Report #5654 check_circle
- Creation Date: Feb. 11, 2020, 6:19 p.m.
- Last Update: Feb. 11, 2020, 10:29 p.m.
- File: app-installer.exe
- Results:
Binary
DLL
False cancel
Size
872.66KB
trid
42.7% Win32 Executable19.2% OS/2 Executable18.9% Generic Win/DOS Executable18.9% DOS Executable Generic
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
c56b5f0201a3b3de53e561fe76912bfd
sha1
2a4062e10a5de813f5688221dbeb3f3ff33eb417
crc32
0x76090ee7
sha224
eedd76d5ad874070b7f9ec37acfeb7f0da1b1a7d2537182a4c792cff
sha256
237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d
sha384
a9f029fd818bd747d111fe98208eecdaf00a79e20f7f5e6f290c090ab5a2f0576e2fc240161ba415c9e0f26c429d1ce5
sha512
195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c
ssdeep
12288:6pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:6T3E53Myyzl0hMf1tr7Caw8M01
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, HasDebugData, CRC32_poly_Constant, escalate_priv, HasRichSignature, VC8_Microsoft_Corporation, CRC32_table, network_http, win_files_operation, IsPE32, AutoIT_compiled_script, screenshot, IP, contentis_base64, keylogger, win_token, AutoIt, IsWindowsGUI, inject_thread, anti_dbg, url, Microsoft_Visual_Cpp_8, win_registry, HasOverlay
Suspicious
True check_circle
Strings
List
%http://crl.globalsign.net/root-r3.crl0%http://crl.globalsign.com/root-r3.crl0c"http://ocsp2.globalsign.com/rootr306&https://www.autoitscript.com/autoit3/ 0http://www.autoitscript.com/autoit3/<http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0<<http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt085http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0,http://ocsp2.globalsign.com/gscodesignsha2g30V.http://crl.globalsign.com/gscodesignsha2g3.crl00http://ocsp2.globalsign.com/gstimestampingsha2g20&https://www.globalsign.com/repository/06&https://www.globalsign.com/repository/0&https://www.globalsign.com/repository/0&https://www.globalsign.com/repository/0AutoIt3.exeAutoIt3.exeGt.Ht$WSOCK32.dllFSoftware\AutoIt v3\AutoItCOMCTL32.dllUSERENV.dllVERSION.dllWININET.dllWINMM.dllUxTheme.dll0.0.0.0MPR.dllAUTOITCALLVARIABLE%d<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" language="*" processorArchitecture="*" publicKeyToken="6595b64144ccf1df"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>255.255.255.255SeDebugPrivilegeSeRestorePrivilege<"t|<%tx<'tt<$tp<&tl<!th<otd<]t`<[t\<\tX<\Include\fr-chfr-cafr-be%6$33S3bE6%6%56$32BACKSPACEHebrewBIncludeHOTKEYPRESSEDHOTKEYSETDuployanTaskbarCreatedclosedinvalid range in character classnumber is too bigregular expression is too largetoo many forward referencesfailed to get memoryfailed to get memoryIt is a violation of the AutoIt EULA to attempt to reverse engineer this program.\ at end of pattern\c at end of patterntwo named subpatterns have the same nameBROWSER_SEARCHHKEY_CLASSES_ROOTTCPSHUTDOWNBROWSER_REFRESHAutoIt has detected the stack has become corrupt.BROWSER_BACKBROWSER_STOPBROWSER_FORWARDBROWSER_HOMELAUNCH_MAILBROWSER_FAVORTIESHKEY_LOCAL_MACHINELine %d (File "%s"):VOLUME_UPVOLUME_DOWNVOLUME_MUTE] is an invalid data character in JavaScript compatibility modeLAUNCH_MEDIASOFTWARE\Classes\Line %d:Line %d:TCPLISTENFtpOpenFileWSYSTEM\CurrentControlSet\Control\Nls\LanguageFtpGetFileSizeFTPSETPROXYSW_HIDEAUTOITWINGETTITLEGETCURRENTSELECTIONTCPCLOSESOCKETTCPCONNECTHTTPSETUSERAGENTGETSELECTEDGETSELECTEDCOUNTHTTPSETPROXYWINGETCLASSLISTCWM_GETCONTROLNAMEControl Panel\MouseControl Panel\AppearanceHttpOpenRequestWHttpSendRequestW/AutoIt3OutputDebugmscoree.dll
Foremost
Matches
0.exe, 865 KB, 1607.png, 15 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circleAllowed: 255.255.255.255, 1, recordSuspicioushasAllowed: True check_circlehasSuspicious: False cancel
URLs
AllowedhasURLs: True check_circleSuspicious: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0<, http://crl.globalsign.com/root-r3.crl0c, https://www.autoitscript.com/autoit3/, http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08, http://ocsp2.globalsign.com/rootr306, https://www.globalsign.com/repository/0, https://www.globalsign.com/repository/06, http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0, http://ocsp2.globalsign.com/gscodesignsha2g30v, http://www.autoitscript.com/autoit3/, http://ocsp2.globalsign.com/gstimestampingsha2g20, http://crl.globalsign.net/root-r3.crl0, http://crl.globalsign.com/gscodesignsha2g3.crl0hasAllowed: False cancelhasSuspicious: True check_circle
Files
Allowed: USER32.DLL, kernel32.dll, mscoree.dll, combase.dll, ADVAPI32.dll, SHELL32.dll, WININET.dll, OLEAUT32.dll, PSAPI.DLL, VERSION.dll, USERENV.dll, UxTheme.dll, GDI32.dll, COMCTL32.dll, COMDLG32.dll, ole32.dll, MPR.dll, IPHLPAPI.DLL, WINMM.dll, WSOCK32.dllhasFiles: True check_circleSuspicioushasAllowed: True check_circlehasSuspicious: False cancel
Binary
Sizes
RVARVA: 16Suspicious: False cancelCodeSize: 317440Suspicious: False cancelImageAddress: 4194304Suspicious: False cancelStackStack: 4096Suspicious: False cancelHeadersHeaders: 1024Suspicious: False cancelSuspicious: False cancel
Symbols
NumberNumber: 0Suspicious: True check_circlePointerPointer: 0Suspicious: True check_circleDirectoriesNumber: 16Suspicious: False cancel
Checksum
Value: 915600Suspicous: False cancel
Sections
Allowed: .text, .rdata, .data, .rsrc, .relocSuspicioushasAllowed: True check_circlehasSections: True check_circlehasSuspicious: False cancel
Versions
OSVersion: 5Suspicious: False cancelImageVersion: True check_circleSuspicious: 5LinkerVersion: 12.0Suspicious: False cancelSubsystemVersion: 5.1Suspicious: False cancelSuspicious: False cancel
EntryPoint
Address: 163834Suspicious: False cancel
Anomalies
AnomalieshasAnomalies: False cancel
Libraries
Allowed: user32.dll, kernel32.dll, mscoree.dll, combase.dll, advapi32.dll, shell32.dll, wininet.dll, oleaut32.dll, psapi.dll, version.dll, userenv.dll, uxtheme.dll, gdi32.dll, comctl32.dll, comdlg32.dll, ole32.dll, mpr.dll, winmm.dll, wsock32.dllhasLibs: True check_circleSuspicious: iphlpapi.dllhasAllowed: True check_circlehasSuspicious: True check_circle
Timestamp
Past: False cancelValid: True check_circleValue: 2018-03-15 10:14:39Future: False cancel
Compilation
Packed: False cancelMissing: False cancelPackersCompiled: True check_circleCompilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation
Obfuscation
XOR: False cancelFuzzing: True check_circle
PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.data: 1.rsrc: 6.text: 2.rdata: 10
nopsequence
.text: 1
pushpopmath
.rsrc: 6.text: 30.rdata: 8.reloc: 18
garbagebytes
.data: 1.rsrc: 1.text: 1.rdata: 5
hookdetection
.rdata: 3.reloc: 2
stealthimport
.text: 1
software breakpoint
.rsrc: 1.text: 9.rdata: 1.reloc: 5
programcontrolflowchange
.data: 1.rsrc: 1.text: 1.rdata: 5
cpuinstructionsresultscomparison
.rsrc: 12.rdata: 9
AVclass
None
1
VirusTotal
md5
c56b5f0201a3b3de53e561fe76912bfd
sha1
2a4062e10a5de813f5688221dbeb3f3ff33eb417
SCANS (DETECTION RATE = 4.23%)
AVG
update: 20200211version: 18.4.3895.0detected: False cancel
CMC
update: 20190321version: 1.1.0.977detected: False cancel
MAX
update: 20200211version: 2019.9.16.1detected: False cancel
APEX
result: Maliciousupdate: 20200209version: 5.116detected: True check_circle
K7GW
update: 20200210version: 11.91.33255detected: False cancel
ALYac
update: 20200211version: 1.1.1.5detected: False cancel
Avast
update: 20200210version: 18.4.3895.0detected: False cancel
Avira
update: 20200210version: 8.3.3.8detected: False cancel
Baidu
update: 20190318version: 1.0.0.2detected: False cancel
Cyren
update: 20200210version: 6.2.2.2detected: False cancel
DrWeb
update: 20200211version: 7.0.44.12030detected: False cancel
GData
update: 20200211version: A:25.24858B:26.17647detected: False cancel
Panda
update: 20200210version: 4.6.4.2detected: False cancel
VBA32
update: 20200210version: 4.3.0detected: False cancel
VIPRE
update: 20200211version: 81442detected: False cancel
Zoner
update: 20200211version: 1.0.0.1detected: False cancel
ClamAV
update: 20200205version: 0.102.2.0detected: False cancel
Comodo
update: 20200210version: 32069detected: False cancel
F-Prot
update: 20200210version: 4.7.1.166detected: False cancel
Ikarus
update: 20200210version: 0.1.5.2detected: False cancel
McAfee
update: 20200211version: 6.0.6.653detected: False cancel
Rising
update: 20200210version: 25.0.0.24detected: False cancel
Sophos
update: 20200211version: 4.98.0detected: False cancel
Yandex
update: 20200210version: 5.5.2.24detected: False cancel
Zillya
update: 20200210version: 2.0.0.4019detected: False cancel
Acronis
update: 20200206version: 1.1.1.58detected: False cancel
Alibaba
update: 20190527version: 0.3.0.5detected: False cancel
Arcabit
update: 20200210version: 1.0.0.869detected: False cancel
Cylance
update: 20200211version: 2.3.1.101detected: False cancel
Endgame
update: 20200131version: 3.0.16detected: False cancel
FireEye
update: 20200211version: 29.7.0.0detected: False cancel
Sangfor
update: 20200114version: 1.0detected: False cancel
TACHYON
update: 20200211version: 2020-02-11.01detected: False cancel
Tencent
update: 20200211version: 1.0.0.1detected: False cancel
ViRobot
update: 20200210version: 2014.3.20.0detected: False cancel
Webroot
result: Pua.Riskware.Autoitupdate: 20200211version: 1.0.0.403detected: True check_circle
eGambit
update: 20200211detected: False cancel
Ad-Aware
update: 20200210version: 3.0.5.370detected: False cancel
AegisLab
update: 20200211version: 4.2detected: False cancel
Emsisoft
update: 20200210version: 2018.12.0.1641detected: False cancel
F-Secure
update: 20200211version: 12.0.86.52detected: False cancel
Fortinet
update: 20200211version: 6.2.142.0detected: False cancel
Invincea
update: 20191211version: 6.3.6.26157detected: False cancel
Jiangmin
result: Trojan.Miner.ffrupdate: 20200210version: 16.0.100detected: True check_circle
Kingsoft
update: 20200211version: 2013.8.14.323detected: False cancel
Paloalto
update: 20200211version: 1.0detected: False cancel
Trapmine
update: 20200123version: 3.2.22.914detected: False cancel
AhnLab-V3
update: 20200210version: 3.17.1.26513detected: False cancel
Antiy-AVL
update: 20200210version: 3.0.0.1detected: False cancel
Kaspersky
update: 20200210version: 15.0.1.13detected: False cancel
MaxSecure
update: 20200207version: 1.0.0.1detected: False cancel
Microsoft
update: 20200211version: 1.1.16700.3detected: False cancel
Qihoo-360
update: 20200211version: 1.0.0.1120detected: False cancel
ZoneAlarm
update: 20200210version: 1.0detected: False cancel
Cybereason
update: 20190616version: 1.2.449detected: False cancel
ESET-NOD32
update: 20200210version: 20818detected: False cancel
TrendMicro
update: 20200211version: 11.0.0.1006detected: False cancel
BitDefender
update: 20200211version: 7.2detected: False cancel
CrowdStrike
update: 20190702version: 1.0detected: False cancel
K7AntiVirus
update: 20200209version: 11.91.33240detected: False cancel
SentinelOne
update: 20191218version: 1.12.1.57detected: False cancel
Avast-Mobile
update: 20200210version: 200210-00detected: False cancel
Malwarebytes
update: 20200211version: 3.6.4.330detected: False cancel
TotalDefense
update: 20200210version: 37.1.62.1detected: False cancel
CAT-QuickHeal
update: 20200210version: 14.00detected: False cancel
NANO-Antivirus
update: 20200211version: 1.0.134.25032detected: False cancel
BitDefenderTheta
update: 20200210version: 7.2.37796.0detected: False cancel
MicroWorld-eScan
update: 20200211version: 14.0.405.0detected: False cancel
SUPERAntiSpyware
update: 20200207version: 5.6.0.1032detected: False cancel
McAfee-GW-Edition
update: 20200210version: v2017.3010detected: False cancel
TrendMicro-HouseCall
update: 20200211version: 10.0.0.1040detected: False cancel
total
71
sha256
237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d
scan_id
237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d-1581391041
resource
c56b5f0201a3b3de53e561fe76912bfd
positives
3
scan_date
2020-02-11 03:17:21
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
| 11/2/2020 - 21:45:43.184 | Open | 1480 | C:\malware.exe | C:\malware.exe.Local | |
| 11/2/2020 - 21:45:43.184 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 11/2/2020 - 21:45:43.184 | Unknown | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 11/2/2020 - 21:45:43.184 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 11/2/2020 - 21:45:43.184 | Open | 1480 | C:\malware.exe | C:\Windows\Globalization\Sorting\SortDefault.nls | |
| 11/2/2020 - 21:45:43.184 | Unknown | 1480 | C:\malware.exe | C:\Windows\Globalization\Sorting\SortDefault.nls | SortDefault.nls |
| 11/2/2020 - 21:45:43.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\UxTheme.dll.Config | |
| 11/2/2020 - 21:45:43.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\uxtheme.dll | |
| 11/2/2020 - 21:45:43.184 | Open | 1480 | C:\malware.exe | C:\malware.exe.Local | |
| 11/2/2020 - 21:45:43.184 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 11/2/2020 - 21:45:43.184 | Unknown | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 11/2/2020 - 21:45:43.184 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 11/2/2020 - 21:45:43.184 | Unknown | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 11/2/2020 - 21:45:43.184 | Open | 1480 | C:\malware.exe | C:\malware.exe.Local | |
| 11/2/2020 - 21:45:43.184 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 11/2/2020 - 21:45:43.184 | Unknown | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 11/2/2020 - 21:45:43.184 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 11/2/2020 - 21:45:43.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shell32.dll | |
| 11/2/2020 - 21:45:43.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shell32.dll | |
| 11/2/2020 - 21:45:43.184 | Open | 1480 | C:\malware.exe | C:\Windows\Fonts\StaticCache.dat | |
| 11/2/2020 - 21:45:43.184 | Read | 1480 | C:\malware.exe | C:\Windows\Fonts\StaticCache.dat | StaticCache.dat |
| 11/2/2020 - 21:45:43.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ole32.dll | |
| 11/2/2020 - 21:45:43.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ole32.dll | |
| 11/2/2020 - 21:45:43.200 | Open | 1480 | C:\malware.exe | C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll | |
| 11/2/2020 - 21:45:43.200 | Open | 1480 | C:\malware.exe | C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll | |
| 11/2/2020 - 21:45:43.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ExplorerFrame.dll | |
| 11/2/2020 - 21:45:43.200 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ExplorerFrame.dll | ExplorerFrame.dll |
| 11/2/2020 - 21:45:43.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ExplorerFrame.dll | |
| 11/2/2020 - 21:45:43.200 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ExplorerFrame.dll | ExplorerFrame.dll |
| 11/2/2020 - 21:45:43.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\duser.dll | |
| 11/2/2020 - 21:45:43.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\duser.dll | |
| 11/2/2020 - 21:45:43.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\dui70.dll | |
| 11/2/2020 - 21:45:43.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\dui70.dll | |
| 11/2/2020 - 21:45:43.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\dui70.dll | |
| 11/2/2020 - 21:45:43.309 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ExplorerFrame.dll | |
| 11/2/2020 - 21:45:43.325 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ExplorerFrame.dll | ExplorerFrame.dll |
| 11/2/2020 - 21:45:43.325 | Open | 1480 | C:\malware.exe | C:\malware.exe.Local | |
| 11/2/2020 - 21:45:43.325 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 11/2/2020 - 21:45:43.325 | Unknown | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 11/2/2020 - 21:45:43.325 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 11/2/2020 - 21:45:43.340 | Open | 1480 | C:\malware.exe | C:\malware.exe.Local | |
| 11/2/2020 - 21:45:43.340 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 11/2/2020 - 21:45:43.340 | Unknown | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 11/2/2020 - 21:45:43.340 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 11/2/2020 - 21:45:43.434 | Open | 1480 | C:\malware.exe | C:\WindowsCodecs.dll | |
| 11/2/2020 - 21:45:43.434 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\WindowsCodecs.dll | |
| 11/2/2020 - 21:45:43.434 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\WindowsCodecs.dll | WindowsCodecs.dll |
| 11/2/2020 - 21:45:43.434 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\WindowsCodecs.dll | |
| 11/2/2020 - 21:45:43.434 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\WindowsCodecs.dll | WindowsCodecs.dll |
| 11/2/2020 - 21:45:43.434 | Open | 1480 | C:\malware.exe | C:\apphelp.dll | |
| 11/2/2020 - 21:45:43.434 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\apphelp.dll | |
| 11/2/2020 - 21:45:43.434 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\apphelp.dll | |
| 11/2/2020 - 21:45:43.434 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\EhStorShell.dll | |
| 11/2/2020 - 21:45:43.434 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\EhStorShell.dll | EhStorShell.dll |
| 11/2/2020 - 21:45:43.434 | Open | 1480 | C:\malware.exe | C:\Windows\AppPatch\sysmain.sdb | |
| 11/2/2020 - 21:45:43.434 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 11/2/2020 - 21:45:43.434 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 11/2/2020 - 21:45:43.434 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\EhStorShell.dll | |
| 11/2/2020 - 21:45:43.434 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\EhStorShell.dll | EhStorShell.dll |
| 11/2/2020 - 21:45:43.434 | Open | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:43.434 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:43.434 | Open | 1480 | C:\malware.exe | C:\Windows | |
| 11/2/2020 - 21:45:43.434 | Unknown | 1480 | C:\malware.exe | C:\Windows | |
| 11/2/2020 - 21:45:43.434 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 11/2/2020 - 21:45:43.434 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 11/2/2020 - 21:45:43.434 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\EhStorShell.dll | |
| 11/2/2020 - 21:45:43.450 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\EhStorShell.dll | EhStorShell.dll |
| 11/2/2020 - 21:45:43.450 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\EhStorShell.dll | |
| 11/2/2020 - 21:45:43.450 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\EhStorShell.dll | EhStorShell.dll |
| 11/2/2020 - 21:45:43.450 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\EhStorShell.dll | EhStorShell.dll |
| 11/2/2020 - 21:45:43.450 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\EhStorShell.dll | EhStorShell.dll |
| 11/2/2020 - 21:45:43.450 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\EhStorShell.dll | EhStorShell.dll |
| 11/2/2020 - 21:45:43.450 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\EhStorShell.dll.mui | |
| 11/2/2020 - 21:45:43.450 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\EhStorShell.dll.mui | EhStorShell.dll.mui |
| 11/2/2020 - 21:45:43.450 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\EhStorShell.dll | |
| 11/2/2020 - 21:45:43.450 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\EhStorShell.dll | EhStorShell.dll |
| 11/2/2020 - 21:45:43.450 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\EhStorShell.dll | |
| 11/2/2020 - 21:45:43.450 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\EhStorShell.dll | EhStorShell.dll |
| 11/2/2020 - 21:45:43.450 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\EhStorShell.dll.mui | |
| 11/2/2020 - 21:45:43.450 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\EhStorShell.dll.mui | EhStorShell.dll.mui |
| 11/2/2020 - 21:45:43.450 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\EhStorShell.dll | |
| 11/2/2020 - 21:45:43.450 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\EhStorShell.dll | |
| 11/2/2020 - 21:45:43.450 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\EhStorShell.dll | EhStorShell.dll |
| 11/2/2020 - 21:45:43.450 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\EhStorShell.dll | EhStorShell.dll |
| 11/2/2020 - 21:45:43.450 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\EhStorShell.dll | EhStorShell.dll |
| 11/2/2020 - 21:45:43.450 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\EhStorShell.dll | EhStorShell.dll |
| 11/2/2020 - 21:45:43.450 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\EhStorShell.dll | |
| 11/2/2020 - 21:45:43.450 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\EhStorShell.dll | |
| 11/2/2020 - 21:45:43.450 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\EhStorShell.dll | EhStorShell.dll |
| 11/2/2020 - 21:45:43.450 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\EhStorShell.dll | |
| 11/2/2020 - 21:45:43.450 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\EhStorShell.dll | EhStorShell.dll |
| 11/2/2020 - 21:45:43.450 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\EhStorShell.dll | EhStorShell.dll |
| 11/2/2020 - 21:45:43.450 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\propsys.dll | |
| 11/2/2020 - 21:45:43.450 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\propsys.dll | |
| 11/2/2020 - 21:45:43.450 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\EhStorShell.dll | EhStorShell.dll |
| 11/2/2020 - 21:45:43.450 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntshrui.dll | |
| 11/2/2020 - 21:45:43.450 | Open | 1480 | C:\malware.exe | C:\Windows\AppPatch\sysmain.sdb | |
| 11/2/2020 - 21:45:43.450 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 11/2/2020 - 21:45:43.450 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 11/2/2020 - 21:45:43.450 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntshrui.dll | |
| 11/2/2020 - 21:45:43.450 | Open | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:43.450 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:43.465 | Open | 1480 | C:\malware.exe | C:\Windows | |
| 11/2/2020 - 21:45:43.465 | Unknown | 1480 | C:\malware.exe | C:\Windows | |
| 11/2/2020 - 21:45:43.465 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 11/2/2020 - 21:45:43.465 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 11/2/2020 - 21:45:43.465 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 11/2/2020 - 21:45:43.465 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 11/2/2020 - 21:45:43.465 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntshrui.dll | |
| 11/2/2020 - 21:45:43.465 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntshrui.dll | |
| 11/2/2020 - 21:45:43.465 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntshrui.dll | |
| 11/2/2020 - 21:45:43.465 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntshrui.dll | |
| 11/2/2020 - 21:45:43.465 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntshrui.dll | |
| 11/2/2020 - 21:45:43.465 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntshrui.dll | |
| 11/2/2020 - 21:45:43.465 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntshrui.dll | |
| 11/2/2020 - 21:45:43.465 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntshrui.dll | |
| 11/2/2020 - 21:45:43.512 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntshrui.dll | |
| 11/2/2020 - 21:45:43.512 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntshrui.dll | |
| 11/2/2020 - 21:45:43.512 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntshrui.dll | |
| 11/2/2020 - 21:45:43.668 | Open | 1480 | C:\malware.exe | C:\srvcli.dll | |
| 11/2/2020 - 21:45:43.668 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\srvcli.dll | |
| 11/2/2020 - 21:45:43.668 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\srvcli.dll | |
| 11/2/2020 - 21:45:43.715 | Open | 1480 | C:\malware.exe | C:\cscapi.dll | |
| 11/2/2020 - 21:45:43.715 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\cscapi.dll | |
| 11/2/2020 - 21:45:43.715 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\cscapi.dll | |
| 11/2/2020 - 21:45:43.715 | Open | 1480 | C:\malware.exe | C:\slc.dll | |
| 11/2/2020 - 21:45:43.715 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\slc.dll | |
| 11/2/2020 - 21:45:43.715 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\slc.dll | |
| 11/2/2020 - 21:45:43.715 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.715 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.715 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.715 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.715 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.715 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.715 | Open | 1480 | C:\malware.exe | C:\windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.731 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US | |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.731 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.731 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.731 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.731 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.731 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:43.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.747 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.747 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.747 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.747 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.747 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.747 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:43.809 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:43.856 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:43.856 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:43.856 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:43.856 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:43.903 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\xmllite.dll | |
| 11/2/2020 - 21:45:43.903 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\xmllite.dll | |
| 11/2/2020 - 21:45:44.43 | Open | 1480 | C:\malware.exe | C:\MsftEdit.dll | |
| 11/2/2020 - 21:45:44.43 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\msftedit.dll | |
| 11/2/2020 - 21:45:44.43 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\msftedit.dll | |
| 11/2/2020 - 21:45:44.465 | Open | 1480 | C:\malware.exe | C:\Windows\win.ini | |
| 11/2/2020 - 21:45:44.465 | Read | 1480 | C:\malware.exe | C:\Windows\win.ini | |
| 11/2/2020 - 21:45:44.512 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\msctf.dll | |
| 11/2/2020 - 21:45:44.512 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\msctf.dll | |
| 11/2/2020 - 21:45:44.512 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\msctf.dll | |
| 11/2/2020 - 21:45:44.512 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\msctf.dll | |
| 11/2/2020 - 21:45:44.512 | Open | 1480 | C:\malware.exe | C:\msls31.dll | |
| 11/2/2020 - 21:45:44.512 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\msls31.dll | |
| 11/2/2020 - 21:45:44.512 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\msls31.dll | |
| 11/2/2020 - 21:45:44.512 | Open | 1480 | C:\malware.exe | C:\Monitor | |
| 11/2/2020 - 21:45:44.512 | Unknown | 1480 | C:\malware.exe | C:\Monitor | |
| 11/2/2020 - 21:45:44.512 | Open | 1480 | C:\malware.exe | C:\Monitor | |
| 11/2/2020 - 21:45:44.512 | Unknown | 1480 | C:\malware.exe | C:\Monitor | |
| 11/2/2020 - 21:45:44.512 | Open | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:44.512 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:44.512 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Local\Temp | |
| 11/2/2020 - 21:45:44.512 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Local\Temp | |
| 11/2/2020 - 21:45:44.512 | Open | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:44.512 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:44.512 | Open | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:44.512 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:44.512 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:44.512 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:44.512 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData | |
| 11/2/2020 - 21:45:44.512 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData | |
| 11/2/2020 - 21:45:44.512 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Local | |
| 11/2/2020 - 21:45:44.512 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Local | |
| 11/2/2020 - 21:45:44.512 | Open | 1480 | C:\malware.exe | C:\Monitor | |
| 11/2/2020 - 21:45:44.512 | Unknown | 1480 | C:\malware.exe | C:\Monitor | |
| 11/2/2020 - 21:45:44.512 | Open | 1480 | C:\malware.exe | C:\Monitor | |
| 11/2/2020 - 21:45:44.512 | Unknown | 1480 | C:\malware.exe | C:\Monitor | |
| 11/2/2020 - 21:45:44.512 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms | |
| 11/2/2020 - 21:45:44.512 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms | Documents.library-ms |
| 11/2/2020 - 21:45:44.606 | Open | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:44.606 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:44.606 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches | |
| 11/2/2020 - 21:45:44.606 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db | |
| 11/2/2020 - 21:45:44.606 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches | |
| 11/2/2020 - 21:45:44.606 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db | |
| 11/2/2020 - 21:45:44.606 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db | |
| 11/2/2020 - 21:45:44.606 | Open | 1480 | C:\malware.exe | C:\Users\desktop.ini | |
| 11/2/2020 - 21:45:44.606 | Read | 1480 | C:\malware.exe | C:\Users\desktop.ini | |
| 11/2/2020 - 21:45:44.606 | Open | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:44.606 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:44.606 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:44.606 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:44.606 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData | |
| 11/2/2020 - 21:45:44.606 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData | |
| 11/2/2020 - 21:45:44.606 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming | |
| 11/2/2020 - 21:45:44.606 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming | |
| 11/2/2020 - 21:45:44.606 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\desktop.ini | |
| 11/2/2020 - 21:45:44.606 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 11/2/2020 - 21:45:44.606 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 11/2/2020 - 21:45:44.606 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows | |
| 11/2/2020 - 21:45:44.606 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows | |
| 11/2/2020 - 21:45:44.606 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini | |
| 11/2/2020 - 21:45:44.606 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini | |
| 11/2/2020 - 21:45:44.606 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:44.606 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:44.793 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms | |
| 11/2/2020 - 21:45:44.793 | Open | 1480 | C:\malware.exe | C:\XmlLite.dll | |
| 11/2/2020 - 21:45:44.793 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\xmllite.dll | |
| 11/2/2020 - 21:45:44.793 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\xmllite.dll | |
| 11/2/2020 - 21:45:44.793 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms | Documents.library-ms |
| 11/2/2020 - 21:45:44.793 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\propsys.dll | |
| 11/2/2020 - 21:45:44.793 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\propsys.dll | |
| 11/2/2020 - 21:45:44.793 | Open | 1480 | C:\malware.exe | C:\Windows\System32\propsys.dll | |
| 11/2/2020 - 21:45:44.793 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\propsys.dll | |
| 11/2/2020 - 21:45:44.793 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\propsys.dll | |
| 11/2/2020 - 21:45:44.793 | Open | 1480 | C:\malware.exe | C:\Windows\System32\propsys.dll | |
| 11/2/2020 - 21:45:44.793 | Open | 1480 | C:\malware.exe | C:\LINKINFO.dll | |
| 11/2/2020 - 21:45:44.793 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\linkinfo.dll | |
| 11/2/2020 - 21:45:44.793 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\linkinfo.dll | |
| 11/2/2020 - 21:45:44.793 | Open | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:44.793 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:44.793 | Open | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:44.793 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:44.793 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:44.793 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:44.793 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Documents\desktop.ini | |
| 11/2/2020 - 21:45:44.793 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Documents\desktop.ini | |
| 11/2/2020 - 21:45:44.793 | Open | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:44.793 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:44.793 | Open | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:44.793 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:44.793 | Open | 1480 | C:\malware.exe | C:\Users\Public\desktop.ini | |
| 11/2/2020 - 21:45:44.793 | Read | 1480 | C:\malware.exe | C:\Users\Public\desktop.ini | |
| 11/2/2020 - 21:45:44.793 | Open | 1480 | C:\malware.exe | C:\Users\Public | |
| 11/2/2020 - 21:45:44.793 | Unknown | 1480 | C:\malware.exe | C:\Users\Public | |
| 11/2/2020 - 21:45:44.793 | Open | 1480 | C:\malware.exe | C:\Users\Public\Documents\desktop.ini | |
| 11/2/2020 - 21:45:44.793 | Read | 1480 | C:\malware.exe | C:\Users\Public\Documents\desktop.ini | |
| 11/2/2020 - 21:45:44.793 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Desktop\desktop.ini | |
| 11/2/2020 - 21:45:44.793 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Desktop\desktop.ini | |
| 11/2/2020 - 21:45:44.887 | Open | 1480 | C:\malware.exe | C:\CRYPTSP.dll | |
| 11/2/2020 - 21:45:44.887 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\cryptsp.dll | |
| 11/2/2020 - 21:45:44.887 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\cryptsp.dll | |
| 11/2/2020 - 21:45:44.887 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 11/2/2020 - 21:45:44.887 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 11/2/2020 - 21:45:44.887 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 11/2/2020 - 21:45:44.887 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 11/2/2020 - 21:45:44.887 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 11/2/2020 - 21:45:44.887 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 11/2/2020 - 21:45:44.887 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 11/2/2020 - 21:45:44.887 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 11/2/2020 - 21:45:44.887 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 11/2/2020 - 21:45:44.887 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 11/2/2020 - 21:45:44.887 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 11/2/2020 - 21:45:44.887 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 11/2/2020 - 21:45:44.887 | Open | 1480 | C:\malware.exe | C:\RpcRtRemote.dll | |
| 11/2/2020 - 21:45:44.887 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\RpcRtRemote.dll | |
| 11/2/2020 - 21:45:44.887 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\RpcRtRemote.dll | RpcRtRemote.dll |
| 11/2/2020 - 21:45:44.887 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\RpcRtRemote.dll | |
| 11/2/2020 - 21:45:44.887 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\RpcRtRemote.dll | RpcRtRemote.dll |
| 11/2/2020 - 21:45:44.934 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Desktop | |
| 11/2/2020 - 21:45:44.934 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Desktop | |
| 11/2/2020 - 21:45:44.934 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\SearchFolder.dll | |
| 11/2/2020 - 21:45:44.934 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\SearchFolder.dll | SearchFolder.dll |
| 11/2/2020 - 21:45:44.934 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\SearchFolder.dll | |
| 11/2/2020 - 21:45:44.934 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\SearchFolder.dll | SearchFolder.dll |
| 11/2/2020 - 21:45:44.934 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\SearchFolder.dll | SearchFolder.dll |
| 11/2/2020 - 21:45:44.934 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\SearchFolder.dll | SearchFolder.dll |
| 11/2/2020 - 21:45:44.934 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\SearchFolder.dll | SearchFolder.dll |
| 11/2/2020 - 21:45:44.934 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\SearchFolder.dll | SearchFolder.dll |
| 11/2/2020 - 21:45:44.934 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\SearchFolder.dll | SearchFolder.dll |
| 11/2/2020 - 21:45:44.934 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\SearchFolder.dll | SearchFolder.dll |
| 11/2/2020 - 21:45:44.934 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\SearchFolder.dll | SearchFolder.dll |
| 11/2/2020 - 21:45:44.934 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\SearchFolder.dll | |
| 11/2/2020 - 21:45:44.950 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\SearchFolder.dll | SearchFolder.dll |
| 11/2/2020 - 21:45:44.950 | Open | 1480 | C:\malware.exe | C:\malware.exe.Local | |
| 11/2/2020 - 21:45:44.950 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 11/2/2020 - 21:45:44.950 | Unknown | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 11/2/2020 - 21:45:44.950 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 11/2/2020 - 21:45:44.950 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\SearchFolder.dll | SearchFolder.dll |
| 11/2/2020 - 21:45:44.950 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shlwapi.dll | |
| 11/2/2020 - 21:45:44.965 | Open | 1480 | C:\malware.exe | C:\malware.exe.Local | |
| 11/2/2020 - 21:45:44.965 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 11/2/2020 - 21:45:44.965 | Unknown | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 11/2/2020 - 21:45:44.965 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 11/2/2020 - 21:45:44.965 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\SearchFolder.dll | SearchFolder.dll |
| 11/2/2020 - 21:45:44.965 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\SearchFolder.dll | SearchFolder.dll |
| 11/2/2020 - 21:45:44.981 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:44.981 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:44.981 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:44.981 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:44.981 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:44.981 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:44.981 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:44.981 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:45.43 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\SearchFolder.dll | SearchFolder.dll |
| 11/2/2020 - 21:45:45.43 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\SearchFolder.dll | SearchFolder.dll |
| 11/2/2020 - 21:45:45.43 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:45.43 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:45.43 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:45.43 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:45.43 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\propsys.dll | |
| 11/2/2020 - 21:45:45.43 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\propsys.dll | |
| 11/2/2020 - 21:45:45.43 | Open | 1480 | C:\malware.exe | C:\Windows\System32\propsys.dll | |
| 11/2/2020 - 21:45:45.59 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\StructuredQuery.dll | |
| 11/2/2020 - 21:45:45.59 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\StructuredQuery.dll | StructuredQuery.dll |
| 11/2/2020 - 21:45:45.59 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\StructuredQuery.dll | |
| 11/2/2020 - 21:45:45.59 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\StructuredQuery.dll | StructuredQuery.dll |
| 11/2/2020 - 21:45:45.59 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\StructuredQuery.dll | StructuredQuery.dll |
| 11/2/2020 - 21:45:45.59 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\StructuredQuery.dll | StructuredQuery.dll |
| 11/2/2020 - 21:45:45.59 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\StructuredQuery.dll | StructuredQuery.dll |
| 11/2/2020 - 21:45:45.59 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\StructuredQuery.dll | StructuredQuery.dll |
| 11/2/2020 - 21:45:45.59 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\StructuredQuery.dll | StructuredQuery.dll |
| 11/2/2020 - 21:45:45.59 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\secur32.dll | |
| 11/2/2020 - 21:45:45.59 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\secur32.dll | |
| 11/2/2020 - 21:45:45.59 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\StructuredQuery.dll | StructuredQuery.dll |
| 11/2/2020 - 21:45:45.59 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\StructuredQuery.dll | StructuredQuery.dll |
| 11/2/2020 - 21:45:45.59 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\StructuredQuery.dll | StructuredQuery.dll |
| 11/2/2020 - 21:45:45.59 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\StructuredQuery.dll | StructuredQuery.dll |
| 11/2/2020 - 21:45:45.59 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\StructuredQuery.dll | StructuredQuery.dll |
| 11/2/2020 - 21:45:45.59 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\StructuredQuery.dll | StructuredQuery.dll |
| 11/2/2020 - 21:45:45.59 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\StructuredQuery.dll | StructuredQuery.dll |
| 11/2/2020 - 21:45:45.59 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\StructuredQuery.dll | StructuredQuery.dll |
| 11/2/2020 - 21:45:45.59 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\StructuredQuery.dll | StructuredQuery.dll |
| 11/2/2020 - 21:45:45.122 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms | |
| 11/2/2020 - 21:45:45.122 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms | Documents.library-ms |
| 11/2/2020 - 21:45:45.122 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms | Documents.library-ms |
| 11/2/2020 - 21:45:45.122 | Open | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:45.122 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:45.122 | Open | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:45.122 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:45.122 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:45.122 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:45.122 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData | |
| 11/2/2020 - 21:45:45.122 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData | |
| 11/2/2020 - 21:45:45.122 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming | |
| 11/2/2020 - 21:45:45.122 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming | |
| 11/2/2020 - 21:45:45.122 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 11/2/2020 - 21:45:45.122 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 11/2/2020 - 21:45:45.122 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows | |
| 11/2/2020 - 21:45:45.122 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows | |
| 11/2/2020 - 21:45:45.215 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\StructuredQuery.dll | StructuredQuery.dll |
| 11/2/2020 - 21:45:45.215 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Documents | |
| 11/2/2020 - 21:45:45.215 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Documents | |
| 11/2/2020 - 21:45:45.262 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\thumbcache.dll | |
| 11/2/2020 - 21:45:45.262 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\thumbcache.dll | thumbcache.dll |
| 11/2/2020 - 21:45:45.262 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\thumbcache.dll | |
| 11/2/2020 - 21:45:45.262 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\thumbcache.dll | thumbcache.dll |
| 11/2/2020 - 21:45:45.262 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\thumbcache.dll | thumbcache.dll |
| 11/2/2020 - 21:45:45.262 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\thumbcache.dll | thumbcache.dll |
| 11/2/2020 - 21:45:45.262 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\thumbcache.dll | thumbcache.dll |
| 11/2/2020 - 21:45:45.262 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\thumbcache.dll | thumbcache.dll |
| 11/2/2020 - 21:45:45.262 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\thumbcache.dll | thumbcache.dll |
| 11/2/2020 - 21:45:45.262 | Open | 1480 | C:\malware.exe | C:\SHDOCVW.dll | |
| 11/2/2020 - 21:45:45.262 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shdocvw.dll | |
| 11/2/2020 - 21:45:45.262 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shdocvw.dll | |
| 11/2/2020 - 21:45:45.262 | Open | 1480 | C:\malware.exe | C:\ieframe.DLL | |
| 11/2/2020 - 21:45:45.262 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ieframe.dll | |
| 11/2/2020 - 21:45:45.262 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ieframe.dll | |
| 11/2/2020 - 21:45:45.262 | Open | 1480 | C:\malware.exe | C:\api-ms-win-downlevel-shell32-l1-1-0.dll | |
| 11/2/2020 - 21:45:45.262 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll | |
| 11/2/2020 - 21:45:45.262 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll | api-ms-win-downlevel-shell32-l1-1-0.dll |
| 11/2/2020 - 21:45:45.262 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll | |
| 11/2/2020 - 21:45:45.262 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll | api-ms-win-downlevel-shell32-l1-1-0.dll |
| 11/2/2020 - 21:45:45.262 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ieframe.dll | |
| 11/2/2020 - 21:45:45.262 | Open | 1480 | C:\malware.exe | C:\malware.exe.Local | |
| 11/2/2020 - 21:45:45.262 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 11/2/2020 - 21:45:45.262 | Unknown | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 11/2/2020 - 21:45:45.262 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 11/2/2020 - 21:45:45.262 | Open | 1480 | C:\malware.exe | C:\api-ms-win-downlevel-shlwapi-l2-1-0.dll | |
| 11/2/2020 - 21:45:45.262 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll | |
| 11/2/2020 - 21:45:45.262 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll | api-ms-win-downlevel-shlwapi-l2-1-0.dll |
| 11/2/2020 - 21:45:45.262 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll | |
| 11/2/2020 - 21:45:45.262 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll | api-ms-win-downlevel-shlwapi-l2-1-0.dll |
| 11/2/2020 - 21:45:45.262 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:45.262 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:45.262 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:45.262 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:45.262 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:45.278 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:45.278 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:45.278 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:45.278 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:45.278 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:45.278 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:45.278 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:45.278 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:45.278 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:45.278 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:45.278 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:45.278 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:45.278 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:45.278 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:45.278 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:45.278 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:45.278 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:45.278 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:45.278 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:45.278 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:45.278 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:45.278 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:45.278 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:45.278 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:45.278 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:45.278 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:45.278 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:45.278 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:45.278 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:45.278 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:45.278 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:45.293 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:45.293 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:45.293 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:45.293 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:45.293 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:45.293 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:45.293 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:45.293 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:45.293 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms | |
| 11/2/2020 - 21:45:45.293 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms | Documents.library-ms |
| 11/2/2020 - 21:45:45.293 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shell32.dll | |
| 11/2/2020 - 21:45:45.293 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shell32.dll | |
| 11/2/2020 - 21:45:45.309 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shell32.dll | |
| 11/2/2020 - 21:45:45.309 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shell32.dll | |
| 11/2/2020 - 21:45:45.309 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shell32.dll | |
| 11/2/2020 - 21:45:45.309 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shell32.dll | |
| 11/2/2020 - 21:45:45.372 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\mssvp.dll | |
| 11/2/2020 - 21:45:45.372 | Open | 1480 | C:\malware.exe | C:\Windows\AppPatch\sysmain.sdb | |
| 11/2/2020 - 21:45:45.372 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 11/2/2020 - 21:45:45.372 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 11/2/2020 - 21:45:45.372 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\mssvp.dll | |
| 11/2/2020 - 21:45:45.372 | Open | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:45.372 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:45.372 | Open | 1480 | C:\malware.exe | C:\Windows | |
| 11/2/2020 - 21:45:45.372 | Unknown | 1480 | C:\malware.exe | C:\Windows | |
| 11/2/2020 - 21:45:45.372 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 11/2/2020 - 21:45:45.372 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 11/2/2020 - 21:45:45.372 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 11/2/2020 - 21:45:45.372 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 11/2/2020 - 21:45:45.372 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\mssvp.dll | |
| 11/2/2020 - 21:45:45.372 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\mssvp.dll | |
| 11/2/2020 - 21:45:45.372 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\mssvp.dll.mui | |
| 11/2/2020 - 21:45:45.372 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\mssvp.dll.mui | mssvp.dll.mui |
| 11/2/2020 - 21:45:45.372 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\mssvp.dll | |
| 11/2/2020 - 21:45:45.372 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\mssvp.dll | |
| 11/2/2020 - 21:45:45.372 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\mssvp.dll.mui | |
| 11/2/2020 - 21:45:45.372 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\mssvp.dll.mui | mssvp.dll.mui |
| 11/2/2020 - 21:45:45.372 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\mssvp.dll | |
| 11/2/2020 - 21:45:45.372 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\mssvp.dll | |
| 11/2/2020 - 21:45:45.372 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\mssvp.dll | |
| 11/2/2020 - 21:45:45.372 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\mssvp.dll | |
| 11/2/2020 - 21:45:45.372 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\mssvp.dll | |
| 11/2/2020 - 21:45:45.387 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\mssvp.dll | |
| 11/2/2020 - 21:45:45.387 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\mssvp.dll | |
| 11/2/2020 - 21:45:45.387 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\mssvp.dll | |
| 11/2/2020 - 21:45:45.387 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\mapi32.dll | |
| 11/2/2020 - 21:45:45.387 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\mapi32.dll | |
| 11/2/2020 - 21:45:45.387 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\SearchFolder.dll | SearchFolder.dll |
| 11/2/2020 - 21:45:45.387 | Open | 1480 | C:\malware.exe | C:\msfte.dll | |
| 11/2/2020 - 21:45:45.387 | Open | 1480 | C:\malware.exe | C:\msTracer.dll | |
| 11/2/2020 - 21:45:45.387 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Documents | |
| 11/2/2020 - 21:45:45.387 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\mssvp.dll.mui | |
| 11/2/2020 - 21:45:45.497 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\SearchFolder.dll | SearchFolder.dll |
| 11/2/2020 - 21:45:45.497 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\mssprxy.dll | |
| 11/2/2020 - 21:45:45.497 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\mssprxy.dll | |
| 11/2/2020 - 21:45:45.497 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:45.497 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:45.497 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:45.497 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:45.497 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:45.497 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:45.497 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:45.497 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Documents | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Documents | |
| 11/2/2020 - 21:45:45.543 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Documents | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Documents | |
| 11/2/2020 - 21:45:45.543 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Documents | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Documents | |
| 11/2/2020 - 21:45:45.543 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Documents | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Documents | |
| 11/2/2020 - 21:45:45.543 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Documents | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:45.543 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:45.543 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:45.543 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:45.543 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:45.543 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:45.543 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:45.543 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:45.543 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Documents\Meus vdeos\desktop.ini | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Videos\desktop.ini | |
| 11/2/2020 - 21:45:45.543 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Videos\desktop.ini | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Documents\Minhas imagens\desktop.ini | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Pictures\desktop.ini | |
| 11/2/2020 - 21:45:45.543 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Pictures\desktop.ini | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Documents\Minhas msicas\desktop.ini | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Music\desktop.ini | |
| 11/2/2020 - 21:45:45.543 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Music\desktop.ini | |
| 11/2/2020 - 21:45:45.543 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Documents | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Public\Documents | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Public\Documents | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Public\Documents | |
| 11/2/2020 - 21:45:45.543 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Documents | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Public\Documents | |
| 11/2/2020 - 21:45:45.543 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Documents | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Public\Documents | |
| 11/2/2020 - 21:45:45.543 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Documents | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Public\Documents | |
| 11/2/2020 - 21:45:45.543 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Documents | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Public | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Public | |
| 11/2/2020 - 21:45:45.543 | Unknown | 1480 | C:\malware.exe | C:\Users\Public | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Public | |
| 11/2/2020 - 21:45:45.543 | Unknown | 1480 | C:\malware.exe | C:\Users\Public | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Public | |
| 11/2/2020 - 21:45:45.543 | Unknown | 1480 | C:\malware.exe | C:\Users\Public | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Public | |
| 11/2/2020 - 21:45:45.543 | Unknown | 1480 | C:\malware.exe | C:\Users\Public | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:45.543 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:45.543 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:45.543 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:45.543 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Public\Documents\Meus vdeos\desktop.ini | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Public\Videos\desktop.ini | |
| 11/2/2020 - 21:45:45.543 | Read | 1480 | C:\malware.exe | C:\Users\Public\Videos\desktop.ini | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Public\Documents\Minhas imagens\desktop.ini | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\desktop.ini | |
| 11/2/2020 - 21:45:45.543 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\desktop.ini | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Public\Documents\Minhas msicas\desktop.ini | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Public\Music\desktop.ini | |
| 11/2/2020 - 21:45:45.543 | Read | 1480 | C:\malware.exe | C:\Users\Public\Music\desktop.ini | |
| 11/2/2020 - 21:45:45.543 | Open | 1480 | C:\malware.exe | C:\Users\Public\Documents\My Music\desktop.ini | |
| 11/2/2020 - 21:45:45.559 | Open | 1480 | C:\malware.exe | C:\Users\Public\Music\desktop.ini | |
| 11/2/2020 - 21:45:45.559 | Read | 1480 | C:\malware.exe | C:\Users\Public\Music\desktop.ini | |
| 11/2/2020 - 21:45:45.559 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Music\desktop.ini | |
| 11/2/2020 - 21:45:45.559 | Open | 1480 | C:\malware.exe | C:\Users\Public\Documents\My Pictures\desktop.ini | |
| 11/2/2020 - 21:45:45.559 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\desktop.ini | |
| 11/2/2020 - 21:45:45.559 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\desktop.ini | |
| 11/2/2020 - 21:45:45.559 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures\desktop.ini | |
| 11/2/2020 - 21:45:45.559 | Open | 1480 | C:\malware.exe | C:\Users\Public\Documents\My Videos\desktop.ini | |
| 11/2/2020 - 21:45:45.559 | Open | 1480 | C:\malware.exe | C:\Users\Public\Videos\desktop.ini | |
| 11/2/2020 - 21:45:45.559 | Read | 1480 | C:\malware.exe | C:\Users\Public\Videos\desktop.ini | |
| 11/2/2020 - 21:45:45.559 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Videos\desktop.ini | |
| 11/2/2020 - 21:45:45.559 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Documents | |
| 11/2/2020 - 21:45:45.606 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:45.606 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:45.606 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:45.606 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:45.606 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:45.606 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:45.606 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:45.606 | Open | 1480 | C:\malware.exe | C:\windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:45.606 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:45.606 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:45.606 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:45.606 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:45.606 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:45.606 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:45.606 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:45.606 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:45.606 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:45.606 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:45.653 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:45.653 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:45.653 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:45.653 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:45.653 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:45.653 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:45.653 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:45.653 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:45.653 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:45.653 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:45.700 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:45.700 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:45.700 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:45.700 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:45.700 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:45.700 | Open | 1480 | C:\malware.exe | C:\windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:45.700 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:45.700 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:45.700 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:45.700 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:45.700 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:45.700 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:45.700 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:45.700 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:45.700 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:45.700 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:45.700 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:45.700 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:45.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:45.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:45.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:45.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:45.747 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:45.747 | Open | 1480 | C:\malware.exe | C:\windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:45.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:45.747 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:45.747 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Desktop | |
| 11/2/2020 - 21:45:45.747 | Open | 1480 | C:\malware.exe | C:\Users\Public\Desktop\desktop.ini | |
| 11/2/2020 - 21:45:45.747 | Read | 1480 | C:\malware.exe | C:\Users\Public\Desktop\desktop.ini | |
| 11/2/2020 - 21:45:45.747 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Desktop\desktop.ini | |
| 11/2/2020 - 21:45:45.747 | Open | 1480 | C:\malware.exe | C:\Users\Public\Desktop | |
| 11/2/2020 - 21:45:45.793 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\networkexplorer.dll | |
| 11/2/2020 - 21:45:45.793 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\networkexplorer.dll | networkexplorer.dll |
| 11/2/2020 - 21:45:45.793 | Open | 1480 | C:\malware.exe | C:\Windows\AppPatch\sysmain.sdb | |
| 11/2/2020 - 21:45:45.793 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 11/2/2020 - 21:45:45.793 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 11/2/2020 - 21:45:45.793 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\networkexplorer.dll | |
| 11/2/2020 - 21:45:45.793 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\networkexplorer.dll | networkexplorer.dll |
| 11/2/2020 - 21:45:45.793 | Open | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:45.793 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:45.793 | Open | 1480 | C:\malware.exe | C:\Windows | |
| 11/2/2020 - 21:45:45.793 | Unknown | 1480 | C:\malware.exe | C:\Windows | |
| 11/2/2020 - 21:45:45.793 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 11/2/2020 - 21:45:45.793 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 11/2/2020 - 21:45:45.793 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\networkexplorer.dll | |
| 11/2/2020 - 21:45:45.793 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\networkexplorer.dll | networkexplorer.dll |
| 11/2/2020 - 21:45:45.793 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\networkexplorer.dll | |
| 11/2/2020 - 21:45:45.793 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\networkexplorer.dll | networkexplorer.dll |
| 11/2/2020 - 21:45:45.793 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\networkexplorer.dll | networkexplorer.dll |
| 11/2/2020 - 21:45:45.793 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:45.793 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\networkexplorer.dll | networkexplorer.dll |
| 11/2/2020 - 21:45:45.793 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\networkexplorer.dll | networkexplorer.dll |
| 11/2/2020 - 21:45:45.793 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\networkexplorer.dll | |
| 11/2/2020 - 21:45:45.793 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\networkexplorer.dll | networkexplorer.dll |
| 11/2/2020 - 21:45:45.793 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\networkexplorer.dll | |
| 11/2/2020 - 21:45:45.793 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\networkexplorer.dll | networkexplorer.dll |
| 11/2/2020 - 21:45:45.793 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\networkexplorer.dll | |
| 11/2/2020 - 21:45:45.793 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\networkexplorer.dll | |
| 11/2/2020 - 21:45:45.793 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\networkexplorer.dll | networkexplorer.dll |
| 11/2/2020 - 21:45:45.793 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\networkexplorer.dll | networkexplorer.dll |
| 11/2/2020 - 21:45:45.793 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\networkexplorer.dll | networkexplorer.dll |
| 11/2/2020 - 21:45:45.793 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\networkexplorer.dll | networkexplorer.dll |
| 11/2/2020 - 21:45:45.809 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\networkexplorer.dll | |
| 11/2/2020 - 21:45:45.809 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\networkexplorer.dll | |
| 11/2/2020 - 21:45:45.809 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\networkexplorer.dll | networkexplorer.dll |
| 11/2/2020 - 21:45:45.809 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\networkexplorer.dll | |
| 11/2/2020 - 21:45:45.809 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\networkexplorer.dll | networkexplorer.dll |
| 11/2/2020 - 21:45:45.809 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\networkexplorer.dll | networkexplorer.dll |
| 11/2/2020 - 21:45:45.793 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:45.809 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:45.809 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:45.872 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\networkexplorer.dll | networkexplorer.dll |
| 11/2/2020 - 21:45:45.918 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:45.918 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:45.918 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:45.918 | Open | 1480 | C:\malware.exe | C:\windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:45.918 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:45.918 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:45.918 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Links | |
| 11/2/2020 - 21:45:45.918 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Links | |
| 11/2/2020 - 21:45:45.918 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Links\desktop.ini | |
| 11/2/2020 - 21:45:45.918 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Links\desktop.ini | |
| 11/2/2020 - 21:45:45.918 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Links | |
| 11/2/2020 - 21:45:45.918 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Links | |
| 11/2/2020 - 21:45:45.965 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Links | |
| 11/2/2020 - 21:45:45.965 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Links | |
| 11/2/2020 - 21:45:45.965 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Links | |
| 11/2/2020 - 21:45:45.965 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Links | |
| 11/2/2020 - 21:45:45.965 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Links | |
| 11/2/2020 - 21:45:45.965 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Links | |
| 11/2/2020 - 21:45:45.965 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms | |
| 11/2/2020 - 21:45:45.965 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms | Music.library-ms |
| 11/2/2020 - 21:45:45.965 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms | |
| 11/2/2020 - 21:45:45.965 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms | Videos.library-ms |
| 11/2/2020 - 21:45:45.965 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms | |
| 11/2/2020 - 21:45:45.965 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms | Documents.library-ms |
| 11/2/2020 - 21:45:45.965 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms | |
| 11/2/2020 - 21:45:45.965 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms | Pictures.library-ms |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms | |
| 11/2/2020 - 21:45:46.12 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms | Documents.library-ms |
| 11/2/2020 - 21:45:46.12 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms | Documents.library-ms |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms | |
| 11/2/2020 - 21:45:46.12 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms | Documents.library-ms |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\imageres.dll | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\Monitor\imageres.dll | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:46.12 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.12 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:46.12 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:46.12 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData | |
| 11/2/2020 - 21:45:46.12 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming | |
| 11/2/2020 - 21:45:46.12 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 11/2/2020 - 21:45:46.12 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows | |
| 11/2/2020 - 21:45:46.12 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:46.12 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms | |
| 11/2/2020 - 21:45:46.12 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms | Music.library-ms |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.12 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:46.12 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:46.12 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Music\desktop.ini | |
| 11/2/2020 - 21:45:46.12 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Music\desktop.ini | |
| 11/2/2020 - 21:45:46.12 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Music\desktop.ini | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.12 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:46.12 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\Users\Public | |
| 11/2/2020 - 21:45:46.12 | Unknown | 1480 | C:\malware.exe | C:\Users\Public | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\Users\Public\Music\desktop.ini | |
| 11/2/2020 - 21:45:46.12 | Read | 1480 | C:\malware.exe | C:\Users\Public\Music\desktop.ini | |
| 11/2/2020 - 21:45:46.12 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Music\desktop.ini | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.12 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:46.12 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:46.12 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData | |
| 11/2/2020 - 21:45:46.12 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming | |
| 11/2/2020 - 21:45:46.12 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 11/2/2020 - 21:45:46.12 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows | |
| 11/2/2020 - 21:45:46.12 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows | |
| 11/2/2020 - 21:45:46.12 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:46.12 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms | |
| 11/2/2020 - 21:45:46.28 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms | Videos.library-ms |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.28 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:46.28 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:46.28 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Videos\desktop.ini | |
| 11/2/2020 - 21:45:46.28 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Videos\desktop.ini | |
| 11/2/2020 - 21:45:46.28 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Videos\desktop.ini | |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.28 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:46.28 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\Users\Public | |
| 11/2/2020 - 21:45:46.28 | Unknown | 1480 | C:\malware.exe | C:\Users\Public | |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\Users\Public\Videos\desktop.ini | |
| 11/2/2020 - 21:45:46.28 | Read | 1480 | C:\malware.exe | C:\Users\Public\Videos\desktop.ini | |
| 11/2/2020 - 21:45:46.28 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Videos\desktop.ini | |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.28 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:46.28 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:46.28 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData | |
| 11/2/2020 - 21:45:46.28 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData | |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming | |
| 11/2/2020 - 21:45:46.28 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming | |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 11/2/2020 - 21:45:46.28 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows | |
| 11/2/2020 - 21:45:46.28 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows | |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:46.28 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms | |
| 11/2/2020 - 21:45:46.28 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms | Pictures.library-ms |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.28 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:46.28 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:46.28 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Pictures\desktop.ini | |
| 11/2/2020 - 21:45:46.28 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Pictures\desktop.ini | |
| 11/2/2020 - 21:45:46.28 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Pictures\desktop.ini | |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.28 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:46.28 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\Users\Public | |
| 11/2/2020 - 21:45:46.28 | Unknown | 1480 | C:\malware.exe | C:\Users\Public | |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\Users\Public\Pictures\desktop.ini | |
| 11/2/2020 - 21:45:46.28 | Read | 1480 | C:\malware.exe | C:\Users\Public\Pictures\desktop.ini | |
| 11/2/2020 - 21:45:46.28 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Pictures\desktop.ini | |
| 11/2/2020 - 21:45:46.28 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shell32.dll | |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shell32.dll | |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shell32.dll | |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shell32.dll | |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites | |
| 11/2/2020 - 21:45:46.28 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites | |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.28 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:46.28 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:46.28 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:46.28 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\desktop.ini | |
| 11/2/2020 - 21:45:46.28 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\desktop.ini | |
| 11/2/2020 - 21:45:46.106 | Open | 1480 | C:\malware.exe | C:\Program Files (x86)\Internet Explorer\ieproxy.dll | |
| 11/2/2020 - 21:45:46.106 | Open | 1480 | C:\malware.exe | C:\Program Files (x86)\Internet Explorer\ieproxy.dll | |
| 11/2/2020 - 21:45:46.153 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shell32.dll | |
| 11/2/2020 - 21:45:46.153 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shell32.dll | |
| 11/2/2020 - 21:45:46.153 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms | |
| 11/2/2020 - 21:45:46.153 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms | Documents.library-ms |
| 11/2/2020 - 21:45:46.153 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms | |
| 11/2/2020 - 21:45:46.153 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms | Documents.library-ms |
| 11/2/2020 - 21:45:46.153 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms | |
| 11/2/2020 - 21:45:46.153 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms | Pictures.library-ms |
| 11/2/2020 - 21:45:46.153 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms | |
| 11/2/2020 - 21:45:46.153 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms | Pictures.library-ms |
| 11/2/2020 - 21:45:46.153 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms | |
| 11/2/2020 - 21:45:46.153 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms | Music.library-ms |
| 11/2/2020 - 21:45:46.153 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms | |
| 11/2/2020 - 21:45:46.153 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms | Music.library-ms |
| 11/2/2020 - 21:45:46.153 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms | |
| 11/2/2020 - 21:45:46.153 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms | Videos.library-ms |
| 11/2/2020 - 21:45:46.153 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms | |
| 11/2/2020 - 21:45:46.153 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms | Videos.library-ms |
| 11/2/2020 - 21:45:46.153 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Desktop | |
| 11/2/2020 - 21:45:46.153 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Desktop | |
| 11/2/2020 - 21:45:46.153 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.153 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Links\Desktop.lnk | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Links\Desktop.lnk | |
| 11/2/2020 - 21:45:46.168 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Links\Desktop.lnk | |
| 11/2/2020 - 21:45:46.168 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Links\Desktop.lnk | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Links\Desktop.lnk | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Links\Desktop.lnk | |
| 11/2/2020 - 21:45:46.168 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Links\Desktop.lnk | |
| 11/2/2020 - 21:45:46.168 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Links\Desktop.lnk | |
| 11/2/2020 - 21:45:46.168 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Links\Desktop.lnk | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Links\Downloads.lnk | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Links\Downloads.lnk | |
| 11/2/2020 - 21:45:46.168 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Links\Downloads.lnk | Downloads.lnk |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.168 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:46.168 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:46.168 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\desktop.ini | |
| 11/2/2020 - 21:45:46.168 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\desktop.ini | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.168 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:46.168 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:46.168 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Links\RecentPlaces.lnk | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Links\RecentPlaces.lnk | |
| 11/2/2020 - 21:45:46.168 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Links\RecentPlaces.lnk | RecentPlaces.lnk |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent | |
| 11/2/2020 - 21:45:46.168 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.168 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:46.168 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:46.168 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData | |
| 11/2/2020 - 21:45:46.168 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming | |
| 11/2/2020 - 21:45:46.168 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 11/2/2020 - 21:45:46.168 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows | |
| 11/2/2020 - 21:45:46.168 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini | |
| 11/2/2020 - 21:45:46.168 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.168 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:46.168 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Links\RecentPlaces.lnk | RecentPlaces.lnk |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Links\RecentPlaces.lnk | |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Links\RecentPlaces.lnk | |
| 11/2/2020 - 21:45:46.168 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Links\RecentPlaces.lnk | RecentPlaces.lnk |
| 11/2/2020 - 21:45:46.168 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Links\RecentPlaces.lnk | RecentPlaces.lnk |
| 11/2/2020 - 21:45:46.168 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Links\RecentPlaces.lnk | RecentPlaces.lnk |
| 11/2/2020 - 21:45:46.168 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.168 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.184 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms | |
| 11/2/2020 - 21:45:46.184 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms | Documents.library-ms |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms | |
| 11/2/2020 - 21:45:46.184 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms | Documents.library-ms |
| 11/2/2020 - 21:45:46.184 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms | Documents.library-ms |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\imageres.dll | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Monitor\imageres.dll | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.184 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms | |
| 11/2/2020 - 21:45:46.184 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms | Pictures.library-ms |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms | |
| 11/2/2020 - 21:45:46.184 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms | Pictures.library-ms |
| 11/2/2020 - 21:45:46.184 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms | Pictures.library-ms |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\imageres.dll | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Monitor\imageres.dll | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.184 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.184 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms | |
| 11/2/2020 - 21:45:46.184 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms | Music.library-ms |
| 11/2/2020 - 21:45:46.184 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms | |
| 11/2/2020 - 21:45:46.200 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms | Music.library-ms |
| 11/2/2020 - 21:45:46.200 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms | Music.library-ms |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\imageres.dll | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Monitor\imageres.dll | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.200 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:46.200 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\imageres.dll | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Monitor\imageres.dll | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.200 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms | |
| 11/2/2020 - 21:45:46.200 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms | Videos.library-ms |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms | |
| 11/2/2020 - 21:45:46.200 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms | Videos.library-ms |
| 11/2/2020 - 21:45:46.200 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms | Videos.library-ms |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\imageres.dll | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Monitor\imageres.dll | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.200 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\imageres.dll | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Monitor\imageres.dll | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.200 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\imageres.dll | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Monitor\imageres.dll | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.200 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.215 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:46.215 | Open | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:46.215 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 11/2/2020 - 21:45:46.215 | Open | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.215 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.215 | Open | 1480 | C:\malware.exe | C:\ntmarta.dll | |
| 11/2/2020 - 21:45:46.215 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntmarta.dll | |
| 11/2/2020 - 21:45:46.215 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntmarta.dll | |
| 11/2/2020 - 21:45:46.215 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms | |
| 11/2/2020 - 21:45:46.215 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms | Documents.library-ms |
| 11/2/2020 - 21:45:46.215 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntshrui.dll | |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.231 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.231 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms | |
| 11/2/2020 - 21:45:46.231 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms | Pictures.library-ms |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntshrui.dll | |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.231 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms | |
| 11/2/2020 - 21:45:46.231 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms | Music.library-ms |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntshrui.dll | |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\malware.exe.Local | |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 11/2/2020 - 21:45:46.231 | Unknown | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms | |
| 11/2/2020 - 21:45:46.231 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms | Music.library-ms |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms | |
| 11/2/2020 - 21:45:46.231 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms | Music.library-ms |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.231 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows | |
| 11/2/2020 - 21:45:46.231 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows | |
| 11/2/2020 - 21:45:46.231 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:46.231 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:46.231 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.231 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms | |
| 11/2/2020 - 21:45:46.231 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms | Videos.library-ms |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms | |
| 11/2/2020 - 21:45:46.231 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms | Videos.library-ms |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms | |
| 11/2/2020 - 21:45:46.231 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms | Videos.library-ms |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.231 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows | |
| 11/2/2020 - 21:45:46.231 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows | |
| 11/2/2020 - 21:45:46.231 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:46.231 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:46.231 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms | |
| 11/2/2020 - 21:45:46.231 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms | Documents.library-ms |
| 11/2/2020 - 21:45:46.231 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms | |
| 11/2/2020 - 21:45:46.247 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms | Pictures.library-ms |
| 11/2/2020 - 21:45:46.247 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:46.247 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Links\Downloads.lnk | Downloads.lnk |
| 11/2/2020 - 21:45:46.247 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Links\Downloads.lnk | |
| 11/2/2020 - 21:45:46.247 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Links\Downloads.lnk | |
| 11/2/2020 - 21:45:46.247 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Links\Downloads.lnk | Downloads.lnk |
| 11/2/2020 - 21:45:46.247 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Links\Downloads.lnk | Downloads.lnk |
| 11/2/2020 - 21:45:46.247 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.247 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Links\Downloads.lnk | Downloads.lnk |
| 11/2/2020 - 21:45:46.247 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.247 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.247 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.247 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 11/2/2020 - 21:45:46.247 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.247 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.247 | Open | 1480 | C:\malware.exe | C:\windows\SysWOW64\pt\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.247 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 11/2/2020 - 21:45:46.247 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 11/2/2020 - 21:45:46.247 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms | |
| 11/2/2020 - 21:45:46.247 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms | Documents.library-ms |
| 11/2/2020 - 21:45:46.247 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms | |
| 11/2/2020 - 21:45:46.247 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms | Pictures.library-ms |
| 11/2/2020 - 21:45:46.247 | Open | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.247 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.247 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:46.247 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows | |
| 11/2/2020 - 21:45:46.247 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows | |
| 11/2/2020 - 21:45:46.247 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:46.247 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:46.247 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:46.247 | Open | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.247 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 11/2/2020 - 21:45:46.247 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:46.247 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows | |
| 11/2/2020 - 21:45:46.247 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows | |
| 11/2/2020 - 21:45:46.247 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:46.247 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:46.247 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:46.247 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:46.247 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:46.247 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:46.247 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries | |
| 11/2/2020 - 21:45:46.372 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\actxprxy.dll | |
| 11/2/2020 - 21:45:46.372 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\actxprxy.dll | |
| 11/2/2020 - 21:45:46.434 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:46.434 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:46.434 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:46.434 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:46.481 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:46.481 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:46.481 | Open | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | |
| 11/2/2020 - 21:45:46.481 | Unknown | 1480 | C:\malware.exe | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\shellstyle.dll | shellstyle.dll |
| 11/2/2020 - 21:45:46.918 | Open | 1480 | C:\malware.exe | C:\Users\Public | |
| 11/2/2020 - 21:45:46.918 | Unknown | 1480 | C:\malware.exe | C:\Users\Public | |
| 11/2/2020 - 21:46:47.184 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\mssvp.dll.mui | mssvp.dll.mui |
Process
Trace
Analysis
Reason
Timeout
Status
Sucessfully Executed
Results
1
Registry
Trace
| 11/2/2020 - 21:45:44.965 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | NodeSlots |
| 11/2/2020 - 21:45:44.965 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | MRUListEx |
| 11/2/2020 - 21:45:44.965 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | NodeSlots |
| 11/2/2020 - 21:45:44.965 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | MRUListEx |
| 11/2/2020 - 21:45:46.28 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | NodeSlots |
| 11/2/2020 - 21:45:46.28 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | MRUListEx |
| 11/2/2020 - 21:45:46.28 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | NodeSlots |
| 11/2/2020 - 21:45:46.28 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | MRUListEx |
| 11/2/2020 - 21:45:46.28 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | NodeSlots |
| 11/2/2020 - 21:45:46.28 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | 4 |
| 11/2/2020 - 21:45:46.28 | Delete | 1480 | C:\malware.exe | HKCU\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4 | MRUList |
| 11/2/2020 - 21:45:46.28 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | MRUListEx |
| 11/2/2020 - 21:45:46.28 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4 | 0 |
| 11/2/2020 - 21:45:46.28 | Delete | 1480 | C:\malware.exe | HKCU\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\0 | MRUList |
| 11/2/2020 - 21:45:46.28 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4 | MRUListEx |
| 11/2/2020 - 21:45:46.43 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | NodeSlots |
| 11/2/2020 - 21:45:46.43 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\0 | NodeSlot |
| 11/2/2020 - 21:45:46.43 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\0 | MRUListEx |
| 11/2/2020 - 21:45:46.43 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg | TV_FolderType |
| 11/2/2020 - 21:45:46.43 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg | TV_TopViewID |
| 11/2/2020 - 21:45:46.43 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg | TV_TopViewVersion |
| 11/2/2020 - 21:45:46.153 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
File Summary
Created
Identified: False cancel
Deleted
Identified: False cancel
Process Summary
Created
Identified: False cancel
Deleted
Identified: False cancel
Registry Summary
Proxy
Identified: False cancel
AutoRun
Identified: False cancel
Created
Identified: True check_circle
Deleted
Identified: True check_circle
Browsers
Identified: False cancel
Internet
Identified: False cancel
Loading...
DNS
Query
Response
TCP
Info
UDP
Info
HTTP
Info
Summary
DNS
False cancel
TCP
False cancel
UDP
False cancel
HTTP
False cancel
Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%suspicious: False cancel
Decision Tree (NFS-BRMalware)
confidence: 100.00%suspicious: False cancel
SVC (Kernel=Linear, NFS-BRMalware)
confidence: 96.85%suspicious: False cancel
MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 65.96%suspicious: False cancel
Random Forest (100 estimators, NFS-BRMalware)
confidence: 71.00%suspicious: False cancel
Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 58.74%suspicious: True check_circle
LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 96.67%suspicious: False cancel