:42.668Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 11:45:42.668Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 11:45:42.856Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 11:45:42.918Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 11:45:42.918Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:45:42.918Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:45:42.918Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:45:42.918Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 11:45:42.918Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 11:45:42.918Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 11:45:42.918Open1488C:\Monitor\proc.exeC:\
3/9/2020 - 11:45:42.918Unknown1488C:\Monitor\proc.exeC:\
3/9/2020 - 11:45:42.918Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 11:45:42.918Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 11:45:42.918Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:45:42.918Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:45:44.372Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 11:45:44.418Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 11:45:44.418Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 11:45:44.559Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 11:45:44.559Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 11:45:44.559Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 11:45:44.559Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 11:45:44.559Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.config
3/9/2020 - 11:45:44.887Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
3/9/2020 - 11:45:45.356Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
3/9/2020 - 11:45:45.356Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
3/9/2020 - 11:45:45.356Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
3/9/2020 - 11:45:45.356Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
3/9/2020 - 11:45:45.356Open1488C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 11:45:45.356Unknown1488C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 11:45:45.356Open1488C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:45:45.356Open1488C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:45:45.356Unknown1488C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:45:45.356Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 11:45:45.356Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 11:45:45.356Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 11:45:45.356Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
3/9/2020 - 11:45:45.356Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
3/9/2020 - 11:45:45.356Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
3/9/2020 - 11:45:45.497Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 11:45:45.590Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:45.590Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 11:45:45.590Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:45.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:45.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:45.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:45.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:45.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:45.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:45.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:45.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:46.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:46.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:46.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:46.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:46.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:46.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:46.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:46.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:46.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:46.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:46.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:46.528Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:46.575Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:46.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:46.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:46.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:46.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:46.809Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:46.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:46.903Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:46.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:47.43Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:47.90Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:47.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:47.231Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:47.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:47.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:47.418Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 11:45:47.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 11:45:47.512Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 11:45:47.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:47.559Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:47.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:47.653Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:47.700Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:47.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:47.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:47.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:47.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:47.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:48.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:48.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:48.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:48.247Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:45:48.247Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:45:48.247Open1488C:\Monitor\proc.exeC:\
3/9/2020 - 11:45:48.247Unknown1488C:\Monitor\proc.exeC:\
3/9/2020 - 11:45:48.247Open1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 11:45:48.247Unknown1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 11:45:48.247Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:45:48.247Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:45:48.247Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
3/9/2020 - 11:45:48.247Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 11:45:48.247Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 11:45:48.247Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 11:45:48.247Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 11:45:48.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:48.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:48.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:48.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:48.575Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:48.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:48.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:48.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:48.856Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 11:45:48.997Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:49.43Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:49.90Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:49.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:49.184Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 11:45:49.184Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 11:45:49.184Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.config
3/9/2020 - 11:45:49.184Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:45:49.184Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:45:49.184Open1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 11:45:49.184Unknown1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 11:45:49.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:49.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:49.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:49.184Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:45:49.184Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:45:49.184Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 11:45:49.184Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 11:45:49.278Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 11:45:49.325Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 11:45:49.325Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:45:49.325Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:45:49.325Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:45:49.512Open1488C:\Monitor\proc.exeC:\Windows\assembly\pubpol4.dat
3/9/2020 - 11:45:49.512Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
3/9/2020 - 11:45:49.512Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 11:45:49.512Unknown1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 11:45:49.512Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 11:45:49.512Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 11:45:49.512Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 11:45:49.512Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 11:45:49.512Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 11:45:49.512Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 11:45:49.512Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 11:45:49.606Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:49.606Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 11:45:49.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:49.653Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:49.700Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:49.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:49.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:49.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:49.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:49.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:49.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:49.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:49.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:49.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:49.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:49.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:49.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:49.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:49.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:49.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:49.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:49.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:49.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:49.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:49.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:50.28Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 11:45:50.168Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:50.168Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 11:45:50.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:50.215Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:50.262Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:50.309Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:50.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:50.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:50.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:50.403Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:50.450Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:50.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:50.543Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 11:45:50.684Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:50.684Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 11:45:50.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:50.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:50.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:50.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:50.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:50.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:50.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:50.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:50.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:50.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:50.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:50.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:50.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:50.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:50.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:50.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:50.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:50.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:50.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:50.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:50.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:50.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:50.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:50.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:50.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:50.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:50.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:50.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:50.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:50.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:51.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:51.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:51.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:51.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:51.200Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 11:45:51.434Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 11:45:51.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:51.997Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:52.43Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:52.90Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
3/9/2020 - 11:45:52.184Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
3/9/2020 - 11:45:52.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:52.231Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:52.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:52.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:52.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:52.418Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:52.465Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 11:45:52.559Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 11:45:52.559Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:52.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:52.653Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:52.700Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:52.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:52.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:52.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:52.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:52.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:52.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:53.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:53.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:53.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:53.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:53.215Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:53.262Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:53.309Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:53.403Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:53.450Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:53.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:53.543Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:53.590Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:53.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:53.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:53.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:53.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:53.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:53.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:54.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:54.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:54.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:54.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:54.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:54.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:54.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:54.528Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:54.575Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:54.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:54.668Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
3/9/2020 - 11:45:54.715Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
3/9/2020 - 11:45:54.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 11:45:54.809Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 11:45:54.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 11:45:54.903Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 11:45:54.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:54.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:54.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:54.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:55.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:55.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:55.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:55.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:55.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:55.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:55.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:55.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:55.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:55.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:55.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:55.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:55.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:55.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:55.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:55.481Open1488C:\Monitor\proc.exeC:\Windows\Globalization\pt-br.nlp
3/9/2020 - 11:45:55.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:55.528Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:55.575Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:55.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:55.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:55.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:45:55.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:55.809Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:55.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:55.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:55.903Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:55.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:55.997Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:56.43Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:56.90Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:56.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:56.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:56.231Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:56.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:56.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:56.418Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:56.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:56.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:56.559Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:56.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:56.653Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:56.700Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:56.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:56.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:56.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:56.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:56.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:56.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:57.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:57.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:57.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:57.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:57.215Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:57.262Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:57.309Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:57.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:57.403Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:57.450Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:57.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:57.543Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:57.590Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:57.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:57.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:57.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:57.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:57.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:57.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:57.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:57.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:58.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:58.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:58.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:58.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:58.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:58.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:58.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:58.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:58.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:58.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:58.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:58.528Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:58.575Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:58.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:58.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:58.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:58.809Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:58.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:58.903Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:58.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:58.997Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:59.43Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:59.90Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:45:59.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:59.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:59.231Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:59.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:59.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:45:59.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:59.418Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:59.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:59.543Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:59.590Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:59.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:59.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:59.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:59.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:59.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:59.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:59.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:45:59.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:0.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:0.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:0.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:0.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:0.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:0.247Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 11:46:0.247Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 11:46:0.387Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 11:46:0.387Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 11:46:0.434Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:0.434Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 11:46:0.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:0.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:0.528Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:0.575Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:0.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:0.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:0.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:0.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:0.809Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 11:46:0.809Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 11:46:0.809Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:0.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:0.903Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:0.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:0.997Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 11:46:0.997Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 11:46:0.997Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:0.997Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 11:46:0.997Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:0.997Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:0.997Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:1.43Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
3/9/2020 - 11:46:1.43Open1488C:\Monitor\proc.exeC:\Monitor\VERSION.dll
3/9/2020 - 11:46:1.43Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 11:46:1.43Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 11:46:1.43Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 11:46:1.43Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:1.43Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:1.90Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 11:46:1.90Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:1.90Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:1.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:1.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:1.231Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:1.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:1.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:1.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:1.418Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:1.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:1.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:1.559Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:1.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:1.653Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:1.700Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:1.747Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 11:46:1.747Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
3/9/2020 - 11:46:1.747Open1488C:\Monitor\proc.exeC:\Monitor\bcrypt.dll
3/9/2020 - 11:46:1.747Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 11:46:1.747Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 11:46:1.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:1.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:1.934Open1488C:\Monitor\proc.exeC:\Monitor\CRYPTSP.dll
3/9/2020 - 11:46:1.934Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 11:46:1.934Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 11:46:1.934Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:1.934Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:1.934Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:1.934Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:1.934Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:1.934Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:1.934Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:1.934Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:1.934Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:1.934Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:1.934Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:1.934Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:1.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:1.997Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:2.43Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:2.90Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:2.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:2.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:2.231Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:2.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:2.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:2.418Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:2.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:2.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:2.559Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:2.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:2.653Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:2.700Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:2.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:2.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:2.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:2.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:3.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:3.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:3.215Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:3.450Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:3.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:3.543Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:3.590Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:3.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:3.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:3.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:3.778Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:46:3.778Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:46:3.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:3.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:3.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:4.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:4.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:4.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:4.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:4.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:4.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:4.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:4.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:4.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:4.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:4.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:4.528Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
3/9/2020 - 11:46:4.528Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 11:46:4.528Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 11:46:4.528Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 11:46:4.528Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 11:46:4.528Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 11:46:4.575Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 11:46:4.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:46:4.668Open1488C:\Monitor\proc.exeC:\Monitor\WindowsCodecs.dll
3/9/2020 - 11:46:4.668Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 11:46:4.668Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 11:46:4.668Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 11:46:4.668Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 11:46:4.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:4.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:46:4.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:4.903Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:4.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:5.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:5.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:5.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:5.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:5.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:5.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:5.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:5.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:5.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:5.528Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:5.575Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:5.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:5.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:5.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:5.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:5.809Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:5.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:5.903Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:5.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:5.997Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:6.90Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:6.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:6.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:6.231Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:6.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:46:6.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:6.418Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:6.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:6.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:6.559Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:6.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:6.653Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:6.700Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:6.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:6.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:6.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:6.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:6.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:6.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:7.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:7.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:7.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:7.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:7.215Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:7.262Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:7.309Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:7.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:7.403Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 11:46:7.403Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 11:46:7.590Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 11:46:7.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:7.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:7.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:7.825Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.config
3/9/2020 - 11:46:7.825Open1488C:\Monitor\proc.exeC:\Monitor\pt-BR\ReZer0V2.resources.dll
3/9/2020 - 11:46:7.825Open1488C:\Monitor\proc.exeC:\Monitor\pt-BR\ReZer0V2.resources\ReZer0V2.resources.dll
3/9/2020 - 11:46:7.825Open1488C:\Monitor\proc.exeC:\Monitor\pt-BR\ReZer0V2.resources.exe
3/9/2020 - 11:46:7.825Open1488C:\Monitor\proc.exeC:\Monitor\pt-BR\ReZer0V2.resources\ReZer0V2.resources.exe
3/9/2020 - 11:46:7.872Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 11:46:7.872Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 11:46:8.59Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 11:46:8.59Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 11:46:8.59Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:46:8.59Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:46:8.59Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:46:8.59Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:46:8.59Unknown1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/9/2020 - 11:46:8.59Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 11:46:8.106Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 11:46:8.200Open1488C:\Monitor\proc.exeC:\Windows\Globalization\pt.nlp
3/9/2020 - 11:46:8.200Open1488C:\Monitor\proc.exeC:\Monitor\pt\ReZer0V2.resources.dll
3/9/2020 - 11:46:8.200Open1488C:\Monitor\proc.exeC:\Monitor\pt\ReZer0V2.resources\ReZer0V2.resources.dll
3/9/2020 - 11:46:8.200Open1488C:\Monitor\proc.exeC:\Monitor\pt\ReZer0V2.resources.exe
3/9/2020 - 11:46:8.200Open1488C:\Monitor\proc.exeC:\Monitor\pt\ReZer0V2.resources\ReZer0V2.resources.exe
3/9/2020 - 11:46:8.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:8.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:8.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:8.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:8.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:8.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:8.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:8.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:8.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:46:8.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:46:8.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:8.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:8.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:8.528Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:8.575Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:8.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:8.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:8.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:8.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:8.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:8.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:8.762Open1488C:\Monitor\proc.exeC:\Windows\Globalization\en-us.nlp
3/9/2020 - 11:46:8.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:8.809Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 11:46:8.809Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 11:46:8.903Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 11:46:8.903Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 11:46:8.997Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 11:46:8.997Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 11:46:8.997Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 11:46:9.43Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 11:46:9.43Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 11:46:9.90Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 11:46:9.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 11:46:9.137Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 11:46:9.137Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 11:46:9.137Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 11:46:9.137Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 11:46:9.137Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 11:46:9.137Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 11:46:9.137Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 11:46:9.137Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 11:46:9.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 11:46:19.168Open1488C:\Monitor\proc.exeC:\Monitor\shfolder.dll
3/9/2020 - 11:46:19.168Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\shfolder.dll
3/9/2020 - 11:46:19.168Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\shfolder.dll
3/9/2020 - 11:46:19.403Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 11:46:19.403Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:19.450Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:19.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:19.543Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:19.590Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:19.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:19.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:19.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:19.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:19.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:19.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:19.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:19.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:20.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:20.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:20.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:20.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:20.200Open1488C:\Monitor\proc.exeC:\Monitor\ntmarta.dll
3/9/2020 - 11:46:20.200Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ntmarta.dll
3/9/2020 - 11:46:20.200Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ntmarta.dll
3/9/2020 - 11:46:20.200Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 11:46:20.200Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 11:46:20.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:20.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:20.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:20.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:20.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:20.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:20.481Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:46:20.481Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:46:20.481Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:46:20.481Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 11:46:20.481Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 11:46:20.481Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 11:46:20.481Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:46:20.481Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 11:46:20.481Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 11:46:20.481Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:46:20.481Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:46:20.481Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 11:46:20.481Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 11:46:20.481Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 11:46:20.481Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 11:46:20.481Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 11:46:20.528Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 11:46:20.528Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:20.575Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:20.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:20.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:20.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:20.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:20.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:20.903Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 11:46:20.903Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 11:46:20.903Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 11:46:20.903Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 11:46:20.903Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:20.903Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:20.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:20.997Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:20.997Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:21.43Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:21.90Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:21.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:21.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:21.231Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:21.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:21.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:21.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:21.418Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:21.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:21.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:21.606Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 11:46:21.606Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 11:46:21.606Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp9874.tmp
3/9/2020 - 11:46:21.606Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp9874.tmp
3/9/2020 - 11:46:21.606Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp9874.tmp
3/9/2020 - 11:46:21.606Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp9874.tmp
3/9/2020 - 11:46:21.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:21.653Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:21.700Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:21.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:21.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:21.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:21.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:21.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:21.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:22.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:22.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:22.122Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll
3/9/2020 - 11:46:22.122Open1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 11:46:22.122Unknown1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 11:46:22.122Open1488C:\Monitor\proc.exeC:\Monitor\PROPSYS.dll
3/9/2020 - 11:46:22.122Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 11:46:22.122Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 11:46:22.122Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 11:46:22.122Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 11:46:22.122Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 11:46:22.122Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 11:46:22.122Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 11:46:22.122Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 11:46:22.122Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 11:46:22.122Open1488C:\Monitor\proc.exeC:\Windows\WindowsShell.Manifest
3/9/2020 - 11:46:22.122Unknown1488C:\Monitor\proc.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
3/9/2020 - 11:46:22.137Open1488C:\Monitor\proc.exeC:\Monitor\apphelp.dll
3/9/2020 - 11:46:22.137Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 11:46:22.137Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 11:46:22.137Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 11:46:22.137Open1488C:\Monitor\proc.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 11:46:22.137Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:22.137Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:22.137Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 11:46:22.137Open1488C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:22.137Unknown1488C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:22.137Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 11:46:22.137Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 11:46:22.137Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:22.137Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:22.137Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:22.137Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:22.137Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 11:46:22.137Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 11:46:22.153Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 11:46:22.153Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 11:46:22.153Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 11:46:22.153Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 11:46:22.153Read1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 11:46:22.168Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 11:46:22.168Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 11:46:22.168Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 11:46:22.168Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 11:46:22.168Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 11:46:22.168Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 11:46:22.168Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 11:46:22.168Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 11:46:22.168Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 11:46:22.168Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 11:46:22.168Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 11:46:22.168Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 11:46:22.168Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 11:46:22.184Open1488C:\Monitor\proc.exeC:\Monitor\schtasks.exe
3/9/2020 - 11:46:22.184Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:22.200Open1488C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:22.200Unknown1488C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:22.200Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 11:46:22.200Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 11:46:22.200Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:22.200Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:22.247Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 11:46:22.247Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 11:46:22.247Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 11:46:22.247Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 11:46:22.247Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
3/9/2020 - 11:46:22.247Open1488C:\Monitor\proc.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 11:46:22.247Read1488C:\Monitor\proc.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 11:46:22.247Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 11:46:22.247Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 11:46:22.247Open1488C:\Monitor\proc.exeC:\Windows\System32\propsys.dll
3/9/2020 - 11:46:22.247Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 11:46:22.247Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 11:46:22.247Open1488C:\Monitor\proc.exeC:\Windows\System32\propsys.dll
3/9/2020 - 11:46:22.262Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\urlmon.dll
3/9/2020 - 11:46:22.262Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\urlmon.dll
3/9/2020 - 11:46:22.262Open1488C:\Monitor\proc.exeC:\Monitor\Secur32.dll
3/9/2020 - 11:46:22.278Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 11:46:22.278Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 11:46:22.278Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 11:46:22.278Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 11:46:22.278Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:22.278Open1488C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:22.278Unknown1488C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:22.278Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 11:46:22.278Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 11:46:22.278Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:22.278Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:22.278Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:22.278Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:22.278Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:22.293Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 11:46:22.293Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 11:46:22.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:22.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:22.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:22.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe:Zone.Identifier
3/9/2020 - 11:46:22.293Open1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 11:46:22.293Unknown1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 11:46:22.293Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:22.309Open1488C:\Monitor\proc.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 11:46:22.309Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:22.309Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:22.309Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:22.309Open1488C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:22.309Unknown1488C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:22.309Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 11:46:22.309Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 11:46:22.309Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:22.309Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:22.309Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:22.309Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:22.309Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:22.309Read1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:22.309Read1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:22.372Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ui\SwDRM.dll
3/9/2020 - 11:46:22.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:22.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:22.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:22.418Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:22.418Open2428C:\Windows\SysWOW64\schtasks.exeC:\Windows\Prefetch\SCHTASKS.EXE-AD598958.pf
3/9/2020 - 11:46:22.418Open2428C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 11:46:22.418Open2428C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 11:46:22.418Open2428C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 11:46:22.418Open2428C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 11:46:22.418Open2428C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 11:46:22.418Open2428C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 11:46:22.418Open2428C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 11:46:22.418Open2428C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 11:46:22.434Open2428C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 11:46:22.434Unknown2428C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 11:46:22.434Open2428C:\Windows\SysWOW64\schtasks.exeC:\Monitor
3/9/2020 - 11:46:22.512Open1488C:\Monitor\proc.exeC:\Monitor\RpcRtRemote.dll
3/9/2020 - 11:46:22.512Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\RpcRtRemote.dll
3/9/2020 - 11:46:22.512Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
3/9/2020 - 11:46:22.512Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\RpcRtRemote.dll
3/9/2020 - 11:46:22.512Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
3/9/2020 - 11:46:22.762Open2428C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 11:46:22.762Open2428C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 11:46:22.762Open2428C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 11:46:22.762Open2428C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 11:46:22.918Open2428C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:22.918Open2428C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:22.918Open2428C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:22.918Open2428C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:22.918Open2428C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:22.918Open2428C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:22.965Open2428C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 11:46:22.965Open2428C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 11:46:22.965Open2428C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:22.965Open2428C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:22.965Open2428C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 11:46:22.965Unknown2428C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 11:46:22.965Open2428C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:22.965Open2428C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:22.965Open2428C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 11:46:22.965Open2428C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 11:46:22.965Open2428C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 11:46:22.965Open2428C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 11:46:23.106Open2428C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 11:46:23.106Open2428C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 11:46:23.668Open2428C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmp9874.tmp
3/9/2020 - 11:46:23.668Read2428C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmp9874.tmp
3/9/2020 - 11:46:23.668Read2428C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmp9874.tmp
3/9/2020 - 11:46:25.122Unknown2428C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 11:46:25.122Unknown2428C:\Windows\SysWOW64\schtasks.exeC:\Monitor
3/9/2020 - 11:46:25.168Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp9874.tmp
3/9/2020 - 11:46:25.168Open1488C:\Monitor\proc.exeC:\Monitor\Files\DeletedFiles
3/9/2020 - 11:46:25.168Delete1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp9874.tmp
3/9/2020 - 11:46:25.168Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp9874.tmp
3/9/2020 - 11:46:25.168Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp9874.tmp
3/9/2020 - 11:46:25.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:25.215Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:25.262Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:46:25.262Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:46:25.262Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:46:25.262Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:46:25.262Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:46:25.262Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:46:25.262Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:46:25.262Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:46:25.309Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:25.356Open2100C:\Monitor\proc.exeC:\Windows\Prefetch\PROC.EXE-5509F567.pf
3/9/2020 - 11:46:25.356Read2100C:\Monitor\proc.exeC:\Windows\Prefetch\PROC.EXE-5509F567.pfPROC.EXE-5509F567.pf
3/9/2020 - 11:46:25.356Open2100C:\Monitor\proc.exe\Device\HarddiskVolume2
3/9/2020 - 11:46:25.356Open2100C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 11:46:25.356Open2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 11:46:25.356Open2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:46:25.356Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:25.356Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 11:46:25.356Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft
3/9/2020 - 11:46:25.356Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
3/9/2020 - 11:46:25.356Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 11:46:25.356Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
3/9/2020 - 11:46:25.356Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
3/9/2020 - 11:46:25.356Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
3/9/2020 - 11:46:25.356Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
3/9/2020 - 11:46:25.356Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
3/9/2020 - 11:46:25.356Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 11:46:25.356Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft
3/9/2020 - 11:46:25.356Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
3/9/2020 - 11:46:25.356Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 11:46:25.356Open2100C:\Monitor\proc.exeC:\Windows
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Windows
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Windows
3/9/2020 - 11:46:25.356Open2100C:\Monitor\proc.exeC:\Windows\assembly
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Windows\assembly
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Windows\assembly
3/9/2020 - 11:46:25.356Open2100C:\Monitor\proc.exeC:\Windows\assembly\GAC_32
3/9/2020 - 11:46:25.356Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\GAC_32
3/9/2020 - 11:46:25.356Read2100C:\Monitor\proc.exeC:\Windows\assembly\GAC_32
3/9/2020 - 11:46:25.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:46:25.372Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\GAC_32
3/9/2020 - 11:46:25.372Open2100C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 11:46:25.372Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 11:46:25.372Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 11:46:25.372Open2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 11:46:25.372Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 11:46:25.372Read2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 11:46:25.372Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 11:46:25.372Open2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 11:46:25.372Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 11:46:25.372Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 11:46:25.372Open2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 11:46:25.372Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 11:46:25.372Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 11:46:25.372Open2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 11:46:25.372Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 11:46:25.372Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 11:46:25.372Open2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 11:46:25.372Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 11:46:25.372Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 11:46:25.372Open2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 11:46:25.372Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 11:46:25.372Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 11:46:25.372Open2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 11:46:25.372Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 11:46:25.372Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 11:46:25.372Open2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 11:46:25.372Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 11:46:25.372Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 11:46:25.372Open2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 11:46:25.372Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 11:46:25.372Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 11:46:25.372Open2100C:\Monitor\proc.exeC:\Windows\Globalization
3/9/2020 - 11:46:25.372Unknown2100C:\Monitor\proc.exeC:\Windows\Globalization
3/9/2020 - 11:46:25.372Unknown2100C:\Monitor\proc.exeC:\Windows\Globalization
3/9/2020 - 11:46:25.372Open2100C:\Monitor\proc.exeC:\Windows\Globalization\Sorting
3/9/2020 - 11:46:25.372Unknown2100C:\Monitor\proc.exeC:\Windows\Globalization\Sorting
3/9/2020 - 11:46:25.372Unknown2100C:\Monitor\proc.exeC:\Windows\Globalization\Sorting
3/9/2020 - 11:46:25.372Open2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET
3/9/2020 - 11:46:25.372Unknown2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET
3/9/2020 - 11:46:25.372Unknown2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET
3/9/2020 - 11:46:25.372Open2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 11:46:25.372Unknown2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 11:46:25.372Unknown2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 11:46:25.372Open2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\System32
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\System32
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\System32
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\Temp
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\Temp
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\Temp
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\System32\user32.dll
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\System32\user32.dll
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\System32\apisetschema.dll
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\KernelBase.dll
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\System32\locale.nls
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\System32\locale.nls
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptbase.dll
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\ASYNC_USERSYNC[1].JS
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[2].XML
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[2].XML
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\Temp\TMP000000A13589B7957053C575
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\Temp\TMP000000A2AF46498673C01EB8
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].png
3/9/2020 - 11:46:25.387Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
3/9/2020 - 11:46:25.387Open2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:46:25.403Open2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:25.403Open2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:46:25.403Read2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 11:46:25.403Read2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:25.403Read2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:46:25.403Read2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:25.403Read2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\System32\locale.nls
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:46:25.403Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\ASYNC_USERSYNC[1].JS
3/9/2020 - 11:46:25.403Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[2].XML
3/9/2020 - 11:46:25.403Open2100C:\Monitor\proc.exeC:\Windows\Temp\TMP000000A2AF46498673C01EB8
3/9/2020 - 11:46:25.403Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
3/9/2020 - 11:46:25.403Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
3/9/2020 - 11:46:25.403Read2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\System32\user32.dll
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exe\Device\HarddiskVolume2
3/9/2020 - 11:46:25.403Open2100C:\Monitor\proc.exeC:\Windows
3/9/2020 - 11:46:25.403Open2100C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 11:46:25.403Open2100C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 11:46:25.403Open2100C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 11:46:25.403Open2100C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 11:46:25.403Open2100C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 11:46:25.403Open2100C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 11:46:25.403Open2100C:\Monitor\proc.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 11:46:25.403Open2100C:\Monitor\proc.exeC:\Windows
3/9/2020 - 11:46:25.403Unknown2100C:\Monitor\proc.exeC:\Windows
3/9/2020 - 11:46:25.403Open2100C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 11:46:25.418Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 11:46:25.418Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 11:46:25.418Open2100C:\Monitor\proc.exeC:\Monitor\MSVCP60.dll
3/9/2020 - 11:46:25.418Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\msvcp60.dll
3/9/2020 - 11:46:25.418Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\msvcp60.dll
3/9/2020 - 11:46:25.465Open2100C:\Monitor\proc.exeC:\Monitor\WINMM.dll
3/9/2020 - 11:46:25.465Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\winmm.dll
3/9/2020 - 11:46:25.465Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\winmm.dll
3/9/2020 - 11:46:25.465Open2100C:\Monitor\proc.exeC:\Monitor\version.DLL
3/9/2020 - 11:46:25.465Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 11:46:25.465Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 11:46:25.465Open2100C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 11:46:25.465Open2100C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 11:46:25.465Unknown2100C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 11:46:25.465Open2100C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 11:46:25.465Open2100C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 11:46:25.465Open2100C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 11:46:25.465Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:25.465Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:25.465Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:25.465Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:25.465Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:25.465Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:25.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:25.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:25.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:25.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:25.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:25.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:25.543Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 11:46:25.543Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 11:46:25.543Open2100C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:25.543Unknown2100C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:25.543Open2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 11:46:25.543Unknown2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 11:46:25.543Open2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:46:25.543Unknown2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:46:25.543Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:25.543Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:25.543Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 11:46:25.543Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 11:46:25.543Open2100C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:46:25.543Unknown2100C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:46:25.543Open2100C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:46:25.543Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:25.543Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:25.543Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:25.543Read2100C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:46:25.543Write2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:25.543Write2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:25.543Read2100C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:46:25.543Read2100C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 11:46:25.543Write2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:25.543Write2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:25.543Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:25.543Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:25.543Write2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:25.543Open2100C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 11:46:25.543Unknown2100C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 11:46:25.543Open2100C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 11:46:25.543Unknown2100C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 11:46:25.543Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:25.543Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:25.606Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 11:46:25.606Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 11:46:25.606Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 11:46:25.606Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 11:46:25.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:25.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:25.653Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:25.653Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:25.653Open2100C:\Monitor\proc.exeC:\Monitor\PROPSYS.dll
3/9/2020 - 11:46:25.653Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 11:46:25.653Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 11:46:25.653Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 11:46:25.653Open2100C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 11:46:25.653Open2100C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 11:46:25.653Unknown2100C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 11:46:25.653Open2100C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 11:46:25.653Open2100C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 11:46:25.653Open2100C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 11:46:25.653Open2100C:\Monitor\proc.exeC:\Windows\WindowsShell.Manifest
3/9/2020 - 11:46:25.653Unknown2100C:\Monitor\proc.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
3/9/2020 - 11:46:25.653Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 11:46:25.653Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 11:46:25.653Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 11:46:25.653Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 11:46:25.653Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
3/9/2020 - 11:46:25.653Open2100C:\Monitor\proc.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 11:46:25.653Read2100C:\Monitor\proc.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 11:46:25.653Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 11:46:25.653Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 11:46:25.653Open2100C:\Monitor\proc.exeC:\Windows\System32\propsys.dll
3/9/2020 - 11:46:25.653Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 11:46:25.653Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 11:46:25.653Open2100C:\Monitor\proc.exeC:\Windows\System32\propsys.dll
3/9/2020 - 11:46:25.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:25.668Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
3/9/2020 - 11:46:25.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:25.684Unknown2100C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\Users\desktop.ini
3/9/2020 - 11:46:25.684Read2100C:\Monitor\proc.exeC:\Users\desktop.ini
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 11:46:25.684Unknown2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:46:25.684Unknown2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\Users\Behemot\Searches\desktop.ini
3/9/2020 - 11:46:25.684Read2100C:\Monitor\proc.exeC:\Users\Behemot\Searches\desktop.ini
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:25.684Unknown2100C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 11:46:25.684Unknown2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:46:25.684Unknown2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\Users\Behemot\Videos\desktop.ini
3/9/2020 - 11:46:25.684Read2100C:\Monitor\proc.exeC:\Users\Behemot\Videos\desktop.ini
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:25.684Unknown2100C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 11:46:25.684Unknown2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:46:25.684Unknown2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\Users\Behemot\Pictures\desktop.ini
3/9/2020 - 11:46:25.684Read2100C:\Monitor\proc.exeC:\Users\Behemot\Pictures\desktop.ini
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:25.684Unknown2100C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 11:46:25.684Unknown2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:46:25.684Unknown2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:25.684Unknown2100C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 11:46:25.684Unknown2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:46:25.684Unknown2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\Users\Behemot\Contacts\desktop.ini
3/9/2020 - 11:46:25.684Read2100C:\Monitor\proc.exeC:\Users\Behemot\Contacts\desktop.ini
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:25.684Unknown2100C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 11:46:25.684Unknown2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:46:25.684Unknown2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\Users\Behemot\Favorites\desktop.ini
3/9/2020 - 11:46:25.684Read2100C:\Monitor\proc.exeC:\Users\Behemot\Favorites\desktop.ini
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:25.684Unknown2100C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 11:46:25.684Unknown2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:46:25.684Unknown2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\Users\Behemot\Music\desktop.ini
3/9/2020 - 11:46:25.684Read2100C:\Monitor\proc.exeC:\Users\Behemot\Music\desktop.ini
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:25.684Unknown2100C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 11:46:25.684Unknown2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:46:25.684Unknown2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\Users\Behemot\Downloads\desktop.ini
3/9/2020 - 11:46:25.684Read2100C:\Monitor\proc.exeC:\Users\Behemot\Downloads\desktop.ini
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:25.684Unknown2100C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 11:46:25.684Unknown2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:46:25.684Unknown2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:46:25.684Open2100C:\Monitor\proc.exeC:\Users\Behemot\Documents\desktop.ini
3/9/2020 - 11:46:25.684Read2100C:\Monitor\proc.exeC:\Users\Behemot\Documents\desktop.ini
3/9/2020 - 11:46:25.747Open2100C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:25.747Unknown2100C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:25.747Open2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 11:46:25.747Unknown2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 11:46:25.747Open2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:46:25.747Unknown2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:46:25.747Open2100C:\Monitor\proc.exeC:\Users\Behemot\Links\desktop.ini
3/9/2020 - 11:46:25.747Read2100C:\Monitor\proc.exeC:\Users\Behemot\Links\desktop.ini
3/9/2020 - 11:46:25.747Open2100C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:25.747Unknown2100C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:25.747Open2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 11:46:25.747Unknown2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 11:46:25.747Open2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:46:25.747Unknown2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:46:25.747Open2100C:\Monitor\proc.exeC:\Users\Behemot\Saved Games\desktop.ini
3/9/2020 - 11:46:25.747Read2100C:\Monitor\proc.exeC:\Users\Behemot\Saved Games\desktop.ini
3/9/2020 - 11:46:25.747Open2100C:\Monitor\proc.exeC:\Monitor\apphelp.dll
3/9/2020 - 11:46:25.747Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 11:46:25.747Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 11:46:25.747Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 11:46:25.747Open2100C:\Monitor\proc.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 11:46:25.747Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:25.747Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:25.747Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 11:46:25.747Open2100C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:25.747Unknown2100C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:25.747Open2100C:\Monitor\proc.exeC:\Windows
3/9/2020 - 11:46:25.747Unknown2100C:\Monitor\proc.exeC:\Windows
3/9/2020 - 11:46:25.747Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:25.762Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:25.762Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:25.762Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:25.762Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 11:46:25.762Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 11:46:25.809Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:46:25.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:46:25.856Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.1488.1116890
3/9/2020 - 11:46:25.856Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.1488.1116890
3/9/2020 - 11:46:25.856Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.1488.1116890
3/9/2020 - 11:46:25.903Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 11:46:25.950Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 11:46:25.950Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 11:46:25.950Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 11:46:25.950Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 11:46:25.950Read2100C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 11:46:25.950Read1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 11:46:25.950Read2100C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 11:46:25.950Read1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 11:46:25.950Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 11:46:25.965Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 11:46:25.965Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 11:46:25.965Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 11:46:25.965Unknown1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 11:46:25.965Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:46:25.965Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:46:25.965Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 11:46:25.965Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 11:46:25.965Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 11:46:25.965Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 11:46:25.965Open2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:46:25.965Unknown2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:46:25.965Open2100C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:25.965Unknown2100C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:25.965Open2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 11:46:25.965Unknown2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 11:46:26.43Open2100C:\Monitor\proc.exeC:\Monitor\Secur32.dll
3/9/2020 - 11:46:26.43Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 11:46:26.43Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 11:46:26.43Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 11:46:26.43Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 11:46:26.43Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 11:46:26.43Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 11:46:26.43Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:26.43Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:26.43Open2100C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:26.43Unknown2100C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:26.43Open2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 11:46:26.43Unknown2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 11:46:26.43Open2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:46:26.43Unknown2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:46:26.43Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:26.43Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:26.43Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 11:46:26.43Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 11:46:26.43Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 11:46:26.43Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 11:46:26.43Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:26.43Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:26.43Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 11:46:26.43Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 11:46:26.43Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 11:46:26.43Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 11:46:26.43Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:26.43Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:26.43Open2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:46:26.43Unknown2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 11:46:26.43Open2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 11:46:26.43Unknown2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 11:46:26.43Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:26.43Open2100C:\Monitor\proc.exeC:\Monitor\api-ms-win-downlevel-advapi32-l2-1-0.dll
3/9/2020 - 11:46:26.43Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
3/9/2020 - 11:46:26.43Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
3/9/2020 - 11:46:26.43Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
3/9/2020 - 11:46:26.43Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
3/9/2020 - 11:46:26.90Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:26.90Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:26.90Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:26.90Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:26.90Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:26.90Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs:Zone.Identifier
3/9/2020 - 11:46:26.90Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:26.90Read2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:26.90Read2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:26.90Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:26.90Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:26.90Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:26.184Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:26.184Open2100C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 11:46:26.184Unknown2100C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 11:46:26.184Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:26.278Open2100C:\Monitor\proc.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 11:46:26.278Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:26.278Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:26.278Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:26.278Open2100C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:26.278Unknown2100C:\Monitor\proc.exeC:\
3/9/2020 - 11:46:26.278Open2100C:\Monitor\proc.exeC:\Windows
3/9/2020 - 11:46:26.278Unknown2100C:\Monitor\proc.exeC:\Windows
3/9/2020 - 11:46:26.278Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:26.278Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:26.278Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:26.278Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:26.278Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:26.278Read2100C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:26.278Read2100C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:26.372Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\ui\SwDRM.dll
3/9/2020 - 11:46:26.372Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:26.372Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:26.372Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:26.372Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\en\WScript.exe.mui
3/9/2020 - 11:46:26.372Open2100C:\Monitor\proc.exeC:\Windows\System32\en\WScript.exe.mui
3/9/2020 - 11:46:26.372Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:26.418Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\Prefetch\WSCRIPT.EXE-9093C9D0.pf
3/9/2020 - 11:46:26.418Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 11:46:26.418Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64.dll
3/9/2020 - 11:46:26.418Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64.dll
3/9/2020 - 11:46:26.418Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 11:46:26.418Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 11:46:26.418Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 11:46:26.418Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 11:46:26.418Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 11:46:26.418Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 11:46:26.418Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 11:46:26.418Open2452C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 11:46:26.434Unknown2100C:\Monitor\proc.exeC:\Windows
3/9/2020 - 11:46:26.434Unknown2100C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 11:46:26.434Unknown2100C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 11:46:26.434Unknown2100C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 11:46:26.434Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 11:46:26.434Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 11:46:26.434Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 11:46:26.434Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 11:46:26.434Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:26.434Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:26.434Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:26.434Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:26.434Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:26.434Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:26.434Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 11:46:26.434Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 11:46:26.434Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 11:46:26.434Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 11:46:26.637Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:26.684Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:26.684Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:26.684Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:26.684Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:26.684Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:26.684Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:26.684Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 11:46:26.684Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 11:46:26.684Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:26.684Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:26.684Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:26.684Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:26.684Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:26.684Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:26.684Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:26.684Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:26.684Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:26.684Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:26.684Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:26.684Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:26.684Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:26.684Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\sxs.dll
3/9/2020 - 11:46:26.684Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\sxs.dll
3/9/2020 - 11:46:26.747Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\dwmapi.dll
3/9/2020 - 11:46:26.747Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\dwmapi.dll
3/9/2020 - 11:46:26.747Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\vbscript.dll
3/9/2020 - 11:46:26.747Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\vbscript.dll
3/9/2020 - 11:46:27.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:27.356Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:27.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 11:46:27.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 11:46:27.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:27.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:27.356Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:27.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:27.356Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:27.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:27.356Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:27.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:27.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 11:46:27.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 11:46:27.356Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 11:46:27.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 11:46:27.356Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 11:46:27.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 11:46:27.356Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 11:46:27.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 11:46:27.356Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 11:46:27.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 11:46:27.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 11:46:27.356Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 11:46:27.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 11:46:27.356Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 11:46:27.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 11:46:27.356Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 11:46:27.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 11:46:27.356Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 11:46:27.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:27.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:27.356Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:27.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:27.356Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:27.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:27.356Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:27.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:27.356Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:27.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 11:46:27.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 11:46:27.356Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 11:46:27.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 11:46:27.356Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 11:46:27.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 11:46:27.356Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 11:46:27.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 11:46:27.356Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 11:46:27.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 11:46:27.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 11:46:27.356Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 11:46:27.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 11:46:27.356Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 11:46:27.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 11:46:27.356Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 11:46:27.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 11:46:27.372Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 11:46:27.372Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:27.372Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:27.372Open2452C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 11:46:27.372Unknown2452C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 11:46:27.372Open2452C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 11:46:27.372Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 11:46:27.372Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 11:46:27.372Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 11:46:27.372Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:27.372Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:27.372Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 11:46:27.372Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 11:46:27.372Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 11:46:27.372Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 11:46:27.372Read2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:27.372Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 11:46:27.372Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 11:46:27.372Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:27.372Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:27.372Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:27.372Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:27.372Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:27.372Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:27.372Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:27.372Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:27.372Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:27.372Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:27.481Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:27.481Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:27.481Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\msisip.dll
3/9/2020 - 11:46:27.481Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\msisip.dll
3/9/2020 - 11:46:27.481Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:27.481Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:27.481Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:27.481Read2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:27.481Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:27.481Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshext.dll
3/9/2020 - 11:46:27.481Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshext.dll
3/9/2020 - 11:46:27.715Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\WScript.exe.Local
3/9/2020 - 11:46:27.715Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
3/9/2020 - 11:46:27.715Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
3/9/2020 - 11:46:27.715Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
3/9/2020 - 11:46:27.715Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
3/9/2020 - 11:46:27.715Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
3/9/2020 - 11:46:27.997Read2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:27.997Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrobj.dll
3/9/2020 - 11:46:28.43Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrobj.dll
3/9/2020 - 11:46:28.418Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\mlang.dll
3/9/2020 - 11:46:28.418Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\mlang.dll
3/9/2020 - 11:46:28.465Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:29.684Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 11:46:29.684Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 11:46:30.12Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 11:46:30.12Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 11:46:30.12Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 11:46:30.12Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 11:46:30.12Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 11:46:30.12Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 11:46:30.12Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 11:46:30.12Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 11:46:30.12Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 11:46:30.12Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 11:46:30.12Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 11:46:30.12Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 11:46:30.12Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 11:46:30.12Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 11:46:30.12Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 11:46:30.12Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 11:46:30.12Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 11:46:30.12Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 11:46:30.12Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 11:46:30.12Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 11:46:30.12Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 11:46:30.12Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 11:46:30.59Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 11:46:30.247Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\mpr.dll
3/9/2020 - 11:46:30.247Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\mpr.dll
3/9/2020 - 11:46:30.247Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 11:46:30.247Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 11:46:30.247Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 11:46:30.247Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 11:46:30.247Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 11:46:30.247Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 11:46:30.247Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 11:46:30.247Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 11:46:30.247Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 11:46:30.247Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 11:46:30.247Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 11:46:30.247Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 11:46:30.247Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 11:46:30.247Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 11:46:30.247Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 11:46:30.247Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 11:46:30.247Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 11:46:30.247Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 11:46:30.247Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 11:46:30.247Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 11:46:30.247Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 11:46:30.247Open2452C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 11:46:30.247Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 11:46:30.293Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 11:46:30.293Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 11:46:30.293Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 11:46:30.293Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\WScript.exe.Local
3/9/2020 - 11:46:30.293Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 11:46:30.293Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 11:46:30.293Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 11:46:30.293Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 11:46:30.293Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 11:46:30.293Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\WindowsShell.Manifest
3/9/2020 - 11:46:30.293Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
3/9/2020 - 11:46:30.293Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 11:46:30.293Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 11:46:30.293Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 11:46:30.293Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 11:46:30.293Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 11:46:30.293Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 11:46:30.293Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 11:46:30.293Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 11:46:30.293Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 11:46:30.293Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 11:46:30.309Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\WScript.exe.Local
3/9/2020 - 11:46:30.309Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 11:46:30.309Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 11:46:30.309Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 11:46:30.309Open2452C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 11:46:30.309Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 11:46:30.309Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:30.309Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:30.309Open2452C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 11:46:30.309Unknown2452C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 11:46:30.309Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 11:46:30.309Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 11:46:30.309Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:30.309Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:30.309Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 11:46:30.309Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 11:46:30.309Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 11:46:30.309Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 11:46:30.309Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 11:46:30.309Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 11:46:30.309Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
3/9/2020 - 11:46:30.309Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 11:46:30.325Read2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 11:46:30.325Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 11:46:30.325Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 11:46:30.325Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\propsys.dll
3/9/2020 - 11:46:30.325Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 11:46:30.325Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 11:46:30.325Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\propsys.dll
3/9/2020 - 11:46:30.325Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\urlmon.dll
3/9/2020 - 11:46:30.325Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\urlmon.dll
3/9/2020 - 11:46:30.325Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 11:46:30.325Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 11:46:30.340Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 11:46:30.340Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 11:46:30.340Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 11:46:30.340Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 11:46:30.340Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 11:46:30.340Open2452C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 11:46:30.340Unknown2452C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 11:46:30.340Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 11:46:30.340Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 11:46:30.340Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:30.340Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:30.340Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 11:46:30.340Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:30.340Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:30.340Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 11:46:30.340Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 11:46:30.340Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 11:46:30.340Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 11:46:30.340Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 11:46:30.340Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe:Zone.Identifier
3/9/2020 - 11:46:30.340Open2452C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 11:46:30.340Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 11:46:30.340Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 11:46:30.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 11:46:30.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 11:46:30.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 11:46:30.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:30.356Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:30.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 11:46:30.356Open2452C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 11:46:30.356Unknown2452C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 11:46:30.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 11:46:30.356Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 11:46:30.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:30.356Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:30.356Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:30.372Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:30.372Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 11:46:30.372Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 11:46:30.372Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 11:46:30.372Read2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 11:46:30.372Open2452C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\ui\SwDRM.dll
3/9/2020 - 11:46:30.372Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 11:46:30.418Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 11:46:30.418Open2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:30.418Open2452C:\Windows\SysWOW64\wscript.exeC:\Monitor\Files\DeletedFiles
3/9/2020 - 11:46:30.418Delete2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:30.418Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:30.418Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 11:46:30.418Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 11:46:30.418Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
3/9/2020 - 11:46:30.418Read2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
3/9/2020 - 11:46:30.418Read2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
3/9/2020 - 11:46:30.418Open2168C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
3/9/2020 - 11:46:30.418Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 11:46:30.418Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 11:46:30.418Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 11:46:30.418Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
3/9/2020 - 11:46:30.418Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
3/9/2020 - 11:46:30.418Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
3/9/2020 - 11:46:30.418Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
3/9/2020 - 11:46:30.418Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
3/9/2020 - 11:46:30.418Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
3/9/2020 - 11:46:30.418Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
3/9/2020 - 11:46:30.418Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
3/9/2020 - 11:46:30.418Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
3/9/2020 - 11:46:30.418Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
3/9/2020 - 11:46:30.418Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
3/9/2020 - 11:46:30.418Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
3/9/2020 - 11:46:30.418Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:30.418Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:30.418Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:30.418Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
3/9/2020 - 11:46:30.418Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
3/9/2020 - 11:46:30.418Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
3/9/2020 - 11:46:30.418Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 11:46:30.418Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 11:46:30.434Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
3/9/2020 - 11:46:30.434Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
3/9/2020 - 11:46:30.434Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 11:46:30.434Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 11:46:30.434Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 11:46:30.434Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 11:46:30.434Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 11:46:30.434Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 11:46:30.434Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 11:46:30.434Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 11:46:30.434Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
3/9/2020 - 11:46:30.434Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
3/9/2020 - 11:46:30.434Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 11:46:30.434Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 11:46:30.434Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dll
3/9/2020 - 11:46:30.434Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 11:46:30.434Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dll
3/9/2020 - 11:46:30.434Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 11:46:30.434Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
3/9/2020 - 11:46:30.434Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
3/9/2020 - 11:46:30.434Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 11:46:30.434Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 11:46:30.434Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 11:46:30.434Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 11:46:30.434Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 11:46:30.434Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 11:46:30.434Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 11:46:30.434Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 11:46:30.434Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 11:46:30.434Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 11:46:30.434Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 11:46:30.434Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 11:46:30.434Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 11:46:30.434Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 11:46:30.434Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 11:46:30.434Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 11:46:30.434Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 11:46:30.434Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 11:46:30.434Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 11:46:30.434Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 11:46:30.434Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 11:46:30.434Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 11:46:30.434Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dll
3/9/2020 - 11:46:30.434Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 11:46:30.434Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:30.434Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:30.434Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 11:46:30.434Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 11:46:30.434Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 11:46:30.434Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 11:46:30.434Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 11:46:30.434Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 11:46:30.434Open2168C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
3/9/2020 - 11:46:30.434Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 11:46:30.434Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 11:46:30.434Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
3/9/2020 - 11:46:30.434Read2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 11:46:30.434Read2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 11:46:30.434Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
3/9/2020 - 11:46:30.434Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 11:46:30.434Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 11:46:30.434Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 11:46:30.434Read2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 11:46:30.450Open2168C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
3/9/2020 - 11:46:30.450Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
3/9/2020 - 11:46:30.450Read2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 11:46:30.450Read2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 11:46:30.450Read2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 11:46:30.450Read2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 11:46:30.450Read2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 11:46:30.450Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 11:46:30.450Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
3/9/2020 - 11:46:30.450Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 11:46:30.450Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 11:46:30.450Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 11:46:30.450Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 11:46:30.450Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
3/9/2020 - 11:46:30.450Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 11:46:30.450Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 11:46:30.450Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 11:46:30.450Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 11:46:30.450Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 11:46:30.450Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 11:46:30.450Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 11:46:30.450Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 11:46:30.450Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 11:46:30.450Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 11:46:30.450Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 11:46:30.450Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 11:46:30.450Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 11:46:30.450Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 11:46:30.450Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:30.450Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 11:46:30.450Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 11:46:30.450Unknown2168C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
3/9/2020 - 11:46:30.450Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 11:46:30.450Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
3/9/2020 - 11:46:30.450Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
3/9/2020 - 11:46:30.465Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 11:46:30.465Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 11:46:30.465Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 11:46:30.465Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 11:46:30.465Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 11:46:30.465Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 11:46:30.465Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 11:46:30.465Open2168C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 11:46:30.528Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 11:46:30.528Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 11:46:30.528Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
3/9/2020 - 11:46:30.528Unknown2452C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 11:46:30.668Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 11:46:30.668Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 11:46:30.668Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 11:46:30.668Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 11:46:30.668Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:30.668Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:30.668Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:30.684Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:30.684Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:30.684Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:30.684Read2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 11:46:30.684Open2168C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 11:46:30.684Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 11:46:30.684Open2168C:\Windows\SysWOW64\cmd.exeC:\
3/9/2020 - 11:46:30.684Unknown2168C:\Windows\SysWOW64\cmd.exeC:\
3/9/2020 - 11:46:30.684Open2168C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 11:46:30.684Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 11:46:30.684Open2168C:\Windows\SysWOW64\cmd.exeC:\
3/9/2020 - 11:46:30.684Unknown2168C:\Windows\SysWOW64\cmd.exeC:\
3/9/2020 - 11:46:30.684Open2168C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 11:46:30.684Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 11:46:30.684Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 11:46:30.684Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 11:46:30.684Open2168C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 11:46:30.684Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 11:46:30.684Open2168C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:30.684Read2168C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:30.684Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 11:46:30.684Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 11:46:30.684Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 11:46:30.684Open2168C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 11:46:30.684Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 11:46:30.684Open2168C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:30.684Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:30.684Open2168C:\Windows\SysWOW64\cmd.exeC:\
3/9/2020 - 11:46:30.684Unknown2168C:\Windows\SysWOW64\cmd.exeC:\
3/9/2020 - 11:46:30.684Open2168C:\Windows\SysWOW64\cmd.exeC:\Users
3/9/2020 - 11:46:30.684Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Users
3/9/2020 - 11:46:30.684Open2168C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
3/9/2020 - 11:46:30.684Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
3/9/2020 - 11:46:30.684Open2168C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:30.684Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:30.684Open2168C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 11:46:30.684Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 11:46:30.684Open2168C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 11:46:30.684Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 11:46:30.684Open2168C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 11:46:30.684Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 11:46:30.684Open2168C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:30.684Read2168C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:30.684Open2168C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\ui\SwDRM.dll
3/9/2020 - 11:46:30.700Open2168C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:30.700Open2168C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:30.700Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:30.700Open2168C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:30.700Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:30.700Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:30.700Read2168C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:30.700Read2168C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:30.747Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Prefetch\REMCOS.EXE-473216CB.pf
3/9/2020 - 11:46:30.747Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 11:46:30.747Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 11:46:30.747Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 11:46:30.747Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 11:46:30.747Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 11:46:30.747Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 11:46:30.747Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 11:46:30.747Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 11:46:30.747Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 11:46:30.747Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 11:46:30.747Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 11:46:30.747Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 11:46:30.747Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 11:46:30.747Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 11:46:30.747Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 11:46:30.747Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\MSCOREE.DLL.local
3/9/2020 - 11:46:30.747Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 11:46:30.747Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 11:46:30.747Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
3/9/2020 - 11:46:30.747Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
3/9/2020 - 11:46:30.747Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:30.747Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:30.747Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:30.747Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:30.747Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:30.747Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:30.825Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.config
3/9/2020 - 11:46:30.825Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:30.825Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:30.825Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:30.825Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:30.825Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 11:46:30.825Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 11:46:30.825Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 11:46:30.825Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 11:46:30.825Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 11:46:30.825Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 11:46:30.825Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 11:46:30.825Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 11:46:30.825Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:46:30.825Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:46:30.825Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:46:30.825Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 11:46:30.825Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 11:46:30.825Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 11:46:30.825Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 11:46:30.825Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 11:46:30.825Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 11:46:30.825Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 11:46:30.825Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 11:46:30.825Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 11:46:30.825Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 11:46:30.825Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:46:30.825Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:46:30.825Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 11:46:30.825Read2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 11:46:30.825Read2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 11:46:30.825Read2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 11:46:30.825Read2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 11:46:30.825Read2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 11:46:30.825Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.config
3/9/2020 - 11:46:30.825Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
3/9/2020 - 11:46:30.825Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
3/9/2020 - 11:46:30.825Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
3/9/2020 - 11:46:30.825Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
3/9/2020 - 11:46:30.825Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
3/9/2020 - 11:46:30.840Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 11:46:30.840Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 11:46:30.840Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 11:46:30.840Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 11:46:30.840Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 11:46:30.840Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 11:46:30.840Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 11:46:30.840Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 11:46:30.840Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
3/9/2020 - 11:46:30.840Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
3/9/2020 - 11:46:30.840Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
3/9/2020 - 11:46:30.840Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 11:46:30.840Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:30.840Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 11:46:30.840Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:30.840Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 11:46:30.840Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 11:46:30.840Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:30.840Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:30.840Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 11:46:30.840Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 11:46:30.840Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 11:46:30.840Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 11:46:30.840Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 11:46:30.840Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 11:46:30.840Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:30.840Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:30.840Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 11:46:30.840Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 11:46:30.840Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 11:46:30.840Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 11:46:30.840Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:30.840Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:30.840Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
3/9/2020 - 11:46:30.840Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 11:46:30.840Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 11:46:30.840Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 11:46:30.840Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 11:46:30.918Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 11:46:30.918Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 11:46:30.918Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 11:46:30.918Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.config
3/9/2020 - 11:46:30.918Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:30.918Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:30.918Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 11:46:30.918Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 11:46:30.918Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:30.918Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:30.918Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 11:46:30.918Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 11:46:30.918Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 11:46:30.918Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 11:46:30.918Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:46:30.918Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:46:30.918Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:46:30.918Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\pubpol4.dat
3/9/2020 - 11:46:30.918Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
3/9/2020 - 11:46:30.918Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 11:46:30.918Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 11:46:30.918Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 11:46:30.918Read2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 11:46:30.918Read2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 11:46:30.918Read2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 11:46:30.918Read2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 11:46:30.918Read2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 11:46:30.918Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 11:46:30.918Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 11:46:30.918Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:30.918Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 11:46:30.918Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:30.918Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 11:46:30.918Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:46:30.918Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 11:46:30.918Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:46:30.918Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 11:46:30.918Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:46:30.918Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 11:46:30.934Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:46:30.934Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 11:46:30.934Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 11:46:30.934Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
3/9/2020 - 11:46:30.934Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
3/9/2020 - 11:46:30.934Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 11:46:30.934Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 11:46:30.934Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
3/9/2020 - 11:46:30.934Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
3/9/2020 - 11:46:30.934Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 11:46:30.934Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\pt-br.nlp
3/9/2020 - 11:46:30.965Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 11:46:30.965Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 11:46:30.965Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 11:46:30.965Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 11:46:30.965Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:30.965Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 11:46:30.965Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 11:46:30.965Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 11:46:30.965Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 11:46:30.965Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 11:46:30.965Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:30.965Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 11:46:30.965Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:30.965Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:30.965Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
3/9/2020 - 11:46:30.965Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\VERSION.dll
3/9/2020 - 11:46:30.965Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 11:46:30.981Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 11:46:30.981Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 11:46:30.981Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:30.981Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 11:46:30.981Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:30.981Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
3/9/2020 - 11:46:30.981Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\bcrypt.dll
3/9/2020 - 11:46:30.981Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 11:46:30.981Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 11:46:30.981Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\CRYPTSP.dll
3/9/2020 - 11:46:30.981Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 11:46:30.981Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 11:46:30.981Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:30.981Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:30.981Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:30.981Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:30.981Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:30.981Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:30.981Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:30.981Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:30.981Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:30.981Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:30.997Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:30.997Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:30.997Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:30.997Read2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:30.997Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:30.997Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
3/9/2020 - 11:46:30.997Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 11:46:30.997Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 11:46:30.997Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 11:46:31.59Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 11:46:31.59Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 11:46:31.59Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 11:46:31.59Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\WindowsCodecs.dll
3/9/2020 - 11:46:31.59Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 11:46:31.59Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 11:46:31.59Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 11:46:31.59Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 11:46:31.168Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 11:46:31.168Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 11:46:31.168Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.config
3/9/2020 - 11:46:31.168Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt-BR\ReZer0V2.resources.dll
3/9/2020 - 11:46:31.168Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt-BR\ReZer0V2.resources\ReZer0V2.resources.dll
3/9/2020 - 11:46:31.168Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt-BR\ReZer0V2.resources.exe
3/9/2020 - 11:46:31.168Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt-BR\ReZer0V2.resources\ReZer0V2.resources.exe
3/9/2020 - 11:46:31.168Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 11:46:31.168Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 11:46:31.168Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 11:46:31.168Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 11:46:31.168Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:46:31.168Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:46:31.168Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:46:31.168Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:46:31.168Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 11:46:31.168Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 11:46:31.168Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\pt.nlp
3/9/2020 - 11:46:31.184Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt\ReZer0V2.resources.dll
3/9/2020 - 11:46:31.184Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt\ReZer0V2.resources\ReZer0V2.resources.dll
3/9/2020 - 11:46:31.184Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt\ReZer0V2.resources.exe
3/9/2020 - 11:46:31.184Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt\ReZer0V2.resources\ReZer0V2.resources.exe
3/9/2020 - 11:46:31.184Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\en-us.nlp
3/9/2020 - 11:46:31.184Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 11:46:31.184Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 11:46:31.184Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 11:46:31.184Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 11:46:31.184Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 11:46:31.184Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 11:46:31.184Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 11:46:31.184Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 11:46:31.247Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 11:46:31.247Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 11:46:31.247Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 11:46:31.247Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 11:46:31.247Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 11:46:31.247Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 11:46:41.247Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\shfolder.dll
3/9/2020 - 11:46:41.247Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shfolder.dll
3/9/2020 - 11:46:41.247Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shfolder.dll
3/9/2020 - 11:46:41.247Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 11:46:41.247Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 11:46:41.293Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 11:46:41.293Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 11:46:41.293Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpE55C.tmp
3/9/2020 - 11:46:41.293Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpE55C.tmp
3/9/2020 - 11:46:41.293Write2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpE55C.tmp
3/9/2020 - 11:46:41.293Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpE55C.tmp
3/9/2020 - 11:46:41.293Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll
3/9/2020 - 11:46:41.293Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 11:46:41.293Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 11:46:41.293Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\PROPSYS.dll
3/9/2020 - 11:46:41.293Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 11:46:41.293Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 11:46:41.293Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 11:46:41.293Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 11:46:41.293Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 11:46:41.293Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 11:46:41.293Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 11:46:41.293Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 11:46:41.293Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 11:46:41.293Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\WindowsShell.Manifest
3/9/2020 - 11:46:41.293Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
3/9/2020 - 11:46:41.293Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\apphelp.dll
3/9/2020 - 11:46:41.293Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 11:46:41.293Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 11:46:41.293Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 11:46:41.293Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 11:46:41.293Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 11:46:41.309Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 11:46:41.309Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 11:46:41.309Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 11:46:41.309Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 11:46:41.309Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 11:46:41.309Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 11:46:41.309Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 11:46:41.309Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 11:46:41.309Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 11:46:41.325Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\schtasks.exe
3/9/2020 - 11:46:41.325Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:41.325Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 11:46:41.325Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 11:46:41.325Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 11:46:41.325Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 11:46:41.325Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:41.325Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:41.325Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 11:46:41.325Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 11:46:41.325Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 11:46:41.325Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 11:46:41.325Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
3/9/2020 - 11:46:41.325Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 11:46:41.325Read2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 11:46:41.325Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 11:46:41.325Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 11:46:41.325Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\propsys.dll
3/9/2020 - 11:46:41.325Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 11:46:41.325Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 11:46:41.325Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\propsys.dll
3/9/2020 - 11:46:41.325Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\urlmon.dll
3/9/2020 - 11:46:41.325Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\urlmon.dll
3/9/2020 - 11:46:41.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\Secur32.dll
3/9/2020 - 11:46:41.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 11:46:41.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 11:46:41.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 11:46:41.387Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 11:46:41.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:41.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 11:46:41.387Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 11:46:41.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 11:46:41.387Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 11:46:41.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:41.387Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:41.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:41.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:41.387Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:41.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 11:46:41.387Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 11:46:41.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:41.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:41.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:41.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe:Zone.Identifier
3/9/2020 - 11:46:41.403Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 11:46:41.403Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 11:46:41.403Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:41.403Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 11:46:41.403Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:41.403Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:41.403Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:41.403Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 11:46:41.403Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 11:46:41.403Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 11:46:41.403Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 11:46:41.403Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:41.403Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:41.403Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:41.403Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:41.403Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:41.403Read2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:41.403Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ui\SwDRM.dll
3/9/2020 - 11:46:41.465Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\Prefetch\SCHTASKS.EXE-AD598958.pf
3/9/2020 - 11:46:41.465Read548C:\Windows\SysWOW64\schtasks.exeC:\Windows\Prefetch\SCHTASKS.EXE-AD598958.pfSCHTASKS.EXE-AD598958.pf
3/9/2020 - 11:46:41.465Open548C:\Windows\SysWOW64\schtasks.exe\Device\HarddiskVolume2
3/9/2020 - 11:46:41.465Open548C:\Windows\SysWOW64\schtasks.exeC:\Users
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Users
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Users
3/9/2020 - 11:46:41.465Open548C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot
3/9/2020 - 11:46:41.465Open548C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:41.465Open548C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 11:46:41.465Open548C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 11:46:41.465Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 11:46:41.465Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization
3/9/2020 - 11:46:41.465Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting
3/9/2020 - 11:46:41.465Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32
3/9/2020 - 11:46:41.465Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:41.465Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 11:46:41.465Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 11:46:41.465Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 11:46:41.465Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 11:46:41.465Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 11:46:41.465Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 11:46:41.465Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\user32.dll
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\user32.dll
3/9/2020 - 11:46:41.465Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 11:46:41.465Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\apisetschema.dll
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 11:46:41.465Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\KernelBase.dll
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 11:46:41.465Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\locale.nls
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\locale.nls
3/9/2020 - 11:46:41.465Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:41.465Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 11:46:41.465Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 11:46:41.465Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 11:46:41.465Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 11:46:41.465Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 11:46:41.465Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 11:46:41.465Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 11:46:41.481Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 11:46:41.481Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 11:46:41.481Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 11:46:41.481Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\cryptbase.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 11:46:41.481Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 11:46:41.481Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\oleaut32.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\oleaut32.dll
3/9/2020 - 11:46:41.481Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 11:46:41.481Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 11:46:41.481Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:41.481Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 11:46:41.481Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 11:46:41.481Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 11:46:41.481Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 11:46:41.481Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\clbcatq.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\clbcatq.dll
3/9/2020 - 11:46:41.481Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 11:46:41.481Open548C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\TMP9874.TMP
3/9/2020 - 11:46:41.481Read548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 11:46:41.481Read548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\locale.nls
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\user32.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\oleaut32.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\clbcatq.dll
3/9/2020 - 11:46:41.481Unknown548C:\Windows\SysWOW64\schtasks.exe\Device\HarddiskVolume2
3/9/2020 - 11:46:41.481Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 11:46:41.481Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 11:46:41.481Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 11:46:41.481Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 11:46:41.481Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 11:46:41.481Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 11:46:41.497Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 11:46:41.497Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 11:46:41.497Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 11:46:41.497Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 11:46:41.497Open548C:\Windows\SysWOW64\schtasks.exeC:\Monitor
3/9/2020 - 11:46:41.590Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\RpcRtRemote.dll
3/9/2020 - 11:46:41.590Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\RpcRtRemote.dll
3/9/2020 - 11:46:41.590Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
3/9/2020 - 11:46:41.590Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\RpcRtRemote.dll
3/9/2020 - 11:46:41.590Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
3/9/2020 - 11:46:41.731Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 11:46:41.731Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 11:46:41.731Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 11:46:41.731Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 11:46:41.747Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:41.747Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:41.747Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:41.747Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:41.747Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:41.747Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:41.747Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 11:46:41.747Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 11:46:41.747Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:41.747Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:41.747Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 11:46:41.747Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 11:46:41.747Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:41.747Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:41.747Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 11:46:41.747Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 11:46:41.747Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 11:46:41.747Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 11:46:41.934Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 11:46:41.934Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 11:46:41.981Open548C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmpE55C.tmp
3/9/2020 - 11:46:41.981Read548C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmpE55C.tmp
3/9/2020 - 11:46:41.981Read548C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmpE55C.tmp
3/9/2020 - 11:46:41.981Open548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
3/9/2020 - 11:46:42.28Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 11:46:42.28Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Monitor
3/9/2020 - 11:46:42.28Unknown548C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.muiKernelBase.dll.mui
3/9/2020 - 11:46:42.90Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpE55C.tmp
3/9/2020 - 11:46:42.90Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles
3/9/2020 - 11:46:42.90Delete2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpE55C.tmp
3/9/2020 - 11:46:42.90Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpE55C.tmp
3/9/2020 - 11:46:42.90Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpE55C.tmp
3/9/2020 - 11:46:42.90Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:42.90Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:42.90Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:42.90Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:42.90Read2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:42.90Read2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:42.90Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:42.137Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
3/9/2020 - 11:46:42.137Read2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:42.184Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:42.184Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:42.184Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:42.184Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:42.184Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:42.184Read2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:42.184Read2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:42.184Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:42.231Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Prefetch\REMCOS.EXE-473216CB.pf
3/9/2020 - 11:46:42.231Read2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Prefetch\REMCOS.EXE-473216CB.pfREMCOS.EXE-473216CB.pf
3/9/2020 - 11:46:42.231Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe\Device\HarddiskVolume2
3/9/2020 - 11:46:42.231Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 11:46:42.231Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 11:46:42.231Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 11:46:42.231Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 11:46:42.231Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 11:46:42.231Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 11:46:42.231Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:42.231Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:42.231Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:42.231Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 11:46:42.231Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 11:46:42.231Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 11:46:42.231Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 11:46:42.231Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 11:46:42.231Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 11:46:42.231Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 11:46:42.231Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 11:46:42.231Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 11:46:42.231Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly
3/9/2020 - 11:46:42.231Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly
3/9/2020 - 11:46:42.231Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly
3/9/2020 - 11:46:42.231Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32
3/9/2020 - 11:46:42.231Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32
3/9/2020 - 11:46:42.231Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32
3/9/2020 - 11:46:42.231Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 11:46:42.231Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 11:46:42.231Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 11:46:42.231Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 11:46:42.231Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 11:46:42.231Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 11:46:42.231Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 11:46:42.231Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 11:46:42.231Read2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 11:46:42.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Prefetch\REMCOS.EXE-473216CB.pf
3/9/2020 - 11:46:42.231Read780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Prefetch\REMCOS.EXE-473216CB.pfREMCOS.EXE-473216CB.pf
3/9/2020 - 11:46:42.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Prefetch\REMCOS.EXE-473216CB.pfREMCOS.EXE-473216CB.pf
3/9/2020 - 11:46:42.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe\Device\HarddiskVolume2
3/9/2020 - 11:46:42.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 11:46:42.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 11:46:42.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 11:46:42.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 11:46:42.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 11:46:42.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 11:46:42.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:42.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:42.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:42.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 11:46:42.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 11:46:42.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 11:46:42.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 11:46:42.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 11:46:42.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 11:46:42.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 11:46:42.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 11:46:42.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 11:46:42.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly
3/9/2020 - 11:46:42.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly
3/9/2020 - 11:46:42.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly
3/9/2020 - 11:46:42.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32
3/9/2020 - 11:46:42.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32
3/9/2020 - 11:46:42.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32
3/9/2020 - 11:46:42.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 11:46:42.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 11:46:42.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 11:46:42.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 11:46:42.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 11:46:42.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 11:46:42.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 11:46:42.293Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 11:46:42.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
3/9/2020 - 11:46:42.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 11:46:42.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources
3/9/2020 - 11:46:42.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 11:46:42.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms
3/9/2020 - 11:46:42.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 11:46:42.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 11:46:42.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 11:46:42.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 11:46:42.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 11:46:42.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 11:46:42.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 11:46:42.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 11:46:42.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 11:46:42.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 11:46:42.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization
3/9/2020 - 11:46:42.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting
3/9/2020 - 11:46:42.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET
3/9/2020 - 11:46:42.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 11:46:42.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 11:46:42.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 11:46:42.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/9/2020 - 11:46:42.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32
3/9/2020 - 11:46:42.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:42.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:46:42.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 11:46:42.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 11:46:42.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 11:46:42.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 11:46:42.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 11:46:42.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\user32.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\user32.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\apisetschema.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\KernelBase.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\locale.nls
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\locale.nls
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptbase.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 11:46:42.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 11:46:42.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 11:46:42.309Read780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 11:46:42.309Read780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 11:46:42.309Read780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:42.309Read780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 11:46:42.325Read780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 11:46:42.325Read780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 11:46:42.325Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
3/9/2020 - 11:46:42.325Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 11:46:42.325Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources
3/9/2020 - 11:46:42.325Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 11:46:42.325Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms
3/9/2020 - 11:46:42.325Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 11:46:42.325Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 11:46:42.325Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 11:46:42.325Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 11:46:42.325Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 11:46:42.325Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 11:46:42.325Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 11:46:42.325Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 11:46:42.325Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 11:46:42.325Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 11:46:42.325Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization
3/9/2020 - 11:46:42.325Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting
3/9/2020 - 11:46:42.325Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET
3/9/2020 - 11:46:42.325Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 11:46:42.325Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 11:46:42.325Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\locale.nls
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\user32.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 11:46:42.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe\Device\HarddiskVolume2
3/9/2020 - 11:46:42.325Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 11:46:42.325Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 11:46:42.325Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 11:46:42.325Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 11:46:42.325Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 11:46:42.325Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 11:46:42.325Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 11:46:42.325Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 11:46:42.340Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 11:46:42.340Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 11:46:42.340Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 11:46:42.340Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 11:46:42.340Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 11:46:42.340Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\MSVCP60.dll
3/9/2020 - 11:46:42.340Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcp60.dll
3/9/2020 - 11:46:42.340Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcp60.dll
3/9/2020 - 11:46:42.340Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\WINMM.dll
3/9/2020 - 11:46:42.340Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\winmm.dll
3/9/2020 - 11:46:42.340Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\winmm.dll
3/9/2020 - 11:46:42.340Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\version.DLL
3/9/2020 - 11:46:42.340Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 11:46:42.340Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 11:46:42.340Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 11:46:42.340Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 11:46:42.340Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 11:46:42.340Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 11:46:42.340Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 11:46:42.340Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 11:46:42.340Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 11:46:42.340Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 11:46:42.340Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:42.340Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:42.340Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:42.340Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:42.340Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:42.340Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:42.340Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 11:46:42.340Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 11:46:42.340Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 11:46:42.340Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 11:46:42.340Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 11:46:42.340Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/9/2020 - 11:46:42.340Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/9/2020 - 11:46:42.340Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/9/2020 - 11:46:42.340Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32
3/9/2020 - 11:46:42.340Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32
3/9/2020 - 11:46:42.340Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32
3/9/2020 - 11:46:42.340Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:42.340Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:42.340Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 11:46:42.340Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:46:42.340Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:46:42.340Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:46:42.340Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\user32.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\user32.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\apisetschema.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\KernelBase.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\locale.nls
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\locale.nls
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptbase.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 11:46:42.356Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 11:46:42.356Open2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\locale.nls
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\user32.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 11:46:42.372Unknown2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe\Device\HarddiskVolume2
3/9/2020 - 11:46:42.372Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2324.1162359
3/9/2020 - 11:46:42.372Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2324.1162359
3/9/2020 - 11:46:42.372Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2324.1162375
3/9/2020 - 11:46:42.372Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 11:46:42.372Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 11:46:42.372Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 11:46:42.372Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:46:42.372Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 11:46:42.372Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 11:46:42.372Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 11:46:42.372Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 11:46:42.372Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 11:46:42.465Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 11:46:42.465Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 11:46:42.465Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 11:46:42.465Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 11:46:42.465Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 11:46:42.465Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 11:46:42.465Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 11:46:42.465Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 11:46:42.465Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:42.465Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:42.465Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 11:46:42.465Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 11:46:42.465Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 11:46:42.465Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 11:46:42.465Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 11:46:42.465Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 11:46:42.465Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 11:46:42.465Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 11:46:42.465Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 11:46:42.465Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:42.465Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:42.465Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 11:46:42.465Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 11:46:42.465Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mswsock.dll
3/9/2020 - 11:46:42.465Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mswsock.dll
3/9/2020 - 11:46:42.465Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
3/9/2020 - 11:46:42.465Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
3/9/2020 - 11:46:42.465Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\nlaapi.dll
3/9/2020 - 11:46:42.465Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\nlaapi.dll
3/9/2020 - 11:46:42.465Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\NapiNSP.dll
3/9/2020 - 11:46:42.465Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\NapiNSP.dll
3/9/2020 - 11:46:42.465Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 11:46:42.465Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 11:46:42.622Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 11:46:42.622Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 11:46:42.684Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 11:46:42.684Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 11:46:42.684Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 11:46:42.684Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 11:46:42.684Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 11:46:42.684Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 11:46:42.684Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 11:46:42.684Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 11:46:42.684Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:42.684Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 11:46:42.684Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots
3/9/2020 - 11:46:42.684Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots
3/9/2020 - 11:46:42.700Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\WindowsCodecs.dll
3/9/2020 - 11:46:42.700Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 11:46:42.700Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 11:46:42.700Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 11:46:42.700Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 11:46:42.700Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184642.png
3/9/2020 - 11:46:42.700Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184642.pngtime_20180503_184642.png
3/9/2020 - 11:46:42.700Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184642.pngtime_20180503_184642.png
3/9/2020 - 11:46:42.715Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184642.pngtime_20180503_184642.png
3/9/2020 - 11:46:42.715Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184642.pngtime_20180503_184642.png
3/9/2020 - 11:46:42.715Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184642.pngtime_20180503_184642.png
3/9/2020 - 11:46:42.715Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184642.pngtime_20180503_184642.png
3/9/2020 - 11:46:42.715Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184642.pngtime_20180503_184642.png
3/9/2020 - 11:46:42.715Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184642.pngtime_20180503_184642.png
3/9/2020 - 11:46:42.731Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184642.pngtime_20180503_184642.png
3/9/2020 - 11:46:42.731Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184642.pngtime_20180503_184642.png
3/9/2020 - 11:46:42.731Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184642.pngtime_20180503_184642.png
3/9/2020 - 11:46:42.747Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184642.pngtime_20180503_184642.png
3/9/2020 - 11:46:42.747Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184642.pngtime_20180503_184642.png
3/9/2020 - 11:46:42.747Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184642.pngtime_20180503_184642.png
3/9/2020 - 11:46:42.747Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184642.pngtime_20180503_184642.png
3/9/2020 - 11:46:42.747Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184642.png
3/9/2020 - 11:46:42.747Read780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184642.pngtime_20180503_184642.png
3/9/2020 - 11:46:42.747Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184642.pngtime_20180503_184642.png
3/9/2020 - 11:46:42.747Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184642.png
3/9/2020 - 11:46:42.747Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184642.png
3/9/2020 - 11:46:42.747Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184642.pngtime_20180503_184642.png
3/9/2020 - 11:46:42.747Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184642.pngtime_20180503_184642.png
3/9/2020 - 11:46:42.747Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184642.pngtime_20180503_184642.png
3/9/2020 - 11:46:42.747Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184642.pngtime_20180503_184642.png
3/9/2020 - 11:46:42.747Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184642.pngtime_20180503_184642.png
3/9/2020 - 11:46:42.747Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184642.pngtime_20180503_184642.png
3/9/2020 - 11:46:42.747Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184642.pngtime_20180503_184642.png
3/9/2020 - 11:46:42.747Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184642.pngtime_20180503_184642.png
3/9/2020 - 11:46:42.747Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184642.pngtime_20180503_184642.png
3/9/2020 - 11:46:42.747Delete780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184642.pngtime_20180503_184642.png
3/9/2020 - 11:46:42.747Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184642.pngtime_20180503_184642.png
3/9/2020 - 11:46:42.762Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184642.pngtime_20180503_184642.png
3/9/2020 - 11:46:42.778Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184642.dat
3/9/2020 - 11:46:42.778Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184642.dattime_20180503_184642.dat
3/9/2020 - 11:46:42.778Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184642.dattime_20180503_184642.dat
3/9/2020 - 11:46:42.778Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\pnrpnsp.dll
3/9/2020 - 11:46:42.778Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\pnrpnsp.dll
3/9/2020 - 11:46:42.872Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\DNSAPI.dll
3/9/2020 - 11:46:42.872Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\dnsapi.dll
3/9/2020 - 11:46:42.872Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\dnsapi.dll
3/9/2020 - 11:46:42.872Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\winrnr.dll
3/9/2020 - 11:46:42.872Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\winrnr.dll
3/9/2020 - 11:46:42.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\IPHLPAPI.DLL
3/9/2020 - 11:46:42.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
3/9/2020 - 11:46:42.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
3/9/2020 - 11:46:42.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\WINNSI.DLL
3/9/2020 - 11:46:42.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\winnsi.dll
3/9/2020 - 11:46:42.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\winnsi.dll
3/9/2020 - 11:46:43.90Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
3/9/2020 - 11:46:43.90Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
3/9/2020 - 11:46:43.184Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\rasadhlp.dll
3/9/2020 - 11:46:43.184Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rasadhlp.dll
3/9/2020 - 11:46:43.184Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rasadhlp.dll
3/9/2020 - 11:46:52.653Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:46:52.653Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 11:46:52.653Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:46:52.653Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:46:52.653Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:46:52.653Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:47:2.653Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:47:2.653Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:47:12.684Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:47:12.684Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:47:22.715Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:47:22.715Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:47:32.747Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:47:32.747Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:47:42.778Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:47:42.778Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:47:52.809Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:47:52.809Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:48:2.840Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:48:2.840Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:48:12.872Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:48:12.872Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:48:22.903Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:48:22.903Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:48:32.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:48:32.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:48:42.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:48:42.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:48:52.997Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:48:52.997Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:49:3.28Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:49:3.28Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:49:13.43Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:49:13.43Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:49:23.75Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:49:23.75Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:49:33.75Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 11:49:33.75Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat

Process
Trace
3/9/2020 - 11:45:42.622Create1480C:\malware.exe1488C:\Monitor\proc.exe
3/9/2020 - 11:46:22.309Create1488C:\Monitor\proc.exe2428C:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:25.122Terminate1488C:\Monitor\proc.exe2428C:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:25.262Create1488C:\Monitor\proc.exe2100C:\Monitor\proc.exe
3/9/2020 - 11:46:25.965Terminate1480C:\malware.exe1488C:\Monitor\proc.exe
3/9/2020 - 11:46:26.278Create2100C:\Monitor\proc.exe2452C:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:26.434Terminate1488C:\Monitor\proc.exe2100C:\Monitor\proc.exe
3/9/2020 - 11:46:30.356Create2452C:\Windows\SysWOW64\wscript.exe2168C:\Windows\SysWOW64\cmd.exe
3/9/2020 - 11:46:30.528Terminate2100C:\Monitor\proc.exe2452C:\Windows\SysWOW64\wscript.exe
3/9/2020 - 11:46:30.684Create2168C:\Windows\SysWOW64\cmd.exe2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:41.403Create2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe548C:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:42.28Terminate2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe548C:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 11:46:42.90Create2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:42.184Create2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:42.372Terminate2168C:\Windows\SysWOW64\cmd.exe2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:42.465Terminate2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe2288C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 11:46:42.465Terminate2452C:\Windows\SysWOW64\wscript.exe2168C:\Windows\SysWOW64\cmd.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
3/9/2020 - 11:46:22.278Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 11:46:22.278Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 11:46:22.278Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 11:46:22.278Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 11:46:22.278Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 11:46:22.278Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 11:46:22.278Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 11:46:22.278Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 11:46:25.543Write2100C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Runremcos
3/9/2020 - 11:46:26.43Write2100C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 11:46:26.43Write2100C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 11:46:26.43Write2100C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 11:46:26.43Write2100C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 11:46:26.43Write2100C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 11:46:26.43Write2100C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 11:46:26.43Write2100C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 11:46:26.43Write2100C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 11:46:30.325Write2452C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 11:46:30.340Write2452C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 11:46:30.340Write2452C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 11:46:30.340Write2452C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 11:46:30.340Write2452C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 11:46:30.340Write2452C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 11:46:30.340Write2452C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 11:46:30.340Write2452C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 11:46:41.387Write2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 11:46:41.387Write2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 11:46:41.387Write2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 11:46:41.387Write2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 11:46:41.387Write2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 11:46:41.387Write2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 11:46:41.387Write2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 11:46:41.387Write2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 11:46:42.465Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Runremcos
3/9/2020 - 11:46:42.465Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Remcos-8CPBWMexepath
3/9/2020 - 11:46:42.465Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Remcos-8CPBWMlicence

File Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:DNS code mmiri1.ddns.net.
computer localhost arrow_forward computer gateway:50273 code mmiri1.ddns.net.

Response
computer gateway:DNS arrow_forward computer localhost code mmiri1.ddns.net. reply_all 0.0.0.0


TCP
Info

UDP
Info
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info

Summary
DNS
True check_circle

TCP
False cancel

UDP
True check_circle

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 55.62%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 97.13%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 59.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 55.65%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 98.20%
suspicious: True check_circle

Add to Collection
Download