Report #11706 check_circle

  • Creation Date: Sept. 22, 2020, 4:54 a.m.
  • Last Update: Sept. 22, 2020, 5:06 a.m.
  • File: evader.exe
  • Results:
Binary
DLL
False cancel
Size
461.00KB
trid
28.0% Win64 Executable
27.5% UPX compressed Win32 Executable
27.0% Win32 EXE Yoda's Crypter
6.6% Win32 Dynamic Link Library
4.5% Win32 Executable
type
PE
wordsize
64
Subsystem
Windows CLI
Hashes
md5
203b57433571e5c6ea9b93c084f1cf17
sha1
b127ac379bcb56679ec74a90c2d32e234313c491
crc32
0x39ef2bb
sha224
dafa96e2b9fc33c49cadd836aa0c1e373186078564d511c7e3d0ea2b
sha256
92d0f7305c9e74162499cc2e0d036f3d125670b561e61b2062b5b8609defc42d
sha384
033648a746ddaee51098b45e51a5b2bf1698ff6a73098cec18ab28f3addb286c499d24438f5922c08f85a91b7475e320
sha512
15e268ea6667e394881a272925436c9bdc80ad528a0fe735aaccf2cc2769403c07a91ca8a94d9f5c619ab7f7459944b5eef3c085da78c554b73be0a19f9f5a74
ssdeep
6144:DPPJ0TpJ7+/8N180QCeH70pIp895pAn9Mw030jZMKI0UrQMH5OwXObq1enhFshQJ:b237Ai11QCGOLpAn9nt1Kzrd5YnL4CX
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
win_registry, domain, anti_dbg, UPX, screenshot, IsPE64, IP, contentis_base64, UPXv20MarkusLaszloReiser, HasDebugData, UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser, IsConsole, CRC32_poly_Constant, IsPacked, Microsoft_Visual_Cpp_80_DLL, HasRichSignature

Suspicious
True check_circle

Strings
List
c:\Users\Win\Documents\Visual Studio 2012\Projects\Dropper\x64\Release\Dropper.pdb
I.RW
P.bi
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" language="*" processorArchitecture="*" publicKeyToken="6595b64144ccf1df"></assemblyIdentity>
WSOCK32.dll
COMCTL32.dll
COMCTL32.dll
MSVCR110.dll
USERENV.dll
VERSION.dll
WININET.dll
WINMM.dll
WINMM.dll
UxTheme.dll
MPR.dll
proc.exe
proc.exe
fDe,6m
_im,RV
M@SNpC;
A/Sh
lTlC]
0+<3OH%A
pO%F;7L
Pe%3E
G%ae9
%|eSu`*
|y<%tAP
(#$%e
m%cE>{
has m
T^&d%er bu
i%p @fAc
FtpOpenFileW
OBiT %d
FlushBu`
<requestedPrivileges>
<requestedPrivileges>
__crt_debugger_hook
IsProcessorFeaturePresent
GetProcAddress
ExitProcess
CreateEventW
IsDebuggerPresent
CreateProcessW
EnumProcesses
CoCreateInstance
VirtualAlloc
[+-]
VirtualProtect
QueryPerformanceCounter
RegQueryValueExW
RegCreateKeyW
RegGetValueW
LoadResource
GetModuleHandleW
RegDeleteKeyW
LoadLibraryA
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
%/]=
fprintf
fopen
GetDC
__crtCapturePreviousContext
AutoIt v3 Script: 3, 3, 6, 1
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
CorExitPr:ess6m
NPUTs2
P{85IOsc8
8 ,E
H}AU3!EA06
80URVpCI.
uI:$R&
1hw4Be0=Hd
&IALRV9D
b8:4inhH
ht#-SL240
olhelp32S:pho
YDW'E34
U'{qL4ElH=
e|uHF5ig
,8;lma!|
__crtTerminateProcess
2OIAW$se#
>\D7CG(+UL
eTN,QR.0
!>=HTnk3
\4VI+U1h
SING~OMA
OMMIT~AI
'eSyl6fNC{
_commode
dv_Abori8l&r
+'.?AVaT*
_initterm
dST&xO8],
OSIXg(A'9dK

Foremost
Matches
24.exe, 285 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: ADVAPI32.dll, SHLWAPI.dll, RPCRT4.dll, OLEAUT32.dll, VERSION.dll, PSAPI.DLL, WININET.dll, UxTheme.dll, WSOCK32.dll, SHELL32.dll, MSVCR110.dll, COMCTL32.dll, ole32.dll, USER32.dll, USERENV.dll, GDI32.dll, KERNEL32.dll, WINMM.dll, COMDLG32.dll, MPR.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 467456
Suspicious: False cancel
Image
Address: 5368709120
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rdata, .data, .pdata, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 6
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 6
Linker
Version: 11.0
Suspicious: False cancel
Subsystem
Version: 6.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 6772
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: advapi32.dll, shlwapi.dll, rpcrt4.dll, oleaut32.dll, version.dll, psapi.dll, wininet.dll, uxtheme.dll, wsock32.dll, shell32.dll, comctl32.dll, ole32.dll, user32.dll, userenv.dll, gdi32.dll, kernel32.dll, winmm.dll, comdlg32.dll, mpr.dll
hasLibs: True check_circle
Suspicious: msvcr110.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-09-22 04:54:41
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8.0 (DLL)

Obfuscation
XOR: True check_circle
Fuzzing: False cancel

PEDetector
Matches
12448
Suspicious
True check_circle
Disassembly
hasTricks
False cancel
Tricks
AVclass
razy
1
VirusTotal
md5
203b57433571e5c6ea9b93c084f1cf17
sha1
b127ac379bcb56679ec74a90c2d32e234313c491
SCANS (DETECTION RATE = 39.39%)
AVG
result: Win32:Malware-gen
update: 20200922
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20200921
version: 2.7.2019.1
detected: False cancel

MAX
result: malware (ai score=86)
update: 20200922
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200922
version: 6.73
detected: True check_circle

Bkav
update: 20200922
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20200922
version: 11.141.35291
detected: False cancel

ALYac
result: Gen:Variant.Razy.750015
update: 20200922
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Malware-gen
update: 20200922
version: 18.4.3895.0
detected: True check_circle

Avira
result: DR/AutoIt.Gen
update: 20200922
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
update: 20200917
version: 4.0.0.24
detected: False cancel

Cyren
update: 20200922
version: 6.3.0.2
detected: False cancel

DrWeb
result: Trojan.Encoder.30162
update: 20200922
version: 7.0.49.9080
detected: True check_circle

GData
result: Gen:Variant.Razy.750015
update: 20200922
version: A:25.27102B:27.20255
detected: True check_circle

Panda
update: 20200921
version: 4.6.4.2
detected: False cancel

VBA32
update: 20200921
version: 4.4.1
detected: False cancel

VIPRE
update: 20200922
version: 86874
detected: False cancel

Zoner
update: 20200920
version: 0.0.0.0
detected: False cancel

Comodo
update: 20200921
version: 32832
detected: False cancel

McAfee
update: 20200922
version: 6.0.6.653
detected: False cancel

Rising
result: Backdoor.Remcos!8.B89E (TFE:5:IBRWLZzTx1N)
update: 20200922
version: 25.0.0.26
detected: True check_circle

Sophos
update: 20200922
version: 4.98.0
detected: False cancel

Yandex
update: 20200911
version: 5.5.2.24
detected: False cancel

Zillya
update: 20200919
version: 2.0.0.4178
detected: False cancel

Acronis
update: 20200917
version: 1.1.1.78
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
result: Trojan.Razy.DB71BF
update: 20200922
version: 1.0.0.881
detected: True check_circle

Cylance
update: 20200922
version: 2.3.1.101
detected: False cancel

FireEye
result: Gen:Variant.Razy.750015
update: 20200922
version: 32.36.1.0
detected: True check_circle

Sangfor
update: 20200814
version: 1.0
detected: False cancel

TACHYON
update: 20200922
version: 2020-09-22.02
detected: False cancel

Tencent
update: 20200922
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20200922
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20200922
version: 1.0.0.403
detected: False cancel

Ad-Aware
result: Gen:Variant.Razy.750015
update: 20200922
version: 3.0.16.117
detected: True check_circle

AegisLab
update: 20200922
version: 4.2
detected: False cancel

Emsisoft
result: Gen:Variant.Razy.750015 (B)
update: 20200922
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Dropper.DR/AutoIt.Gen
update: 20200922
version: 12.0.86.52
detected: True check_circle

Fortinet
result: W64/Kryptik.ERUI!tr
update: 20200922
version: 6.2.142.0
detected: True check_circle

Invincea
update: 20200922
version: 1.0.1.0
detected: False cancel

Jiangmin
result: Trojan.MSIL.qkml
update: 20200921
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20200922
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20200922
version: 1.0
detected: False cancel

Symantec
update: 20200922
version: 1.12.0.0
detected: False cancel

AhnLab-V3
result: Trojan/Win32.AgentTesla.R350864
update: 20200922
version: 3.18.1.10026
detected: True check_circle

Antiy-AVL
update: 20200922
version: 3.0.0.1
detected: False cancel

Kaspersky
result: Trojan-Banker.Win32.Agent.ulf
update: 20200922
version: 15.0.1.13
detected: True check_circle

MaxSecure
update: 20200919
version: 1.0.0.1
detected: False cancel

Microsoft
result: Trojan:Win32/Wacatac.C!ml
update: 20200922
version: 1.1.17400.5
detected: True check_circle

Qihoo-360
update: 20200922
version: 1.0.0.1120
detected: False cancel

ZoneAlarm
result: Trojan-Banker.Win32.Agent.ulf
update: 20200922
version: 1.0
detected: True check_circle

Cybereason
result: malicious.33571e
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of Win64/Kryptik.CAA
update: 20200922
version: 22029
detected: True check_circle

TrendMicro
update: 20200922
version: 11.0.0.1006
detected: False cancel

BitDefender
result: Gen:Variant.Razy.750015
update: 20200922
version: 7.2
detected: True check_circle

CrowdStrike
update: 20190702
version: 1.0
detected: False cancel

K7AntiVirus
update: 20200922
version: 11.141.35291
detected: False cancel

SentinelOne
update: 20200724
version: 4.4.0.0
detected: False cancel

Malwarebytes
result: Trojan.MalPack
update: 20200922
version: 3.6.4.335
detected: True check_circle

TotalDefense
update: 20200922
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20200922
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Win32.Dwn.djrbnd
update: 20200922
version: 1.0.134.25140
detected: True check_circle

BitDefenderTheta
update: 20200918
version: 7.2.37796.0
detected: False cancel

MicroWorld-eScan
result: Gen:Variant.Razy.750015
update: 20200922
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200918
version: 5.6.0.1032
detected: False cancel

TrendMicro-HouseCall
update: 20200922
version: 10.0.0.1040
detected: False cancel

total
66
sha256
92d0f7305c9e74162499cc2e0d036f3d125670b561e61b2062b5b8609defc42d
scan_id
92d0f7305c9e74162499cc2e0d036f3d125670b561e61b2062b5b8609defc42d-1600761284
resource
203b57433571e5c6ea9b93c084f1cf17
positives
26
scan_date
2020-09-22 07:54:44
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
22/9/2020 - 4:45:42.887Write2412C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:42.887Write2412C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:42.887Write2412C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:42.887Write2412C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:42.887Write2412C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:42.887Write2412C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:42.887Write2412C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:42.887Write2412C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:42.887Write2412C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:42.887Write2412C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:42.887Write2412C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:42.887Write2412C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:42.887Unknown2412C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:42.887Open2412C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:42.903Write2412C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:43.59Unknown2412C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:43.59Open2412C:\malware.exeC:\Windows\System32\apphelp.dll
22/9/2020 - 4:45:43.59Open2412C:\malware.exeC:\Windows\System32\apphelp.dll
22/9/2020 - 4:45:43.59Open2412C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
22/9/2020 - 4:45:43.59Open2412C:\malware.exeC:\Monitor
22/9/2020 - 4:45:43.59Unknown2412C:\malware.exeC:\Monitor
22/9/2020 - 4:45:43.59Open2412C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:43.59Unknown2412C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:43.59Open2412C:\malware.exeC:\
22/9/2020 - 4:45:43.59Unknown2412C:\malware.exeC:\
22/9/2020 - 4:45:43.59Open2412C:\malware.exeC:\Monitor
22/9/2020 - 4:45:43.59Unknown2412C:\malware.exeC:\Monitor
22/9/2020 - 4:45:43.59Open2412C:\malware.exeC:\Monitor
22/9/2020 - 4:45:43.59Unknown2412C:\malware.exeC:\Monitor
22/9/2020 - 4:45:43.59Open2412C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:43.59Read2412C:\malware.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:43.59Open2412C:\malware.exeC:\Monitor\ui\SwDRM.dll
22/9/2020 - 4:45:43.75Unknown2412C:\malware.exeC:\Monitor
22/9/2020 - 4:45:43.75Unknown2412C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6
22/9/2020 - 4:45:43.75Open2424C:\Monitor\proc.exeC:\Windows\Prefetch\PROC.EXE-5509F567.pf
22/9/2020 - 4:45:43.90Open2424C:\Monitor\proc.exeC:\Windows
22/9/2020 - 4:45:43.90Open2424C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
22/9/2020 - 4:45:43.90Open2424C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
22/9/2020 - 4:45:43.90Open2424C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
22/9/2020 - 4:45:43.90Open2424C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
22/9/2020 - 4:45:43.90Open2424C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
22/9/2020 - 4:45:43.90Open2424C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
22/9/2020 - 4:45:43.90Open2424C:\Monitor\proc.exeC:\Windows\System32\wow64log.dll
22/9/2020 - 4:45:43.90Open2424C:\Monitor\proc.exeC:\Windows
22/9/2020 - 4:45:43.90Unknown2424C:\Monitor\proc.exeC:\Windows
22/9/2020 - 4:45:43.90Open2424C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 4:45:43.90Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
22/9/2020 - 4:45:43.90Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
22/9/2020 - 4:45:43.90Open2424C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
22/9/2020 - 4:45:43.90Open2424C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/9/2020 - 4:45:43.90Unknown2424C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/9/2020 - 4:45:43.90Open2424C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/9/2020 - 4:45:43.90Open2424C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
22/9/2020 - 4:45:43.90Open2424C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
22/9/2020 - 4:45:43.90Open2424C:\Monitor\proc.exeC:\Monitor\MPR.dll
22/9/2020 - 4:45:43.90Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\mpr.dll
22/9/2020 - 4:45:43.90Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\mpr.dll
22/9/2020 - 4:45:43.90Open2424C:\Monitor\proc.exeC:\Monitor\VERSION.dll
22/9/2020 - 4:45:43.90Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\version.dll
22/9/2020 - 4:45:43.90Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\version.dll
22/9/2020 - 4:45:43.90Open2424C:\Monitor\proc.exeC:\Monitor\WINMM.dll
22/9/2020 - 4:45:43.90Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\winmm.dll
22/9/2020 - 4:45:43.90Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\winmm.dll
22/9/2020 - 4:45:43.90Open2424C:\Monitor\proc.exeC:\Monitor\WSOCK32.dll
22/9/2020 - 4:45:43.90Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\wsock32.dll
22/9/2020 - 4:45:43.90Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\wsock32.dll
22/9/2020 - 4:45:43.122Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 4:45:43.122Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 4:45:43.122Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 4:45:43.122Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 4:45:43.122Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 4:45:43.122Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 4:45:43.122Open2424C:\Monitor\proc.exeC:\Windows\WindowsShell.Manifest
22/9/2020 - 4:45:43.122Unknown2424C:\Monitor\proc.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
22/9/2020 - 4:45:43.137Open2424C:\Monitor\proc.exeC:\Monitor\uxtheme.dll
22/9/2020 - 4:45:43.137Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
22/9/2020 - 4:45:43.137Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
22/9/2020 - 4:45:43.293Open2424C:\Monitor\proc.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:43.293Read2424C:\Monitor\proc.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:43.293Read2424C:\Monitor\proc.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:43.293Read2424C:\Monitor\proc.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:43.293Read2424C:\Monitor\proc.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:43.293Read2424C:\Monitor\proc.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:43.293Read2424C:\Monitor\proc.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:43.293Read2424C:\Monitor\proc.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:43.293Read2424C:\Monitor\proc.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:43.293Read2424C:\Monitor\proc.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:43.293Unknown2424C:\Monitor\proc.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:43.293Open2424C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nls
22/9/2020 - 4:45:43.293Unknown2424C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
22/9/2020 - 4:45:43.293Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
22/9/2020 - 4:45:43.293Open2424C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
22/9/2020 - 4:45:43.293Open2424C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/9/2020 - 4:45:43.293Unknown2424C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/9/2020 - 4:45:43.293Open2424C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/9/2020 - 4:45:43.293Open2424C:\Monitor\proc.exeC:\
22/9/2020 - 4:45:43.293Unknown2424C:\Monitor\proc.exeC:\
22/9/2020 - 4:45:43.293Open2424C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 4:45:43.293Unknown2424C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 4:45:43.293Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
22/9/2020 - 4:45:43.293Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
22/9/2020 - 4:45:43.293Open2424C:\Monitor\proc.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:43.293Read2424C:\Monitor\proc.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:43.293Read2424C:\Monitor\proc.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:43.293Read2424C:\Monitor\proc.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:43.293Read2424C:\Monitor\proc.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:43.293Read2424C:\Monitor\proc.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:43.293Read2424C:\Monitor\proc.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:43.293Read2424C:\Monitor\proc.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:43.293Read2424C:\Monitor\proc.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:43.293Read2424C:\Monitor\proc.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:43.325Unknown2424C:\Monitor\proc.exeC:\Monitor\proc.exe
22/9/2020 - 4:45:43.418Open2424C:\Monitor\proc.exeC:\Monitor\dwmapi.dll
22/9/2020 - 4:45:43.418Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\dwmapi.dll
22/9/2020 - 4:45:43.418Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\dwmapi.dll
22/9/2020 - 4:45:43.418Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll.Config
22/9/2020 - 4:45:43.418Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
22/9/2020 - 4:45:43.418Open2424C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
22/9/2020 - 4:45:43.418Open2424C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/9/2020 - 4:45:43.418Unknown2424C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/9/2020 - 4:45:43.418Open2424C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/9/2020 - 4:45:43.418Unknown2424C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/9/2020 - 4:45:43.418Open2424C:\Monitor\proc.exeC:\Program Files (x86)
22/9/2020 - 4:45:43.418Unknown2424C:\Monitor\proc.exeC:\Program Files (x86)
22/9/2020 - 4:45:43.418Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:43.418Unknown2424C:\Monitor\proc.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:43.418Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\cmd.exe
22/9/2020 - 4:45:43.418Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\cmd.exe
22/9/2020 - 4:45:43.418Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\cmd.exe
22/9/2020 - 4:45:43.434Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\apphelp.dll
22/9/2020 - 4:45:43.434Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\apphelp.dll
22/9/2020 - 4:45:43.434Open2424C:\Monitor\proc.exeC:\Windows\AppPatch\sysmain.sdb
22/9/2020 - 4:45:43.434Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:43.434Unknown2424C:\Monitor\proc.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:43.434Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\cmd.exe
22/9/2020 - 4:45:43.434Open2424C:\Monitor\proc.exeC:\
22/9/2020 - 4:45:43.434Unknown2424C:\Monitor\proc.exeC:\
22/9/2020 - 4:45:43.434Open2424C:\Monitor\proc.exeC:\Windows
22/9/2020 - 4:45:43.434Unknown2424C:\Monitor\proc.exeC:\Windows
22/9/2020 - 4:45:43.434Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:43.434Unknown2424C:\Monitor\proc.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:43.434Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:43.434Unknown2424C:\Monitor\proc.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:43.434Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\cmd.exe
22/9/2020 - 4:45:43.434Read2424C:\Monitor\proc.exeC:\Windows\SysWOW64\cmd.exe
22/9/2020 - 4:45:43.434Read2424C:\Monitor\proc.exeC:\Windows\SysWOW64\cmd.exe
22/9/2020 - 4:45:43.434Read2424C:\Monitor\proc.exeC:\Windows\SysWOW64\cmd.exe
22/9/2020 - 4:45:43.450Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\ui\SwDRM.dll
22/9/2020 - 4:45:43.512Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
22/9/2020 - 4:45:43.512Read2756C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
22/9/2020 - 4:45:43.512Read2756C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
22/9/2020 - 4:45:43.512Open2756C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
22/9/2020 - 4:45:43.512Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows
22/9/2020 - 4:45:43.512Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
22/9/2020 - 4:45:43.512Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
22/9/2020 - 4:45:43.512Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
22/9/2020 - 4:45:43.512Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
22/9/2020 - 4:45:43.512Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:43.512Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
22/9/2020 - 4:45:43.512Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
22/9/2020 - 4:45:43.512Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
22/9/2020 - 4:45:43.512Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
22/9/2020 - 4:45:43.512Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
22/9/2020 - 4:45:43.512Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
22/9/2020 - 4:45:43.512Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
22/9/2020 - 4:45:43.512Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
22/9/2020 - 4:45:43.512Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
22/9/2020 - 4:45:43.512Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dll
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
22/9/2020 - 4:45:43.512Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dll
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
22/9/2020 - 4:45:43.512Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
22/9/2020 - 4:45:43.512Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
22/9/2020 - 4:45:43.512Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
22/9/2020 - 4:45:43.512Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
22/9/2020 - 4:45:43.512Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
22/9/2020 - 4:45:43.512Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
22/9/2020 - 4:45:43.512Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
22/9/2020 - 4:45:43.512Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
22/9/2020 - 4:45:43.512Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
22/9/2020 - 4:45:43.512Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
22/9/2020 - 4:45:43.512Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
22/9/2020 - 4:45:43.512Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
22/9/2020 - 4:45:43.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
22/9/2020 - 4:45:43.528Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dll
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
22/9/2020 - 4:45:43.528Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 4:45:43.528Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
22/9/2020 - 4:45:43.528Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
22/9/2020 - 4:45:43.528Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
22/9/2020 - 4:45:43.528Open2756C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
22/9/2020 - 4:45:43.528Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
22/9/2020 - 4:45:43.528Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
22/9/2020 - 4:45:43.528Read2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
22/9/2020 - 4:45:43.528Read2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
22/9/2020 - 4:45:43.528Read2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
22/9/2020 - 4:45:43.528Open2756C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
22/9/2020 - 4:45:43.528Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
22/9/2020 - 4:45:43.528Read2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
22/9/2020 - 4:45:43.528Read2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
22/9/2020 - 4:45:43.528Read2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
22/9/2020 - 4:45:43.528Read2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
22/9/2020 - 4:45:43.528Read2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
22/9/2020 - 4:45:43.528Unknown2756C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
22/9/2020 - 4:45:43.528Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows
22/9/2020 - 4:45:43.528Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
22/9/2020 - 4:45:43.528Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
22/9/2020 - 4:45:43.528Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
22/9/2020 - 4:45:43.528Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
22/9/2020 - 4:45:43.528Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
22/9/2020 - 4:45:43.528Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
22/9/2020 - 4:45:43.543Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64log.dll
22/9/2020 - 4:45:43.543Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows
22/9/2020 - 4:45:43.543Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows
22/9/2020 - 4:45:43.543Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:43.825Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
22/9/2020 - 4:45:43.825Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
22/9/2020 - 4:45:43.825Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
22/9/2020 - 4:45:43.825Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
22/9/2020 - 4:45:43.825Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 4:45:43.825Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 4:45:43.825Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 4:45:43.825Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 4:45:43.825Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 4:45:43.825Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 4:45:43.825Read2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
22/9/2020 - 4:45:43.825Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:43.825Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:43.825Open2756C:\Windows\SysWOW64\cmd.exeC:\
22/9/2020 - 4:45:43.825Unknown2756C:\Windows\SysWOW64\cmd.exeC:\
22/9/2020 - 4:45:43.825Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows
22/9/2020 - 4:45:43.825Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows
22/9/2020 - 4:45:43.825Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:43.825Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:43.825Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:43.840Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:43.840Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:43.840Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:43.840Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:43.840Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:43.840Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
22/9/2020 - 4:45:43.840Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
22/9/2020 - 4:45:43.840Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:43.840Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:43.840Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\netsh.exe
22/9/2020 - 4:45:43.887Open2424C:\Monitor\proc.exeC:\ProgramData
22/9/2020 - 4:45:43.887Open2424C:\Monitor\proc.exeC:\ProgramData\file.exe
22/9/2020 - 4:45:43.950Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
22/9/2020 - 4:45:43.950Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
22/9/2020 - 4:45:43.950Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
22/9/2020 - 4:45:43.950Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:43.950Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:43.950Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\netsh.exe
22/9/2020 - 4:45:43.950Open2756C:\Windows\SysWOW64\cmd.exeC:\
22/9/2020 - 4:45:43.950Unknown2756C:\Windows\SysWOW64\cmd.exeC:\
22/9/2020 - 4:45:43.950Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows
22/9/2020 - 4:45:43.950Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows
22/9/2020 - 4:45:43.950Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:43.950Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:43.950Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:43.950Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:43.950Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\netsh.exe
22/9/2020 - 4:45:43.950Read2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\netsh.exe
22/9/2020 - 4:45:43.950Read2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\netsh.exe
22/9/2020 - 4:45:43.950Read2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\netsh.exe
22/9/2020 - 4:45:43.950Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\nlaapi.dll
22/9/2020 - 4:45:43.950Open2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ui\SwDRM.dll
22/9/2020 - 4:45:43.965Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\nlaapi.dll
22/9/2020 - 4:45:43.965Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\NapiNSP.dll
22/9/2020 - 4:45:43.965Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\NapiNSP.dll
22/9/2020 - 4:45:44.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\Prefetch\NETSH.EXE-CD959116.pf
22/9/2020 - 4:45:44.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows
22/9/2020 - 4:45:44.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64.dll
22/9/2020 - 4:45:44.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64.dll
22/9/2020 - 4:45:44.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64win.dll
22/9/2020 - 4:45:44.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64win.dll
22/9/2020 - 4:45:44.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64cpu.dll
22/9/2020 - 4:45:44.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64cpu.dll
22/9/2020 - 4:45:44.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64log.dll
22/9/2020 - 4:45:44.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows
22/9/2020 - 4:45:44.12Unknown972C:\Windows\SysWOW64\netsh.exeC:\Windows
22/9/2020 - 4:45:44.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:44.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\sechost.dll
22/9/2020 - 4:45:44.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\sechost.dll
22/9/2020 - 4:45:44.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\credui.dll
22/9/2020 - 4:45:44.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\credui.dll
22/9/2020 - 4:45:44.75Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mpr.dll
22/9/2020 - 4:45:44.75Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mpr.dll
22/9/2020 - 4:45:44.122Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 4:45:44.122Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 4:45:44.122Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 4:45:44.122Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 4:45:44.122Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 4:45:44.122Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
22/9/2020 - 4:45:44.122Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\netsh.exe.mui
22/9/2020 - 4:45:44.122Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\netsh.exe.muinetsh.exe.mui
22/9/2020 - 4:45:44.122Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\credui.dll
22/9/2020 - 4:45:44.153Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netsh.exe.Local
22/9/2020 - 4:45:44.153Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/9/2020 - 4:45:44.153Unknown972C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/9/2020 - 4:45:44.153Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/9/2020 - 4:45:44.153Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
22/9/2020 - 4:45:44.153Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
22/9/2020 - 4:45:44.153Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\WindowsShell.Manifest
22/9/2020 - 4:45:44.153Unknown972C:\Windows\SysWOW64\netsh.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
22/9/2020 - 4:45:44.153Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netsh.exe
22/9/2020 - 4:45:44.215Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netsh.exe
22/9/2020 - 4:45:44.215Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasmontr.dll
22/9/2020 - 4:45:44.231Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasmontr.dll
22/9/2020 - 4:45:44.247Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mprapi.dll
22/9/2020 - 4:45:44.293Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mprapi.dll
22/9/2020 - 4:45:44.356Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasapi32.dll
22/9/2020 - 4:45:44.356Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasapi32.dll
22/9/2020 - 4:45:44.403Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\pnrpnsp.dll
22/9/2020 - 4:45:44.403Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\pnrpnsp.dll
22/9/2020 - 4:45:44.543Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasman.dll
22/9/2020 - 4:45:44.543Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasman.dll
22/9/2020 - 4:45:44.653Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
22/9/2020 - 4:45:44.653Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
22/9/2020 - 4:45:44.653Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mfc42u.dll
22/9/2020 - 4:45:44.653Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mfc42u.dll
22/9/2020 - 4:45:44.747Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\mswsock.dll
22/9/2020 - 4:45:44.747Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\mswsock.dll
22/9/2020 - 4:45:44.747Open2424C:\Monitor\proc.exeC:\Monitor\DNSAPI.dll
22/9/2020 - 4:45:44.747Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\dnsapi.dll
22/9/2020 - 4:45:44.747Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\dnsapi.dll
22/9/2020 - 4:45:44.747Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\winrnr.dll
22/9/2020 - 4:45:44.747Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\winrnr.dll
22/9/2020 - 4:45:44.981Open2424C:\Monitor\proc.exeC:\Monitor\IPHLPAPI.DLL
22/9/2020 - 4:45:44.981Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
22/9/2020 - 4:45:44.981Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
22/9/2020 - 4:45:44.981Open2424C:\Monitor\proc.exeC:\Monitor\WINNSI.DLL
22/9/2020 - 4:45:44.981Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\winnsi.dll
22/9/2020 - 4:45:44.981Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\winnsi.dll
22/9/2020 - 4:45:45.75Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\odbc32.dll
22/9/2020 - 4:45:45.75Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\odbc32.dll
22/9/2020 - 4:45:45.450Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
22/9/2020 - 4:45:45.450Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
22/9/2020 - 4:45:45.559Open2424C:\Monitor\proc.exeC:\Monitor\rasadhlp.dll
22/9/2020 - 4:45:45.559Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\rasadhlp.dll
22/9/2020 - 4:45:45.559Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\rasadhlp.dll
22/9/2020 - 4:45:45.559Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
22/9/2020 - 4:45:45.559Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
22/9/2020 - 4:45:45.559Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
22/9/2020 - 4:45:45.559Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
22/9/2020 - 4:45:45.559Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winnsi.dll
22/9/2020 - 4:45:45.559Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winnsi.dll
22/9/2020 - 4:45:45.840Write2424C:\Monitor\proc.exeC:\ProgramData\file.exe
22/9/2020 - 4:45:45.856Open2424C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 4:45:45.856Unknown2424C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 4:45:45.872Open2424C:\Monitor\proc.exeC:\ProgramData\file.exe
22/9/2020 - 4:45:45.872Unknown2424C:\Monitor\proc.exeC:\ProgramData\file.exe
22/9/2020 - 4:45:45.872Open2424C:\Monitor\proc.exeC:\Monitor\PROPSYS.dll
22/9/2020 - 4:45:45.872Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
22/9/2020 - 4:45:45.872Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
22/9/2020 - 4:45:45.918Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\wpdshext.dll
22/9/2020 - 4:45:45.918Open2424C:\Monitor\proc.exeC:\Windows\AppPatch\sysmain.sdb
22/9/2020 - 4:45:45.918Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:45.918Unknown2424C:\Monitor\proc.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:45.918Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\wpdshext.dll
22/9/2020 - 4:45:45.918Open2424C:\Monitor\proc.exeC:\
22/9/2020 - 4:45:45.918Unknown2424C:\Monitor\proc.exeC:\
22/9/2020 - 4:45:45.918Open2424C:\Monitor\proc.exeC:\Windows
22/9/2020 - 4:45:45.918Unknown2424C:\Monitor\proc.exeC:\Windows
22/9/2020 - 4:45:45.918Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:45.918Unknown2424C:\Monitor\proc.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:45.918Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:45.918Unknown2424C:\Monitor\proc.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:45.918Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\wpdshext.dll
22/9/2020 - 4:45:45.918Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\wpdshext.dll
22/9/2020 - 4:45:46.43Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\odbcint.dll
22/9/2020 - 4:45:46.43Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\odbcint.dll
22/9/2020 - 4:45:46.231Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\wpdshext.dll
22/9/2020 - 4:45:46.231Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\wpdshext.dll
22/9/2020 - 4:45:46.231Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\wpdshext.dll
22/9/2020 - 4:45:46.231Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\wpdshext.dll
22/9/2020 - 4:45:46.231Read2424C:\Monitor\proc.exeC:\Windows\SysWOW64\wpdshext.dll
22/9/2020 - 4:45:46.231Read2424C:\Monitor\proc.exeC:\Windows\SysWOW64\wpdshext.dll
22/9/2020 - 4:45:46.278Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\wpdshext.dll
22/9/2020 - 4:45:46.278Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\wpdshext.dll
22/9/2020 - 4:45:46.278Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\wpdshext.dll
22/9/2020 - 4:45:46.340Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\wpdshext.dll
22/9/2020 - 4:45:46.372Open2424C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
22/9/2020 - 4:45:46.372Open2424C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
22/9/2020 - 4:45:46.372Unknown2424C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
22/9/2020 - 4:45:46.372Open2424C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
22/9/2020 - 4:45:46.372Open2424C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
22/9/2020 - 4:45:46.372Open2424C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
22/9/2020 - 4:45:46.372Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
22/9/2020 - 4:45:46.372Open2424C:\Monitor\proc.exeC:\Windows\AppPatch\sysmain.sdb
22/9/2020 - 4:45:46.372Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:46.372Unknown2424C:\Monitor\proc.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:46.372Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
22/9/2020 - 4:45:46.372Open2424C:\Monitor\proc.exeC:\
22/9/2020 - 4:45:46.372Unknown2424C:\Monitor\proc.exeC:\
22/9/2020 - 4:45:46.372Open2424C:\Monitor\proc.exeC:\Windows
22/9/2020 - 4:45:46.372Unknown2424C:\Monitor\proc.exeC:\Windows
22/9/2020 - 4:45:46.372Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:46.372Unknown2424C:\Monitor\proc.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:46.372Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:46.372Unknown2424C:\Monitor\proc.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:46.372Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
22/9/2020 - 4:45:46.372Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
22/9/2020 - 4:45:46.372Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
22/9/2020 - 4:45:46.372Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
22/9/2020 - 4:45:46.387Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
22/9/2020 - 4:45:46.387Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
22/9/2020 - 4:45:46.387Read2424C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
22/9/2020 - 4:45:46.387Read2424C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
22/9/2020 - 4:45:46.387Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
22/9/2020 - 4:45:46.387Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
22/9/2020 - 4:45:46.387Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
22/9/2020 - 4:45:46.403Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
22/9/2020 - 4:45:46.403Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
22/9/2020 - 4:45:46.403Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
22/9/2020 - 4:45:46.403Open2424C:\Monitor\proc.exeC:\Windows\AppPatch\sysmain.sdb
22/9/2020 - 4:45:46.403Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:46.403Unknown2424C:\Monitor\proc.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:46.403Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
22/9/2020 - 4:45:46.403Open2424C:\Monitor\proc.exeC:\
22/9/2020 - 4:45:46.403Unknown2424C:\Monitor\proc.exeC:\
22/9/2020 - 4:45:46.403Open2424C:\Monitor\proc.exeC:\Windows
22/9/2020 - 4:45:46.403Unknown2424C:\Monitor\proc.exeC:\Windows
22/9/2020 - 4:45:46.403Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:46.403Unknown2424C:\Monitor\proc.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:46.403Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:46.403Unknown2424C:\Monitor\proc.exeC:\Windows\SysWOW64
22/9/2020 - 4:45:46.403Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
22/9/2020 - 4:45:46.403Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
22/9/2020 - 4:45:46.497Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
22/9/2020 - 4:45:46.497Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
22/9/2020 - 4:45:46.512Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
22/9/2020 - 4:45:46.512Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
22/9/2020 - 4:45:46.512Read2424C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
22/9/2020 - 4:45:46.528Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
22/9/2020 - 4:45:46.528Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
22/9/2020 - 4:45:46.528Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
22/9/2020 - 4:45:46.528Unknown2424C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
22/9/2020 - 4:45:46.528Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
22/9/2020 - 4:45:46.528Unknown2424C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
22/9/2020 - 4:45:46.528Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
22/9/2020 - 4:45:46.528Unknown2424C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
22/9/2020 - 4:45:46.528Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
22/9/2020 - 4:45:46.590Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\MFC42LOC.DLL
22/9/2020 - 4:45:46.590Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\MFC42LOC.DLL.DLL
22/9/2020 - 4:45:46.590Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\MFC42LOC.DLL
22/9/2020 - 4:45:46.590Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\MFC42LOC.DLL.DLL
22/9/2020 - 4:45:46.606Open2424C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
22/9/2020 - 4:45:46.606Open2424C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/9/2020 - 4:45:46.606Unknown2424C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/9/2020 - 4:45:46.606Open2424C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/9/2020 - 4:45:46.606Open2424C:\Monitor\proc.exeC:\
22/9/2020 - 4:45:46.606Unknown2424C:\Monitor\proc.exeC:\
22/9/2020 - 4:45:46.606Open2424C:\Monitor\proc.exeC:\ProgramData\file.exe
22/9/2020 - 4:45:46.606Unknown2424C:\Monitor\proc.exeC:\ProgramData\file.exe
22/9/2020 - 4:45:46.606Open2424C:\Monitor\proc.exeC:\
22/9/2020 - 4:45:46.606Unknown2424C:\Monitor\proc.exeC:\
22/9/2020 - 4:45:46.606Open2424C:\Monitor\proc.exeC:\ProgramData
22/9/2020 - 4:45:46.606Unknown2424C:\Monitor\proc.exeC:\ProgramData
22/9/2020 - 4:45:46.668Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshwfp.dll
22/9/2020 - 4:45:46.668Open2424C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
22/9/2020 - 4:45:46.668Open2424C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
22/9/2020 - 4:45:46.668Open2424C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
22/9/2020 - 4:45:46.668Open2424C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
22/9/2020 - 4:45:46.668Open2424C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
22/9/2020 - 4:45:46.668Open2424C:\Monitor\proc.exeC:\Users\Behemot\Desktop\desktop.ini
22/9/2020 - 4:45:46.668Read2424C:\Monitor\proc.exeC:\Users\Behemot\Desktop\desktop.ini
22/9/2020 - 4:45:46.668Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
22/9/2020 - 4:45:46.715Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
22/9/2020 - 4:45:46.715Open2424C:\Monitor\proc.exeC:\Windows\System32\propsys.dll
22/9/2020 - 4:45:46.715Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
22/9/2020 - 4:45:46.715Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
22/9/2020 - 4:45:46.715Open2424C:\Monitor\proc.exeC:\Windows\System32\propsys.dll
22/9/2020 - 4:45:46.715Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshwfp.dll
22/9/2020 - 4:45:46.715Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\urlmon.dll
22/9/2020 - 4:45:46.715Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\urlmon.dll
22/9/2020 - 4:45:46.715Open2424C:\Monitor\proc.exeC:\Monitor\Secur32.dll
22/9/2020 - 4:45:46.715Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\secur32.dll
22/9/2020 - 4:45:46.715Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\secur32.dll
22/9/2020 - 4:45:46.731Open2424C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
22/9/2020 - 4:45:46.731Unknown2424C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
22/9/2020 - 4:45:46.731Open2424C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
22/9/2020 - 4:45:46.731Unknown2424C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
22/9/2020 - 4:45:46.731Open2424C:\Monitor\proc.exeC:\ProgramData\file.exe
22/9/2020 - 4:45:46.731Unknown2424C:\Monitor\proc.exeC:\ProgramData\file.exe
22/9/2020 - 4:45:46.731Open2424C:\Monitor\proc.exeC:\ProgramData
22/9/2020 - 4:45:46.731Unknown2424C:\Monitor\proc.exeC:\ProgramData
22/9/2020 - 4:45:46.731Open2424C:\Monitor\proc.exeC:\ProgramData\file.exe
22/9/2020 - 4:45:46.731Unknown2424C:\Monitor\proc.exeC:\ProgramData\file.exe
22/9/2020 - 4:45:46.731Open2424C:\Monitor\proc.exeC:\ProgramData
22/9/2020 - 4:45:46.731Unknown2424C:\Monitor\proc.exeC:\ProgramData
22/9/2020 - 4:45:46.731Open2424C:\Monitor\proc.exeC:\ProgramData\file.exe
22/9/2020 - 4:45:46.731Open2424C:\Monitor\proc.exeC:\Monitor\api-ms-win-downlevel-advapi32-l2-1-0.dll
22/9/2020 - 4:45:46.731Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
22/9/2020 - 4:45:46.731Unknown2424C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
22/9/2020 - 4:45:46.731Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
22/9/2020 - 4:45:46.731Unknown2424C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
22/9/2020 - 4:45:46.731Unknown2424C:\Monitor\proc.exeC:\ProgramData\file.exe
22/9/2020 - 4:45:46.731Open2424C:\Monitor\proc.exeC:\ProgramData\file.exe
22/9/2020 - 4:45:46.731Unknown2424C:\Monitor\proc.exeC:\ProgramData\file.exe
22/9/2020 - 4:45:46.731Open2424C:\Monitor\proc.exeC:\ProgramData\file.exe
22/9/2020 - 4:45:46.731Unknown2424C:\Monitor\proc.exeC:\ProgramData\file.exe
22/9/2020 - 4:45:46.731Open2424C:\Monitor\proc.exeC:\ProgramData\file.exe:Zone.Identifier
22/9/2020 - 4:45:46.731Open2424C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 4:45:46.731Unknown2424C:\Monitor\proc.exeC:\Monitor
22/9/2020 - 4:45:46.731Open2424C:\Monitor\proc.exeC:\ProgramData\file.exe
22/9/2020 - 4:45:46.731Write2424C:\Monitor\proc.exeC:\ProgramData\file.exe
22/9/2020 - 4:45:46.731Unknown2424C:\Monitor\proc.exeC:\ProgramData\file.exe
22/9/2020 - 4:45:46.731Open2424C:\Monitor\proc.exeC:\Monitor\ntvdm64.dll
22/9/2020 - 4:45:46.731Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\ntvdm64.dll
22/9/2020 - 4:45:46.731Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\ntvdm64.dll
22/9/2020 - 4:45:46.747Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\pt-BR\ntvdm64.dll.mui
22/9/2020 - 4:45:46.747Read2424C:\Monitor\proc.exeC:\Windows\SysWOW64\pt-BR\ntvdm64.dll.muintvdm64.dll.mui
22/9/2020 - 4:45:46.793Open2424C:\Monitor\proc.exeC:\Windows\Fonts\StaticCache.dat
22/9/2020 - 4:45:46.793Read2424C:\Monitor\proc.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
22/9/2020 - 4:45:46.856Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\ole32.dll
22/9/2020 - 4:45:46.872Open2424C:\Monitor\proc.exeC:\Windows\SysWOW64\ole32.dll
22/9/2020 - 4:45:47.122Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\slc.dll
22/9/2020 - 4:45:47.122Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\slc.dll
22/9/2020 - 4:45:47.622Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dll
22/9/2020 - 4:45:47.668Unknown972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
22/9/2020 - 4:45:47.668Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dll
22/9/2020 - 4:45:47.668Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
22/9/2020 - 4:45:47.715Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
22/9/2020 - 4:45:47.762Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
22/9/2020 - 4:45:47.809Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
22/9/2020 - 4:45:47.887Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc.dll
22/9/2020 - 4:45:47.887Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc.dll
22/9/2020 - 4:45:47.887Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
22/9/2020 - 4:45:47.887Unknown972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
22/9/2020 - 4:45:47.887Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
22/9/2020 - 4:45:47.887Unknown972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
22/9/2020 - 4:45:47.887Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
22/9/2020 - 4:45:47.887Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
22/9/2020 - 4:45:48.168Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\QUTIL.DLL
22/9/2020 - 4:45:48.168Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\QUTIL.DLL
22/9/2020 - 4:45:48.450Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wevtapi.dll
22/9/2020 - 4:45:48.450Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wevtapi.dll
22/9/2020 - 4:45:48.559Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
22/9/2020 - 4:45:48.606Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wshelper.dll
22/9/2020 - 4:45:48.653Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wshelper.dll
22/9/2020 - 4:45:48.856Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\ws2help.dll
22/9/2020 - 4:45:48.903Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\ws2help.dll
22/9/2020 - 4:45:49.43Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mswsock.dll
22/9/2020 - 4:45:49.43Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mswsock.dll
22/9/2020 - 4:45:49.90Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\Globalization\Sorting\SortDefault.nls
22/9/2020 - 4:45:49.90Unknown972C:\Windows\SysWOW64\netsh.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
22/9/2020 - 4:45:49.90Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshhttp.dll
22/9/2020 - 4:45:49.90Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshhttp.dll
22/9/2020 - 4:45:49.184Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\httpapi.dll
22/9/2020 - 4:45:49.184Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\httpapi.dll
22/9/2020 - 4:45:49.325Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\fwcfg.dll
22/9/2020 - 4:45:49.325Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\fwcfg.dll
22/9/2020 - 4:45:49.418Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dll
22/9/2020 - 4:45:49.418Unknown972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
22/9/2020 - 4:45:49.418Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dll
22/9/2020 - 4:45:49.418Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
22/9/2020 - 4:45:49.465Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
22/9/2020 - 4:45:49.465Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
22/9/2020 - 4:45:49.465Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
22/9/2020 - 4:45:49.512Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
22/9/2020 - 4:45:49.559Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
22/9/2020 - 4:45:49.606Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
22/9/2020 - 4:45:49.653Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\version.dll
22/9/2020 - 4:45:49.653Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\version.dll
22/9/2020 - 4:45:49.653Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
22/9/2020 - 4:45:49.653Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dll
22/9/2020 - 4:45:49.700Unknown972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
22/9/2020 - 4:45:49.700Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dll
22/9/2020 - 4:45:49.700Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
22/9/2020 - 4:45:49.747Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
22/9/2020 - 4:45:49.793Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
22/9/2020 - 4:45:49.840Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
22/9/2020 - 4:45:49.887Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
22/9/2020 - 4:45:49.934Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
22/9/2020 - 4:45:49.981Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
22/9/2020 - 4:45:50.28Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcrypt.dll
22/9/2020 - 4:45:50.28Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcrypt.dll
22/9/2020 - 4:45:50.28Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winipsec.dll
22/9/2020 - 4:45:50.75Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winipsec.dll
22/9/2020 - 4:45:50.309Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
22/9/2020 - 4:45:50.309Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
22/9/2020 - 4:45:50.356Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
22/9/2020 - 4:45:50.403Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
22/9/2020 - 4:45:50.450Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
22/9/2020 - 4:45:50.497Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\ifmon.dll
22/9/2020 - 4:45:50.497Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\ifmon.dll
22/9/2020 - 4:45:50.637Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nci.dll
22/9/2020 - 4:45:50.637Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nci.dll
22/9/2020 - 4:45:50.918Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\devrtl.dll
22/9/2020 - 4:45:50.918Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\devrtl.dll
22/9/2020 - 4:45:51.293Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netiohlp.dll
22/9/2020 - 4:45:51.340Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netiohlp.dll
22/9/2020 - 4:45:51.622Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dnsapi.dll
22/9/2020 - 4:45:51.622Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dnsapi.dll
22/9/2020 - 4:45:51.715Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\whhelper.dll
22/9/2020 - 4:45:51.715Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\whhelper.dll
22/9/2020 - 4:45:51.903Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winhttp.dll
22/9/2020 - 4:45:51.903Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winhttp.dll
22/9/2020 - 4:45:51.903Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\webio.dll
22/9/2020 - 4:45:51.903Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\webio.dll
22/9/2020 - 4:45:51.950Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\hnetmon.dll
22/9/2020 - 4:45:51.950Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\hnetmon.dll
22/9/2020 - 4:45:52.137Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netshell.dll
22/9/2020 - 4:45:52.137Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netshell.dll
22/9/2020 - 4:45:52.465Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nlaapi.dll
22/9/2020 - 4:45:52.465Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nlaapi.dll
22/9/2020 - 4:45:52.606Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rpcnsh.dll
22/9/2020 - 4:45:52.653Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rpcnsh.dll
22/9/2020 - 4:45:52.887Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dot3cfg.dll
22/9/2020 - 4:45:52.887Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dot3cfg.dll
22/9/2020 - 4:45:53.168Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dot3api.dll
22/9/2020 - 4:45:53.168Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dot3api.dll
22/9/2020 - 4:45:53.450Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\atl.dll
22/9/2020 - 4:45:53.450Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\atl.dll
22/9/2020 - 4:45:53.450Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\eappcfg.dll
22/9/2020 - 4:45:53.450Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\eappcfg.dll
22/9/2020 - 4:45:53.778Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\onex.dll
22/9/2020 - 4:45:53.825Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\onex.dll
22/9/2020 - 4:45:54.106Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\eappprxy.dll
22/9/2020 - 4:45:54.106Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\eappprxy.dll
22/9/2020 - 4:45:54.575Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\NAPMONTR.DLL
22/9/2020 - 4:45:54.622Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\NAPMONTR.DLL
22/9/2020 - 4:45:54.903Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\certcli.dll
22/9/2020 - 4:45:54.950Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\certcli.dll
22/9/2020 - 4:45:55.465Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshipsec.dll
22/9/2020 - 4:45:55.465Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshipsec.dll
22/9/2020 - 4:45:55.747Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netapi32.dll
22/9/2020 - 4:45:55.747Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netapi32.dll
22/9/2020 - 4:45:55.747Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netutils.dll
22/9/2020 - 4:45:55.747Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netutils.dll
22/9/2020 - 4:45:55.747Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\srvcli.dll
22/9/2020 - 4:45:55.747Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\srvcli.dll
22/9/2020 - 4:45:55.747Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wkscli.dll
22/9/2020 - 4:45:55.747Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wkscli.dll
22/9/2020 - 4:45:55.747Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\logoncli.dll
22/9/2020 - 4:45:55.747Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\logoncli.dll
22/9/2020 - 4:45:56.28Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\activeds.dll
22/9/2020 - 4:45:56.28Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\activeds.dll
22/9/2020 - 4:45:56.262Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\adsldpc.dll
22/9/2020 - 4:45:56.262Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\adsldpc.dll
22/9/2020 - 4:45:56.668Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\polstore.dll
22/9/2020 - 4:45:56.668Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\polstore.dll
22/9/2020 - 4:45:56.903Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\polstore.dll
22/9/2020 - 4:45:57.231Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pnetsh.dll
22/9/2020 - 4:45:57.231Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pnetsh.dll
22/9/2020 - 4:45:57.418Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\P2P.dll
22/9/2020 - 4:45:57.465Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\P2P.dll
22/9/2020 - 4:45:57.481Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\P2P.dll
22/9/2020 - 4:45:57.528Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dll
22/9/2020 - 4:45:57.528Unknown972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
22/9/2020 - 4:45:57.528Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dll
22/9/2020 - 4:45:57.543Unknown972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
22/9/2020 - 4:45:57.590Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlancfg.dll
22/9/2020 - 4:45:57.590Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlancfg.dll
22/9/2020 - 4:45:57.825Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanapi.dll
22/9/2020 - 4:45:57.825Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanapi.dll
22/9/2020 - 4:45:57.872Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanutil.dll
22/9/2020 - 4:45:57.872Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanutil.dll
22/9/2020 - 4:45:57.887Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanhlp.dll
22/9/2020 - 4:45:57.887Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanhlp.dll
22/9/2020 - 4:45:58.122Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dll
22/9/2020 - 4:45:58.122Unknown972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
22/9/2020 - 4:45:58.122Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dll
22/9/2020 - 4:45:58.122Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
22/9/2020 - 4:45:58.168Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
22/9/2020 - 4:45:58.215Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
22/9/2020 - 4:45:58.262Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
22/9/2020 - 4:45:58.262Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
22/9/2020 - 4:45:58.262Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
22/9/2020 - 4:45:58.262Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
22/9/2020 - 4:45:58.262Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
22/9/2020 - 4:45:58.309Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rpcss.dll
22/9/2020 - 4:45:58.309Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rpcss.dll
22/9/2020 - 4:45:58.309Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\uxtheme.dll
22/9/2020 - 4:45:58.309Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\uxtheme.dll
22/9/2020 - 4:45:58.497Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\cryptsp.dll
22/9/2020 - 4:45:58.497Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\cryptsp.dll
22/9/2020 - 4:45:58.497Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dll
22/9/2020 - 4:45:58.497Unknown972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
22/9/2020 - 4:45:58.497Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dll
22/9/2020 - 4:45:58.497Unknown972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
22/9/2020 - 4:45:58.497Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\qagentrt.dll
22/9/2020 - 4:45:58.497Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dnsapi.dll
22/9/2020 - 4:45:58.497Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dnsapi.dll
22/9/2020 - 4:45:58.497Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\QAGENT.DLL
22/9/2020 - 4:45:58.497Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\QAGENT.DLL
22/9/2020 - 4:45:58.918Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
22/9/2020 - 4:45:58.918Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
22/9/2020 - 4:45:58.918Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
22/9/2020 - 4:45:58.918Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
22/9/2020 - 4:45:58.918Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
22/9/2020 - 4:45:58.918Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
22/9/2020 - 4:45:58.918Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
22/9/2020 - 4:45:58.918Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
22/9/2020 - 4:45:58.918Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
22/9/2020 - 4:45:58.918Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
22/9/2020 - 4:45:58.918Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
22/9/2020 - 4:45:58.918Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
22/9/2020 - 4:45:58.918Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
22/9/2020 - 4:45:58.918Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
22/9/2020 - 4:45:58.918Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
22/9/2020 - 4:45:58.918Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
22/9/2020 - 4:45:58.918Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
22/9/2020 - 4:45:58.918Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
22/9/2020 - 4:45:58.918Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
22/9/2020 - 4:45:58.918Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.mui
22/9/2020 - 4:45:58.965Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.muinapipsec.dll.mui
22/9/2020 - 4:45:59.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
22/9/2020 - 4:45:59.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
22/9/2020 - 4:45:59.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
22/9/2020 - 4:45:59.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
22/9/2020 - 4:45:59.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.mui
22/9/2020 - 4:45:59.12Unknown972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.muinapipsec.dll.mui
22/9/2020 - 4:45:59.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
22/9/2020 - 4:45:59.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
22/9/2020 - 4:45:59.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
22/9/2020 - 4:45:59.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
22/9/2020 - 4:45:59.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.mui
22/9/2020 - 4:45:59.12Unknown972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.muinapipsec.dll.mui
22/9/2020 - 4:45:59.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
22/9/2020 - 4:45:59.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
22/9/2020 - 4:45:59.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
22/9/2020 - 4:45:59.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
22/9/2020 - 4:45:59.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.mui
22/9/2020 - 4:45:59.12Unknown972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.muinapipsec.dll.mui
22/9/2020 - 4:45:59.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
22/9/2020 - 4:45:59.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
22/9/2020 - 4:45:59.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
22/9/2020 - 4:45:59.12Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
22/9/2020 - 4:45:59.106Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
22/9/2020 - 4:45:59.106Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
22/9/2020 - 4:45:59.106Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
22/9/2020 - 4:45:59.106Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
22/9/2020 - 4:45:59.106Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
22/9/2020 - 4:45:59.106Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
22/9/2020 - 4:45:59.106Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
22/9/2020 - 4:45:59.106Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
22/9/2020 - 4:45:59.106Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
22/9/2020 - 4:45:59.106Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
22/9/2020 - 4:45:59.106Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
22/9/2020 - 4:45:59.106Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
22/9/2020 - 4:45:59.106Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
22/9/2020 - 4:45:59.106Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
22/9/2020 - 4:45:59.106Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
22/9/2020 - 4:45:59.106Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
22/9/2020 - 4:45:59.106Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUI
22/9/2020 - 4:45:59.153Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUIEAPQEC.DLL.MUI
22/9/2020 - 4:45:59.200Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
22/9/2020 - 4:45:59.200Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
22/9/2020 - 4:45:59.200Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
22/9/2020 - 4:45:59.200Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
22/9/2020 - 4:45:59.200Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUI
22/9/2020 - 4:45:59.200Unknown972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUIEAPQEC.DLL.MUI
22/9/2020 - 4:45:59.200Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
22/9/2020 - 4:45:59.200Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
22/9/2020 - 4:45:59.200Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
22/9/2020 - 4:45:59.200Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
22/9/2020 - 4:45:59.200Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUI
22/9/2020 - 4:45:59.200Unknown972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUIEAPQEC.DLL.MUI
22/9/2020 - 4:45:59.200Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
22/9/2020 - 4:45:59.200Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
22/9/2020 - 4:45:59.200Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
22/9/2020 - 4:45:59.200Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
22/9/2020 - 4:45:59.200Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUI
22/9/2020 - 4:45:59.200Unknown972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUIEAPQEC.DLL.MUI
22/9/2020 - 4:45:59.200Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
22/9/2020 - 4:45:59.340Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 4:45:59.340Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 4:45:59.340Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 4:45:59.340Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 4:45:59.340Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 4:45:59.340Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 4:45:59.340Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 4:45:59.340Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 4:45:59.340Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 4:45:59.340Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 4:45:59.340Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 4:45:59.340Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 4:45:59.356Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\RpcRtRemote.dll
22/9/2020 - 4:45:59.356Unknown972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
22/9/2020 - 4:45:59.356Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\RpcRtRemote.dll
22/9/2020 - 4:45:59.356Unknown972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
22/9/2020 - 4:45:59.403Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\p2pnetsh.dll.mui
22/9/2020 - 4:45:59.450Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\p2pnetsh.dll.muip2pnetsh.dll.mui
22/9/2020 - 4:45:59.497Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\p2pnetsh.dll.muip2pnetsh.dll.mui
22/9/2020 - 4:45:59.497Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
22/9/2020 - 4:45:59.497Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
22/9/2020 - 4:45:59.543Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
22/9/2020 - 4:45:59.543Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
22/9/2020 - 4:45:59.590Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
22/9/2020 - 4:45:59.637Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
22/9/2020 - 4:45:59.684Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
22/9/2020 - 4:45:59.731Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
22/9/2020 - 4:45:59.778Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\gpapi.dll
22/9/2020 - 4:45:59.778Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\gpapi.dll
22/9/2020 - 4:45:59.872Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
22/9/2020 - 4:45:59.918Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
22/9/2020 - 4:45:59.918Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
22/9/2020 - 4:45:59.918Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcryptprimitives.dll
22/9/2020 - 4:45:59.918Unknown972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
22/9/2020 - 4:45:59.918Open972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcryptprimitives.dll
22/9/2020 - 4:45:59.918Unknown972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
22/9/2020 - 4:45:59.918Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
22/9/2020 - 4:45:59.965Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
22/9/2020 - 4:46:0.12Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
22/9/2020 - 4:46:0.622Read972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
22/9/2020 - 4:46:1.465Unknown972C:\Windows\SysWOW64\netsh.exeC:\Windows
22/9/2020 - 4:46:1.465Unknown972C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64
22/9/2020 - 4:46:1.465Unknown972C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/9/2020 - 4:46:1.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows
22/9/2020 - 4:46:1.512Unknown2756C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64

Process
Trace
22/9/2020 - 4:45:43.59Create2412C:\malware.exe2424C:\Monitor\proc.exe
22/9/2020 - 4:45:43.434Create2424C:\Monitor\proc.exe2756C:\Windows\SysWOW64\cmd.exe
22/9/2020 - 4:45:43.950Create2756C:\Windows\SysWOW64\cmd.exe972C:\Windows\SysWOW64\netsh.exe
22/9/2020 - 4:46:1.465Terminate2756C:\Windows\SysWOW64\cmd.exe972C:\Windows\SysWOW64\netsh.exe
22/9/2020 - 4:46:1.512Terminate2424C:\Monitor\proc.exe2756C:\Windows\SysWOW64\cmd.exe

Analysis
Reason
Finished

Status
Sucessfully Executed

Results
1

Registry
Trace
22/9/2020 - 4:45:43.450Write2424C:\Monitor\proc.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\instup.exedebugger
22/9/2020 - 4:45:46.715Write2424C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
22/9/2020 - 4:45:46.715Write2424C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
22/9/2020 - 4:45:46.715Write2424C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
22/9/2020 - 4:45:46.715Write2424C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
22/9/2020 - 4:45:46.731Write2424C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
22/9/2020 - 4:45:46.731Write2424C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
22/9/2020 - 4:45:46.731Write2424C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
22/9/2020 - 4:45:46.731Write2424C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
22/9/2020 - 4:45:58.497Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:58.497Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:58.497Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:58.497Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:58.497Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:58.918Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:58.918Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\dhcpqec.dll,-100
22/9/2020 - 4:45:58.918Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:58.918Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:58.918Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\dhcpqec.dll,-101
22/9/2020 - 4:45:58.918Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:58.918Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:58.918Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\dhcpqec.dll,-103
22/9/2020 - 4:45:58.918Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:58.918Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:58.918Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\dhcpqec.dll,-102
22/9/2020 - 4:45:58.918Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:58.918Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:59.12Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\napipsec.dll,-1
22/9/2020 - 4:45:59.12Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:59.12Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:59.12Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\napipsec.dll,-2
22/9/2020 - 4:45:59.12Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:59.12Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:59.12Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\napipsec.dll,-4
22/9/2020 - 4:45:59.12Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:59.12Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:59.12Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\napipsec.dll,-3
22/9/2020 - 4:45:59.12Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:59.12Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:59.106Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\tsgqec.dll,-100
22/9/2020 - 4:45:59.106Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:59.106Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:59.106Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\tsgqec.dll,-101
22/9/2020 - 4:45:59.106Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:59.106Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:59.106Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\tsgqec.dll,-102
22/9/2020 - 4:45:59.106Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:59.106Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:59.106Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\tsgqec.dll,-103
22/9/2020 - 4:45:59.106Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:59.106Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:59.200Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\eapqec.dll,-100
22/9/2020 - 4:45:59.200Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:59.200Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:59.200Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\eapqec.dll,-101
22/9/2020 - 4:45:59.200Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:59.200Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:59.200Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\eapqec.dll,-102
22/9/2020 - 4:45:59.200Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:59.200Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 4:45:59.200Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\eapqec.dll,-103
22/9/2020 - 4:45:59.200Write972C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:50273 code cmicapui.ce.gov.br.
computer localhost arrow_forward computer gateway:DNS code cmicapui.ce.gov.br.

Response
computer gateway:DNS arrow_forward computer localhost code cmicapui.ce.gov.br. reply_all 162.221.187.234


TCP
Info
computer localhost:65192 arrow_forward 162.221.187.234:80
162.221.187.234:80 arrow_forward computer localhost:65192

UDP
Info
computer localhost:5355 arrow_forward computer localhost:52261
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:5355 arrow_forward computer localhost:63083
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info
computer localhost send GET cmicapui.ce.gov.br attach_file /components/com_banners/models/modu.exe

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 80.00%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 69.70%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 62.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 78.65%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 43.46%
suspicious: False cancel

Add to Collection
Download