Report #10969 check_circle

  • Creation Date: Sept. 3, 2020, 3:13 p.m.
  • Last Update: Sept. 3, 2020, 3:23 p.m.
  • File: Dropper64.exe
  • Results:
Binary
DLL
False cancel
Size
237.50KB
trid
61.7% Win64 Executable
14.7% Win32 Dynamic Link Library
10.0% Win32 Executable
4.5% OS/2 Executable
4.4% Generic Win/DOS Executable
type
PE
wordsize
64
Subsystem
Windows CLI
Hashes
md5
223ea5745f40039c32d1d1d05e19ed9f
sha1
f5a62624e28721234097f59d59538921d26f7a23
crc32
0x264b8917
sha224
8ccc14422bc0f001a471e34248e0d543ae48c5ed7ff2ad18cad8654f
sha256
1b31191601f380aadc70530a258e8a76236a35b7b44e5bea0f5ac7c75f44a9d0
sha384
bcee760bc57a3fc02b4b355d455dde843320ed38852ce18e4b2124b55716a78837b840a7bf7bc16950c59ae84f7018ec
sha512
f68cfb4d831fd4c1a408e8811f4147e1d01e56b9500cad96dfc38c3b25ec169bc851ec36b1290e7e57f55ed77967077d42670bef4a373f5d869d577b2412e12e
ssdeep
6144:L9POOvcVqlH+8oRDcf75tqB0ujlhfaR8sm:xOAoq1WdwFEdjLaR8H
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, anti_dbg, HasDebugData, IP, contentis_base64, win_registry, IsPE64, IsConsole, Microsoft_Visual_Cpp_80_DLL, HasRichSignature

Suspicious
True check_circle

Strings
List
C:\Users\Win\Documents\Visual Studio 2012\Projects\Dropper\x64\Release\Dropper.pdb
System.IO
System.Security.Cryptography
98d30.png
98d30.png
COMCTL32.dll
MSVCR110.dll
WINMM.dll
UxTheme.dll
proc.exe
proc.exe
tFex256HtbePPBP.exe
tFex256HtbePPBP.exe
tFex256HtbePPBP.exe
2.0.0.0
}a%+o
milkTea
%elEP
System.Windows.Forms
mscoree.dll
get_Magenta
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD4m[
<requestedPrivileges>
__crt_debugger_hook
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
IsProcessorFeaturePresent
857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857AB1B65E80C75F28857ABB9C2880C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28F906
CreateEventW
ResourceManager
IsDebuggerPresent
CreateProcessW
CoCreateInstance
txtKillburnChoco
txtKillburnChoco
password
GetModuleHandleW
RegDeleteKeyW
QueryPerformanceCounter
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegGetValueW
RegSetValueExW
RegCreateKeyW
LoadResource
Binder
ComputeHash
%/#=
fprintf
HashAlgorithm
fopen
$9189263f-fcbd-42cb-929e-6a490a7d766e
__crtCapturePreviousContext
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
add_PrintPage
txtKillburnChoco_Click
ComponentResourceManager
set_StartPosition
MD5CryptoServiceProvider
E>7;H'X+POS
_CorExeMain
\\,WuTc80
%T*[pO6d!
+EhTP
Form1_Load
ec719.resources
ec719.resources
__crtTerminateProcess
button1_Click
button2_Click
button3_Click
set_Document
37S&G?I
timer1_Tick
set_AutoScaleMode
_commode
_initterm
get_Controls
set_ClientSize
get_ControlLightLight
get_ButtonFace
get_ControlDark
set_DisplayStyle
add_Load
add_Tick
get_Items
set_Image
get_ASCII
set_Location
txtLatte_Click
add_Click
txtCoffeCake_Click
set_TabIndex
set_AutoSize
set_FileName
get_FileName
get_NewLine
set_Text
set_Font

Foremost
Matches
24.exe, 224 KB, 73.png, 130 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: ADVAPI32.dll, SHLWAPI.dll, SHELL32.dll, RPCRT4.dll, OLEAUT32.dll, USER32.dll, MSVCR110.dll, mscoree.dll, COMCTL32.dll, ole32.dll, WINMM.dll, UxTheme.dll, GDI32.dll, KERNEL32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 238592
Suspicious: False cancel
Image
Address: 5368709120
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rdata, .data, .pdata, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 6
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 6
Linker
Version: 11.0
Suspicious: False cancel
Subsystem
Version: 6.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 6772
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: advapi32.dll, shlwapi.dll, shell32.dll, rpcrt4.dll, oleaut32.dll, user32.dll, mscoree.dll, comctl32.dll, ole32.dll, winmm.dll, uxtheme.dll, gdi32.dll, kernel32.dll
hasLibs: True check_circle
Suspicious: msvcr110.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-09-03 15:12:45
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8.0 (DLL)

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
12448
Suspicious
True check_circle
Disassembly
hasTricks
False cancel
Tricks
AVclass
remcos
1
VirusTotal
md5
223ea5745f40039c32d1d1d05e19ed9f
sha1
f5a62624e28721234097f59d59538921d26f7a23
SCANS (DETECTION RATE = 24.64%)
AVG
result: Win32:PWSX-gen [Trj]
update: 20200903
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20200903
version: 2.7.2019.1
detected: False cancel

MAX
update: 20200903
version: 2019.9.16.1
detected: False cancel

APEX
update: 20200901
version: 6.66
detected: False cancel

Bkav
update: 20200903
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20200903
version: 11.133.35155
detected: False cancel

ALYac
update: 20200903
version: 1.1.1.5
detected: False cancel

Avast
result: Win32:PWSX-gen [Trj]
update: 20200903
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/Kryptik.hvdkh
update: 20200903
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
result: Malicious (score: 85)
update: 20200903
version: 4.0.0.24
detected: True check_circle

Cyren
update: 20200903
version: 6.3.0.2
detected: False cancel

DrWeb
result: Trojan.Siggen9.44167
update: 20200903
version: 7.0.48.8080
detected: True check_circle

GData
update: 20200903
version: A:25.26871B:27.20039
detected: False cancel

Panda
update: 20200903
version: 4.6.4.2
detected: False cancel

VBA32
update: 20200903
version: 4.4.1
detected: False cancel

VIPRE
update: 20200903
version: 86416
detected: False cancel

Zoner
update: 20200903
version: 0.0.0.0
detected: False cancel

ClamAV
result: Win.Packed.Remcos-8070789-0
update: 20200903
version: 0.102.4.0
detected: True check_circle

Comodo
update: 20200728
version: 32668
detected: False cancel

Ikarus
update: 20200903
version: 0.1.5.2
detected: False cancel

McAfee
update: 20200903
version: 6.0.6.653
detected: False cancel

Rising
update: 20200903
version: 25.0.0.26
detected: False cancel

Sophos
update: 20200903
version: 4.98.0
detected: False cancel

Yandex
update: 20200901
version: 5.5.2.24
detected: False cancel

Zillya
update: 20200903
version: 2.0.0.4168
detected: False cancel

Acronis
update: 20200806
version: 1.1.1.77
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
update: 20200903
version: 1.0.0.881
detected: False cancel

Cylance
update: 20200903
version: 2.3.1.101
detected: False cancel

Elastic
result: malicious (high confidence)
update: 20200831
version: 4.0.8
detected: True check_circle

FireEye
update: 20200903
version: 32.36.1.0
detected: False cancel

Sangfor
update: 20200814
version: 1.0
detected: False cancel

TACHYON
update: 20200903
version: 2020-09-03.02
detected: False cancel

Tencent
update: 20200903
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20200903
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20200903
version: 1.0.0.403
detected: False cancel

eGambit
update: 20200903
detected: False cancel

Ad-Aware
update: 20200903
version: 3.0.16.117
detected: False cancel

AegisLab
update: 20200903
version: 4.2
detected: False cancel

F-Secure
result: Trojan.TR/Kryptik.hvdkh
update: 20200903
version: 12.0.86.52
detected: True check_circle

Fortinet
update: 20200903
version: 6.2.142.0
detected: False cancel

Invincea
update: 20200903
version: 1.0.1.0
detected: False cancel

Jiangmin
update: 20200903
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200903
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20200903
version: 1.0
detected: False cancel

Symantec
update: 20200903
version: 1.12.0.0
detected: False cancel

AhnLab-V3
update: 20200903
version: 3.18.1.10026
detected: False cancel

Antiy-AVL
result: Trojan/Win32.Sonbokli
update: 20200903
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Backdoor.MSIL.Remcos.gen
update: 20200903
version: 15.0.1.13
detected: True check_circle

MaxSecure
result: Win.MxResIcn.Heur.Gen
update: 20200902
version: 1.0.0.1
detected: True check_circle

Microsoft
result: Trojan:Win32/Wacatac.C!ml
update: 20200903
version: 1.1.17400.5
detected: True check_circle

Qihoo-360
update: 20200903
version: 1.0.0.1120
detected: False cancel

ZoneAlarm
result: HEUR:Backdoor.MSIL.Remcos.gen
update: 20200903
version: 1.0
detected: True check_circle

Cybereason
update: 20190616
version: 1.2.449
detected: False cancel

ESET-NOD32
result: a variant of MSIL/Kryptik.VSI
update: 20200903
version: 21930
detected: True check_circle

TrendMicro
update: 20200903
version: 11.0.0.1006
detected: False cancel

BitDefender
update: 20200903
version: 7.2
detected: False cancel

CrowdStrike
update: 20190702
version: 1.0
detected: False cancel

K7AntiVirus
update: 20200903
version: 11.133.35155
detected: False cancel

SentinelOne
update: 20200724
version: 4.4.0.0
detected: False cancel

Malwarebytes
result: Backdoor.Remcos
update: 20200903
version: 3.6.4.335
detected: True check_circle

TotalDefense
update: 20200903
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20200903
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Win32.Remcos.hnkppj
update: 20200903
version: 1.0.134.25140
detected: True check_circle

BitDefenderTheta
result: Gen:NN.ZemsilF.34216.om1@ae5@0cg
update: 20200902
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
update: 20200903
version: 14.0.409.0
detected: False cancel

SUPERAntiSpyware
update: 20200828
version: 5.6.0.1032
detected: False cancel

TrendMicro-HouseCall
update: 20200903
version: 10.0.0.1040
detected: False cancel

total
69
sha256
1b31191601f380aadc70530a258e8a76236a35b7b44e5bea0f5ac7c75f44a9d0
scan_id
1b31191601f380aadc70530a258e8a76236a35b7b44e5bea0f5ac7c75f44a9d0-1599156825
resource
223ea5745f40039c32d1d1d05e19ed9f
positives
17
scan_date
2020-09-03 18:13:45
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
3/9/2020 - 14:45:42.622Unknown1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.622Read1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.622Open1480C:\malware.exeC:\Windows\System32\apphelp.dll
3/9/2020 - 14:45:42.622Open1480C:\malware.exeC:\Windows\System32\apphelp.dll
3/9/2020 - 14:45:42.622Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 14:45:42.622Open1480C:\malware.exeC:\Monitor
3/9/2020 - 14:45:42.622Unknown1480C:\malware.exeC:\Monitor
3/9/2020 - 14:45:42.622Open1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.622Unknown1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.622Open1480C:\malware.exeC:\
3/9/2020 - 14:45:42.622Unknown1480C:\malware.exeC:\
3/9/2020 - 14:45:42.622Open1480C:\malware.exeC:\Monitor
3/9/2020 - 14:45:42.622Unknown1480C:\malware.exeC:\Monitor
3/9/2020 - 14:45:42.622Open1480C:\malware.exeC:\Monitor
3/9/2020 - 14:45:42.622Unknown1480C:\malware.exeC:\Monitor
3/9/2020 - 14:45:42.622Open1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.622Read1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.622Open1480C:\malware.exeC:\Monitor\ui\SwDRM.dll
3/9/2020 - 14:45:42.622Open1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.622Open1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.622Unknown1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.622Open1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.622Unknown1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.637Unknown1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.637Read1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.637Read1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.637Unknown1480C:\malware.exeC:\Monitor
3/9/2020 - 14:45:42.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6
3/9/2020 - 14:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\Prefetch\PROC.EXE-5509F567.pf
3/9/2020 - 14:45:42.637Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 14:45:42.637Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:45:42.637Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:45:42.637Open1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 14:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 14:45:42.653Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:45:42.653Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:45:42.653Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\MSCOREE.DLL.local
3/9/2020 - 14:45:42.653Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:45:42.653Unknown1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:45:42.653Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
3/9/2020 - 14:45:42.653Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
3/9/2020 - 14:45:42.653Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:45:42.653Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:45:42.653Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:45:42.653Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:45:42.653Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:45:42.653Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:45:42.668Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.config
3/9/2020 - 14:45:42.668Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.668Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.668Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.668Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:42.668Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:45:42.668Unknown1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:45:42.668Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:45:42.668Unknown1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:45:42.668Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 14:45:42.668Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 14:45:42.684Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 14:45:42.700Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 14:45:42.700Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:45:42.700Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:45:42.700Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:45:42.700Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:45:42.700Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:45:42.825Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:45:42.825Open1488C:\Monitor\proc.exeC:\
3/9/2020 - 14:45:42.825Unknown1488C:\Monitor\proc.exeC:\
3/9/2020 - 14:45:42.825Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:45:42.825Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:45:42.825Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:45:42.825Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:45:45.28Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 14:45:45.75Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:45:45.75Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:45:45.75Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:45:45.75Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:45:45.75Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:45:45.75Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:45:45.75Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.config
3/9/2020 - 14:45:45.75Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
3/9/2020 - 14:45:45.90Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
3/9/2020 - 14:45:45.90Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
3/9/2020 - 14:45:45.90Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
3/9/2020 - 14:45:45.90Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
3/9/2020 - 14:45:45.106Open1488C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 14:45:45.106Unknown1488C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:45:45.106Open1488C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:45:45.106Open1488C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:45:45.106Unknown1488C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:45:45.106Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:45:45.106Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:45:45.106Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:45:45.106Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
3/9/2020 - 14:45:45.106Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
3/9/2020 - 14:45:45.106Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
3/9/2020 - 14:45:45.106Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 14:45:45.168Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:45.168Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 14:45:45.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:45.215Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:45.262Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:45.309Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:45.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:45.403Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:45.450Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:45.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:45.543Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:45.590Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:45.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:45.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:45.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:45.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:45.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:45.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:45.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:45.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:46.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:46.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:46.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:46.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:46.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:46.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:46.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:46.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:46.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:46.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:46.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:46.528Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:46.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:46.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:46.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:46.809Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:46.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:46.903Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:46.997Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:45:47.43Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:45:47.90Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:45:47.90Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:47.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:47.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:47.231Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:47.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:47.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:47.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:47.418Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:47.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:47.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:47.559Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:47.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:47.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:47.793Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:47.793Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:47.793Open1488C:\Monitor\proc.exeC:\
3/9/2020 - 14:45:47.793Unknown1488C:\Monitor\proc.exeC:\
3/9/2020 - 14:45:47.793Open1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:45:47.793Unknown1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:45:47.793Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:47.793Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:47.793Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
3/9/2020 - 14:45:47.793Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 14:45:47.793Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 14:45:47.793Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:45:47.793Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:45:47.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:47.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:47.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:47.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:47.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:47.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:47.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:47.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:47.840Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 14:45:47.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:47.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:47.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:47.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:47.840Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 14:45:47.840Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 14:45:47.840Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.config
3/9/2020 - 14:45:47.840Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:47.840Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:47.840Open1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:45:47.840Unknown1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:45:47.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:47.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:47.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:47.887Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:47.903Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:45:47.903Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 14:45:47.903Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 14:45:47.903Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 14:45:47.903Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 14:45:47.903Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:45:47.903Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:45:47.903Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:45:47.918Open1488C:\Monitor\proc.exeC:\Windows\assembly\pubpol4.dat
3/9/2020 - 14:45:47.918Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
3/9/2020 - 14:45:47.918Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 14:45:47.918Unknown1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:45:47.918Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 14:45:47.918Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:45:47.918Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:45:47.918Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:45:47.918Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:45:47.918Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:45:47.918Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 14:45:47.918Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:47.918Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 14:45:47.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:47.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:47.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:47.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:47.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:47.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:47.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:47.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:47.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:47.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:47.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:47.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:47.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:47.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:47.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:47.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:47.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:47.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:47.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:47.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:47.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:48.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:48.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:48.122Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 14:45:48.262Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:48.262Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 14:45:48.262Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:48.309Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:48.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:48.403Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:48.450Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:48.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:48.543Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:48.590Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:48.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:48.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:48.731Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 14:45:48.872Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:48.872Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 14:45:48.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:48.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:48.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:49.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:49.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:49.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:49.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:49.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:49.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:49.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:49.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:49.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:49.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:49.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:49.528Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:49.575Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:49.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:49.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:49.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:49.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:49.809Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:49.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:49.903Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:49.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:49.997Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:50.43Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:50.90Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:50.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:50.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:50.231Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:50.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:50.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:50.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:50.418Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:50.465Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:45:50.700Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:45:50.700Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:51.262Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:51.309Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:51.356Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:45:51.450Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:45:51.450Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:51.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:51.543Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:51.590Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:51.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:51.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:51.731Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:45:51.825Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:45:51.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:51.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:51.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:51.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:52.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:52.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:52.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:52.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:52.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:52.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:52.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:52.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:52.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:52.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:52.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:52.528Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:52.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:52.700Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:52.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:52.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:52.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:52.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:52.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:52.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:53.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:53.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:53.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:53.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:53.450Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:53.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:53.543Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:53.590Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:53.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:53.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:53.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:53.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:53.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:53.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:53.918Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
3/9/2020 - 14:45:53.965Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
3/9/2020 - 14:45:54.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 14:45:54.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 14:45:54.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 14:45:54.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 14:45:54.262Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:54.309Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:54.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:54.403Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:54.450Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:54.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:54.543Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:54.590Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:54.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:54.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:54.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:54.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:54.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:54.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:54.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:54.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:55.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:55.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:55.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:55.153Open1488C:\Monitor\proc.exeC:\Windows\Globalization\pt-br.nlp
3/9/2020 - 14:45:55.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:55.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:55.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:55.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:55.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:55.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:45:55.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:55.528Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:55.575Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:55.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:55.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:55.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:55.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:55.809Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:55.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:55.903Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:55.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:55.997Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:56.90Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:56.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:56.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:56.231Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:56.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:56.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:56.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:56.418Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:56.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:56.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:56.559Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:56.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:56.653Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:56.700Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:56.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:56.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:56.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:56.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:56.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:56.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:57.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:57.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:57.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:57.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:57.215Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:57.262Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:57.309Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:57.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:57.403Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:57.450Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:57.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:57.543Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:57.590Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:57.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:57.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:57.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:57.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:57.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:57.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:57.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:58.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:58.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:58.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:58.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:58.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:58.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:58.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:58.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:58.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:58.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:58.528Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:58.575Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:58.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:58.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:58.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:58.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:58.809Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:58.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:58.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:45:58.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:59.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:59.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:59.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:59.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:45:59.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:59.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:59.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:59.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:59.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:59.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:59.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:59.528Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:59.575Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:59.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:59.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:59.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:59.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:59.809Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:59.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:59.903Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:59.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:45:59.997Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:0.43Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:46:0.43Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:46:0.184Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:46:0.184Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 14:46:0.231Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:0.231Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 14:46:0.231Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:0.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:0.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:0.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:0.418Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:0.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:0.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:0.559Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:0.606Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:46:0.606Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:46:0.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:0.653Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:0.700Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:0.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:0.793Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 14:46:0.793Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 14:46:0.793Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:0.793Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 14:46:0.793Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:0.793Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:0.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:0.840Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
3/9/2020 - 14:46:0.840Open1488C:\Monitor\proc.exeC:\Monitor\VERSION.dll
3/9/2020 - 14:46:0.840Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:0.840Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:0.840Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 14:46:0.840Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:0.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:0.887Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 14:46:0.887Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:0.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:0.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:0.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.215Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.262Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.309Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.403Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.450Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.543Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:46:1.543Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
3/9/2020 - 14:46:1.543Open1488C:\Monitor\proc.exeC:\Monitor\bcrypt.dll
3/9/2020 - 14:46:1.543Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 14:46:1.543Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 14:46:1.590Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.731Open1488C:\Monitor\proc.exeC:\Monitor\CRYPTSP.dll
3/9/2020 - 14:46:1.731Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 14:46:1.731Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 14:46:1.731Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:1.731Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:1.731Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:1.731Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:1.731Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:1.731Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:1.731Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:1.731Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:1.731Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:1.731Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:1.731Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:1.731Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:1.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:1.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:2.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:2.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:2.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:2.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:2.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:2.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:2.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:2.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:2.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:2.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:2.528Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:2.575Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:2.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:2.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:2.809Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:2.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:2.997Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:3.231Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:3.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:3.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:3.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:3.418Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:3.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:3.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:3.637Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:3.637Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:3.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:3.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:3.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:3.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:3.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:3.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:4.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:4.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:4.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:4.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:4.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:4.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:4.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:4.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:4.387Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
3/9/2020 - 14:46:4.387Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 14:46:4.387Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:46:4.387Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:46:4.387Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:46:4.387Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 14:46:4.434Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 14:46:4.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:46:4.434Open1488C:\Monitor\proc.exeC:\Monitor\WindowsCodecs.dll
3/9/2020 - 14:46:4.434Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 14:46:4.434Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 14:46:4.434Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 14:46:4.434Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 14:46:4.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:4.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:46:4.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:4.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:4.559Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:4.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:4.653Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:4.700Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:4.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:4.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:4.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:4.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:5.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:5.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:5.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:5.215Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:5.262Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:5.309Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:5.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:5.403Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:5.450Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:5.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:5.543Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:5.590Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:5.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:5.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:5.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:5.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:5.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:5.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:46:5.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:6.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:6.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:6.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:6.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:6.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:6.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:6.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:6.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:6.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:6.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:6.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:6.528Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:6.575Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:6.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:6.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:6.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:6.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:6.809Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:6.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:6.903Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:6.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:6.997Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:46:6.997Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 14:46:7.137Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 14:46:7.231Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:7.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:7.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:7.372Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.config
3/9/2020 - 14:46:7.372Open1488C:\Monitor\proc.exeC:\Monitor\pt-BR\ReZer0V2.resources.dll
3/9/2020 - 14:46:7.372Open1488C:\Monitor\proc.exeC:\Monitor\pt-BR\ReZer0V2.resources\ReZer0V2.resources.dll
3/9/2020 - 14:46:7.372Open1488C:\Monitor\proc.exeC:\Monitor\pt-BR\ReZer0V2.resources.exe
3/9/2020 - 14:46:7.372Open1488C:\Monitor\proc.exeC:\Monitor\pt-BR\ReZer0V2.resources\ReZer0V2.resources.exe
3/9/2020 - 14:46:7.418Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 14:46:7.418Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 14:46:7.606Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 14:46:7.606Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 14:46:7.606Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:7.606Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:7.606Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:7.606Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:7.606Unknown1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/9/2020 - 14:46:7.606Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 14:46:7.606Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 14:46:7.606Open1488C:\Monitor\proc.exeC:\Windows\Globalization\pt.nlp
3/9/2020 - 14:46:7.606Open1488C:\Monitor\proc.exeC:\Monitor\pt\ReZer0V2.resources.dll
3/9/2020 - 14:46:7.606Open1488C:\Monitor\proc.exeC:\Monitor\pt\ReZer0V2.resources\ReZer0V2.resources.dll
3/9/2020 - 14:46:7.606Open1488C:\Monitor\proc.exeC:\Monitor\pt\ReZer0V2.resources.exe
3/9/2020 - 14:46:7.606Open1488C:\Monitor\proc.exeC:\Monitor\pt\ReZer0V2.resources\ReZer0V2.resources.exe
3/9/2020 - 14:46:7.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:7.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:7.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:7.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:7.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:7.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:7.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:7.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:7.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:46:7.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:46:7.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:7.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:7.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:7.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:7.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:7.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:7.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:7.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:7.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:7.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:7.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:7.637Open1488C:\Monitor\proc.exeC:\Windows\Globalization\en-us.nlp
3/9/2020 - 14:46:7.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:7.637Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 14:46:7.637Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 14:46:7.637Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 14:46:7.637Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 14:46:7.637Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:7.637Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 14:46:7.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:7.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:7.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:7.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:7.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:7.637Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 14:46:7.637Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 14:46:7.637Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 14:46:7.637Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 14:46:7.637Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:7.637Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 14:46:7.637Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:7.637Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:7.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:17.637Open1488C:\Monitor\proc.exeC:\Monitor\shfolder.dll
3/9/2020 - 14:46:17.637Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\shfolder.dll
3/9/2020 - 14:46:17.637Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\shfolder.dll
3/9/2020 - 14:46:17.872Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:17.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:17.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:17.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:18.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:18.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:18.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:18.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:18.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:18.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:18.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:18.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:18.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:18.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:18.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:18.528Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:18.575Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:18.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:18.668Open1488C:\Monitor\proc.exeC:\Monitor\ntmarta.dll
3/9/2020 - 14:46:18.668Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ntmarta.dll
3/9/2020 - 14:46:18.668Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ntmarta.dll
3/9/2020 - 14:46:18.668Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:18.668Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:18.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:18.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:18.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:18.809Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:18.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:18.903Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:18.950Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:18.950Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:18.950Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:18.950Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:18.950Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:18.950Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:18.950Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:18.950Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:18.950Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:18.950Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:18.950Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:18.950Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:18.950Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:18.950Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:18.950Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:18.950Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:18.950Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:18.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:18.997Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:19.43Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:19.90Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:19.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:19.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:19.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:19.325Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:19.325Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:19.325Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:19.325Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:19.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:19.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:19.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:19.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:19.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:19.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:19.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:19.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:19.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:19.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:19.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:19.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:19.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:19.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:19.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:19.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:19.325Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:19.325Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:19.325Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp8F8B.tmp
3/9/2020 - 14:46:19.340Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp8F8B.tmp
3/9/2020 - 14:46:19.340Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp8F8B.tmp
3/9/2020 - 14:46:19.340Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp8F8B.tmp
3/9/2020 - 14:46:19.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:19.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:19.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:19.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:19.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:19.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:19.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:19.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:19.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:19.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:19.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:19.340Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll
3/9/2020 - 14:46:19.340Open1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:46:19.340Unknown1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:46:19.340Open1488C:\Monitor\proc.exeC:\Monitor\PROPSYS.dll
3/9/2020 - 14:46:19.340Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:19.340Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:19.340Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 14:46:19.340Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 14:46:19.340Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:19.340Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:19.356Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:19.356Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 14:46:19.356Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 14:46:19.356Open1488C:\Monitor\proc.exeC:\Windows\WindowsShell.Manifest
3/9/2020 - 14:46:19.356Unknown1488C:\Monitor\proc.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
3/9/2020 - 14:46:19.356Open1488C:\Monitor\proc.exeC:\Monitor\apphelp.dll
3/9/2020 - 14:46:19.356Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 14:46:19.356Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 14:46:19.356Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:19.356Open1488C:\Monitor\proc.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 14:46:19.356Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:19.356Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:19.356Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:19.356Open1488C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:19.356Unknown1488C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:19.356Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:19.356Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:19.356Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:19.356Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:19.356Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:19.356Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:19.356Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:19.356Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:19.372Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:19.372Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:19.372Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:19.372Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:19.372Read1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:19.387Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:19.387Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:19.387Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:19.387Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:19.387Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 14:46:19.387Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 14:46:19.387Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 14:46:19.387Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 14:46:19.387Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:19.387Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 14:46:19.387Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:19.387Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:19.387Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:19.403Open1488C:\Monitor\proc.exeC:\Monitor\schtasks.exe
3/9/2020 - 14:46:19.403Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:19.403Open1488C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:19.403Unknown1488C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:19.403Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:19.403Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:19.403Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:19.403Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:19.403Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 14:46:19.403Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 14:46:19.403Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 14:46:19.403Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 14:46:19.403Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
3/9/2020 - 14:46:19.403Open1488C:\Monitor\proc.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 14:46:19.403Read1488C:\Monitor\proc.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 14:46:19.403Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:19.403Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:19.403Open1488C:\Monitor\proc.exeC:\Windows\System32\propsys.dll
3/9/2020 - 14:46:19.418Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:19.418Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:19.418Open1488C:\Monitor\proc.exeC:\Windows\System32\propsys.dll
3/9/2020 - 14:46:19.418Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\urlmon.dll
3/9/2020 - 14:46:19.418Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\urlmon.dll
3/9/2020 - 14:46:19.418Open1488C:\Monitor\proc.exeC:\Monitor\Secur32.dll
3/9/2020 - 14:46:19.418Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 14:46:19.418Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 14:46:19.418Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 14:46:19.418Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 14:46:19.418Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:19.418Open1488C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:19.434Unknown1488C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:19.434Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:19.434Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:19.434Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:19.434Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:19.434Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:19.434Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:19.434Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:19.434Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:19.434Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:19.434Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:19.434Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:19.434Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:19.434Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe:Zone.Identifier
3/9/2020 - 14:46:19.434Open1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:46:19.434Unknown1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:46:19.434Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:19.450Open1488C:\Monitor\proc.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 14:46:19.450Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:19.450Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:19.450Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:19.450Open1488C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:19.450Unknown1488C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:19.450Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:19.450Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:19.450Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:19.450Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:19.450Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:19.450Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:19.450Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:19.450Read1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:19.450Read1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:19.450Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ui\SwDRM.dll
3/9/2020 - 14:46:19.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:19.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:19.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:19.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:19.543Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\Prefetch\SCHTASKS.EXE-AD598958.pf
3/9/2020 - 14:46:19.543Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 14:46:19.543Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:19.543Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:19.543Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:19.543Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:19.543Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:19.543Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:19.559Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 14:46:19.559Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 14:46:19.559Unknown1228C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 14:46:19.559Open1228C:\Windows\SysWOW64\schtasks.exeC:\Monitor
3/9/2020 - 14:46:19.606Open1488C:\Monitor\proc.exeC:\Monitor\RpcRtRemote.dll
3/9/2020 - 14:46:19.606Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\RpcRtRemote.dll
3/9/2020 - 14:46:19.606Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
3/9/2020 - 14:46:19.606Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\RpcRtRemote.dll
3/9/2020 - 14:46:19.606Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
3/9/2020 - 14:46:19.778Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:19.778Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:19.778Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 14:46:19.778Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 14:46:19.793Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:19.793Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:19.793Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:19.793Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:19.793Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:19.793Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:19.793Read1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:19.840Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:19.840Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:19.840Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:19.840Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:19.840Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 14:46:19.840Unknown1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:46:19.840Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:19.840Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:19.840Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 14:46:19.840Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 14:46:19.840Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:19.840Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:20.59Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 14:46:20.59Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 14:46:20.153Open1228C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmp8F8B.tmp
3/9/2020 - 14:46:20.153Read1228C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmp8F8B.tmp
3/9/2020 - 14:46:20.153Read1228C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmp8F8B.tmp
3/9/2020 - 14:46:21.606Unknown1228C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 14:46:21.606Unknown1228C:\Windows\SysWOW64\schtasks.exeC:\Monitor
3/9/2020 - 14:46:21.668Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp8F8B.tmp
3/9/2020 - 14:46:21.668Open1488C:\Monitor\proc.exeC:\Monitor\Files\DeletedFiles
3/9/2020 - 14:46:21.668Delete1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp8F8B.tmp
3/9/2020 - 14:46:21.668Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp8F8B.tmp
3/9/2020 - 14:46:21.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:21.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:21.809Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:21.809Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:21.809Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:21.809Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:21.809Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:21.809Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:21.809Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:21.809Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:21.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:21.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:21.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:21.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:21.856Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
3/9/2020 - 14:46:21.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:21.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:21.856Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:21.856Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:21.856Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:21.856Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:21.856Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:21.856Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:21.856Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:21.856Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:21.856Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:21.903Open2100C:\Monitor\proc.exeC:\Windows\Prefetch\PROC.EXE-5509F567.pf
3/9/2020 - 14:46:21.903Read2100C:\Monitor\proc.exeC:\Windows\Prefetch\PROC.EXE-5509F567.pfPROC.EXE-5509F567.pf
3/9/2020 - 14:46:21.903Open2100C:\Monitor\proc.exe\Device\HarddiskVolume2
3/9/2020 - 14:46:21.903Open2100C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:46:21.903Open2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:21.903Open2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:21.903Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:21.903Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:21.903Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft
3/9/2020 - 14:46:21.903Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
3/9/2020 - 14:46:21.903Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
3/9/2020 - 14:46:21.903Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
3/9/2020 - 14:46:21.903Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504
3/9/2020 - 14:46:21.903Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 14:46:21.903Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
3/9/2020 - 14:46:21.903Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
3/9/2020 - 14:46:21.903Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
3/9/2020 - 14:46:21.903Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
3/9/2020 - 14:46:21.903Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:21.903Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft
3/9/2020 - 14:46:21.903Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
3/9/2020 - 14:46:21.903Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 14:46:21.903Open2100C:\Monitor\proc.exeC:\Users\Behemot\Favorites
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\Favorites
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\Favorites
3/9/2020 - 14:46:21.903Open2100C:\Monitor\proc.exeC:\Users\Behemot\Favorites\Links for Brasil
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\Favorites\Links for Brasil
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\Favorites\Links for Brasil
3/9/2020 - 14:46:21.903Open2100C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:21.903Open2100C:\Monitor\proc.exeC:\Windows\assembly
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Windows\assembly
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Windows\assembly
3/9/2020 - 14:46:21.903Open2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 14:46:21.903Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 14:46:21.903Read2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 14:46:21.903Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:21.903Open2624C:\Monitor\proc.exeC:\Windows\Prefetch\PROC.EXE-5509F567.pf
3/9/2020 - 14:46:21.903Read2624C:\Monitor\proc.exeC:\Windows\Prefetch\PROC.EXE-5509F567.pfPROC.EXE-5509F567.pf
3/9/2020 - 14:46:21.903Unknown2624C:\Monitor\proc.exeC:\Windows\Prefetch\PROC.EXE-5509F567.pfPROC.EXE-5509F567.pf
3/9/2020 - 14:46:21.903Open2624C:\Monitor\proc.exe\Device\HarddiskVolume2
3/9/2020 - 14:46:21.903Open2624C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:46:21.903Unknown2624C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:46:21.903Unknown2624C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:46:21.903Open2624C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:21.903Unknown2624C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:21.903Unknown2624C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:21.903Open2624C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:21.903Unknown2624C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:21.903Unknown2624C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:21.903Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:21.918Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:21.918Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft
3/9/2020 - 14:46:21.918Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
3/9/2020 - 14:46:21.918Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
3/9/2020 - 14:46:21.918Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
3/9/2020 - 14:46:21.918Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504
3/9/2020 - 14:46:21.918Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 14:46:21.918Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
3/9/2020 - 14:46:21.918Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
3/9/2020 - 14:46:21.918Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
3/9/2020 - 14:46:21.918Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
3/9/2020 - 14:46:21.918Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:21.918Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft
3/9/2020 - 14:46:21.918Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
3/9/2020 - 14:46:21.918Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 14:46:21.918Open2624C:\Monitor\proc.exeC:\Users\Behemot\Favorites
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\Favorites
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\Favorites
3/9/2020 - 14:46:21.918Open2624C:\Monitor\proc.exeC:\Users\Behemot\Favorites\Links for Brasil
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\Favorites\Links for Brasil
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\Favorites\Links for Brasil
3/9/2020 - 14:46:21.918Open2624C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:21.918Open2624C:\Monitor\proc.exeC:\Windows\assembly
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Windows\assembly
3/9/2020 - 14:46:21.918Unknown2624C:\Monitor\proc.exeC:\Windows\assembly
3/9/2020 - 14:46:21.918Open2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 14:46:21.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\Globalization
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\Globalization
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\Globalization
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\Globalization\Sorting
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\Globalization\Sorting
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\Globalization\Sorting
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\Microsoft.NET
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\Microsoft.NET
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\Microsoft.NET
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\System32
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\System32
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\System32
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\System32\user32.dll
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\System32\user32.dll
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\System32\apisetschema.dll
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\KernelBase.dll
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\System32\locale.nls
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\System32\locale.nls
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptbase.dll
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 14:46:21.981Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 14:46:21.981Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 14:46:21.997Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 14:46:21.997Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:21.997Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 14:46:21.997Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[2].XML
3/9/2020 - 14:46:21.997Open2624C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:46:21.997Open2624C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:46:21.997Open2624C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 14:46:21.997Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 14:46:21.997Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 14:46:21.997Open2624C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:46:21.997Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 14:46:21.997Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.dat
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
3/9/2020 - 14:46:21.997Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:21.997Open2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:21.997Open2624C:\Monitor\proc.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
3/9/2020 - 14:46:21.997Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[7].XML
3/9/2020 - 14:46:21.997Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
3/9/2020 - 14:46:21.997Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
3/9/2020 - 14:46:21.997Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
3/9/2020 - 14:46:21.997Open2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:46:21.997Open2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:21.997Open2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:46:21.997Read2624C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 14:46:21.997Read2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:21.997Read2624C:\Monitor\proc.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
3/9/2020 - 14:46:21.997Read2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:46:21.997Read2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:21.997Read2624C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\System32\locale.nls
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:21.997Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[2].XML
3/9/2020 - 14:46:21.997Read2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
3/9/2020 - 14:46:21.997Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[7].XML
3/9/2020 - 14:46:21.997Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
3/9/2020 - 14:46:21.997Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
3/9/2020 - 14:46:21.997Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\System32\user32.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:21.997Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
3/9/2020 - 14:46:22.12Unknown2624C:\Monitor\proc.exe\Device\HarddiskVolume2
3/9/2020 - 14:46:22.12Open2624C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:22.12Open2624C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:22.12Open2624C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:22.12Open2624C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:22.12Open2624C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:22.12Open2624C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:22.12Open2624C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:22.12Open2624C:\Monitor\proc.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 14:46:22.12Open2624C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:22.12Unknown2624C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:22.12Open2624C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:46:21.997Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 14:46:22.12Open2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 14:46:22.12Open2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 14:46:22.12Open2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 14:46:22.12Open2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 14:46:22.12Open2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 14:46:22.12Open2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 14:46:22.12Open2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 14:46:22.12Open2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 14:46:22.12Open2100C:\Monitor\proc.exeC:\Windows\Globalization
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\Globalization
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\Globalization
3/9/2020 - 14:46:22.12Open2100C:\Monitor\proc.exeC:\Windows\Globalization\Sorting
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\Globalization\Sorting
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\Globalization\Sorting
3/9/2020 - 14:46:22.12Open2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET
3/9/2020 - 14:46:22.12Open2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 14:46:22.12Open2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:46:22.12Open2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 14:46:22.12Open2100C:\Monitor\proc.exeC:\Windows\System32
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\System32
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\System32
3/9/2020 - 14:46:22.12Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:22.12Open2100C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:22.12Open2100C:\Monitor\proc.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 14:46:22.12Open2100C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:22.12Open2100C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:22.12Open2100C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:22.12Open2100C:\Monitor\proc.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 14:46:22.12Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 14:46:22.12Open2100C:\Monitor\proc.exeC:\Windows\System32\user32.dll
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\System32\user32.dll
3/9/2020 - 14:46:22.12Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 14:46:22.12Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 14:46:22.12Open2100C:\Monitor\proc.exeC:\Windows\System32\apisetschema.dll
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 14:46:22.12Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\KernelBase.dll
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 14:46:22.12Open2100C:\Monitor\proc.exeC:\Windows\System32\locale.nls
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\System32\locale.nls
3/9/2020 - 14:46:22.12Open2100C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:22.12Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 14:46:22.12Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptbase.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[2].XML
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.dat
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[7].XML
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\System32\locale.nls
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[2].XML
3/9/2020 - 14:46:22.28Read2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[7].XML
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
3/9/2020 - 14:46:22.28Open2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\System32\user32.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
3/9/2020 - 14:46:22.28Unknown2100C:\Monitor\proc.exe\Device\HarddiskVolume2
3/9/2020 - 14:46:22.28Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
3/9/2020 - 14:46:22.43Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:22.43Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:22.106Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:22.106Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:22.106Open2624C:\Monitor\proc.exeC:\Monitor\MSVCP60.dll
3/9/2020 - 14:46:22.106Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\msvcp60.dll
3/9/2020 - 14:46:22.106Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\msvcp60.dll
3/9/2020 - 14:46:22.106Open2624C:\Monitor\proc.exeC:\Monitor\WINMM.dll
3/9/2020 - 14:46:22.106Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\winmm.dll
3/9/2020 - 14:46:22.106Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\winmm.dll
3/9/2020 - 14:46:22.106Open2624C:\Monitor\proc.exeC:\Monitor\version.DLL
3/9/2020 - 14:46:22.106Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:22.106Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:22.106Open2624C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 14:46:22.106Open2624C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:46:22.106Unknown2624C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:46:22.106Open2624C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:46:22.106Open2624C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 14:46:22.122Open2624C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 14:46:22.122Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:22.122Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:22.122Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:22.122Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:22.122Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:22.122Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:22.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:22.122Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:22.122Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:22.122Open2624C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:22.122Unknown2624C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:22.122Open2624C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:22.122Unknown2624C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:22.122Open2624C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:22.122Unknown2624C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:22.122Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:22.122Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:22.122Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:22.122Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:22.122Open2624C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:22.122Unknown2624C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:22.122Open2624C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:22.122Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:22.122Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:22.122Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:22.122Read2624C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:22.122Write2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:22.122Write2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:22.122Read2624C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:22.122Read2624C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 14:46:22.122Write2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:22.122Write2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:22.122Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:22.137Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.137Write2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.137Open2624C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 14:46:22.137Unknown2624C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:46:22.137Open2624C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:46:22.137Unknown2624C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:46:22.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:22.184Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 14:46:22.184Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 14:46:22.184Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:22.184Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:22.184Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.184Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.184Open2624C:\Monitor\proc.exeC:\Monitor\PROPSYS.dll
3/9/2020 - 14:46:22.184Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:22.184Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:22.184Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 14:46:22.184Open2624C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 14:46:22.184Open2624C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:22.184Unknown2624C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:22.184Open2624C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:22.184Open2624C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 14:46:22.184Open2624C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 14:46:22.184Open2624C:\Monitor\proc.exeC:\Windows\WindowsShell.Manifest
3/9/2020 - 14:46:22.184Unknown2624C:\Monitor\proc.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
3/9/2020 - 14:46:22.184Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 14:46:22.184Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 14:46:22.184Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 14:46:22.184Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 14:46:22.184Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
3/9/2020 - 14:46:22.184Open2624C:\Monitor\proc.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 14:46:22.184Read2624C:\Monitor\proc.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 14:46:22.200Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:22.200Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:22.200Open2624C:\Monitor\proc.exeC:\Windows\System32\propsys.dll
3/9/2020 - 14:46:22.200Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:22.200Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:22.200Open2624C:\Monitor\proc.exeC:\Windows\System32\propsys.dll
3/9/2020 - 14:46:22.200Open2624C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:22.200Unknown2624C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:22.200Open2624C:\Monitor\proc.exeC:\Users\desktop.ini
3/9/2020 - 14:46:22.200Read2624C:\Monitor\proc.exeC:\Users\desktop.ini
3/9/2020 - 14:46:22.200Open2624C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:22.200Unknown2624C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:22.200Open2624C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:22.200Unknown2624C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:22.200Open2624C:\Monitor\proc.exeC:\Users\Behemot\Searches\desktop.ini
3/9/2020 - 14:46:22.200Read2624C:\Monitor\proc.exeC:\Users\Behemot\Searches\desktop.ini
3/9/2020 - 14:46:22.200Open2624C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:22.200Unknown2624C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:22.215Unknown2624C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:22.215Unknown2624C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\Users\Behemot\Videos\desktop.ini
3/9/2020 - 14:46:22.215Read2624C:\Monitor\proc.exeC:\Users\Behemot\Videos\desktop.ini
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:22.215Unknown2624C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:22.215Unknown2624C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:22.215Unknown2624C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\Users\Behemot\Pictures\desktop.ini
3/9/2020 - 14:46:22.215Read2624C:\Monitor\proc.exeC:\Users\Behemot\Pictures\desktop.ini
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:22.215Unknown2624C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:22.215Unknown2624C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:22.215Unknown2624C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:22.215Unknown2624C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:22.215Unknown2624C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:22.215Unknown2624C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\Users\Behemot\Contacts\desktop.ini
3/9/2020 - 14:46:22.215Read2624C:\Monitor\proc.exeC:\Users\Behemot\Contacts\desktop.ini
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:22.215Unknown2624C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:22.215Unknown2624C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:22.215Unknown2624C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\Users\Behemot\Favorites\desktop.ini
3/9/2020 - 14:46:22.215Read2624C:\Monitor\proc.exeC:\Users\Behemot\Favorites\desktop.ini
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:22.215Unknown2624C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:22.215Unknown2624C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:22.215Unknown2624C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\Users\Behemot\Music\desktop.ini
3/9/2020 - 14:46:22.215Read2624C:\Monitor\proc.exeC:\Users\Behemot\Music\desktop.ini
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:22.215Unknown2624C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:22.215Unknown2624C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:22.215Unknown2624C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\Users\Behemot\Downloads\desktop.ini
3/9/2020 - 14:46:22.215Read2624C:\Monitor\proc.exeC:\Users\Behemot\Downloads\desktop.ini
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:22.215Unknown2624C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:22.215Unknown2624C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:22.215Unknown2624C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\Users\Behemot\Documents\desktop.ini
3/9/2020 - 14:46:22.215Read2624C:\Monitor\proc.exeC:\Users\Behemot\Documents\desktop.ini
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:22.215Unknown2624C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:22.215Unknown2624C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:22.215Unknown2624C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\Users\Behemot\Links\desktop.ini
3/9/2020 - 14:46:22.215Read2624C:\Monitor\proc.exeC:\Users\Behemot\Links\desktop.ini
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:22.215Unknown2624C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:22.215Unknown2624C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:22.215Unknown2624C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\Users\Behemot\Saved Games\desktop.ini
3/9/2020 - 14:46:22.215Read2624C:\Monitor\proc.exeC:\Users\Behemot\Saved Games\desktop.ini
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\Monitor\apphelp.dll
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 14:46:22.215Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 14:46:22.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:22.278Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 14:46:22.278Open2624C:\Monitor\proc.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 14:46:22.278Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:22.278Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:22.278Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 14:46:22.278Open2624C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:22.278Unknown2624C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:22.278Open2624C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:22.278Unknown2624C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:22.278Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:22.278Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:22.278Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:22.278Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:22.278Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 14:46:22.278Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 14:46:22.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:22.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:22.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:46:22.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:46:22.465Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.1488.1116625
3/9/2020 - 14:46:22.465Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.1488.1116625
3/9/2020 - 14:46:22.465Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.1488.1116640
3/9/2020 - 14:46:22.465Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:22.465Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 14:46:22.465Read1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:46:22.465Read1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:46:22.465Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 14:46:22.465Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 14:46:22.465Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 14:46:22.465Read2624C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 14:46:22.465Read2624C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 14:46:22.481Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 14:46:22.481Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 14:46:22.481Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 14:46:22.481Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 14:46:22.481Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 14:46:22.481Open2624C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:22.481Unknown2624C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:22.481Open2624C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:22.481Unknown2624C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:22.481Open2624C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:22.481Unknown2624C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:22.497Open2624C:\Monitor\proc.exeC:\Monitor\Secur32.dll
3/9/2020 - 14:46:22.497Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 14:46:22.497Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 14:46:22.497Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 14:46:22.497Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 14:46:22.497Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 14:46:22.497Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 14:46:22.497Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.497Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.497Open2624C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:22.497Unknown2624C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:22.497Open2624C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:22.497Unknown2624C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:22.497Open2624C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:22.497Unknown2624C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:22.497Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:22.497Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:22.497Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:22.497Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:22.497Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:22.497Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:22.497Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.497Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.497Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:22.497Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:22.497Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:22.497Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:22.497Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:22.497Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:22.497Open2624C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:22.497Unknown2624C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 14:46:22.497Open2624C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:22.497Unknown2624C:\Monitor\proc.exeC:\Users
3/9/2020 - 14:46:22.497Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.497Open2624C:\Monitor\proc.exeC:\Monitor\api-ms-win-downlevel-advapi32-l2-1-0.dll
3/9/2020 - 14:46:22.497Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
3/9/2020 - 14:46:22.497Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
3/9/2020 - 14:46:22.497Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
3/9/2020 - 14:46:22.497Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
3/9/2020 - 14:46:22.497Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:22.497Unknown1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:46:22.497Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:22.497Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:22.497Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:46:22.497Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:22.622Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.622Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.622Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.622Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.622Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.622Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs:Zone.Identifier
3/9/2020 - 14:46:22.622Open2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.622Read2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.622Read2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.622Unknown2624C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.622Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:22.622Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:22.622Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:22.622Open2624C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:46:22.622Unknown2624C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:46:22.622Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:22.622Open2624C:\Monitor\proc.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 14:46:22.622Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:22.622Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:22.622Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:22.622Open2624C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:22.622Unknown2624C:\Monitor\proc.exeC:\
3/9/2020 - 14:46:22.622Open2624C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:22.622Unknown2624C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:22.622Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:22.622Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:22.622Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:22.622Unknown2624C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:22.622Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:22.622Read2624C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:22.622Read2624C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:22.622Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\ui\SwDRM.dll
3/9/2020 - 14:46:22.637Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:22.637Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:22.637Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:22.637Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\en\WScript.exe.mui
3/9/2020 - 14:46:22.637Open2624C:\Monitor\proc.exeC:\Windows\System32\en\WScript.exe.mui
3/9/2020 - 14:46:22.637Open2624C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:22.637Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\Prefetch\WSCRIPT.EXE-9093C9D0.pf
3/9/2020 - 14:46:22.637Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 14:46:22.637Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:22.637Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:22.637Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:22.637Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:22.637Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:22.637Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:22.637Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 14:46:22.637Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 14:46:22.637Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 14:46:22.637Open2744C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 14:46:22.653Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:22.653Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:22.668Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:22.668Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:22.668Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:22.668Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:22.668Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:22.668Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:22.668Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:22.668Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:22.668Unknown2624C:\Monitor\proc.exeC:\Windows
3/9/2020 - 14:46:22.668Unknown2624C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 14:46:22.668Unknown2624C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:46:22.668Unknown2624C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:22.668Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 14:46:22.668Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 14:46:22.668Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:22.668Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:22.872Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:22.872Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:22.872Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:22.872Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:22.872Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:22.872Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:22.872Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:22.872Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 14:46:22.872Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:46:22.872Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:22.872Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:22.872Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:22.872Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:22.872Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:22.872Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:22.872Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:22.872Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:22.872Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:22.872Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:22.872Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:22.872Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:22.872Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:22.872Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\sxs.dll
3/9/2020 - 14:46:22.872Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\sxs.dll
3/9/2020 - 14:46:22.918Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\dwmapi.dll
3/9/2020 - 14:46:22.918Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\dwmapi.dll
3/9/2020 - 14:46:22.918Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\vbscript.dll
3/9/2020 - 14:46:22.918Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\vbscript.dll
3/9/2020 - 14:46:22.918Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.918Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.918Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 14:46:22.918Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 14:46:22.918Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.918Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.918Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.918Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.918Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.918Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.918Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.918Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.918Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:22.918Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:22.918Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:22.918Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:22.918Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:22.918Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:22.918Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:22.918Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:22.918Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:22.918Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:22.918Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:22.934Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:22.934Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:22.934Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:22.934Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:22.934Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:22.934Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:22.934Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:22.934Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 14:46:22.934Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 14:46:22.934Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 14:46:22.934Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 14:46:22.934Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 14:46:22.934Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 14:46:22.934Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 14:46:22.934Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 14:46:22.934Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.934Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 14:46:22.934Unknown2744C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 14:46:22.934Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 14:46:22.934Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:22.934Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:22.934Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:22.934Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:22.934Read2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:22.934Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:22.950Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\msisip.dll
3/9/2020 - 14:46:22.950Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\msisip.dll
3/9/2020 - 14:46:22.950Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.950Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.950Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.950Read2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.950Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:22.950Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshext.dll
3/9/2020 - 14:46:22.950Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshext.dll
3/9/2020 - 14:46:22.950Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\WScript.exe.Local
3/9/2020 - 14:46:22.950Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
3/9/2020 - 14:46:22.950Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
3/9/2020 - 14:46:22.950Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
3/9/2020 - 14:46:22.950Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
3/9/2020 - 14:46:22.950Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
3/9/2020 - 14:46:23.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:23.247Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrobj.dll
3/9/2020 - 14:46:23.293Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrobj.dll
3/9/2020 - 14:46:23.668Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\mlang.dll
3/9/2020 - 14:46:23.668Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\mlang.dll
3/9/2020 - 14:46:23.715Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:24.918Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:24.918Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:25.247Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 14:46:25.247Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:25.247Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:25.247Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\mpr.dll
3/9/2020 - 14:46:25.247Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\mpr.dll
3/9/2020 - 14:46:25.247Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:25.247Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 14:46:25.247Open2744C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 14:46:25.247Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 14:46:25.309Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:25.309Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:25.309Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 14:46:25.309Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\WScript.exe.Local
3/9/2020 - 14:46:25.309Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:25.309Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:25.309Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:25.309Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 14:46:25.309Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 14:46:25.309Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\WindowsShell.Manifest
3/9/2020 - 14:46:25.309Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
3/9/2020 - 14:46:25.309Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 14:46:25.309Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 14:46:25.309Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:25.309Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:25.309Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:25.309Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 14:46:25.309Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 14:46:25.309Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 14:46:25.309Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 14:46:25.325Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:25.325Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\WScript.exe.Local
3/9/2020 - 14:46:25.325Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:25.325Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:25.325Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:25.325Open2744C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 14:46:25.325Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 14:46:25.325Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:25.325Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:25.325Open2744C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 14:46:25.325Unknown2744C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 14:46:25.325Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 14:46:25.325Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 14:46:25.325Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:25.325Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:25.325Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:25.325Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:25.325Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 14:46:25.325Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 14:46:25.325Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 14:46:25.325Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 14:46:25.325Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
3/9/2020 - 14:46:25.325Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 14:46:25.325Read2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 14:46:25.325Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:25.325Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:25.340Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\propsys.dll
3/9/2020 - 14:46:25.340Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:25.340Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:25.340Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\propsys.dll
3/9/2020 - 14:46:25.340Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\urlmon.dll
3/9/2020 - 14:46:25.340Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\urlmon.dll
3/9/2020 - 14:46:25.340Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 14:46:25.340Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 14:46:25.340Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 14:46:25.340Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 14:46:25.340Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 14:46:25.340Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 14:46:25.340Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:25.340Open2744C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 14:46:25.340Unknown2744C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 14:46:25.340Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 14:46:25.340Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 14:46:25.340Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:25.340Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:25.340Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:25.340Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:25.340Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:25.340Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 14:46:25.340Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 14:46:25.340Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:25.340Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:25.340Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:25.340Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe:Zone.Identifier
3/9/2020 - 14:46:25.340Open2744C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 14:46:25.340Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 14:46:25.340Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:25.356Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 14:46:25.356Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 14:46:25.356Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 14:46:25.356Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:25.356Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:25.356Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:25.356Open2744C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 14:46:25.356Unknown2744C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 14:46:25.356Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 14:46:25.356Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 14:46:25.356Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:25.356Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:25.356Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:25.356Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:25.356Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:25.356Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:25.356Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:25.356Read2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:25.356Open2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\ui\SwDRM.dll
3/9/2020 - 14:46:25.372Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:25.372Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:25.372Open2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:25.372Open2744C:\Windows\SysWOW64\wscript.exeC:\Monitor\Files\DeletedFiles
3/9/2020 - 14:46:25.372Delete2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:25.372Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 14:46:25.372Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:25.372Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
3/9/2020 - 14:46:25.434Read2140C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
3/9/2020 - 14:46:25.434Read2140C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dll
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dll
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dll
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
3/9/2020 - 14:46:25.434Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 14:46:25.434Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 14:46:25.450Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
3/9/2020 - 14:46:25.450Read2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:25.450Read2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 14:46:25.450Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
3/9/2020 - 14:46:25.450Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:46:25.450Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 14:46:25.450Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:25.450Read2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 14:46:25.450Open2140C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
3/9/2020 - 14:46:25.450Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
3/9/2020 - 14:46:25.450Read2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:25.450Read2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:25.450Read2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 14:46:25.450Read2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 14:46:25.450Read2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 14:46:25.450Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 14:46:25.450Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:25.450Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:25.450Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:25.450Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 14:46:25.450Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 14:46:25.450Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
3/9/2020 - 14:46:25.450Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 14:46:25.450Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 14:46:25.450Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 14:46:25.450Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:25.450Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 14:46:25.450Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 14:46:25.450Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 14:46:25.450Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 14:46:25.450Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 14:46:25.450Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 14:46:25.450Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:25.450Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 14:46:25.450Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 14:46:25.450Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 14:46:25.450Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:25.450Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 14:46:25.450Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 14:46:25.450Unknown2140C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
3/9/2020 - 14:46:25.450Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 14:46:25.450Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:25.450Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:25.450Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:25.450Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:25.450Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:25.450Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:25.450Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 14:46:25.450Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 14:46:25.450Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 14:46:25.450Open2140C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 14:46:25.450Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 14:46:25.450Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 14:46:25.450Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
3/9/2020 - 14:46:25.450Unknown2744C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:25.668Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 14:46:25.668Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 14:46:25.668Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:25.668Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:25.668Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:25.668Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:25.668Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:25.668Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:25.684Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:25.684Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:25.684Read2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:25.684Open2140C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 14:46:25.684Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 14:46:25.684Open2140C:\Windows\SysWOW64\cmd.exeC:\
3/9/2020 - 14:46:25.684Unknown2140C:\Windows\SysWOW64\cmd.exeC:\
3/9/2020 - 14:46:25.684Open2140C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 14:46:25.684Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 14:46:25.684Open2140C:\Windows\SysWOW64\cmd.exeC:\
3/9/2020 - 14:46:25.684Unknown2140C:\Windows\SysWOW64\cmd.exeC:\
3/9/2020 - 14:46:25.684Open2140C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:25.684Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:25.684Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 14:46:25.684Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:46:25.684Open2140C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 14:46:25.684Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 14:46:25.684Open2140C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:25.684Read2140C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:25.684Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 14:46:25.684Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 14:46:25.684Open2140C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 14:46:25.684Open2140C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:25.684Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:25.684Open2140C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:25.684Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:25.684Open2140C:\Windows\SysWOW64\cmd.exeC:\
3/9/2020 - 14:46:25.684Unknown2140C:\Windows\SysWOW64\cmd.exeC:\
3/9/2020 - 14:46:25.684Open2140C:\Windows\SysWOW64\cmd.exeC:\Users
3/9/2020 - 14:46:25.684Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Users
3/9/2020 - 14:46:25.684Open2140C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
3/9/2020 - 14:46:25.684Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
3/9/2020 - 14:46:25.684Open2140C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:25.684Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:25.684Open2140C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:25.684Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:25.684Open2140C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:25.684Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:25.684Open2140C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:25.684Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:25.684Open2140C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:25.684Read2140C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:25.684Open2140C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\ui\SwDRM.dll
3/9/2020 - 14:46:25.715Open2140C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:25.715Open2140C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:25.715Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:25.715Open2140C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:25.715Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:25.715Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:25.715Read2140C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:25.715Read2140C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:25.762Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Prefetch\REMCOS.EXE-473216CB.pf
3/9/2020 - 14:46:25.762Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:25.762Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:25.762Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:25.762Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:25.762Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:25.762Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:25.762Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:25.762Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 14:46:25.762Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:25.762Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:25.762Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 14:46:25.762Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 14:46:25.762Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 14:46:25.762Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:25.762Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:25.762Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\MSCOREE.DLL.local
3/9/2020 - 14:46:25.762Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:46:25.762Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:46:25.762Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
3/9/2020 - 14:46:25.762Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
3/9/2020 - 14:46:25.762Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:25.762Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:25.762Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:25.762Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:25.762Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:25.762Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:25.762Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.config
3/9/2020 - 14:46:25.762Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:25.762Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:25.762Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:25.762Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:25.762Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:46:25.762Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:46:25.762Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:46:25.762Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:46:25.762Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 14:46:25.762Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 14:46:25.778Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 14:46:25.778Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 14:46:25.778Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:25.778Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:25.778Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:25.778Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:46:25.778Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:46:25.778Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:46:25.778Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:46:25.778Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:46:25.778Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:46:25.778Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 14:46:25.778Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 14:46:25.778Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:25.778Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:25.778Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:25.778Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:25.778Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 14:46:25.778Read2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:46:25.778Read2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:46:25.778Read2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:46:25.778Read2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:46:25.778Read2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:46:25.778Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.config
3/9/2020 - 14:46:25.778Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
3/9/2020 - 14:46:25.778Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
3/9/2020 - 14:46:25.778Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
3/9/2020 - 14:46:25.778Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
3/9/2020 - 14:46:25.778Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
3/9/2020 - 14:46:25.778Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 14:46:25.778Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:46:25.778Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 14:46:25.778Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 14:46:25.778Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 14:46:25.778Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:25.778Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:25.778Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:25.778Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
3/9/2020 - 14:46:25.778Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
3/9/2020 - 14:46:25.778Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
3/9/2020 - 14:46:25.793Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 14:46:25.793Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:25.793Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 14:46:25.793Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:25.793Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:46:25.793Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:46:25.793Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:25.793Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:25.793Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 14:46:25.793Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 14:46:25.793Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 14:46:25.793Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 14:46:25.793Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 14:46:25.793Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 14:46:25.793Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:25.793Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:25.793Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:25.793Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:25.793Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:25.793Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:25.793Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:25.793Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:25.793Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
3/9/2020 - 14:46:25.793Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 14:46:25.793Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 14:46:25.793Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:25.793Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:25.856Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 14:46:25.856Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 14:46:25.856Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 14:46:25.856Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.config
3/9/2020 - 14:46:25.856Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:25.856Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:25.856Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:25.856Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:25.856Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:25.856Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:25.856Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 14:46:25.856Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 14:46:25.856Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 14:46:25.856Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 14:46:25.856Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:25.856Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:25.856Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:25.856Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\pubpol4.dat
3/9/2020 - 14:46:25.856Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
3/9/2020 - 14:46:25.856Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 14:46:25.856Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:46:25.856Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 14:46:25.856Read2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:46:25.856Read2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:46:25.856Read2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:46:25.856Read2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:46:25.856Read2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:46:25.856Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:46:25.856Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 14:46:25.856Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:25.856Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 14:46:25.856Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:25.856Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 14:46:25.856Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:46:25.856Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 14:46:25.856Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:46:25.856Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 14:46:25.856Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:46:25.856Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 14:46:25.856Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:46:25.872Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:46:25.872Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:46:25.872Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:46:25.872Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:46:25.872Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:46:25.872Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:46:25.872Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
3/9/2020 - 14:46:25.872Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
3/9/2020 - 14:46:25.872Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 14:46:25.872Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\pt-br.nlp
3/9/2020 - 14:46:25.903Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:46:25.903Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:46:25.903Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:46:25.903Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 14:46:25.903Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:25.903Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 14:46:25.903Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:46:25.903Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:46:25.903Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 14:46:25.903Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 14:46:25.903Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:25.903Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 14:46:25.903Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:25.903Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:25.903Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
3/9/2020 - 14:46:25.903Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\VERSION.dll
3/9/2020 - 14:46:25.903Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:25.903Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:25.903Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 14:46:25.903Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:25.903Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 14:46:25.903Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:25.903Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
3/9/2020 - 14:46:25.903Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\bcrypt.dll
3/9/2020 - 14:46:25.903Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 14:46:25.903Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 14:46:25.903Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\CRYPTSP.dll
3/9/2020 - 14:46:25.903Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 14:46:25.903Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 14:46:25.903Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:25.903Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:25.903Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:25.903Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:25.903Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:25.903Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:25.903Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:25.903Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:25.903Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:25.903Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:25.918Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:25.918Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:25.918Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:25.918Read2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:25.918Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:25.918Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
3/9/2020 - 14:46:25.918Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 14:46:25.918Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:46:25.918Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:46:25.918Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:46:25.918Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 14:46:25.918Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 14:46:25.934Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\WindowsCodecs.dll
3/9/2020 - 14:46:25.934Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 14:46:25.934Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 14:46:25.934Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 14:46:25.934Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 14:46:26.28Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 14:46:26.28Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 14:46:26.28Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.config
3/9/2020 - 14:46:26.28Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt-BR\ReZer0V2.resources.dll
3/9/2020 - 14:46:26.28Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt-BR\ReZer0V2.resources\ReZer0V2.resources.dll
3/9/2020 - 14:46:26.28Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt-BR\ReZer0V2.resources.exe
3/9/2020 - 14:46:26.28Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt-BR\ReZer0V2.resources\ReZer0V2.resources.exe
3/9/2020 - 14:46:26.28Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 14:46:26.28Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 14:46:26.28Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 14:46:26.28Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 14:46:26.28Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:26.28Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:26.28Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:26.43Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:26.43Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 14:46:26.43Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 14:46:26.43Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\pt.nlp
3/9/2020 - 14:46:26.43Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt\ReZer0V2.resources.dll
3/9/2020 - 14:46:26.43Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt\ReZer0V2.resources\ReZer0V2.resources.dll
3/9/2020 - 14:46:26.43Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt\ReZer0V2.resources.exe
3/9/2020 - 14:46:26.43Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt\ReZer0V2.resources\ReZer0V2.resources.exe
3/9/2020 - 14:46:26.43Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\en-us.nlp
3/9/2020 - 14:46:26.43Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 14:46:26.43Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 14:46:26.43Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 14:46:26.43Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 14:46:26.43Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:26.43Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 14:46:26.43Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 14:46:26.43Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 14:46:26.59Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 14:46:26.59Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 14:46:26.59Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:26.59Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 14:46:26.59Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:26.59Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:36.59Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\shfolder.dll
3/9/2020 - 14:46:36.59Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shfolder.dll
3/9/2020 - 14:46:36.59Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shfolder.dll
3/9/2020 - 14:46:36.59Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:36.59Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 14:46:36.106Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:36.106Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:36.106Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpD118.tmp
3/9/2020 - 14:46:36.106Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpD118.tmp
3/9/2020 - 14:46:36.106Write2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpD118.tmp
3/9/2020 - 14:46:36.106Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpD118.tmp
3/9/2020 - 14:46:36.106Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll
3/9/2020 - 14:46:36.106Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 14:46:36.106Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 14:46:36.106Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\PROPSYS.dll
3/9/2020 - 14:46:36.106Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:36.106Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:36.106Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 14:46:36.106Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 14:46:36.106Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:36.106Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:36.106Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:36.106Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 14:46:36.106Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 14:46:36.106Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\WindowsShell.Manifest
3/9/2020 - 14:46:36.106Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
3/9/2020 - 14:46:36.106Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\apphelp.dll
3/9/2020 - 14:46:36.106Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 14:46:36.106Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 14:46:36.106Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:36.106Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:36.122Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:36.122Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 14:46:36.122Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 14:46:36.122Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 14:46:36.122Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 14:46:36.122Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 14:46:36.122Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 14:46:36.122Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:36.122Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:36.122Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:36.137Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\schtasks.exe
3/9/2020 - 14:46:36.137Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:36.137Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 14:46:36.137Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 14:46:36.137Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:36.137Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:36.137Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:36.137Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:36.137Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 14:46:36.137Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 14:46:36.137Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 14:46:36.137Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 14:46:36.137Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
3/9/2020 - 14:46:36.137Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 14:46:36.137Read2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 14:46:36.137Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:36.137Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:36.137Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\propsys.dll
3/9/2020 - 14:46:36.137Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:36.137Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 14:46:36.137Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\propsys.dll
3/9/2020 - 14:46:36.137Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\urlmon.dll
3/9/2020 - 14:46:36.137Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\urlmon.dll
3/9/2020 - 14:46:36.153Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\Secur32.dll
3/9/2020 - 14:46:36.153Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 14:46:36.153Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 14:46:36.153Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 14:46:36.153Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 14:46:36.153Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:36.153Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 14:46:36.153Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 14:46:36.153Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:36.153Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:36.153Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:36.153Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:36.153Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:36.153Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:36.153Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:36.153Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:36.153Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:36.153Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:36.153Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:36.153Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:36.153Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe:Zone.Identifier
3/9/2020 - 14:46:36.153Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 14:46:36.153Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 14:46:36.153Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:36.168Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 14:46:36.168Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:36.168Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:36.168Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:36.168Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 14:46:36.168Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 14:46:36.168Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:36.168Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:36.168Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:36.168Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:36.168Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:36.168Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:36.168Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:36.168Read2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:36.168Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ui\SwDRM.dll
3/9/2020 - 14:46:36.184Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\Prefetch\SCHTASKS.EXE-AD598958.pf
3/9/2020 - 14:46:36.247Read1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\Prefetch\SCHTASKS.EXE-AD598958.pfSCHTASKS.EXE-AD598958.pf
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exe\Device\HarddiskVolume2
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Users
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Users
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Users
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\user32.dll
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\user32.dll
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\apisetschema.dll
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\KernelBase.dll
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\locale.nls
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\locale.nls
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\cryptbase.dll
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\oleaut32.dll
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\oleaut32.dll
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 14:46:36.247Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:36.247Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:36.262Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 14:46:36.262Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:36.262Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:46:36.262Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:36.262Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\clbcatq.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\clbcatq.dll
3/9/2020 - 14:46:36.262Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 14:46:36.262Open1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\TMP8F8B.TMP
3/9/2020 - 14:46:36.262Read1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 14:46:36.262Read1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\locale.nls
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\user32.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\oleaut32.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\clbcatq.dll
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exe\Device\HarddiskVolume2
3/9/2020 - 14:46:36.262Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 14:46:36.262Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:36.262Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:36.262Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:36.262Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:36.262Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:36.262Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:36.262Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 14:46:36.262Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 14:46:36.262Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 14:46:36.262Open1744C:\Windows\SysWOW64\schtasks.exeC:\Monitor
3/9/2020 - 14:46:36.325Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\RpcRtRemote.dll
3/9/2020 - 14:46:36.325Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\RpcRtRemote.dll
3/9/2020 - 14:46:36.325Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
3/9/2020 - 14:46:36.325Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\RpcRtRemote.dll
3/9/2020 - 14:46:36.325Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
3/9/2020 - 14:46:36.481Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:36.481Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:36.481Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 14:46:36.481Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 14:46:36.497Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:36.497Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:36.497Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:36.497Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:36.497Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:36.497Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:36.497Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:36.497Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:36.497Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:36.497Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:36.497Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 14:46:36.497Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:46:36.497Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:36.497Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:36.497Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 14:46:36.497Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 14:46:36.497Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:36.497Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:36.684Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 14:46:36.684Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 14:46:36.731Open1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmpD118.tmp
3/9/2020 - 14:46:36.731Read1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmpD118.tmp
3/9/2020 - 14:46:36.731Read1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmpD118.tmp
3/9/2020 - 14:46:36.731Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmpD118.tmp
3/9/2020 - 14:46:36.731Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
3/9/2020 - 14:46:36.731Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 14:46:36.731Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Monitor
3/9/2020 - 14:46:36.731Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.muiKernelBase.dll.mui
3/9/2020 - 14:46:36.778Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpD118.tmp
3/9/2020 - 14:46:36.778Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles
3/9/2020 - 14:46:36.778Delete2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpD118.tmp
3/9/2020 - 14:46:36.778Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpD118.tmp
3/9/2020 - 14:46:36.778Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpD118.tmp
3/9/2020 - 14:46:36.778Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:36.778Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:36.778Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:36.778Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:36.778Read2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:36.778Read2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:36.778Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:36.825Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Prefetch\REMCOS.EXE-473216CB.pf
3/9/2020 - 14:46:36.825Read780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Prefetch\REMCOS.EXE-473216CB.pfREMCOS.EXE-473216CB.pf
3/9/2020 - 14:46:36.825Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Prefetch\REMCOS.EXE-473216CB.pfREMCOS.EXE-473216CB.pf
3/9/2020 - 14:46:36.825Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe\Device\HarddiskVolume2
3/9/2020 - 14:46:36.825Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 14:46:36.825Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 14:46:36.825Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 14:46:36.825Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 14:46:36.825Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 14:46:36.825Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 14:46:36.825Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:36.825Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:36.825Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:36.825Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:36.825Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:36.825Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:36.825Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:36.825Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:36.825Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:36.825Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:36.825Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:36.825Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:36.825Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly
3/9/2020 - 14:46:36.825Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly
3/9/2020 - 14:46:36.825Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly
3/9/2020 - 14:46:36.825Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32
3/9/2020 - 14:46:36.825Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32
3/9/2020 - 14:46:36.825Read780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32
3/9/2020 - 14:46:36.872Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
3/9/2020 - 14:46:36.872Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32
3/9/2020 - 14:46:36.872Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 14:46:36.872Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 14:46:36.872Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 14:46:36.872Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:46:36.872Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:46:36.872Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:46:36.872Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 14:46:36.872Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 14:46:36.872Read780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 14:46:36.918Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2504.1157312
3/9/2020 - 14:46:36.918Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2504.1157312
3/9/2020 - 14:46:36.918Open2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2504.1157312
3/9/2020 - 14:46:36.918Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 14:46:36.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
3/9/2020 - 14:46:36.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 14:46:36.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources
3/9/2020 - 14:46:36.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 14:46:36.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms
3/9/2020 - 14:46:36.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 14:46:36.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 14:46:36.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 14:46:36.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 14:46:36.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 14:46:36.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 14:46:36.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 14:46:36.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 14:46:36.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 14:46:36.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 14:46:36.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization
3/9/2020 - 14:46:36.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting
3/9/2020 - 14:46:36.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET
3/9/2020 - 14:46:36.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 14:46:36.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 14:46:36.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 14:46:36.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/9/2020 - 14:46:36.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32
3/9/2020 - 14:46:36.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 14:46:36.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:36.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:46:36.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 14:46:36.918Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 14:46:36.918Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\user32.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\user32.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\apisetschema.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\KernelBase.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\locale.nls
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\locale.nls
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptbase.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 14:46:36.934Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 14:46:36.934Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 14:46:36.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 14:46:36.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:36.950Read780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 14:46:36.950Read780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 14:46:36.950Read780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:36.950Read780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 14:46:36.950Read780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 14:46:36.950Read780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\locale.nls
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\user32.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe\Device\HarddiskVolume2
3/9/2020 - 14:46:36.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:36.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:36.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 14:46:36.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:36.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 14:46:36.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:36.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 14:46:36.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 14:46:36.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:36.950Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:36.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 14:46:36.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:36.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 14:46:36.950Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\MSVCP60.dll
3/9/2020 - 14:46:36.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcp60.dll
3/9/2020 - 14:46:36.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcp60.dll
3/9/2020 - 14:46:36.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\WINMM.dll
3/9/2020 - 14:46:36.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\winmm.dll
3/9/2020 - 14:46:36.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\winmm.dll
3/9/2020 - 14:46:36.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\version.DLL
3/9/2020 - 14:46:36.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:36.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 14:46:36.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 14:46:36.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:46:36.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:46:36.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:46:36.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 14:46:36.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 14:46:36.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 14:46:36.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 14:46:36.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:36.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:36.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:36.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:36.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:36.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 14:46:36.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:36.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:36.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 14:46:36.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 14:46:36.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 14:46:36.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 14:46:36.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 14:46:36.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 14:46:36.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:36.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:36.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:36.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:36.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:36.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 14:46:36.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 14:46:36.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 14:46:36.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 14:46:36.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 14:46:36.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 14:46:36.965Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:36.965Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:36.981Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 14:46:36.981Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 14:46:36.981Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mswsock.dll
3/9/2020 - 14:46:36.981Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mswsock.dll
3/9/2020 - 14:46:36.981Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
3/9/2020 - 14:46:36.981Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
3/9/2020 - 14:46:36.981Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\nlaapi.dll
3/9/2020 - 14:46:36.981Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\nlaapi.dll
3/9/2020 - 14:46:36.981Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\NapiNSP.dll
3/9/2020 - 14:46:36.981Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\NapiNSP.dll
3/9/2020 - 14:46:37.59Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 14:46:37.59Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 14:46:37.59Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:37.59Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 14:46:37.59Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 14:46:37.59Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 14:46:37.59Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 14:46:37.59Unknown2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 14:46:37.59Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:37.59Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 14:46:37.59Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\pnrpnsp.dll
3/9/2020 - 14:46:37.59Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\pnrpnsp.dll
3/9/2020 - 14:46:37.59Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\DNSAPI.dll
3/9/2020 - 14:46:37.59Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\dnsapi.dll
3/9/2020 - 14:46:37.59Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\dnsapi.dll
3/9/2020 - 14:46:37.59Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\winrnr.dll
3/9/2020 - 14:46:37.59Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\winrnr.dll
3/9/2020 - 14:46:37.75Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\IPHLPAPI.DLL
3/9/2020 - 14:46:37.75Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
3/9/2020 - 14:46:37.75Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
3/9/2020 - 14:46:37.75Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\WINNSI.DLL
3/9/2020 - 14:46:37.75Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\winnsi.dll
3/9/2020 - 14:46:37.75Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\winnsi.dll
3/9/2020 - 14:46:37.122Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 14:46:37.122Unknown2140C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 14:46:37.168Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:37.168Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 14:46:37.168Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 14:46:37.168Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 14:46:37.168Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 14:46:37.168Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 14:46:37.168Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 14:46:37.168Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 14:46:37.168Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:37.168Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 14:46:37.168Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots
3/9/2020 - 14:46:37.168Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots
3/9/2020 - 14:46:37.168Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\WindowsCodecs.dll
3/9/2020 - 14:46:37.168Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 14:46:37.184Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 14:46:37.184Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 14:46:37.184Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 14:46:37.184Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184637.png
3/9/2020 - 14:46:37.184Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184637.pngtime_20180503_184637.png
3/9/2020 - 14:46:37.184Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184637.pngtime_20180503_184637.png
3/9/2020 - 14:46:37.184Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184637.pngtime_20180503_184637.png
3/9/2020 - 14:46:37.184Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184637.pngtime_20180503_184637.png
3/9/2020 - 14:46:37.184Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184637.pngtime_20180503_184637.png
3/9/2020 - 14:46:37.200Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184637.pngtime_20180503_184637.png
3/9/2020 - 14:46:37.200Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184637.pngtime_20180503_184637.png
3/9/2020 - 14:46:37.200Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184637.pngtime_20180503_184637.png
3/9/2020 - 14:46:37.200Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184637.pngtime_20180503_184637.png
3/9/2020 - 14:46:37.200Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184637.pngtime_20180503_184637.png
3/9/2020 - 14:46:37.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
3/9/2020 - 14:46:37.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
3/9/2020 - 14:46:37.293Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184637.pngtime_20180503_184637.png
3/9/2020 - 14:46:37.293Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184637.pngtime_20180503_184637.png
3/9/2020 - 14:46:37.293Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184637.pngtime_20180503_184637.png
3/9/2020 - 14:46:37.293Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184637.pngtime_20180503_184637.png
3/9/2020 - 14:46:37.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184637.pngtime_20180503_184637.png
3/9/2020 - 14:46:37.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184637.png
3/9/2020 - 14:46:37.293Read780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184637.pngtime_20180503_184637.png
3/9/2020 - 14:46:37.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184637.pngtime_20180503_184637.png
3/9/2020 - 14:46:37.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184637.png
3/9/2020 - 14:46:37.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184637.png
3/9/2020 - 14:46:37.293Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184637.pngtime_20180503_184637.png
3/9/2020 - 14:46:37.293Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184637.pngtime_20180503_184637.png
3/9/2020 - 14:46:37.293Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184637.pngtime_20180503_184637.png
3/9/2020 - 14:46:37.293Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184637.pngtime_20180503_184637.png
3/9/2020 - 14:46:37.293Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184637.pngtime_20180503_184637.png
3/9/2020 - 14:46:37.293Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184637.pngtime_20180503_184637.png
3/9/2020 - 14:46:37.293Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184637.pngtime_20180503_184637.png
3/9/2020 - 14:46:37.293Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184637.pngtime_20180503_184637.png
3/9/2020 - 14:46:37.293Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184637.pngtime_20180503_184637.png
3/9/2020 - 14:46:37.293Delete780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184637.pngtime_20180503_184637.png
3/9/2020 - 14:46:37.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184637.pngtime_20180503_184637.png
3/9/2020 - 14:46:37.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184637.pngtime_20180503_184637.png
3/9/2020 - 14:46:37.309Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184637.dat
3/9/2020 - 14:46:37.309Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184637.dattime_20180503_184637.dat
3/9/2020 - 14:46:37.309Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184637.dattime_20180503_184637.dat
3/9/2020 - 14:46:37.403Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\rasadhlp.dll
3/9/2020 - 14:46:37.403Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rasadhlp.dll
3/9/2020 - 14:46:37.403Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rasadhlp.dll
3/9/2020 - 14:46:47.75Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:46:47.75Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 14:46:47.75Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:46:47.75Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:46:47.75Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:46:47.75Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:46:57.90Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:46:57.90Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:47:7.122Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:47:7.122Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:47:17.122Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:47:17.122Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:47:27.137Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:47:27.137Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:47:37.153Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:47:37.153Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:47:47.153Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:47:47.153Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:47:57.184Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:47:57.184Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:48:7.215Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:48:7.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:48:17.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:48:17.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:48:27.262Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:48:27.262Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:48:37.293Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:48:37.293Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:48:47.325Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:48:47.325Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:48:57.356Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:48:57.356Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:49:7.387Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:49:7.387Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:49:17.418Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:49:17.418Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:49:27.418Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:49:27.418Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:49:37.418Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 14:49:37.418Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat

Process
Trace
3/9/2020 - 14:45:42.622Create1480C:\malware.exe1488C:\Monitor\proc.exe
3/9/2020 - 14:46:19.450Create1488C:\Monitor\proc.exe1228C:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:21.606Terminate1488C:\Monitor\proc.exe1228C:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:21.809Create1488C:\Monitor\proc.exe2100C:\Monitor\proc.exe
3/9/2020 - 14:46:21.856Create1488C:\Monitor\proc.exe2624C:\Monitor\proc.exe
3/9/2020 - 14:46:22.106Terminate1488C:\Monitor\proc.exe2100C:\Monitor\proc.exe
3/9/2020 - 14:46:22.497Terminate1480C:\malware.exe1488C:\Monitor\proc.exe
3/9/2020 - 14:46:22.622Create2624C:\Monitor\proc.exe2744C:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:22.668Terminate1488C:\Monitor\proc.exe2624C:\Monitor\proc.exe
3/9/2020 - 14:46:25.356Create2744C:\Windows\SysWOW64\wscript.exe2140C:\Windows\SysWOW64\cmd.exe
3/9/2020 - 14:46:25.450Terminate2624C:\Monitor\proc.exe2744C:\Windows\SysWOW64\wscript.exe
3/9/2020 - 14:46:25.684Create2140C:\Windows\SysWOW64\cmd.exe2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:36.168Create2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe1744C:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:36.731Terminate2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe1744C:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 14:46:36.778Create2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:37.59Terminate2140C:\Windows\SysWOW64\cmd.exe2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 14:46:37.122Terminate2744C:\Windows\SysWOW64\wscript.exe2140C:\Windows\SysWOW64\cmd.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
3/9/2020 - 14:46:19.418Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 14:46:19.418Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 14:46:19.418Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 14:46:19.418Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 14:46:19.418Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 14:46:19.418Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 14:46:19.418Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 14:46:19.418Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 14:46:22.137Write2624C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Runremcos
3/9/2020 - 14:46:22.497Write2624C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 14:46:22.497Write2624C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 14:46:22.497Write2624C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 14:46:22.497Write2624C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 14:46:22.497Write2624C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 14:46:22.497Write2624C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 14:46:22.497Write2624C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 14:46:22.497Write2624C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 14:46:25.340Write2744C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 14:46:25.340Write2744C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 14:46:25.340Write2744C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 14:46:25.340Write2744C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 14:46:25.340Write2744C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 14:46:25.340Write2744C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 14:46:25.340Write2744C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 14:46:25.340Write2744C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 14:46:36.153Write2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 14:46:36.153Write2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 14:46:36.153Write2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 14:46:36.153Write2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 14:46:36.153Write2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 14:46:36.153Write2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 14:46:36.153Write2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 14:46:36.153Write2504C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 14:46:36.965Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Runremcos
3/9/2020 - 14:46:36.965Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Remcos-8CPBWMexepath
3/9/2020 - 14:46:36.965Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Remcos-8CPBWMlicence

File Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:DNS code mmiri1.ddns.net.
computer localhost arrow_forward computer gateway:50273 code mmiri1.ddns.net.

Response
computer gateway:DNS arrow_forward computer localhost code mmiri1.ddns.net. reply_all 0.0.0.0


TCP
Info

UDP
Info
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info

Summary
DNS
True check_circle

TCP
False cancel

UDP
True check_circle

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 77.50%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 95.93%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 61.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 47.18%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 96.66%
suspicious: False cancel

Add to Collection
Download