Report #10965 check_circle

Binary
DLL
False cancel
Size
237.00KB
trid
41.0% Win32 Executable MS Visual C++
36.3% Win64 Executable
8.6% Win32 Dynamic Link Library
5.9% Win32 Executable
2.6% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows CLI
Hashes
md5
3ff944f77c8c2bb594398766cb2a58be
sha1
af557dccc3327501f93a6a1495d7290cd5440cc4
crc32
0x1bf4e720
sha224
c114226c0d223bf1ca59e406d3b40a9ac0e2c63d5922e865bef9fc05
sha256
74dccb78ad58664ee7fc63ab2ed59521c920034d5ba51145f9caf7535ecca67b
sha384
49836ab6ac1e5733143fb401c266cf7ea318a21a88d6d24286b7e7cde217688cbb9e4e55e6889509315f0d98f1b5e7ed
sha512
d34055770b78a10c89121dd0a8cbe43c1c2302cea3f2f5b10283e932b9797c909e346e2bc49a4de21952e695a056c8c708c05be1c76de7d63b31834b4973d62c
ssdeep
6144:N8wSOvcVqlH+8oRDcf75tqB0ujlhfaR8sm:LSAoq1WdwFEdjLaR8H
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
VC8_Microsoft_Corporation, domain, anti_dbg, IP, contentis_base64, Microsoft_Visual_Cpp_8, win_registry, HasDebugData, IsConsole, IsPE32, HasRichSignature

Suspicious
True check_circle

Strings
List
C:\Users\Win\Documents\Visual Studio 2012\Projects\Dropper\Release\Dropper.pdb
System.IO
System.Security.Cryptography
98d30.png
98d30.png
COMCTL32.dll
MSVCR110.dll
WINMM.dll
UxTheme.dll
@proc.exe
proc.exe
tFex256HtbePPBP.exe
tFex256HtbePPBP.exe
tFex256HtbePPBP.exe
2.0.0.0
}a%+o
milkTea
%elEP
System.Windows.Forms
mscoree.dll
get_Magenta
_crt_debugger_hook
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD4m[
<requestedPrivileges>
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
IsProcessorFeaturePresent
857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857AB1B65E80C75F28857ABB9C2880C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28F906
CreateEventW
ResourceManager
IsDebuggerPresent
CreateProcessW
CoCreateInstance
txtKillburnChoco
txtKillburnChoco
password
RegSetValueExW
LoadResource
RegGetValueW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyW
RegEnumKeyExW
GetModuleHandleW
RegDeleteKeyW
QueryPerformanceCounter
Binder
ComputeHash
%/#=
fprintf
HashAlgorithm
fopen
$9189263f-fcbd-42cb-929e-6a490a7d766e
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
add_PrintPage
txtKillburnChoco_Click
ComponentResourceManager
set_StartPosition
MD5CryptoServiceProvider
E>7;H'X+POS
_CorExeMain
\\,WuTc80
%T*[pO6d!
+EhTP
Form1_Load
ec719.resources
ec719.resources
__crtTerminateProcess
button1_Click
button2_Click
button3_Click
set_Document
37S&G?I
timer1_Tick
set_AutoScaleMode
_commode
_initterm
get_Controls
set_ClientSize
get_ControlLightLight
get_ButtonFace
get_ControlDark
set_DisplayStyle
add_Load
add_Tick
set_Image
get_Items
get_ASCII
set_Location
txtLatte_Click
add_Click
txtCoffeCake_Click
set_FileName
set_AutoSize
set_TabIndex
get_FileName
get_NewLine
set_Text
set_Name
set_Size

Foremost
Matches
0.exe, 237 KB, 68.png, 130 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: SHLWAPI.dll, SHELL32.dll, RPCRT4.dll, OLEAUT32.dll, ADVAPI32.dll, USER32.dll, GDI32.dll, MSVCR110.dll, mscoree.dll, COMCTL32.dll, ole32.dll, WINMM.dll, UxTheme.dll, KERNEL32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 238592
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rdata, .data, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 6
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 6
Linker
Version: 11.0
Suspicious: False cancel
Subsystem
Version: 6.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 6189
Suspicious: False cancel

Anomalies
Anomalies: The Debug TimeDateStamp(s) and the file header TimeDateStamp do not match., The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: shlwapi.dll, shell32.dll, rpcrt4.dll, oleaut32.dll, advapi32.dll, user32.dll, gdi32.dll, mscoree.dll, comctl32.dll, ole32.dll, winmm.dll, uxtheme.dll, kernel32.dll
hasLibs: True check_circle
Suspicious: msvcr110.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2012-07-25 22:08:38
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
9888
Suspicious
True check_circle
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 71
.text: 1

pushpopmath
.rsrc: 40

garbagebytes
.rsrc: 24
.text: 1

software breakpoint
.rsrc: 1

fakeconditionaljumps
.rsrc: 2

programcontrolflowchange
.rsrc: 22
.text: 1

cpuinstructionsresultscomparison
.rsrc: 2

AVclass
remcos
1
VirusTotal
md5
3ff944f77c8c2bb594398766cb2a58be
sha1
af557dccc3327501f93a6a1495d7290cd5440cc4
SCANS (DETECTION RATE = 44.78%)
AVG
result: Win32:PWSX-gen [Trj]
update: 20200903
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20200903
version: 2.7.2019.1
detected: False cancel

MAX
result: malware (ai score=87)
update: 20200903
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200901
version: 6.66
detected: True check_circle

Bkav
update: 20200903
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20200903
version: 11.133.35155
detected: False cancel

ALYac
update: 20200903
version: 1.1.1.5
detected: False cancel

Avira
result: TR/Kryptik.hvdkh
update: 20200903
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
result: Malicious (score: 85)
update: 20200903
version: 4.0.0.24
detected: True check_circle

Cyren
result: W32/MSIL_Kryptik.AQG.gen!Eldorado
update: 20200903
version: 6.3.0.2
detected: True check_circle

DrWeb
result: Trojan.Siggen9.44167
update: 20200903
version: 7.0.48.8080
detected: True check_circle

GData
result: Gen:Variant.Johnnie.272735
update: 20200903
version: A:25.26871B:27.20039
detected: True check_circle

Panda
update: 20200903
version: 4.6.4.2
detected: False cancel

VBA32
result: TScope.Trojan.MSIL
update: 20200903
version: 4.4.1
detected: True check_circle

VIPRE
update: 20200903
version: 86416
detected: False cancel

Zoner
update: 20200903
version: 0.0.0.0
detected: False cancel

ClamAV
result: Win.Packed.Remcos-8070789-0
update: 20200903
version: 0.102.4.0
detected: True check_circle

Comodo
update: 20200728
version: 32668
detected: False cancel

Ikarus
update: 20200903
version: 0.1.5.2
detected: False cancel

McAfee
result: GenericRXLE-RD!F5EFA81034D6
update: 20200903
version: 6.0.6.653
detected: True check_circle

Rising
result: Malware.Obscure/Heur!1.9E03 (CLASSIC)
update: 20200903
version: 25.0.0.26
detected: True check_circle

Sophos
update: 20200903
version: 4.98.0
detected: False cancel

Yandex
update: 20200901
version: 5.5.2.24
detected: False cancel

Zillya
update: 20200903
version: 2.0.0.4168
detected: False cancel

Acronis
update: 20200806
version: 1.1.1.77
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
result: Trojan.Johnnie.D4295F
update: 20200903
version: 1.0.0.881
detected: True check_circle

Cylance
update: 20200903
version: 2.3.1.101
detected: False cancel

Elastic
update: 20200831
version: 4.0.8
detected: False cancel

FireEye
result: Generic.mg.3ff944f77c8c2bb5
update: 20200903
version: 32.36.1.0
detected: True check_circle

Sangfor
result: Malware
update: 20200814
version: 1.0
detected: True check_circle

TACHYON
update: 20200903
version: 2020-09-03.02
detected: False cancel

Tencent
update: 20200903
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20200903
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20200903
version: 1.0.0.403
detected: False cancel

Ad-Aware
result: Gen:Variant.Johnnie.272735
update: 20200903
version: 3.0.16.117
detected: True check_circle

AegisLab
update: 20200903
version: 4.2
detected: False cancel

F-Secure
result: Trojan.TR/Kryptik.hvdkh
update: 20200903
version: 12.0.86.52
detected: True check_circle

Fortinet
update: 20200903
version: 6.2.142.0
detected: False cancel

Invincea
update: 20200903
version: 1.0.1.0
detected: False cancel

Jiangmin
update: 20200903
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200903
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20200903
version: 1.0
detected: False cancel

Symantec
update: 20200903
version: 1.12.0.0
detected: False cancel

AhnLab-V3
update: 20200903
version: 3.18.1.10026
detected: False cancel

Antiy-AVL
result: Trojan/Win32.Sonbokli
update: 20200903
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Backdoor.MSIL.Remcos.gen
update: 20200903
version: 15.0.1.13
detected: True check_circle

MaxSecure
update: 20200902
version: 1.0.0.1
detected: False cancel

Microsoft
result: Trojan:Win32/Wacatac.C!ml
update: 20200903
version: 1.1.17400.5
detected: True check_circle

Qihoo-360
result: QVM41.1.Malware.Gen
update: 20200903
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: HEUR:Backdoor.MSIL.Remcos.gen
update: 20200903
version: 1.0
detected: True check_circle

Cybereason
update: 20190616
version: 1.2.449
detected: False cancel

ESET-NOD32
result: a variant of MSIL/Kryptik.VSI
update: 20200903
version: 21930
detected: True check_circle

TrendMicro
result: TROJ_GEN.R002C0DG220
update: 20200903
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Gen:Variant.Johnnie.272735
update: 20200903
version: 7.2
detected: True check_circle

CrowdStrike
update: 20190702
version: 1.0
detected: False cancel

K7AntiVirus
update: 20200903
version: 11.133.35155
detected: False cancel

SentinelOne
update: 20200724
version: 4.4.0.0
detected: False cancel

Malwarebytes
result: Backdoor.Remcos
update: 20200903
version: 3.6.4.335
detected: True check_circle

TotalDefense
update: 20200903
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20200903
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Win32.Remcos.hnkppj
update: 20200903
version: 1.0.134.25140
detected: True check_circle

BitDefenderTheta
result: Gen:NN.ZemsilF.34216.om1@ae5@0cg
update: 20200902
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Johnnie.272735
update: 20200903
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200828
version: 5.6.0.1032
detected: False cancel

TrendMicro-HouseCall
result: TROJ_GEN.R002C0DG220
update: 20200903
version: 10.0.0.1040
detected: True check_circle

total
67
sha256
74dccb78ad58664ee7fc63ab2ed59521c920034d5ba51145f9caf7535ecca67b
scan_id
74dccb78ad58664ee7fc63ab2ed59521c920034d5ba51145f9caf7535ecca67b-1599155969
resource
3ff944f77c8c2bb594398766cb2a58be
positives
30
scan_date
2020-09-03 17:59:29
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
3/9/2020 - 14:45:42.606Unknown1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.606Read1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.606Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 14:45:42.606Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 14:45:42.606Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 14:45:42.606Open1480C:\malware.exeC:\Monitor
3/9/2020 - 14:45:42.606Unknown1480C:\malware.exeC:\Monitor
3/9/2020 - 14:45:42.606Open1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.606Unknown1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.606Open1480C:\malware.exeC:\
3/9/2020 - 14:45:42.606Unknown1480C:\malware.exeC:\
3/9/2020 - 14:45:42.606Open1480C:\malware.exeC:\Monitor
3/9/2020 - 14:45:42.606Unknown1480C:\malware.exeC:\Monitor
3/9/2020 - 14:45:42.606Open1480C:\malware.exeC:\Monitor
3/9/2020 - 14:45:42.606Unknown1480C:\malware.exeC:\Monitor
3/9/2020 - 14:45:42.606Open1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.606Read1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.606Open1480C:\malware.exeC:\Monitor\ui\SwDRM.dll
3/9/2020 - 14:45:42.622Open1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.622Open1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.622Unknown1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.622Open1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.622Unknown1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.622Unknown1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.622Read1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.622Read1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.622Unknown1480C:\malware.exeC:\Windows
3/9/2020 - 14:45:42.622Unknown1480C:\malware.exeC:\Monitor
3/9/2020 - 14:45:42.622Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
3/9/2020 - 14:45:42.622Open1488C:\Monitor\proc.exeC:\Windows\Prefetch\PROC.EXE-5509F567.pf
3/9/2020 - 14:45:42.622Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:45:42.622Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:45:42.622Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:45:42.622Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:45:42.622Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:45:42.622Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:45:42.622Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:45:42.622Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 14:45:42.622Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:45:42.622Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:45:42.622Open1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:45:42.622Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 14:45:42.622Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 14:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\MSCOREE.DLL.local
3/9/2020 - 14:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:45:42.637Unknown1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
3/9/2020 - 14:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
3/9/2020 - 14:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:45:42.637Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.config
3/9/2020 - 14:45:42.637Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.637Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.637Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.637Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:45:42.637Unknown1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:45:42.637Unknown1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 14:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 14:45:42.668Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 14:45:42.668Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 14:45:42.668Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:45:42.668Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:45:42.668Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:45:42.668Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:45:42.668Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:45:42.684Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:45:42.684Open1488C:\Monitor\proc.exeC:\
3/9/2020 - 14:45:42.684Unknown1488C:\Monitor\proc.exeC:\
3/9/2020 - 14:45:42.684Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:45:42.684Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:45:42.684Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:45:42.684Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:45:44.450Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 14:45:44.497Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:45:44.497Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:45:44.497Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:45:44.497Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:45:44.497Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:45:44.497Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:45:44.497Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.config
3/9/2020 - 14:45:44.497Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
3/9/2020 - 14:45:44.497Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
3/9/2020 - 14:45:44.497Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
3/9/2020 - 14:45:44.497Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
3/9/2020 - 14:45:44.497Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
3/9/2020 - 14:45:44.512Open1488C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 14:45:44.512Unknown1488C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:45:44.512Open1488C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:45:44.512Open1488C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:45:44.512Unknown1488C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:45:44.512Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:45:44.512Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:45:44.512Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:45:44.512Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
3/9/2020 - 14:45:44.512Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
3/9/2020 - 14:45:44.606Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
3/9/2020 - 14:45:44.606Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 14:45:44.606Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.606Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 14:45:44.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.622Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:45:44.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:45:44.622Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:45:44.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.622Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:44.637Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:44.637Open1488C:\Monitor\proc.exeC:\
3/9/2020 - 14:45:44.637Unknown1488C:\Monitor\proc.exeC:\
3/9/2020 - 14:45:44.637Open1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:45:44.637Unknown1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:45:44.637Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:44.637Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:44.637Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
3/9/2020 - 14:45:44.637Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 14:45:44.637Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 14:45:44.637Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:45:44.637Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:45:44.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.684Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 14:45:44.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.684Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 14:45:44.684Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 14:45:44.684Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.config
3/9/2020 - 14:45:44.684Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:44.684Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:44.684Open1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:45:44.684Unknown1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:45:44.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:44.700Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:44.700Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:44.700Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 14:45:44.700Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 14:45:44.700Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 14:45:44.715Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 14:45:44.715Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:45:44.715Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:45:44.715Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:45:44.715Open1488C:\Monitor\proc.exeC:\Windows\assembly\pubpol4.dat
3/9/2020 - 14:45:44.715Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
3/9/2020 - 14:45:44.715Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 14:45:44.715Unknown1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:45:44.715Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 14:45:44.715Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:45:44.715Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:45:44.715Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:45:44.715Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:45:44.715Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:45:44.715Unknown1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:45:44.715Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 14:45:44.715Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:44.715Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 14:45:44.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:44.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:44.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:44.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:44.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:44.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:44.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:44.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:44.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:44.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:44.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:44.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:44.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:44.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:44.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:44.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:44.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:44.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:44.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:44.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:44.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:44.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:44.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:44.731Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 14:45:44.825Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:44.825Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 14:45:44.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:44.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:44.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:44.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:45.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:45.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:45.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:45.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:45.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:45.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:45.293Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 14:45:45.434Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:45.434Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 14:45:45.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:45.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:45.528Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:45.575Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:45.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:45.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:45.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:45.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:45.809Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:45.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:45.903Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:45.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:45.997Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:46.43Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:46.90Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:46.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:46.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:46.231Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:46.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:46.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:46.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:46.418Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:46.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:46.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:46.559Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:46.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:46.653Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:46.700Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:46.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:46.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:46.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:46.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:46.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:46.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:47.28Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:45:47.262Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:45:47.262Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:47.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:47.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:47.965Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:45:48.59Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:45:48.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:48.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:48.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:48.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:48.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:48.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:48.340Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:45:48.434Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:45:48.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:48.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:48.528Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:48.575Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:48.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:48.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:48.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:48.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:48.809Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:48.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:48.903Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:48.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:48.997Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:49.43Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:49.90Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:49.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:49.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:49.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:49.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:49.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:49.418Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:49.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:49.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:49.559Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:49.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:49.653Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:49.700Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:49.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:50.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:50.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:50.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:50.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:50.215Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:50.262Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:50.309Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:50.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:50.403Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:50.450Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:50.497Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
3/9/2020 - 14:45:50.543Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
3/9/2020 - 14:45:50.590Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 14:45:50.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 14:45:50.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 14:45:50.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 14:45:50.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:50.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:50.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:50.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:50.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:50.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:50.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:50.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:50.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:50.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:50.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:50.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:50.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:50.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:50.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:50.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:50.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:50.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:50.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:50.793Open1488C:\Monitor\proc.exeC:\Windows\Globalization\pt-br.nlp
3/9/2020 - 14:45:50.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:50.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:50.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:50.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:50.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:50.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:50.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:50.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:51.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:51.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:51.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:51.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:51.215Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:51.262Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:51.309Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:51.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:51.403Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:51.450Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:51.543Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:51.590Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:51.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:51.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:51.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:51.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:51.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:51.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:51.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:51.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:52.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:52.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:52.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:52.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:52.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:52.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:52.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:52.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:52.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:52.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:52.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:52.528Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:52.575Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:52.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:52.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:52.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:52.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:52.809Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:52.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:52.903Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:52.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:52.997Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:53.43Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:53.90Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:53.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:53.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:53.231Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:53.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:53.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:53.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:53.418Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:53.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:53.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:53.559Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:53.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:53.653Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:53.700Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:53.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:53.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:53.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:53.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:53.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:54.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:54.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:54.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:54.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:54.215Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:54.262Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:54.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:54.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:54.418Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:54.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:54.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:54.559Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:54.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:54.653Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:54.700Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:54.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:54.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:54.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:54.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:54.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:54.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:55.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:55.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:55.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:55.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:55.215Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:55.262Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:55.309Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:55.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:55.403Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:55.450Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:45:55.450Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:45:55.590Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:45:55.590Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 14:45:55.637Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:45:55.637Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 14:45:55.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:45:55.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:45:55.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:45:55.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:45:55.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:45:55.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:45:55.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:45:55.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:45:56.12Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:45:56.12Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:45:56.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:45:56.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:45:56.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:45:56.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:45:56.200Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 14:45:56.200Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 14:45:56.200Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:45:56.200Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 14:45:56.200Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:45:56.200Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:45:56.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:45:56.247Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
3/9/2020 - 14:45:56.247Open1488C:\Monitor\proc.exeC:\Monitor\VERSION.dll
3/9/2020 - 14:45:56.247Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:45:56.247Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:45:56.247Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 14:45:56.247Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:45:56.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:45:56.293Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 14:45:56.293Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:45:56.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:45:56.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:56.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:56.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:56.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:56.528Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:56.575Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:56.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:56.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:56.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:56.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:56.809Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:56.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:56.903Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:56.950Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:45:56.950Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
3/9/2020 - 14:45:56.950Open1488C:\Monitor\proc.exeC:\Monitor\bcrypt.dll
3/9/2020 - 14:45:56.950Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 14:45:56.950Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 14:45:56.997Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:57.43Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:57.137Open1488C:\Monitor\proc.exeC:\Monitor\CRYPTSP.dll
3/9/2020 - 14:45:57.137Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 14:45:57.137Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 14:45:57.137Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:45:57.137Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:45:57.137Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:45:57.137Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:45:57.137Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:45:57.137Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:45:57.137Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:45:57.137Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:45:57.137Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:45:57.137Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:45:57.137Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:45:57.137Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:45:57.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:57.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:57.231Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:57.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:57.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:57.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:57.418Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:57.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:57.590Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:57.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:57.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:57.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:57.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:57.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:57.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:57.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:57.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:58.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:58.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:58.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:58.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:58.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:58.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:58.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:58.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:58.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:58.809Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:58.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:58.903Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:58.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:58.997Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:58.997Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:58.997Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:59.43Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:59.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:59.231Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:59.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:59.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:59.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:59.418Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:59.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:59.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:59.559Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:59.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:59.653Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:59.700Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:59.747Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
3/9/2020 - 14:45:59.747Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 14:45:59.747Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:45:59.747Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:45:59.747Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:45:59.747Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 14:45:59.793Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 14:45:59.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:59.887Open1488C:\Monitor\proc.exeC:\Monitor\WindowsCodecs.dll
3/9/2020 - 14:45:59.887Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 14:45:59.887Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 14:45:59.887Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 14:45:59.887Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 14:45:59.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:59.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:59.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:0.43Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:0.90Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:0.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:0.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:0.231Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:0.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:0.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:0.418Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:0.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:0.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:0.559Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:0.653Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:0.700Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:0.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:0.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:0.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:0.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:0.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:0.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.215Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.262Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.309Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.403Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:46:1.450Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:1.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:1.543Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.590Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:2.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:2.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:2.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:2.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:2.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:2.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:2.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:2.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:2.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:2.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:2.528Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:46:2.528Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 14:46:2.668Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 14:46:2.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:2.809Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:2.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:2.903Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.config
3/9/2020 - 14:46:2.903Open1488C:\Monitor\proc.exeC:\Monitor\pt-BR\ReZer0V2.resources.dll
3/9/2020 - 14:46:2.903Open1488C:\Monitor\proc.exeC:\Monitor\pt-BR\ReZer0V2.resources\ReZer0V2.resources.dll
3/9/2020 - 14:46:2.903Open1488C:\Monitor\proc.exeC:\Monitor\pt-BR\ReZer0V2.resources.exe
3/9/2020 - 14:46:2.903Open1488C:\Monitor\proc.exeC:\Monitor\pt-BR\ReZer0V2.resources\ReZer0V2.resources.exe
3/9/2020 - 14:46:2.950Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 14:46:2.950Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 14:46:3.137Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 14:46:3.137Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 14:46:3.137Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:3.137Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:3.137Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:3.153Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:3.153Unknown1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/9/2020 - 14:46:3.153Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 14:46:3.153Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 14:46:3.153Open1488C:\Monitor\proc.exeC:\Windows\Globalization\pt.nlp
3/9/2020 - 14:46:3.153Open1488C:\Monitor\proc.exeC:\Monitor\pt\ReZer0V2.resources.dll
3/9/2020 - 14:46:3.153Open1488C:\Monitor\proc.exeC:\Monitor\pt\ReZer0V2.resources\ReZer0V2.resources.dll
3/9/2020 - 14:46:3.153Open1488C:\Monitor\proc.exeC:\Monitor\pt\ReZer0V2.resources.exe
3/9/2020 - 14:46:3.153Open1488C:\Monitor\proc.exeC:\Monitor\pt\ReZer0V2.resources\ReZer0V2.resources.exe
3/9/2020 - 14:46:3.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:3.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:3.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:3.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:3.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:3.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:3.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:3.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:3.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:46:3.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:46:3.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:3.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:3.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:3.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:3.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:3.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:3.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:3.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:3.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:3.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:3.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:3.184Open1488C:\Monitor\proc.exeC:\Windows\Globalization\en-us.nlp
3/9/2020 - 14:46:3.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:3.184Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 14:46:3.184Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 14:46:3.184Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 14:46:3.184Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 14:46:3.184Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:3.184Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 14:46:3.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:3.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:3.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:3.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:3.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:3.184Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 14:46:3.184Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 14:46:3.184Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 14:46:3.184Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 14:46:3.184Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:3.184Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 14:46:3.184Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:3.184Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:3.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:13.231Open1488C:\Monitor\proc.exeC:\Monitor\shfolder.dll
3/9/2020 - 14:46:13.231Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\shfolder.dll
3/9/2020 - 14:46:13.231Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\shfolder.dll
3/9/2020 - 14:46:13.465Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:13.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:13.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:13.559Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:13.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:13.653Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:13.700Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:13.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:13.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:13.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:13.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:13.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:13.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:14.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:14.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:14.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:14.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:14.215Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:14.262Open1488C:\Monitor\proc.exeC:\Monitor\ntmarta.dll
3/9/2020 - 14:46:14.262Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ntmarta.dll
3/9/2020 - 14:46:14.262Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ntmarta.dll
3/9/2020 - 14:46:14.262Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:14.262Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:14.262Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:14.309Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:14.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:14.403Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:14.450Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:14.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:14.543Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:14.543Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:14.543Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:14.543Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:14.543Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:14.543Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:14.543Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:14.543Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:14.543Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:14.543Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:14.543Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:14.543Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:14.543Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:14.543Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:14.590Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:14.590Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:14.590Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:14.590Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:14.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:14.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:14.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:14.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:14.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:14.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:14.965Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:14.965Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:14.965Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:14.965Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:14.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:14.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:14.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:14.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:14.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:14.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:14.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:14.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:14.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:14.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:14.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:14.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:14.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:14.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:14.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:14.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:14.981Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:14.981Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:14.981Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp7E93.tmp
3/9/2020 - 14:46:14.981Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp7E93.tmp
3/9/2020 - 14:46:14.981Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp7E93.tmp
3/9/2020 - 14:46:14.981Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp7E93.tmp
3/9/2020 - 14:46:14.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:14.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:14.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:14.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:14.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:14.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:14.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:14.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:14.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:14.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:14.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:14.981Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll
3/9/2020 - 14:46:14.981Open1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:46:14.981Unknown1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:46:14.981Open1488C:\Monitor\proc.exeC:\Monitor\PROPSYS.dll
3/9/2020 - 14:46:14.981Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:14.981Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:14.981Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 14:46:14.981Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 14:46:14.981Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:14.981Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:14.981Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:14.981Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 14:46:14.981Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 14:46:14.997Open1488C:\Monitor\proc.exeC:\Windows\WindowsShell.Manifest
3/9/2020 - 14:46:14.997Unknown1488C:\Monitor\proc.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
3/9/2020 - 14:46:14.997Open1488C:\Monitor\proc.exeC:\Monitor\apphelp.dll
3/9/2020 - 14:46:14.997Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 14:46:14.997Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 14:46:14.997Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:14.997Open1488C:\Monitor\proc.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 14:46:14.997Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:14.997Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:14.997Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:14.997Open1488C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:14.997Unknown1488C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:14.997Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:14.997Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:14.997Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:14.997Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:14.997Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:14.997Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:14.997Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:14.997Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:15.59Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:15.59Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:15.59Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:15.59Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:15.59Read1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:15.59Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:15.59Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:15.59Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:15.59Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:15.75Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 14:46:15.75Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 14:46:15.75Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 14:46:15.75Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 14:46:15.75Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:15.75Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 14:46:15.75Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:15.75Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:15.75Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:15.75Open1488C:\Monitor\proc.exeC:\Monitor\schtasks.exe
3/9/2020 - 14:46:15.75Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:15.75Open1488C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:15.75Unknown1488C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:15.75Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:15.75Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:15.75Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:15.75Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:15.90Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 14:46:15.90Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 14:46:15.90Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 14:46:15.90Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 14:46:15.90Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
3/9/2020 - 14:46:15.90Open1488C:\Monitor\proc.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 14:46:15.90Read1488C:\Monitor\proc.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 14:46:15.90Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:15.90Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:15.90Open1488C:\Monitor\proc.exeC:\Windows\System32\propsys.dll
3/9/2020 - 14:46:15.90Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:15.90Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:15.90Open1488C:\Monitor\proc.exeC:\Windows\System32\propsys.dll
3/9/2020 - 14:46:15.184Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\urlmon.dll
3/9/2020 - 14:46:15.184Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\urlmon.dll
3/9/2020 - 14:46:15.184Open1488C:\Monitor\proc.exeC:\Monitor\Secur32.dll
3/9/2020 - 14:46:15.184Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 14:46:15.184Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 14:46:15.184Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 14:46:15.184Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 14:46:15.184Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:15.184Open1488C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:15.184Unknown1488C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:15.184Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:15.184Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:15.184Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:15.184Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:15.184Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:15.184Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:15.184Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:15.184Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:15.184Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:15.184Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:15.184Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:15.184Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:15.184Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe:Zone.Identifier
3/9/2020 - 14:46:15.247Open1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:46:15.247Unknown1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:46:15.247Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:15.247Open1488C:\Monitor\proc.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 14:46:15.247Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:15.247Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:15.247Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:15.247Open1488C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:15.247Unknown1488C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:15.247Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:15.247Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:15.247Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:15.247Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:15.247Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:15.247Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:15.247Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:15.247Read1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:15.247Read1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:15.247Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ui\SwDRM.dll
3/9/2020 - 14:46:15.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:15.262Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:15.262Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:15.262Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:15.309Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\Prefetch\SCHTASKS.EXE-AD598958.pf
3/9/2020 - 14:46:15.309Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 14:46:15.309Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:15.309Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:15.309Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:15.309Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:15.309Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:15.309Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:15.309Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 14:46:15.309Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 14:46:15.309Unknown532C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 14:46:15.309Open532C:\Windows\SysWOW64\schtasks.exeC:\Monitor
3/9/2020 - 14:46:15.387Open1488C:\Monitor\proc.exeC:\Monitor\RpcRtRemote.dll
3/9/2020 - 14:46:15.387Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\RpcRtRemote.dll
3/9/2020 - 14:46:15.387Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
3/9/2020 - 14:46:15.387Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\RpcRtRemote.dll
3/9/2020 - 14:46:15.387Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
3/9/2020 - 14:46:15.543Read532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:15.543Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:15.559Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:15.559Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 14:46:15.559Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 14:46:15.559Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:15.559Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:15.559Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:15.559Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:15.559Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:15.559Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:15.559Read532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:15.606Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:15.606Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:15.606Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:15.606Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:15.606Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 14:46:15.606Unknown532C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:46:15.606Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:15.606Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:15.606Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 14:46:15.606Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 14:46:15.606Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:15.606Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:15.793Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 14:46:15.793Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 14:46:15.887Open532C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmp7E93.tmp
3/9/2020 - 14:46:15.887Read532C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmp7E93.tmp
3/9/2020 - 14:46:15.887Read532C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmp7E93.tmp
3/9/2020 - 14:46:17.387Unknown532C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 14:46:17.387Unknown532C:\Windows\SysWOW64\schtasks.exeC:\Monitor
3/9/2020 - 14:46:17.465Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp7E93.tmp
3/9/2020 - 14:46:17.465Open1488C:\Monitor\proc.exeC:\Monitor\Files\DeletedFiles
3/9/2020 - 14:46:17.465Delete1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp7E93.tmp
3/9/2020 - 14:46:17.465Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp7E93.tmp
3/9/2020 - 14:46:17.465Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp7E93.tmp
3/9/2020 - 14:46:17.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:17.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:17.559Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:17.559Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:17.559Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:17.559Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:17.559Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:17.559Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:17.559Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:17.559Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:17.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:17.606Open972C:\Monitor\proc.exeC:\Windows\Prefetch\PROC.EXE-5509F567.pf
3/9/2020 - 14:46:17.606Read972C:\Monitor\proc.exeC:\Windows\Prefetch\PROC.EXE-5509F567.pfPROC.EXE-5509F567.pf
3/9/2020 - 14:46:17.606Open972C:\Monitor\proc.exe\Device\HarddiskVolume2
3/9/2020 - 14:46:17.606Open972C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:46:17.606Open972C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:17.606Open972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:17.606Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:17.606Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:17.606Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft
3/9/2020 - 14:46:17.606Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
3/9/2020 - 14:46:17.606Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 14:46:17.606Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
3/9/2020 - 14:46:17.606Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
3/9/2020 - 14:46:17.606Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
3/9/2020 - 14:46:17.606Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
3/9/2020 - 14:46:17.606Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:17.606Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft
3/9/2020 - 14:46:17.606Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
3/9/2020 - 14:46:17.606Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 14:46:17.606Open972C:\Monitor\proc.exeC:\Users\Behemot\Favorites
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users\Behemot\Favorites
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users\Behemot\Favorites
3/9/2020 - 14:46:17.606Open972C:\Monitor\proc.exeC:\Users\Behemot\Favorites\Links for Brasil
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users\Behemot\Favorites\Links for Brasil
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Users\Behemot\Favorites\Links for Brasil
3/9/2020 - 14:46:17.606Open972C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:17.606Open972C:\Monitor\proc.exeC:\Windows\assembly
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Windows\assembly
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Windows\assembly
3/9/2020 - 14:46:17.606Open972C:\Monitor\proc.exeC:\Windows\assembly\GAC_32
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Windows\assembly\GAC_32
3/9/2020 - 14:46:17.606Read972C:\Monitor\proc.exeC:\Windows\assembly\GAC_32
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Windows\assembly\GAC_32
3/9/2020 - 14:46:17.606Open972C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 14:46:17.606Open972C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 14:46:17.606Read972C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 14:46:17.606Open972C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms
3/9/2020 - 14:46:17.606Open972C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:46:17.606Open972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 14:46:17.606Read972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 14:46:17.606Open972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 14:46:17.606Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 14:46:17.606Open972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\Globalization
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\Globalization
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\Globalization
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\Globalization\Sorting
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\Globalization\Sorting
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\Globalization\Sorting
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\Microsoft.NET
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\Microsoft.NET
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\Microsoft.NET
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\System32
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\System32
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\System32
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\System32\user32.dll
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\System32\user32.dll
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\System32\apisetschema.dll
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\KernelBase.dll
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\System32\locale.nls
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\System32\locale.nls
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptbase.dll
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:46:17.622Unknown972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:46:17.622Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\ASYNC_USERSYNC[1].JS
3/9/2020 - 14:46:17.637Open972C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 14:46:17.637Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 14:46:17.637Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 14:46:17.637Open972C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:46:17.637Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 14:46:17.637Open972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:17.637Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:17.637Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[7].XML
3/9/2020 - 14:46:17.637Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[8].XML
3/9/2020 - 14:46:17.637Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
3/9/2020 - 14:46:17.637Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].png
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
3/9/2020 - 14:46:17.637Open972C:\Monitor\proc.exeC:\Windows\System32\WindowsCodecsExt.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
3/9/2020 - 14:46:17.637Open972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:46:17.637Open972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:17.637Open972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:46:17.637Open972C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 14:46:17.637Open972C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 14:46:17.637Read972C:\Monitor\proc.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
3/9/2020 - 14:46:17.637Read972C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 14:46:17.637Read972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:17.637Read972C:\Monitor\proc.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
3/9/2020 - 14:46:17.637Read972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:46:17.637Read972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:17.637Read972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:46:17.637Read972C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 14:46:17.637Read972C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 14:46:17.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\System32\locale.nls
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:17.637Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[8].XML
3/9/2020 - 14:46:17.637Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
3/9/2020 - 14:46:17.637Read972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
3/9/2020 - 14:46:17.637Read972C:\Monitor\proc.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\System32\user32.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
3/9/2020 - 14:46:17.637Unknown972C:\Monitor\proc.exe\Device\HarddiskVolume2
3/9/2020 - 14:46:17.637Open972C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:17.637Open972C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:17.637Open972C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:17.653Open972C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:17.653Open972C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:17.653Open972C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:17.653Open972C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:17.653Open972C:\Monitor\proc.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 14:46:17.653Open972C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:17.653Unknown972C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:17.653Open972C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:46:17.653Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:17.653Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:17.653Open972C:\Monitor\proc.exeC:\Monitor\MSVCP60.dll
3/9/2020 - 14:46:17.653Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\msvcp60.dll
3/9/2020 - 14:46:17.653Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\msvcp60.dll
3/9/2020 - 14:46:17.653Open972C:\Monitor\proc.exeC:\Monitor\WINMM.dll
3/9/2020 - 14:46:17.653Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\winmm.dll
3/9/2020 - 14:46:17.653Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\winmm.dll
3/9/2020 - 14:46:17.653Open972C:\Monitor\proc.exeC:\Monitor\version.DLL
3/9/2020 - 14:46:17.653Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:17.653Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:17.668Open972C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 14:46:17.668Open972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:46:17.668Unknown972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:46:17.668Open972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:46:17.668Open972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 14:46:17.668Open972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 14:46:17.668Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:17.668Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:17.668Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:17.668Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:17.668Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:17.668Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:17.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:17.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:17.668Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:17.668Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:17.668Open972C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:17.668Unknown972C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:17.668Open972C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:17.668Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:17.668Open972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:17.668Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:17.668Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:17.668Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:17.668Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:17.668Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:17.668Open972C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:17.668Unknown972C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:17.668Open972C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:17.684Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:17.684Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:17.684Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:17.684Read972C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:17.684Write972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:17.684Write972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:17.684Read972C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:17.684Read972C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:17.684Write972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:17.684Write972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:17.684Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:17.684Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:17.684Write972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:17.684Open972C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 14:46:17.684Unknown972C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:46:17.684Open972C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:46:17.684Unknown972C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:46:17.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:17.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:17.747Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 14:46:17.747Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 14:46:17.747Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:17.747Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:17.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:17.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:17.793Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:17.793Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:17.793Open972C:\Monitor\proc.exeC:\Monitor\PROPSYS.dll
3/9/2020 - 14:46:17.793Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:17.793Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:17.793Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 14:46:17.793Open972C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 14:46:17.793Open972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:17.793Unknown972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:17.793Open972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:17.793Open972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 14:46:17.793Open972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 14:46:17.793Open972C:\Monitor\proc.exeC:\Windows\WindowsShell.Manifest
3/9/2020 - 14:46:17.793Unknown972C:\Monitor\proc.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
3/9/2020 - 14:46:17.793Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 14:46:17.793Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 14:46:17.793Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 14:46:17.793Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 14:46:17.793Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
3/9/2020 - 14:46:17.793Open972C:\Monitor\proc.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 14:46:17.793Read972C:\Monitor\proc.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 14:46:17.793Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:17.793Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:17.793Open972C:\Monitor\proc.exeC:\Windows\System32\propsys.dll
3/9/2020 - 14:46:17.793Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:17.793Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:17.793Open972C:\Monitor\proc.exeC:\Windows\System32\propsys.dll
3/9/2020 - 14:46:17.809Open972C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:17.809Unknown972C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:17.809Open972C:\Monitor\proc.exeC:\Users\desktop.ini
3/9/2020 - 14:46:17.809Read972C:\Monitor\proc.exeC:\Users\desktop.ini
3/9/2020 - 14:46:17.809Open972C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:17.809Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:17.809Open972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:17.809Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:17.809Open972C:\Monitor\proc.exeC:\Users\Behemot\Searches\desktop.ini
3/9/2020 - 14:46:17.809Read972C:\Monitor\proc.exeC:\Users\Behemot\Searches\desktop.ini
3/9/2020 - 14:46:17.809Open972C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:17.809Unknown972C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:17.809Open972C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:17.809Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:17.809Open972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:17.809Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:17.809Open972C:\Monitor\proc.exeC:\Users\Behemot\Videos\desktop.ini
3/9/2020 - 14:46:17.809Read972C:\Monitor\proc.exeC:\Users\Behemot\Videos\desktop.ini
3/9/2020 - 14:46:17.809Open972C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:17.809Unknown972C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:17.809Open972C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:17.809Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:17.809Open972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:17.809Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:17.809Open972C:\Monitor\proc.exeC:\Users\Behemot\Pictures\desktop.ini
3/9/2020 - 14:46:17.809Read972C:\Monitor\proc.exeC:\Users\Behemot\Pictures\desktop.ini
3/9/2020 - 14:46:17.809Open972C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:17.809Unknown972C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:17.809Open972C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:17.809Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:17.809Open972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:17.809Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:17.809Open972C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:17.825Unknown972C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:17.825Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:17.825Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\Users\Behemot\Contacts\desktop.ini
3/9/2020 - 14:46:17.825Read972C:\Monitor\proc.exeC:\Users\Behemot\Contacts\desktop.ini
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:17.825Unknown972C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:17.825Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:17.825Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\Users\Behemot\Favorites\desktop.ini
3/9/2020 - 14:46:17.825Read972C:\Monitor\proc.exeC:\Users\Behemot\Favorites\desktop.ini
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:17.825Unknown972C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:17.825Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:17.825Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\Users\Behemot\Music\desktop.ini
3/9/2020 - 14:46:17.825Read972C:\Monitor\proc.exeC:\Users\Behemot\Music\desktop.ini
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:17.825Unknown972C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:17.825Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:17.825Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\Users\Behemot\Downloads\desktop.ini
3/9/2020 - 14:46:17.825Read972C:\Monitor\proc.exeC:\Users\Behemot\Downloads\desktop.ini
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:17.825Unknown972C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:17.825Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:17.825Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\Users\Behemot\Documents\desktop.ini
3/9/2020 - 14:46:17.825Read972C:\Monitor\proc.exeC:\Users\Behemot\Documents\desktop.ini
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:17.825Unknown972C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:17.825Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:17.825Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\Users\Behemot\Links\desktop.ini
3/9/2020 - 14:46:17.825Read972C:\Monitor\proc.exeC:\Users\Behemot\Links\desktop.ini
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:17.825Unknown972C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:17.825Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:17.825Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\Users\Behemot\Saved Games\desktop.ini
3/9/2020 - 14:46:17.825Read972C:\Monitor\proc.exeC:\Users\Behemot\Saved Games\desktop.ini
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\Monitor\apphelp.dll
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:17.825Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:17.825Unknown972C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:17.825Unknown972C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:17.825Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:17.825Open972C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:17.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:17.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:17.887Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:17.887Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 14:46:17.887Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 14:46:17.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:17.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:17.981Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
3/9/2020 - 14:46:17.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:17.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:18.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:46:18.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:46:18.75Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.1488.1116031
3/9/2020 - 14:46:18.75Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.1488.1116031
3/9/2020 - 14:46:18.75Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.1488.1116046
3/9/2020 - 14:46:18.75Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:18.75Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 14:46:18.75Read1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:46:18.75Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 14:46:18.75Read1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:46:18.75Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 14:46:18.75Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 14:46:18.75Read972C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 14:46:18.75Read972C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 14:46:18.90Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 14:46:18.90Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 14:46:18.90Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 14:46:18.90Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:18.90Unknown1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:46:18.90Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:18.90Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:18.90Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:46:18.90Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:18.90Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 14:46:18.90Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 14:46:18.90Open972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:18.90Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:18.90Open972C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:18.90Unknown972C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:18.90Open972C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:18.90Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:18.106Open972C:\Monitor\proc.exeC:\Monitor\Secur32.dll
3/9/2020 - 14:46:18.106Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 14:46:18.106Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 14:46:18.106Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 14:46:18.106Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 14:46:18.106Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 14:46:18.106Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 14:46:18.106Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:18.106Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:18.106Open972C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:18.106Unknown972C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:18.106Open972C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:18.106Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:18.106Open972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:18.106Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:18.106Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:18.106Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:18.106Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:18.106Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:18.106Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:18.106Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:18.106Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:18.106Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:18.106Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:18.106Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:18.106Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:18.106Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:18.106Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:18.106Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:18.106Open972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:18.106Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:18.106Open972C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:18.106Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:18.106Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:18.106Open972C:\Monitor\proc.exeC:\Monitor\api-ms-win-downlevel-advapi32-l2-1-0.dll
3/9/2020 - 14:46:18.106Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
3/9/2020 - 14:46:18.106Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
3/9/2020 - 14:46:18.106Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
3/9/2020 - 14:46:18.106Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
3/9/2020 - 14:46:18.168Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:18.168Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:18.168Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:18.168Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:18.168Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:18.168Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs:Zone.Identifier
3/9/2020 - 14:46:18.168Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:18.168Read972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:18.168Read972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:18.168Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:18.168Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:18.168Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:18.168Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:18.168Open972C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:46:18.184Unknown972C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:46:18.184Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:18.184Open972C:\Monitor\proc.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 14:46:18.184Open972C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:18.184Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:18.184Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:18.184Open972C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:18.184Unknown972C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:18.184Open972C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:18.184Unknown972C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:18.184Open972C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:18.184Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:18.184Open972C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:18.184Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:18.184Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:18.184Read972C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:18.184Read972C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:18.184Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\ui\SwDRM.dll
3/9/2020 - 14:46:18.184Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:18.184Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:18.184Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:18.184Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\en\WScript.exe.mui
3/9/2020 - 14:46:18.184Open972C:\Monitor\proc.exeC:\Windows\System32\en\WScript.exe.mui
3/9/2020 - 14:46:18.184Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:18.200Unknown972C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:18.200Unknown972C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:46:18.200Unknown972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:46:18.200Unknown972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:18.247Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\Prefetch\WSCRIPT.EXE-9093C9D0.pf
3/9/2020 - 14:46:18.247Open308C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 14:46:18.247Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:18.247Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:18.247Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:18.247Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:18.247Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:18.247Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:18.247Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 14:46:18.247Open308C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 14:46:18.247Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 14:46:18.247Open308C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 14:46:18.262Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:18.262Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:18.262Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:18.262Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:18.262Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:18.262Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:18.262Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:18.262Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:18.262Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:18.262Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:18.262Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 14:46:18.262Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 14:46:18.278Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:18.278Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:18.465Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:18.465Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:18.465Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:18.465Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:18.465Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:18.465Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:18.465Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:18.465Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 14:46:18.465Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:46:18.465Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:18.465Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:18.465Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:18.465Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:18.465Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:18.465Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:18.465Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:18.465Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:18.465Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:18.465Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:18.465Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:18.465Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:18.465Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:18.465Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\sxs.dll
3/9/2020 - 14:46:18.465Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\sxs.dll
3/9/2020 - 14:46:18.512Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\dwmapi.dll
3/9/2020 - 14:46:18.512Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\dwmapi.dll
3/9/2020 - 14:46:18.512Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\vbscript.dll
3/9/2020 - 14:46:18.512Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\vbscript.dll
3/9/2020 - 14:46:18.512Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:18.512Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:18.512Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 14:46:18.512Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 14:46:18.512Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:18.512Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:18.512Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:18.512Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:18.512Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:18.512Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:18.512Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:18.512Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:18.512Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:18.512Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:18.512Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:18.512Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:18.512Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:18.512Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:18.512Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:18.512Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:18.512Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:18.512Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:18.512Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:18.512Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:18.512Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:18.528Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:18.528Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:18.528Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:18.528Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:18.528Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:18.528Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:18.528Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 14:46:18.528Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 14:46:18.528Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 14:46:18.528Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 14:46:18.528Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 14:46:18.528Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 14:46:18.528Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 14:46:18.528Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 14:46:18.528Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:18.528Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 14:46:18.528Unknown308C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 14:46:18.528Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 14:46:18.528Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:18.528Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:18.528Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:18.528Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:18.528Read308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:18.528Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:18.543Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\msisip.dll
3/9/2020 - 14:46:18.543Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\msisip.dll
3/9/2020 - 14:46:18.543Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:18.543Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:18.543Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:18.543Read308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:18.543Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:18.543Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshext.dll
3/9/2020 - 14:46:18.543Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshext.dll
3/9/2020 - 14:46:18.543Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\WScript.exe.Local
3/9/2020 - 14:46:18.543Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
3/9/2020 - 14:46:18.543Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
3/9/2020 - 14:46:18.543Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
3/9/2020 - 14:46:18.543Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
3/9/2020 - 14:46:18.543Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
3/9/2020 - 14:46:18.606Read308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:18.606Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrobj.dll
3/9/2020 - 14:46:18.653Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrobj.dll
3/9/2020 - 14:46:19.28Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\mlang.dll
3/9/2020 - 14:46:19.28Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\mlang.dll
3/9/2020 - 14:46:19.75Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:20.293Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:20.293Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:20.622Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:20.622Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:20.622Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:20.622Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\mpr.dll
3/9/2020 - 14:46:20.622Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\mpr.dll
3/9/2020 - 14:46:20.622Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:20.622Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:20.622Open308C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 14:46:20.622Unknown308C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 14:46:20.684Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:20.684Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:20.684Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 14:46:20.684Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\WScript.exe.Local
3/9/2020 - 14:46:20.684Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:20.684Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:20.684Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:20.684Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 14:46:20.684Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 14:46:20.684Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\WindowsShell.Manifest
3/9/2020 - 14:46:20.684Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
3/9/2020 - 14:46:20.684Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 14:46:20.684Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 14:46:20.684Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:20.684Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:20.684Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:20.700Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 14:46:20.700Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 14:46:20.700Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 14:46:20.700Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 14:46:20.700Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:20.700Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\WScript.exe.Local
3/9/2020 - 14:46:20.700Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:20.700Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:20.700Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:20.700Open308C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 14:46:20.700Unknown308C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 14:46:20.700Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:20.700Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:20.700Open308C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 14:46:20.700Unknown308C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 14:46:20.700Open308C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 14:46:20.700Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 14:46:20.700Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:20.700Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:20.700Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:20.700Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:20.700Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 14:46:20.715Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 14:46:20.715Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 14:46:20.715Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 14:46:20.715Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
3/9/2020 - 14:46:20.715Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 14:46:20.715Read308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 14:46:20.715Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:20.715Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:20.715Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\propsys.dll
3/9/2020 - 14:46:20.715Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:20.715Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:20.715Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\propsys.dll
3/9/2020 - 14:46:20.715Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\urlmon.dll
3/9/2020 - 14:46:20.715Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\urlmon.dll
3/9/2020 - 14:46:20.715Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 14:46:20.715Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 14:46:20.731Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 14:46:20.731Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 14:46:20.731Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 14:46:20.731Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 14:46:20.731Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:20.731Open308C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 14:46:20.731Unknown308C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 14:46:20.731Open308C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 14:46:20.731Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 14:46:20.731Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:20.731Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:20.731Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:20.731Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:20.731Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:20.731Open308C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 14:46:20.731Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 14:46:20.731Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:20.731Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:20.731Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:20.731Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe:Zone.Identifier
3/9/2020 - 14:46:20.731Open308C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 14:46:20.731Unknown308C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 14:46:20.731Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:20.747Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 14:46:20.747Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 14:46:20.747Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 14:46:20.747Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:20.747Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:20.747Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:20.747Open308C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 14:46:20.747Unknown308C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 14:46:20.747Open308C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 14:46:20.747Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 14:46:20.747Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:20.747Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:20.747Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:20.747Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:20.747Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:20.747Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:20.747Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:20.747Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:20.747Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\ui\SwDRM.dll
3/9/2020 - 14:46:20.840Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:20.840Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:20.840Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:20.840Open308C:\Windows\SysWOW64\wscript.exeC:\Monitor\Files\DeletedFiles
3/9/2020 - 14:46:20.840Delete308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:20.840Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:20.840Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:20.840Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:20.840Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
3/9/2020 - 14:46:20.887Read2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
3/9/2020 - 14:46:20.887Read2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dll
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dll
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dll
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:20.887Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 14:46:20.887Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 14:46:20.903Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 14:46:20.903Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:46:20.903Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 14:46:20.903Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 14:46:20.903Open2496C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
3/9/2020 - 14:46:20.903Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 14:46:20.903Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 14:46:20.903Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
3/9/2020 - 14:46:20.903Read2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:20.903Read2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 14:46:20.903Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
3/9/2020 - 14:46:20.903Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:46:20.903Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 14:46:20.903Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:20.903Read2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 14:46:20.903Open2496C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
3/9/2020 - 14:46:20.903Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
3/9/2020 - 14:46:20.903Read2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:20.903Read2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:20.903Read2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 14:46:20.903Read2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 14:46:20.903Read2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 14:46:20.903Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 14:46:20.903Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:20.903Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:20.903Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:20.903Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 14:46:20.903Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 14:46:20.903Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
3/9/2020 - 14:46:20.903Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 14:46:20.903Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 14:46:20.903Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 14:46:20.903Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:20.903Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 14:46:20.903Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 14:46:20.903Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 14:46:20.903Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 14:46:20.903Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 14:46:20.903Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 14:46:20.903Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:20.903Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 14:46:20.903Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 14:46:20.903Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 14:46:20.903Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:20.903Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 14:46:20.903Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 14:46:20.903Unknown2496C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
3/9/2020 - 14:46:20.903Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 14:46:20.903Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:20.903Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:20.903Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:20.903Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:20.903Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:20.903Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:20.903Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 14:46:20.903Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 14:46:20.903Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 14:46:20.903Open2496C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 14:46:21.28Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 14:46:21.28Unknown308C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 14:46:21.28Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
3/9/2020 - 14:46:21.28Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:21.122Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 14:46:21.122Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 14:46:21.122Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:21.122Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:21.137Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:21.137Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:21.137Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:21.137Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:21.137Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:21.137Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:21.137Read2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:21.137Open2496C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 14:46:21.137Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 14:46:21.137Open2496C:\Windows\SysWOW64\cmd.exeC:\
3/9/2020 - 14:46:21.137Unknown2496C:\Windows\SysWOW64\cmd.exeC:\
3/9/2020 - 14:46:21.137Open2496C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 14:46:21.137Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 14:46:21.137Open2496C:\Windows\SysWOW64\cmd.exeC:\
3/9/2020 - 14:46:21.137Unknown2496C:\Windows\SysWOW64\cmd.exeC:\
3/9/2020 - 14:46:21.137Open2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:21.137Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:21.137Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 14:46:21.137Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:46:21.137Open2496C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 14:46:21.137Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 14:46:21.137Open2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:21.137Read2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:21.137Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 14:46:21.137Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 14:46:21.137Open2496C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 14:46:21.137Open2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:21.137Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:21.137Open2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:21.137Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:21.137Open2496C:\Windows\SysWOW64\cmd.exeC:\
3/9/2020 - 14:46:21.137Unknown2496C:\Windows\SysWOW64\cmd.exeC:\
3/9/2020 - 14:46:21.137Open2496C:\Windows\SysWOW64\cmd.exeC:\Users
3/9/2020 - 14:46:21.137Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Users
3/9/2020 - 14:46:21.137Open2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
3/9/2020 - 14:46:21.137Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
3/9/2020 - 14:46:21.137Open2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:21.137Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:21.137Open2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:21.137Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:21.137Open2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:21.137Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:21.137Open2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:21.137Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:21.137Open2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:21.137Read2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:21.137Open2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\ui\SwDRM.dll
3/9/2020 - 14:46:21.168Open2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:21.168Open2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:21.168Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:21.168Open2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:21.168Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:21.168Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:21.168Read2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:21.168Read2496C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:21.231Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Prefetch\REMCOS.EXE-473216CB.pf
3/9/2020 - 14:46:21.231Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:21.231Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:21.231Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:21.231Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:21.231Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:21.231Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:21.231Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:21.231Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 14:46:21.231Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:21.231Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:21.231Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 14:46:21.231Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 14:46:21.231Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 14:46:21.231Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:21.231Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:21.231Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\MSCOREE.DLL.local
3/9/2020 - 14:46:21.231Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:46:21.231Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:46:21.231Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
3/9/2020 - 14:46:21.231Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
3/9/2020 - 14:46:21.231Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:21.231Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:21.231Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:21.231Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:21.231Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:21.231Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:21.231Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.config
3/9/2020 - 14:46:21.231Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:21.231Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:21.231Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:21.231Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:21.231Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:46:21.231Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:46:21.231Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:46:21.231Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:46:21.231Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 14:46:21.231Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 14:46:21.247Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 14:46:21.247Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 14:46:21.247Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:21.247Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:21.247Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:21.247Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:46:21.247Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:46:21.247Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:46:21.247Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:46:21.247Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:46:21.247Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:46:21.247Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 14:46:21.247Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 14:46:21.247Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:21.247Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:21.247Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:21.247Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:21.247Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 14:46:21.247Read2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:46:21.247Read2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:46:21.247Read2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:46:21.247Read2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:46:21.247Read2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:46:21.247Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.config
3/9/2020 - 14:46:21.247Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
3/9/2020 - 14:46:21.247Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
3/9/2020 - 14:46:21.247Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
3/9/2020 - 14:46:21.247Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
3/9/2020 - 14:46:21.247Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
3/9/2020 - 14:46:21.247Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 14:46:21.247Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:46:21.247Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 14:46:21.247Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 14:46:21.247Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 14:46:21.247Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:21.247Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:21.247Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:21.247Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
3/9/2020 - 14:46:21.247Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
3/9/2020 - 14:46:21.247Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
3/9/2020 - 14:46:21.262Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 14:46:21.262Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:21.262Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 14:46:21.262Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:21.262Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:46:21.262Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:46:21.262Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:21.262Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:21.262Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 14:46:21.262Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 14:46:21.262Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 14:46:21.262Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 14:46:21.262Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 14:46:21.262Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 14:46:21.262Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:21.262Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:21.262Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:21.262Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:21.262Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:21.262Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:21.262Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:21.262Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:21.262Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
3/9/2020 - 14:46:21.262Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 14:46:21.262Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 14:46:21.262Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:21.262Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:21.325Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 14:46:21.325Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 14:46:21.325Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 14:46:21.325Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.config
3/9/2020 - 14:46:21.325Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:21.325Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:21.325Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:21.325Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:21.325Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:21.325Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:21.325Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 14:46:21.325Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 14:46:21.325Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 14:46:21.325Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 14:46:21.325Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:21.325Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:21.325Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:21.325Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\pubpol4.dat
3/9/2020 - 14:46:21.325Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
3/9/2020 - 14:46:21.325Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 14:46:21.325Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:46:21.325Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 14:46:21.325Read2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:46:21.325Read2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:46:21.325Read2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:46:21.325Read2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:46:21.325Read2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:46:21.325Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:46:21.325Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 14:46:21.325Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:21.325Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 14:46:21.325Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:21.325Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 14:46:21.325Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:46:21.325Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 14:46:21.325Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:46:21.325Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 14:46:21.325Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:46:21.325Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 14:46:21.325Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:46:21.325Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:46:21.325Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:46:21.340Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:46:21.340Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:46:21.340Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:46:21.340Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:46:21.340Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
3/9/2020 - 14:46:21.340Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
3/9/2020 - 14:46:21.340Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 14:46:21.340Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\pt-br.nlp
3/9/2020 - 14:46:21.418Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:46:21.418Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:46:21.418Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:46:21.418Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 14:46:21.418Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:21.418Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 14:46:21.418Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:46:21.418Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:46:21.418Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 14:46:21.418Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 14:46:21.418Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:21.418Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 14:46:21.418Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:21.418Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:21.418Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
3/9/2020 - 14:46:21.418Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\VERSION.dll
3/9/2020 - 14:46:21.418Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:21.418Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:21.418Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 14:46:21.418Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:21.418Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 14:46:21.418Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:21.418Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
3/9/2020 - 14:46:21.418Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\bcrypt.dll
3/9/2020 - 14:46:21.418Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 14:46:21.418Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 14:46:21.418Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\CRYPTSP.dll
3/9/2020 - 14:46:21.418Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 14:46:21.418Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 14:46:21.418Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:21.418Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:21.418Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:21.418Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:21.418Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:21.418Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:21.418Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:21.418Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:21.418Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:21.418Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:21.434Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:21.434Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:21.434Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:21.434Read2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:21.434Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:21.434Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
3/9/2020 - 14:46:21.434Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 14:46:21.434Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:46:21.434Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:46:21.434Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:46:21.434Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 14:46:21.434Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 14:46:21.450Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\WindowsCodecs.dll
3/9/2020 - 14:46:21.450Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 14:46:21.450Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 14:46:21.450Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 14:46:21.450Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 14:46:21.543Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 14:46:21.543Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 14:46:21.559Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.config
3/9/2020 - 14:46:21.559Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt-BR\ReZer0V2.resources.dll
3/9/2020 - 14:46:21.559Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt-BR\ReZer0V2.resources\ReZer0V2.resources.dll
3/9/2020 - 14:46:21.559Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt-BR\ReZer0V2.resources.exe
3/9/2020 - 14:46:21.559Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt-BR\ReZer0V2.resources\ReZer0V2.resources.exe
3/9/2020 - 14:46:21.559Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 14:46:21.559Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 14:46:21.559Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 14:46:21.559Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 14:46:21.559Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:21.559Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:21.559Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:21.559Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:21.559Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 14:46:21.559Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 14:46:21.559Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\pt.nlp
3/9/2020 - 14:46:21.559Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt\ReZer0V2.resources.dll
3/9/2020 - 14:46:21.559Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt\ReZer0V2.resources\ReZer0V2.resources.dll
3/9/2020 - 14:46:21.559Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt\ReZer0V2.resources.exe
3/9/2020 - 14:46:21.559Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt\ReZer0V2.resources\ReZer0V2.resources.exe
3/9/2020 - 14:46:21.575Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\en-us.nlp
3/9/2020 - 14:46:21.575Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 14:46:21.575Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 14:46:21.575Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 14:46:21.575Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 14:46:21.575Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:21.575Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 14:46:21.575Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 14:46:21.575Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 14:46:21.575Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 14:46:21.575Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 14:46:21.575Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:21.575Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 14:46:21.575Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:21.575Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:31.575Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\shfolder.dll
3/9/2020 - 14:46:31.575Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shfolder.dll
3/9/2020 - 14:46:31.575Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shfolder.dll
3/9/2020 - 14:46:31.575Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:31.575Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:31.622Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:31.622Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:31.622Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpBF94.tmp
3/9/2020 - 14:46:31.622Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpBF94.tmp
3/9/2020 - 14:46:31.622Write2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpBF94.tmp
3/9/2020 - 14:46:31.622Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpBF94.tmp
3/9/2020 - 14:46:31.622Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll
3/9/2020 - 14:46:31.622Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 14:46:31.622Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 14:46:31.622Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\PROPSYS.dll
3/9/2020 - 14:46:31.622Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:31.622Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:31.622Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 14:46:31.622Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 14:46:31.622Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:31.622Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:31.622Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:31.622Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 14:46:31.622Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 14:46:31.622Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\WindowsShell.Manifest
3/9/2020 - 14:46:31.622Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
3/9/2020 - 14:46:31.622Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\apphelp.dll
3/9/2020 - 14:46:31.622Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 14:46:31.622Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 14:46:31.637Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:31.637Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:31.637Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:31.637Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 14:46:31.637Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 14:46:31.637Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 14:46:31.637Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 14:46:31.637Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:31.637Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 14:46:31.637Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:31.637Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:31.637Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:31.653Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\schtasks.exe
3/9/2020 - 14:46:31.653Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:31.653Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 14:46:31.653Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 14:46:31.653Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:31.653Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:31.653Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:31.653Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:31.653Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 14:46:31.653Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 14:46:31.653Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 14:46:31.653Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 14:46:31.653Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
3/9/2020 - 14:46:31.653Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 14:46:31.653Read2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 14:46:31.653Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:31.653Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:31.653Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\propsys.dll
3/9/2020 - 14:46:31.653Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:31.653Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:31.653Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\propsys.dll
3/9/2020 - 14:46:31.653Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\urlmon.dll
3/9/2020 - 14:46:31.653Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\urlmon.dll
3/9/2020 - 14:46:31.668Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\Secur32.dll
3/9/2020 - 14:46:31.668Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 14:46:31.668Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 14:46:31.668Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 14:46:31.668Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 14:46:31.668Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:31.668Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 14:46:31.668Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 14:46:31.668Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:31.668Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:31.668Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:31.668Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:31.668Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:31.668Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:31.668Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:31.668Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:31.668Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:31.668Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:31.668Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:31.668Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:31.668Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe:Zone.Identifier
3/9/2020 - 14:46:31.684Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 14:46:31.684Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 14:46:31.684Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:31.684Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 14:46:31.684Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:31.684Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:31.684Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:31.684Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 14:46:31.684Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 14:46:31.684Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:31.684Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:31.684Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:31.684Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:31.684Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:31.684Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:31.684Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:31.684Read2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:31.684Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ui\SwDRM.dll
3/9/2020 - 14:46:31.715Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:31.778Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\Prefetch\SCHTASKS.EXE-AD598958.pf
3/9/2020 - 14:46:31.778Read2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\Prefetch\SCHTASKS.EXE-AD598958.pfSCHTASKS.EXE-AD598958.pf
3/9/2020 - 14:46:31.778Open2860C:\Windows\SysWOW64\schtasks.exe\Device\HarddiskVolume2
3/9/2020 - 14:46:31.778Open2860C:\Windows\SysWOW64\schtasks.exeC:\Users
3/9/2020 - 14:46:31.778Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Users
3/9/2020 - 14:46:31.778Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Users
3/9/2020 - 14:46:31.778Open2860C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot
3/9/2020 - 14:46:31.778Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot
3/9/2020 - 14:46:31.778Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot
3/9/2020 - 14:46:31.778Open2860C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:31.778Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:31.778Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:31.778Open2860C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:31.778Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:31.778Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:31.778Open2860C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:31.778Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:31.778Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:31.778Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 14:46:31.778Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 14:46:31.778Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 14:46:31.778Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization
3/9/2020 - 14:46:31.778Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization
3/9/2020 - 14:46:31.778Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization
3/9/2020 - 14:46:31.778Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting
3/9/2020 - 14:46:31.778Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting
3/9/2020 - 14:46:31.778Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting
3/9/2020 - 14:46:31.778Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32
3/9/2020 - 14:46:31.778Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32
3/9/2020 - 14:46:31.778Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32
3/9/2020 - 14:46:31.778Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:31.778Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:31.778Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:31.778Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 14:46:31.778Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 14:46:31.778Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:31.778Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:31.778Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:31.778Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:31.778Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:31.778Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:31.778Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 14:46:31.778Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 14:46:31.778Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 14:46:31.778Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 14:46:31.778Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\user32.dll
3/9/2020 - 14:46:31.778Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\user32.dll
3/9/2020 - 14:46:31.778Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 14:46:31.778Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 14:46:31.778Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\apisetschema.dll
3/9/2020 - 14:46:31.778Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 14:46:31.778Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\KernelBase.dll
3/9/2020 - 14:46:31.778Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 14:46:31.778Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\locale.nls
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\locale.nls
3/9/2020 - 14:46:31.793Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:31.793Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 14:46:31.793Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 14:46:31.793Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 14:46:31.793Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 14:46:31.793Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 14:46:31.793Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 14:46:31.793Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:31.793Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 14:46:31.793Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 14:46:31.793Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\cryptbase.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 14:46:31.793Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 14:46:31.793Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\oleaut32.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\oleaut32.dll
3/9/2020 - 14:46:31.793Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 14:46:31.793Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 14:46:31.793Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:31.793Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 14:46:31.793Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:31.793Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:46:31.793Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:31.793Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\clbcatq.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\clbcatq.dll
3/9/2020 - 14:46:31.793Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 14:46:31.793Open2860C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\TMP7E93.TMP
3/9/2020 - 14:46:31.793Read2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 14:46:31.793Read2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\locale.nls
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\user32.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\oleaut32.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\clbcatq.dll
3/9/2020 - 14:46:31.793Unknown2860C:\Windows\SysWOW64\schtasks.exe\Device\HarddiskVolume2
3/9/2020 - 14:46:31.793Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 14:46:31.793Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:31.793Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:31.793Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:31.793Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:31.793Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:31.809Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:31.809Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 14:46:31.809Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 14:46:31.809Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 14:46:31.809Open2860C:\Windows\SysWOW64\schtasks.exeC:\Monitor
3/9/2020 - 14:46:31.856Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\RpcRtRemote.dll
3/9/2020 - 14:46:31.856Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\RpcRtRemote.dll
3/9/2020 - 14:46:31.856Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
3/9/2020 - 14:46:31.856Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\RpcRtRemote.dll
3/9/2020 - 14:46:31.856Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
3/9/2020 - 14:46:32.12Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:32.12Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:32.12Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 14:46:32.12Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 14:46:32.28Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:32.28Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:32.28Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:32.28Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:32.28Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:32.28Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:32.28Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:32.28Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:32.28Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:32.28Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:32.28Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 14:46:32.28Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:46:32.28Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:32.28Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:32.28Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 14:46:32.28Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 14:46:32.28Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:32.28Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:32.215Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 14:46:32.215Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 14:46:32.262Open2860C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmpBF94.tmp
3/9/2020 - 14:46:32.262Read2860C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmpBF94.tmp
3/9/2020 - 14:46:32.262Read2860C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmpBF94.tmp
3/9/2020 - 14:46:32.262Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmpBF94.tmp
3/9/2020 - 14:46:32.262Open2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
3/9/2020 - 14:46:32.262Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 14:46:32.262Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Monitor
3/9/2020 - 14:46:32.262Unknown2860C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.muiKernelBase.dll.mui
3/9/2020 - 14:46:32.325Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpBF94.tmp
3/9/2020 - 14:46:32.325Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles
3/9/2020 - 14:46:32.325Delete2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpBF94.tmp
3/9/2020 - 14:46:32.325Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpBF94.tmp
3/9/2020 - 14:46:32.325Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpBF94.tmp
3/9/2020 - 14:46:32.325Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:32.325Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:32.325Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:32.325Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:32.325Read2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:32.325Read2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:32.325Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Prefetch\REMCOS.EXE-473216CB.pf
3/9/2020 - 14:46:32.372Read2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Prefetch\REMCOS.EXE-473216CB.pfREMCOS.EXE-473216CB.pf
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe\Device\HarddiskVolume2
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:32.372Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:46:32.372Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\user32.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\user32.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\apisetschema.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\KernelBase.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\locale.nls
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\locale.nls
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptbase.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:32.387Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:32.387Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 14:46:32.403Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 14:46:32.403Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 14:46:32.403Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 14:46:32.403Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 14:46:32.403Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 14:46:32.403Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 14:46:32.403Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 14:46:32.403Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 14:46:32.403Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 14:46:32.403Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 14:46:32.403Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 14:46:32.403Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 14:46:32.403Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:32.403Read2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:32.403Read2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 14:46:32.403Read2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 14:46:32.403Read2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:32.465Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\locale.nls
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\user32.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 14:46:32.465Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe\Device\HarddiskVolume2
3/9/2020 - 14:46:32.465Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:32.465Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:32.465Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:32.465Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:32.465Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:32.465Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:32.481Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:32.481Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 14:46:32.481Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:32.481Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:32.481Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 14:46:32.481Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:32.481Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:32.481Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\MSVCP60.dll
3/9/2020 - 14:46:32.481Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcp60.dll
3/9/2020 - 14:46:32.481Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcp60.dll
3/9/2020 - 14:46:32.481Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\WINMM.dll
3/9/2020 - 14:46:32.481Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\winmm.dll
3/9/2020 - 14:46:32.481Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\winmm.dll
3/9/2020 - 14:46:32.481Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\version.DLL
3/9/2020 - 14:46:32.481Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:32.481Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:32.481Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 14:46:32.481Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:46:32.481Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:46:32.481Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:46:32.481Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 14:46:32.481Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 14:46:32.481Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 14:46:32.481Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 14:46:32.481Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:32.481Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:32.481Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:32.481Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:32.481Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:32.481Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:32.497Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:32.497Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:32.497Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 14:46:32.497Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 14:46:32.497Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 14:46:32.497Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 14:46:32.497Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 14:46:32.497Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 14:46:32.497Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:32.497Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:32.497Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:32.497Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:32.497Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:32.497Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 14:46:32.497Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 14:46:32.497Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 14:46:32.497Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 14:46:32.497Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 14:46:32.497Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 14:46:32.497Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:32.497Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:32.497Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 14:46:32.497Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:46:32.497Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mswsock.dll
3/9/2020 - 14:46:32.497Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mswsock.dll
3/9/2020 - 14:46:32.497Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
3/9/2020 - 14:46:32.497Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
3/9/2020 - 14:46:32.497Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\nlaapi.dll
3/9/2020 - 14:46:32.497Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\nlaapi.dll
3/9/2020 - 14:46:32.497Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\NapiNSP.dll
3/9/2020 - 14:46:32.497Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\NapiNSP.dll
3/9/2020 - 14:46:32.512Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2444.1152781
3/9/2020 - 14:46:32.512Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2444.1152781
3/9/2020 - 14:46:32.512Open2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2444.1152781
3/9/2020 - 14:46:32.512Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:32.512Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:32.512Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 14:46:32.512Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:32.512Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:32.512Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:32.512Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:46:32.512Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:32.512Unknown2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:32.575Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:32.575Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:32.575Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\pnrpnsp.dll
3/9/2020 - 14:46:32.575Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\pnrpnsp.dll
3/9/2020 - 14:46:32.575Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\DNSAPI.dll
3/9/2020 - 14:46:32.575Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\dnsapi.dll
3/9/2020 - 14:46:32.575Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\dnsapi.dll
3/9/2020 - 14:46:32.575Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\winrnr.dll
3/9/2020 - 14:46:32.575Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\winrnr.dll
3/9/2020 - 14:46:32.575Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\IPHLPAPI.DLL
3/9/2020 - 14:46:32.575Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
3/9/2020 - 14:46:32.575Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
3/9/2020 - 14:46:32.575Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\WINNSI.DLL
3/9/2020 - 14:46:32.575Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\winnsi.dll
3/9/2020 - 14:46:32.575Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\winnsi.dll
3/9/2020 - 14:46:32.575Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 14:46:32.575Unknown2496C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 14:46:32.637Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:32.637Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:32.637Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 14:46:32.637Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 14:46:32.637Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 14:46:32.637Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 14:46:32.637Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 14:46:32.637Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 14:46:32.637Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:32.637Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:32.637Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots
3/9/2020 - 14:46:32.637Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots
3/9/2020 - 14:46:32.637Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\WindowsCodecs.dll
3/9/2020 - 14:46:32.637Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 14:46:32.637Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 14:46:32.637Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 14:46:32.653Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 14:46:32.653Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184632.png
3/9/2020 - 14:46:32.653Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184632.pngtime_20180503_184632.png
3/9/2020 - 14:46:32.653Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184632.pngtime_20180503_184632.png
3/9/2020 - 14:46:32.653Write2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184632.pngtime_20180503_184632.png
3/9/2020 - 14:46:32.653Write2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184632.pngtime_20180503_184632.png
3/9/2020 - 14:46:32.653Write2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184632.pngtime_20180503_184632.png
3/9/2020 - 14:46:32.653Write2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184632.pngtime_20180503_184632.png
3/9/2020 - 14:46:32.668Write2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184632.pngtime_20180503_184632.png
3/9/2020 - 14:46:32.668Write2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184632.pngtime_20180503_184632.png
3/9/2020 - 14:46:32.668Write2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184632.pngtime_20180503_184632.png
3/9/2020 - 14:46:32.668Write2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184632.pngtime_20180503_184632.png
3/9/2020 - 14:46:32.668Write2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184632.pngtime_20180503_184632.png
3/9/2020 - 14:46:32.684Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
3/9/2020 - 14:46:32.684Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
3/9/2020 - 14:46:32.731Write2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184632.pngtime_20180503_184632.png
3/9/2020 - 14:46:32.731Write2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184632.pngtime_20180503_184632.png
3/9/2020 - 14:46:32.731Write2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184632.pngtime_20180503_184632.png
3/9/2020 - 14:46:32.731Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184632.pngtime_20180503_184632.png
3/9/2020 - 14:46:32.731Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184632.png
3/9/2020 - 14:46:32.731Read2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184632.pngtime_20180503_184632.png
3/9/2020 - 14:46:32.731Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184632.pngtime_20180503_184632.png
3/9/2020 - 14:46:32.731Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184632.png
3/9/2020 - 14:46:32.731Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184632.png
3/9/2020 - 14:46:32.731Write2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184632.pngtime_20180503_184632.png
3/9/2020 - 14:46:32.731Write2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184632.pngtime_20180503_184632.png
3/9/2020 - 14:46:32.731Write2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184632.pngtime_20180503_184632.png
3/9/2020 - 14:46:32.731Write2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184632.pngtime_20180503_184632.png
3/9/2020 - 14:46:32.731Write2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184632.pngtime_20180503_184632.png
3/9/2020 - 14:46:32.731Write2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184632.pngtime_20180503_184632.png
3/9/2020 - 14:46:32.731Write2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184632.pngtime_20180503_184632.png
3/9/2020 - 14:46:32.731Write2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184632.pngtime_20180503_184632.png
3/9/2020 - 14:46:32.731Write2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184632.pngtime_20180503_184632.png
3/9/2020 - 14:46:32.731Delete2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184632.pngtime_20180503_184632.png
3/9/2020 - 14:46:32.731Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184632.pngtime_20180503_184632.png
3/9/2020 - 14:46:32.731Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184632.pngtime_20180503_184632.png
3/9/2020 - 14:46:32.747Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184632.dat
3/9/2020 - 14:46:32.747Write2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184632.dattime_20180503_184632.dat
3/9/2020 - 14:46:32.747Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184632.dattime_20180503_184632.dat
3/9/2020 - 14:46:32.793Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\rasadhlp.dll
3/9/2020 - 14:46:32.793Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rasadhlp.dll
3/9/2020 - 14:46:32.793Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rasadhlp.dll
3/9/2020 - 14:46:42.575Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:46:42.575Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:42.575Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:46:42.575Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:46:42.575Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:46:42.575Write2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:46:52.606Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:46:52.606Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:47:2.622Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:47:2.622Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:47:12.653Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:47:12.653Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:47:22.668Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:47:22.668Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:47:32.700Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:47:32.700Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:47:42.700Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:47:42.700Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:47:52.731Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:47:52.731Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:48:2.762Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:48:2.762Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:48:12.793Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:48:12.793Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:48:22.793Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:48:22.793Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:48:32.809Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:48:32.809Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:48:42.825Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:48:42.825Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:48:52.840Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:48:52.840Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:49:2.872Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:49:2.872Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:49:12.903Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:49:12.903Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:49:22.934Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:49:22.934Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:49:32.950Open2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:49:32.950Unknown2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat

Process
Trace
3/9/2020 - 14:45:42.606Create1480C:\malware.exe1488C:\Monitor\proc.exe
3/9/2020 - 14:46:15.247Create1488C:\Monitor\proc.exe532C:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:17.387Terminate1488C:\Monitor\proc.exe532C:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:17.559Create1488C:\Monitor\proc.exe972C:\Monitor\proc.exe
3/9/2020 - 14:46:18.90Terminate1480C:\malware.exe1488C:\Monitor\proc.exe
3/9/2020 - 14:46:18.184Create972C:\Monitor\proc.exe308C:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:18.200Terminate1488C:\Monitor\proc.exe972C:\Monitor\proc.exe
3/9/2020 - 14:46:20.747Create308C:\Windows\SysWOW64\wscript.exe2496C:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:21.28Terminate972C:\Monitor\proc.exe308C:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:21.137Create2496C:\Windows\SysWOW64\cmd.exe2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:31.684Create2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe2860C:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:32.262Terminate2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe2860C:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:32.325Create2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:32.512Terminate2496C:\Windows\SysWOW64\cmd.exe2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:32.575Terminate308C:\Windows\SysWOW64\wscript.exe2496C:\Windows\SysWOW64\cmd.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
3/9/2020 - 14:46:15.184Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 14:46:15.184Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 14:46:15.184Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 14:46:15.184Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 14:46:15.184Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 14:46:15.184Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 14:46:15.184Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 14:46:15.184Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 14:46:17.684Write972C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Runremcos
3/9/2020 - 14:46:18.106Write972C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 14:46:18.106Write972C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 14:46:18.106Write972C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 14:46:18.106Write972C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 14:46:18.106Write972C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 14:46:18.106Write972C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 14:46:18.106Write972C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 14:46:18.106Write972C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 14:46:20.731Write308C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 14:46:20.731Write308C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 14:46:20.731Write308C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 14:46:20.731Write308C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 14:46:20.731Write308C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 14:46:20.731Write308C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 14:46:20.731Write308C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 14:46:20.731Write308C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 14:46:31.668Write2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 14:46:31.668Write2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 14:46:31.668Write2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 14:46:31.668Write2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 14:46:31.668Write2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 14:46:31.668Write2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 14:46:31.668Write2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 14:46:31.668Write2444C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 14:46:32.497Write2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Runremcos
3/9/2020 - 14:46:32.497Write2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Remcos-8CPBWMexepath
3/9/2020 - 14:46:32.497Write2648C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Remcos-8CPBWMlicence

File Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:DNS code mmiri1.ddns.net.
computer localhost arrow_forward computer gateway:50273 code mmiri1.ddns.net.

Response
computer gateway:DNS arrow_forward computer localhost code mmiri1.ddns.net. reply_all 0.0.0.0


TCP
Info

UDP
Info
computer localhost:53 arrow_forward computer localhost:55394
computer localhost:55394 arrow_forward computer localhost:53
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info

Summary
DNS
True check_circle

TCP
False cancel

UDP
True check_circle

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 55.00%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 95.90%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 62.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 47.18%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 70.49%
suspicious: False cancel

Add to Collection
Download