Report #5773 check_circle

  • Creation Date: Feb. 12, 2020, 5:21 p.m.
  • Last Update: Feb. 12, 2020, 6:22 p.m.
  • File: CTTobjecto98301.pdf.exe
  • Results:
Binary
DLL
False cancel
Size
2.49MB
trid
61.7% Win32 EXE PECompact compressed
19.4% Windows screen saver
6.7% Win32 Executable
3.0% Win16/32 Executable Delphi generic
3.0% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
d1382f9a7980edc52b53290321d2cc59
sha1
99165a334784495c2bcc2b1a97ccbdfa7718e97a
crc32
0x3dcd2973
sha224
869d22821fe10ad50d09cb00c50d2ead63ffad18ab0f07c299390da8
sha256
6f3526512d1d7d15c1f795529023bba8ed60459cb45805fef4ecc2e4ebe9dc87
sha384
fc97314e0eeccda54cd6304403744f2b6b5249c08887fa54bd75c9ec6eadd9623effdcc16280f491ba804a3c2c07e712
sha512
59ed4525696f781510f326bd515c554c379709e35d79d57fa2eeef5d0ed1ff17f30dda233d107499ffb2774dd2b48af1c614b0a6ee7c4ecfa5d76511e3cbff1e
ssdeep
24576:lnOC0m2WiVlhJKG3XMU4yXd4psBuyghBgSEbW2Q5okRRVlX8PX3D8tFXTTw+srv5:lz0mulrKE9TghSSD5PhlYX3D8tZTTsrR
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
maldoc_getEIP_method_1, domain, Borland, IP, Dropper_Strings, CRC32_poly_Constant, escalate_priv, RIPEMD160_Constants, borland_delphi, Delphi_FormShow, CRC32_table, win_files_operation, IsPE32, win_hook, RijnDael_AES_CHAR, screenshot, win_token, contentis_base64, keylogger, Delphi_Random, IsWindowsGUI, anti_dbg, url, SHA1_Constants, win_registry, Delphi_CompareCall, RijnDael_AES_LONG, MD5_Constants

Suspicious
True check_circle

Strings
List
the appropriate version of this product at http://www.componentace.com
Web site: http://www.componentace.com
\tool.zip
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
t.Ht
Winapi.Windows
Winapi.Windows
Winapi.Windows
Font.Name
Font.Style
Invalid compressed size, rfs.size = %d, count = %d
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
feel free to contact us at support@componentace.com
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
System.Win.Registry
System.Win.Registry
System.Win.Registry
System.Win.Registry
System.Win.Registry
System.Win.Registry
Error setting %s.Count8Listbox (%s) style must be virtual in order to set Count%Cannot remove shell notification icon"%s requires Windows Vista or later
System.Win.Crtl
System.Win.Crtl
System.Win.ComConst
System.Win.ComConst
\Software\Borland\C++Builder
windowscodecs.dll
\Software\Borland\Delphi
B.rsrc
Delphi%.8X
Software\Borland\Locales
Software\Borland\Delphi\Locales
winspool.drv
winspool.drv
\Software\Borland\BDS
wtsapi32.dll
comctl32.dll
msimg32.dll
comctl32.dll
olepro32.dll
comctl32.dll
comctl32.dll
comctl32.dll
comctl32.dll
version.dll
uxtheme.dll
uxtheme.dll
8.6.0.13
8.6.0.13
Project1.exe
\tool.exe
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
Hashed list of file names is invalid
IsEncrypted
Encrypted
Username
Username
Username
Username

Foremost
Matches
0.exe, 2 MB, 4639.png, 5 KB, 4885.png, 5 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed: 8.6.0.13, 1, 2(SERVFAIL)
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

URLs
Allowed
hasURLs: True check_circle
Suspicious: http://www.componentace.com
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: user32.dll, comctl32.dll, ole32.dll, PSAPI.dll, imm32.dll, kernel32.dll, oleaut32.dll, uxtheme.dll, olepro32.dll, NTDLL.DLL, advapi32.dll, gdi32.dll, DWMAPI.DLL, wtsapi32.dll, windowscodecs.dll, version.dll, shell32.dll, msimg32.dll
hasFiles: True check_circle
Suspicious: \tool.zip
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 497152
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 16384
Suspicious: False cancel
Headers
Headers: 4096
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .itext, .data, .bss, .idata, .didata, .edata, .tls, .rdata, .reloc, .rsrc, xor
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 2.25
Suspicious: False cancel
Subsystem
Version: 5.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 2662400
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: user32.dll, comctl32.dll, ole32.dll, psapi.dll, imm32.dll, kernel32.dll, oleaut32.dll, uxtheme.dll, olepro32.dll, ntdll.dll, advapi32.dll, gdi32.dll, dwmapi.dll, wtsapi32.dll, windowscodecs.dll, version.dll, shell32.dll, msimg32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2017-10-04 20:08:17
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.data: 9
.text: 44
.itext: 5
.didata: 2

pushpopmath
.data: 8
.rsrc: 8
.text: 38

garbagebytes
.data: 5
.text: 29
.itext: 5
.didata: 1

hookdetection
.data: 1
.text: 1

software breakpoint
.text: 6

programcontrolflowchange
.data: 5
.text: 29
.itext: 5
.didata: 1

cpuinstructionsresultscomparison
.data: 8
.rsrc: 24
.text: 22

AVclass
xorala
1
VirusTotal
md5
d1382f9a7980edc52b53290321d2cc59
sha1
99165a334784495c2bcc2b1a97ccbdfa7718e97a
SCANS (DETECTION RATE = 88.24%)
AVG
result: Win32:Valla
update: 20180215
version: 18.1.3800.0
detected: True check_circle

CMC
result: Virus.Win32!O
update: 20180215
version: 1.1.0.977
detected: True check_circle

MAX
result: malware (ai score=86)
update: 20180215
version: 2017.11.15.1
detected: True check_circle

Bkav
result: W32.Valla
update: 20180212
version: 1.3.0.9466
detected: True check_circle

K7GW
result: Virus ( 0008d6e31 )
update: 20180215
version: 10.40.26215
detected: True check_circle

ALYac
result: Win32.Valhalla.2048
update: 20180215
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Valla
update: 20180215
version: 18.1.3800.0
detected: True check_circle

Avira
result: W32/Xorala.b
update: 20180215
version: 8.3.3.6
detected: True check_circle

Baidu
result: Win32.Virus.Xorala.a
update: 20180208
version: 1.0.0.2
detected: True check_circle

Cyren
result: W32/Harmony.A
update: 20180215
version: 5.4.30.7
detected: True check_circle

DrWeb
result: Win32.Valhala.2048
update: 20180215
version: 7.0.28.2020
detected: True check_circle

GData
result: Win32.Virus.Xorala.A
update: 20180215
version: A:25.16035B:25.11587
detected: True check_circle

Panda
result: W32/Valla.2048
update: 20180214
version: 4.6.4.2
detected: True check_circle

VBA32
result: Win32.Xoralda.2048
update: 20180214
version: 3.12.28.0
detected: True check_circle

VIPRE
result: Virus.Win32.Valla.a (v)
update: 20180215
version: 64608
detected: True check_circle

Zoner
result: Win32.Xorala.A
update: 20180215
version: 1.0
detected: True check_circle

AVware
result: Virus.Win32.Valla.a (v)
update: 20180215
version: 1.5.0.42
detected: True check_circle

ClamAV
result: Win.Trojan.Xorala-1
update: 20180215
version: 0.99.2.0
detected: True check_circle

Comodo
result: Virus.Win32.Xorala.b0
update: 20180215
version: 28527
detected: True check_circle

F-Prot
result: W32/Harmony.A
update: 20180215
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Win32.Xorala
update: 20180214
version: 0.1.5.2
detected: True check_circle

McAfee
result: W32/Valla.a
update: 20180215
version: 6.0.6.653
detected: True check_circle

Rising
result: Win32.Xorala.a (CLASSIC)
update: 20180215
version: 25.0.0.1
detected: True check_circle

Sophos
result: W32/Rox-A
update: 20180215
version: 4.98.0
detected: True check_circle

Yandex
result: Win32.Xorala
update: 20180214
version: 5.5.1.3
detected: True check_circle

Zillya
update: 20180214
version: 2.0.0.3491
detected: False cancel

Arcabit
result: Win32.Valhalla.2048
update: 20180215
version: 1.0.0.830
detected: True check_circle

Cylance
result: Unsafe
update: 20180215
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180214
version: 1.2.0
detected: True check_circle

Tencent
result: Virus.Win32.Valla.a
update: 20180215
version: 1.0.0.1
detected: True check_circle

ViRobot
result: Win32.Valla.2048
update: 20180215
version: 2014.3.20.0
detected: True check_circle

Webroot
update: 20180215
version: 1.0.0.207
detected: False cancel

eGambit
update: 20180215
version: v4.3.4
detected: False cancel

Ad-Aware
result: Win32.Valhalla.2048
update: 20180215
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: W32.W.Runouce.l4QL
update: 20180215
version: 4.2
detected: True check_circle

Emsisoft
result: Win32.Valhalla.2048 (B)
update: 20180215
version: 4.0.2.899
detected: True check_circle

F-Secure
result: Win32.Valhalla.2048
update: 20180215
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: W32/Valla.2048
update: 20180215
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20180121
version: 6.3.4.26036
detected: True check_circle

Jiangmin
result: Hacktool/VB.ASPX.a
update: 20180214
version: 16.0.100
detected: True check_circle

Kingsoft
result: Win32.Xorala.2048
update: 20180215
version: 2013.8.14.323
detected: True check_circle

Paloalto
update: 20180215
version: 1.0
detected: False cancel

Symantec
result: W32.Valla.2048
update: 20180214
version: 1.5.0.0
detected: True check_circle

nProtect
result: Virus/W32.Valla
update: 20180215
version: 2018-02-15.02
detected: True check_circle

AhnLab-V3
result: Win32/Valla.2048
update: 20180214
version: 3.11.3.19504
detected: True check_circle

Antiy-AVL
result: Virus/Win32.Xorala.b
update: 20180215
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Virus.Win32.Xorala
update: 20180215
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Virus:Win32/Valla.2048
update: 20180215
version: 1.1.14500.5
detected: True check_circle

Qihoo-360
result: Virus.Win32.Agent.A
update: 20180215
version: 1.0.0.1120
detected: True check_circle

TheHacker
result: W32/Valla.a
update: 20180213
version: 6.8.0.5.2403
detected: True check_circle

ZoneAlarm
result: Virus.Win32.Xorala
update: 20180215
version: 1.0
detected: True check_circle

Cybereason
result: malicious.a7980e
update: 20180205
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: Win32/Xorala.A
update: 20180215
version: 16907
detected: True check_circle

TrendMicro
result: PE_VALLA.A
update: 20180215
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20180205
detected: False cancel

BitDefender
result: Win32.Valhalla.2048
update: 20180215
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_80% (W)
update: 20170201
version: 1.0
detected: True check_circle

K7AntiVirus
result: Virus ( 0008d6e31 )
update: 20180215
version: 10.40.26216
detected: True check_circle

SentinelOne
update: 20180115
version: 1.0.12.202
detected: False cancel

Avast-Mobile
update: 20180214
version: 180214-10
detected: False cancel

Malwarebytes
result: Virus.Valhalla
update: 20180215
version: 2.1.1.1115
detected: True check_circle

TotalDefense
result: Win32/Valla.2048
update: 20180215
version: 37.1.62.1
detected: True check_circle

CAT-QuickHeal
result: W32.Xorala
update: 20180214
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Virus.Win32.Xorala.cbehdj
update: 20180215
version: 1.0.100.21498
detected: True check_circle

MicroWorld-eScan
result: Win32.Valhalla.2048
update: 20180215
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180215
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Valla.vh
update: 20180215
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: PE_VALLA.A
update: 20180215
version: 9.950.0.1006
detected: True check_circle

total
68
sha256
6f3526512d1d7d15c1f795529023bba8ed60459cb45805fef4ecc2e4ebe9dc87
scan_id
6f3526512d1d7d15c1f795529023bba8ed60459cb45805fef4ecc2e4ebe9dc87-1518679835
resource
d1382f9a7980edc52b53290321d2cc59
positives
60
scan_date
2018-02-15 07:30:35
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
12/2/2020 - 17:45:46.575Open2308C:\malware.exeC:\Windows\SysWOW64\dialer.exe
12/2/2020 - 17:45:46.575Open2308C:\malware.exeC:\Windows\SysWOW64\dialer.exe
12/2/2020 - 17:45:46.575Open2308C:\malware.exeC:\Windows\SysWOW64\dialer.exe
12/2/2020 - 17:45:46.575Open2308C:\malware.exeC:\Windows\SysWOW64\diskraid.exe
12/2/2020 - 17:45:46.622Open2308C:\malware.exeC:\Windows\SysWOW64\diskraid.exe
12/2/2020 - 17:45:46.622Open2308C:\malware.exeC:\Windows\SysWOW64\diskraid.exe
12/2/2020 - 17:45:46.622Open2308C:\malware.exeC:\Windows\SysWOW64\diskraid.exe
12/2/2020 - 17:45:46.622Open2308C:\malware.exeC:\Windows\SysWOW64\Dism
12/2/2020 - 17:45:46.622Open2308C:\malware.exeC:\Windows\SysWOW64\Dism\DismHost.exe
12/2/2020 - 17:45:46.668Open2308C:\malware.exeC:\Windows\SysWOW64\Dism\DismHost.exe
12/2/2020 - 17:45:46.668Open2308C:\malware.exeC:\Windows\SysWOW64\Dism\DismHost.exe
12/2/2020 - 17:45:46.668Open2308C:\malware.exeC:\Windows\SysWOW64\Dism\DismHost.exe
12/2/2020 - 17:45:46.668Unknown2308C:\malware.exeC:\Windows\SysWOW64\Dism
12/2/2020 - 17:45:46.668Open2308C:\malware.exeC:\Windows\SysWOW64\dllhst3g.exe
12/2/2020 - 17:45:46.715Open2308C:\malware.exeC:\Windows\SysWOW64\dllhst3g.exe
12/2/2020 - 17:45:46.715Open2308C:\malware.exeC:\Windows\SysWOW64\dllhst3g.exe
12/2/2020 - 17:45:46.715Open2308C:\malware.exeC:\Windows\SysWOW64\dllhst3g.exe
12/2/2020 - 17:45:46.715Open2308C:\malware.exeC:\Windows\SysWOW64\doskey.exe
12/2/2020 - 17:45:46.762Open2308C:\malware.exeC:\Windows\SysWOW64\doskey.exe
12/2/2020 - 17:45:46.762Open2308C:\malware.exeC:\Windows\SysWOW64\doskey.exe
12/2/2020 - 17:45:46.762Open2308C:\malware.exeC:\Windows\SysWOW64\doskey.exe
12/2/2020 - 17:45:46.762Open2308C:\malware.exeC:\Windows\SysWOW64\drvinst.exe
12/2/2020 - 17:45:46.762Open2308C:\malware.exeC:\Windows\SysWOW64\drvinst.exe
12/2/2020 - 17:45:46.762Open2308C:\malware.exeC:\Windows\SysWOW64\drvinst.exe
12/2/2020 - 17:45:46.762Open2308C:\malware.exeC:\Windows\SysWOW64\drvinst.exe
12/2/2020 - 17:45:46.762Open2308C:\malware.exeC:\Windows\SysWOW64\DWWIN.EXE
12/2/2020 - 17:45:46.809Open2308C:\malware.exeC:\Windows\SysWOW64\DWWIN.EXE
12/2/2020 - 17:45:46.809Open2308C:\malware.exeC:\Windows\SysWOW64\DWWIN.EXE
12/2/2020 - 17:45:46.809Open2308C:\malware.exeC:\Windows\SysWOW64\DWWIN.EXE
12/2/2020 - 17:45:46.809Open2308C:\malware.exeC:\Windows\SysWOW64\eudcedit.exe
12/2/2020 - 17:45:46.809Open2308C:\malware.exeC:\Windows\SysWOW64\eudcedit.exe
12/2/2020 - 17:45:46.809Open2308C:\malware.exeC:\Windows\SysWOW64\eudcedit.exe
12/2/2020 - 17:45:46.809Open2308C:\malware.exeC:\Windows\SysWOW64\eudcedit.exe
12/2/2020 - 17:45:46.809Open2308C:\malware.exeC:\Windows\SysWOW64\eventcreate.exe
12/2/2020 - 17:45:46.856Unknown2308C:\malware.exeC:\Windows\SysWOW64\eventcreate.exeeventcreate.exe
12/2/2020 - 17:45:46.856Open2308C:\malware.exeC:\Windows\SysWOW64\eventcreate.exe
12/2/2020 - 17:45:46.856Open2308C:\malware.exeC:\Windows\SysWOW64\eventcreate.exe
12/2/2020 - 17:45:46.856Open2308C:\malware.exeC:\Windows\SysWOW64\eventcreate.exe
12/2/2020 - 17:45:46.856Open2308C:\malware.exeC:\Windows\SysWOW64\extrac32.exe
12/2/2020 - 17:45:46.856Open2308C:\malware.exeC:\Windows\SysWOW64\extrac32.exe
12/2/2020 - 17:45:46.856Open2308C:\malware.exeC:\Windows\SysWOW64\extrac32.exe
12/2/2020 - 17:45:46.856Open2308C:\malware.exeC:\Windows\SysWOW64\extrac32.exe
12/2/2020 - 17:45:46.856Open2308C:\malware.exeC:\Windows\SysWOW64\fc.exe
12/2/2020 - 17:45:46.903Open2308C:\malware.exeC:\Windows\SysWOW64\fc.exe
12/2/2020 - 17:45:46.903Open2308C:\malware.exeC:\Windows\SysWOW64\fc.exe
12/2/2020 - 17:45:46.903Open2308C:\malware.exeC:\Windows\SysWOW64\fc.exe
12/2/2020 - 17:45:46.903Open2308C:\malware.exeC:\Windows\SysWOW64\ftp.exe
12/2/2020 - 17:45:46.950Open2308C:\malware.exeC:\Windows\SysWOW64\ftp.exe
12/2/2020 - 17:45:46.950Open2308C:\malware.exeC:\Windows\SysWOW64\ftp.exe
12/2/2020 - 17:45:46.950Open2308C:\malware.exeC:\Windows\SysWOW64\ftp.exe
12/2/2020 - 17:45:46.950Open2308C:\malware.exeC:\Windows\SysWOW64\gpscript.exe
12/2/2020 - 17:45:46.997Open2308C:\malware.exeC:\Windows\SysWOW64\gpscript.exe
12/2/2020 - 17:45:46.997Open2308C:\malware.exeC:\Windows\SysWOW64\gpscript.exe
12/2/2020 - 17:45:46.997Open2308C:\malware.exeC:\Windows\SysWOW64\gpscript.exe
12/2/2020 - 17:45:46.997Open2308C:\malware.exeC:\Windows\SysWOW64\GroupPolicyUsers
12/2/2020 - 17:45:46.997Unknown2308C:\malware.exeC:\Windows\SysWOW64\GroupPolicyUsers
12/2/2020 - 17:45:46.997Open2308C:\malware.exeC:\Windows\SysWOW64\grpconv.exe
12/2/2020 - 17:45:46.997Open2308C:\malware.exeC:\Windows\SysWOW64\grpconv.exe
12/2/2020 - 17:45:46.997Open2308C:\malware.exeC:\Windows\SysWOW64\grpconv.exe
12/2/2020 - 17:45:46.997Open2308C:\malware.exeC:\Windows\SysWOW64\grpconv.exe
12/2/2020 - 17:45:46.997Open2308C:\malware.exeC:\Windows\SysWOW64\he-IL
12/2/2020 - 17:45:46.997Read2308C:\malware.exeC:\Windows\SysWOW64\he-IL
12/2/2020 - 17:45:47.43Unknown2308C:\malware.exeC:\Windows\SysWOW64\he-IL
12/2/2020 - 17:45:47.43Open2308C:\malware.exeC:\Windows\SysWOW64\hr-HR
12/2/2020 - 17:45:47.43Unknown2308C:\malware.exeC:\Windows\SysWOW64\hr-HR
12/2/2020 - 17:45:47.43Open2308C:\malware.exeC:\Windows\SysWOW64\icacls.exe
12/2/2020 - 17:45:47.90Open2308C:\malware.exeC:\Windows\SysWOW64\icacls.exe
12/2/2020 - 17:45:47.90Open2308C:\malware.exeC:\Windows\SysWOW64\icacls.exe
12/2/2020 - 17:45:47.90Open2308C:\malware.exeC:\Windows\SysWOW64\icacls.exe
12/2/2020 - 17:45:47.90Open2308C:\malware.exeC:\Windows\SysWOW64\icsunattend.exe
12/2/2020 - 17:45:47.137Unknown2308C:\malware.exeC:\Windows\SysWOW64\icsunattend.exeicsunattend.exe
12/2/2020 - 17:45:47.137Open2308C:\malware.exeC:\Windows\SysWOW64\icsunattend.exe
12/2/2020 - 17:45:47.137Open2308C:\malware.exeC:\Windows\SysWOW64\icsunattend.exe
12/2/2020 - 17:45:47.137Open2308C:\malware.exeC:\Windows\SysWOW64\icsunattend.exe
12/2/2020 - 17:45:47.137Open2308C:\malware.exeC:\Windows\SysWOW64\iexpress.exe
12/2/2020 - 17:45:47.184Open2308C:\malware.exeC:\Windows\SysWOW64\iexpress.exe
12/2/2020 - 17:45:47.184Open2308C:\malware.exeC:\Windows\SysWOW64\iexpress.exe
12/2/2020 - 17:45:47.184Open2308C:\malware.exeC:\Windows\SysWOW64\iexpress.exe
12/2/2020 - 17:45:47.184Open2308C:\malware.exeC:\Windows\SysWOW64\inetsrv
12/2/2020 - 17:45:47.184Unknown2308C:\malware.exeC:\Windows\SysWOW64\inetsrv
12/2/2020 - 17:45:47.184Open2308C:\malware.exeC:\Windows\SysWOW64\migwiz
12/2/2020 - 17:45:47.184Open2308C:\malware.exeC:\Windows\SysWOW64\migwiz\replacementmanifests
12/2/2020 - 17:45:47.184Read2308C:\malware.exeC:\Windows\SysWOW64\migwiz\replacementmanifests
12/2/2020 - 17:45:47.231Read2308C:\malware.exeC:\Windows\SysWOW64\migwiz\replacementmanifests
12/2/2020 - 17:45:47.278Open2308C:\malware.exeC:\Windows\SysWOW64\migwiz\replacementmanifests\microsoft-windows-shmig
12/2/2020 - 17:45:47.278Unknown2308C:\malware.exeC:\Windows\SysWOW64\migwiz\replacementmanifests\microsoft-windows-shmig
12/2/2020 - 17:45:47.278Open2308C:\malware.exeC:\Windows\SysWOW64\migwiz\replacementmanifests\Microsoft-Windows-TerminalServices-LicenseServer
12/2/2020 - 17:45:47.278Unknown2308C:\malware.exeC:\Windows\SysWOW64\migwiz\replacementmanifests\Microsoft-Windows-TerminalServices-LicenseServer
12/2/2020 - 17:45:47.278Read2308C:\malware.exeC:\Windows\SysWOW64\migwiz\replacementmanifests
12/2/2020 - 17:45:47.325Unknown2308C:\malware.exeC:\Windows\SysWOW64\migwiz\replacementmanifests
12/2/2020 - 17:45:47.325Unknown2308C:\malware.exeC:\Windows\SysWOW64\migwiz
12/2/2020 - 17:45:47.325Open2308C:\malware.exeC:\Windows\SysWOW64\msinfo32.exe
12/2/2020 - 17:45:47.372Open2308C:\malware.exeC:\Windows\SysWOW64\msinfo32.exe
12/2/2020 - 17:45:47.372Open2308C:\malware.exeC:\Windows\SysWOW64\msinfo32.exe
12/2/2020 - 17:45:47.372Open2308C:\malware.exeC:\Windows\SysWOW64\msinfo32.exe
12/2/2020 - 17:45:47.372Open2308C:\malware.exeC:\Windows\SysWOW64\msra.exe
12/2/2020 - 17:45:47.372Open2308C:\malware.exeC:\Windows\SysWOW64\msra.exe
12/2/2020 - 17:45:47.372Open2308C:\malware.exeC:\Windows\SysWOW64\msra.exe
12/2/2020 - 17:45:47.372Open2308C:\malware.exeC:\Windows\SysWOW64\msra.exe
12/2/2020 - 17:45:47.372Open2308C:\malware.exeC:\Windows\SysWOW64\mstsc.exe
12/2/2020 - 17:45:47.418Open2308C:\malware.exeC:\Windows\SysWOW64\mstsc.exe
12/2/2020 - 17:45:47.418Open2308C:\malware.exeC:\Windows\SysWOW64\mstsc.exe
12/2/2020 - 17:45:47.418Open2308C:\malware.exeC:\Windows\SysWOW64\mstsc.exe
12/2/2020 - 17:45:47.418Open2308C:\malware.exeC:\Windows\SysWOW64\MUI
12/2/2020 - 17:45:47.418Unknown2308C:\malware.exeC:\Windows\SysWOW64\MUI
12/2/2020 - 17:45:47.418Open2308C:\malware.exeC:\Windows\SysWOW64\ndadmin.exe
12/2/2020 - 17:45:47.465Open2308C:\malware.exeC:\Windows\SysWOW64\ndadmin.exe
12/2/2020 - 17:45:47.465Open2308C:\malware.exeC:\Windows\SysWOW64\ndadmin.exe
12/2/2020 - 17:45:47.465Open2308C:\malware.exeC:\Windows\SysWOW64\ndadmin.exe
12/2/2020 - 17:45:47.465Open2308C:\malware.exeC:\Windows\SysWOW64\net1.exe
12/2/2020 - 17:45:47.465Open2308C:\malware.exeC:\Windows\SysWOW64\net1.exe
12/2/2020 - 17:45:47.465Open2308C:\malware.exeC:\Windows\SysWOW64\net1.exe
12/2/2020 - 17:45:47.465Open2308C:\malware.exeC:\Windows\SysWOW64\net1.exe
12/2/2020 - 17:45:47.465Open2308C:\malware.exeC:\Windows\SysWOW64\NETSTAT.EXE
12/2/2020 - 17:45:47.512Open2308C:\malware.exeC:\Windows\SysWOW64\NETSTAT.EXE
12/2/2020 - 17:45:47.512Open2308C:\malware.exeC:\Windows\SysWOW64\NETSTAT.EXE
12/2/2020 - 17:45:47.512Open2308C:\malware.exeC:\Windows\SysWOW64\NETSTAT.EXE
12/2/2020 - 17:45:47.512Open2308C:\malware.exeC:\Windows\SysWOW64\ntoskrnl.exe
12/2/2020 - 17:45:47.559Open2308C:\malware.exeC:\Windows\SysWOW64\ntoskrnl.exe
12/2/2020 - 17:45:47.559Open2308C:\malware.exeC:\Windows\SysWOW64\ntoskrnl.exe
12/2/2020 - 17:45:47.559Open2308C:\malware.exeC:\Windows\SysWOW64\ntoskrnl.exe
12/2/2020 - 17:45:47.559Open2308C:\malware.exeC:\Windows\SysWOW64\ocsetup.exe
12/2/2020 - 17:45:47.559Open2308C:\malware.exeC:\Windows\SysWOW64\ocsetup.exe
12/2/2020 - 17:45:47.559Open2308C:\malware.exeC:\Windows\SysWOW64\ocsetup.exe
12/2/2020 - 17:45:47.559Open2308C:\malware.exeC:\Windows\SysWOW64\ocsetup.exe
12/2/2020 - 17:45:47.559Open2308C:\malware.exeC:\Windows\SysWOW64\oobe
12/2/2020 - 17:45:47.559Open2308C:\malware.exeC:\Windows\SysWOW64\oobe\en-US
12/2/2020 - 17:45:47.559Unknown2308C:\malware.exeC:\Windows\SysWOW64\oobe\en-US
12/2/2020 - 17:45:47.559Unknown2308C:\malware.exeC:\Windows\SysWOW64\oobe
12/2/2020 - 17:45:47.559Open2308C:\malware.exeC:\Windows\SysWOW64\OptionalFeatures.exe
12/2/2020 - 17:45:47.606Unknown2308C:\malware.exeC:\Windows\SysWOW64\OptionalFeatures.exeOptionalFeatures.exe
12/2/2020 - 17:45:47.606Open2308C:\malware.exeC:\Windows\SysWOW64\OptionalFeatures.exe
12/2/2020 - 17:45:47.606Open2308C:\malware.exeC:\Windows\SysWOW64\OptionalFeatures.exe
12/2/2020 - 17:45:47.606Open2308C:\malware.exeC:\Windows\SysWOW64\OptionalFeatures.exe
12/2/2020 - 17:45:47.606Open2308C:\malware.exeC:\Windows\SysWOW64\pl-PL
12/2/2020 - 17:45:47.606Read2308C:\malware.exeC:\Windows\SysWOW64\pl-PL
12/2/2020 - 17:45:47.653Unknown2308C:\malware.exeC:\Windows\SysWOW64\pl-PL
12/2/2020 - 17:45:47.653Open2308C:\malware.exeC:\Windows\SysWOW64\powercfg.exe
12/2/2020 - 17:45:47.700Open2308C:\malware.exeC:\Windows\SysWOW64\powercfg.exe
12/2/2020 - 17:45:47.700Open2308C:\malware.exeC:\Windows\SysWOW64\powercfg.exe
12/2/2020 - 17:45:47.700Open2308C:\malware.exeC:\Windows\SysWOW64\powercfg.exe
12/2/2020 - 17:45:47.700Open2308C:\malware.exeC:\Windows\SysWOW64\rasdial.exe
12/2/2020 - 17:45:47.747Open2308C:\malware.exeC:\Windows\SysWOW64\rasdial.exe
12/2/2020 - 17:45:47.747Open2308C:\malware.exeC:\Windows\SysWOW64\rasdial.exe
12/2/2020 - 17:45:47.747Open2308C:\malware.exeC:\Windows\SysWOW64\rasdial.exe
12/2/2020 - 17:45:47.747Open2308C:\malware.exeC:\Windows\SysWOW64\raserver.exe
12/2/2020 - 17:45:47.793Open2308C:\malware.exeC:\Windows\SysWOW64\raserver.exe
12/2/2020 - 17:45:47.793Open2308C:\malware.exeC:\Windows\SysWOW64\raserver.exe
12/2/2020 - 17:45:47.793Open2308C:\malware.exeC:\Windows\SysWOW64\raserver.exe
12/2/2020 - 17:45:47.793Open2308C:\malware.exeC:\Windows\SysWOW64\regsvr32.exe
12/2/2020 - 17:45:47.793Open2308C:\malware.exeC:\Windows\SysWOW64\regsvr32.exe
12/2/2020 - 17:45:47.793Open2308C:\malware.exeC:\Windows\SysWOW64\regsvr32.exe
12/2/2020 - 17:45:47.793Open2308C:\malware.exeC:\Windows\SysWOW64\regsvr32.exe
12/2/2020 - 17:45:47.793Open2308C:\malware.exeC:\Windows\SysWOW64\rekeywiz.exe
12/2/2020 - 17:45:47.793Open2308C:\malware.exeC:\Windows\SysWOW64\rekeywiz.exe
12/2/2020 - 17:45:47.793Open2308C:\malware.exeC:\Windows\SysWOW64\rekeywiz.exe
12/2/2020 - 17:45:47.793Open2308C:\malware.exeC:\Windows\SysWOW64\rekeywiz.exe
12/2/2020 - 17:45:47.793Open2308C:\malware.exeC:\Windows\SysWOW64\RMActivate_isv.exe
12/2/2020 - 17:45:47.840Unknown2308C:\malware.exeC:\Windows\SysWOW64\RMActivate_isv.exeRMActivate_isv.exe
12/2/2020 - 17:45:47.840Open2308C:\malware.exeC:\Windows\SysWOW64\RMActivate_isv.exe
12/2/2020 - 17:45:47.840Open2308C:\malware.exeC:\Windows\SysWOW64\RMActivate_isv.exe
12/2/2020 - 17:45:47.840Open2308C:\malware.exeC:\Windows\SysWOW64\RMActivate_isv.exe
12/2/2020 - 17:45:47.840Open2308C:\malware.exeC:\Windows\SysWOW64\RMActivate_ssp_isv.exe
12/2/2020 - 17:45:47.887Unknown2308C:\malware.exeC:\Windows\SysWOW64\RMActivate_ssp_isv.exeRMActivate_ssp_isv.exe
12/2/2020 - 17:45:47.887Open2308C:\malware.exeC:\Windows\SysWOW64\RMActivate_ssp_isv.exe
12/2/2020 - 17:45:47.887Open2308C:\malware.exeC:\Windows\SysWOW64\RMActivate_ssp_isv.exe
12/2/2020 - 17:45:47.887Open2308C:\malware.exeC:\Windows\SysWOW64\RMActivate_ssp_isv.exe
12/2/2020 - 17:45:47.887Open2308C:\malware.exeC:\Windows\SysWOW64\RmClient.exe
12/2/2020 - 17:45:47.934Open2308C:\malware.exeC:\Windows\SysWOW64\RmClient.exe
12/2/2020 - 17:45:47.934Open2308C:\malware.exeC:\Windows\SysWOW64\RmClient.exe
12/2/2020 - 17:45:47.934Open2308C:\malware.exeC:\Windows\SysWOW64\RmClient.exe
12/2/2020 - 17:45:47.934Open2308C:\malware.exeC:\Windows\SysWOW64\RpcPing.exe
12/2/2020 - 17:45:47.981Open2308C:\malware.exeC:\Windows\SysWOW64\RpcPing.exe
12/2/2020 - 17:45:47.981Open2308C:\malware.exeC:\Windows\SysWOW64\RpcPing.exe
12/2/2020 - 17:45:47.981Open2308C:\malware.exeC:\Windows\SysWOW64\RpcPing.exe
12/2/2020 - 17:45:47.981Open2308C:\malware.exeC:\Windows\SysWOW64\rundll32.exe
12/2/2020 - 17:45:47.981Open2308C:\malware.exeC:\Windows\SysWOW64\rundll32.exe
12/2/2020 - 17:45:47.981Open2308C:\malware.exeC:\Windows\SysWOW64\rundll32.exe
12/2/2020 - 17:45:47.981Open2308C:\malware.exeC:\Windows\SysWOW64\rundll32.exe
12/2/2020 - 17:45:47.981Open2308C:\malware.exeC:\Windows\SysWOW64\sbunattend.exe
12/2/2020 - 17:45:47.981Unknown2308C:\malware.exeC:\Windows\SysWOW64\sbunattend.exesbunattend.exe
12/2/2020 - 17:45:47.981Open2308C:\malware.exeC:\Windows\SysWOW64\sbunattend.exe
12/2/2020 - 17:45:47.981Open2308C:\malware.exeC:\Windows\SysWOW64\sbunattend.exe
12/2/2020 - 17:45:47.981Open2308C:\malware.exeC:\Windows\SysWOW64\sbunattend.exe
12/2/2020 - 17:45:47.981Open2308C:\malware.exeC:\Windows\SysWOW64\sdbinst.exe
12/2/2020 - 17:45:48.28Open2308C:\malware.exeC:\Windows\SysWOW64\sdbinst.exe
12/2/2020 - 17:45:48.28Open2308C:\malware.exeC:\Windows\SysWOW64\sdbinst.exe
12/2/2020 - 17:45:48.28Open2308C:\malware.exeC:\Windows\SysWOW64\sdbinst.exe
12/2/2020 - 17:45:48.28Open2308C:\malware.exeC:\Windows\SysWOW64\SetIEInstalledDate.exe
12/2/2020 - 17:45:48.75Unknown2308C:\malware.exeC:\Windows\SysWOW64\SetIEInstalledDate.exeSetIEInstalledDate.exe
12/2/2020 - 17:45:48.75Open2308C:\malware.exeC:\Windows\SysWOW64\SetIEInstalledDate.exe
12/2/2020 - 17:45:48.75Open2308C:\malware.exeC:\Windows\SysWOW64\SetIEInstalledDate.exe
12/2/2020 - 17:45:48.75Open2308C:\malware.exeC:\Windows\SysWOW64\SetIEInstalledDate.exe
12/2/2020 - 17:45:48.75Open2308C:\malware.exeC:\Windows\SysWOW64\sl-SI
12/2/2020 - 17:45:48.75Unknown2308C:\malware.exeC:\Windows\SysWOW64\sl-SI
12/2/2020 - 17:45:48.75Open2308C:\malware.exeC:\Windows\SysWOW64\Speech
12/2/2020 - 17:45:48.75Open2308C:\malware.exeC:\Windows\SysWOW64\Speech\Engines
12/2/2020 - 17:45:48.75Unknown2308C:\malware.exeC:\Windows\SysWOW64\Speech\Engines
12/2/2020 - 17:45:48.75Unknown2308C:\malware.exeC:\Windows\SysWOW64\Speech
12/2/2020 - 17:45:48.75Open2308C:\malware.exeC:\Windows\SysWOW64\subst.exe
12/2/2020 - 17:45:48.75Open2308C:\malware.exeC:\Windows\SysWOW64\subst.exe
12/2/2020 - 17:45:48.75Open2308C:\malware.exeC:\Windows\SysWOW64\subst.exe
12/2/2020 - 17:45:48.75Open2308C:\malware.exeC:\Windows\SysWOW64\subst.exe
12/2/2020 - 17:45:48.75Open2308C:\malware.exeC:\Windows\SysWOW64\syskey.exe
12/2/2020 - 17:45:48.75Open2308C:\malware.exeC:\Windows\SysWOW64\syskey.exe
12/2/2020 - 17:45:48.75Open2308C:\malware.exeC:\Windows\SysWOW64\syskey.exe
12/2/2020 - 17:45:48.75Open2308C:\malware.exeC:\Windows\SysWOW64\syskey.exe
12/2/2020 - 17:45:48.75Open2308C:\malware.exeC:\Windows\SysWOW64\takeown.exe
12/2/2020 - 17:45:48.122Open2308C:\malware.exeC:\Windows\SysWOW64\takeown.exe
12/2/2020 - 17:45:48.122Open2308C:\malware.exeC:\Windows\SysWOW64\takeown.exe
12/2/2020 - 17:45:48.122Open2308C:\malware.exeC:\Windows\SysWOW64\takeown.exe
12/2/2020 - 17:45:48.122Open2308C:\malware.exeC:\Windows\SysWOW64\tr-TR
12/2/2020 - 17:45:48.122Read2308C:\malware.exeC:\Windows\SysWOW64\tr-TR
12/2/2020 - 17:45:48.168Unknown2308C:\malware.exeC:\Windows\SysWOW64\tr-TR
12/2/2020 - 17:45:48.168Open2308C:\malware.exeC:\Windows\SysWOW64\tracerpt.exe
12/2/2020 - 17:45:48.215Open2308C:\malware.exeC:\Windows\SysWOW64\tracerpt.exe
12/2/2020 - 17:45:48.215Open2308C:\malware.exeC:\Windows\SysWOW64\tracerpt.exe
12/2/2020 - 17:45:48.215Open2308C:\malware.exeC:\Windows\SysWOW64\tracerpt.exe
12/2/2020 - 17:45:48.215Open2308C:\malware.exeC:\Windows\SysWOW64\upnpcont.exe
12/2/2020 - 17:45:48.262Open2308C:\malware.exeC:\Windows\SysWOW64\upnpcont.exe
12/2/2020 - 17:45:48.262Open2308C:\malware.exeC:\Windows\SysWOW64\upnpcont.exe
12/2/2020 - 17:45:48.262Open2308C:\malware.exeC:\Windows\SysWOW64\upnpcont.exe
12/2/2020 - 17:45:48.262Open2308C:\malware.exeC:\Windows\SysWOW64\user.exe
12/2/2020 - 17:45:48.309Open2308C:\malware.exeC:\Windows\SysWOW64\user.exe
12/2/2020 - 17:45:48.309Open2308C:\malware.exeC:\Windows\SysWOW64\user.exe
12/2/2020 - 17:45:48.309Open2308C:\malware.exeC:\Windows\SysWOW64\user.exe
12/2/2020 - 17:45:48.309Open2308C:\malware.exeC:\Windows\SysWOW64\vssadmin.exe
12/2/2020 - 17:45:48.356Open2308C:\malware.exeC:\Windows\SysWOW64\vssadmin.exe
12/2/2020 - 17:45:48.356Open2308C:\malware.exeC:\Windows\SysWOW64\vssadmin.exe
12/2/2020 - 17:45:48.356Open2308C:\malware.exeC:\Windows\SysWOW64\vssadmin.exe
12/2/2020 - 17:45:48.356Open2308C:\malware.exeC:\Windows\SysWOW64\wbem
12/2/2020 - 17:45:48.356Read2308C:\malware.exeC:\Windows\SysWOW64\wbem
12/2/2020 - 17:45:48.403Read2308C:\malware.exeC:\Windows\SysWOW64\wbem
12/2/2020 - 17:45:48.450Read2308C:\malware.exeC:\Windows\SysWOW64\wbem
12/2/2020 - 17:45:48.497Read2308C:\malware.exeC:\Windows\SysWOW64\wbem
12/2/2020 - 17:45:48.543Open2308C:\malware.exeC:\Windows\SysWOW64\wbem\Repository
12/2/2020 - 17:45:48.543Unknown2308C:\malware.exeC:\Windows\SysWOW64\wbem\Repository
12/2/2020 - 17:45:48.543Read2308C:\malware.exeC:\Windows\SysWOW64\wbem
12/2/2020 - 17:45:48.590Open2308C:\malware.exeC:\Windows\SysWOW64\wbem\WMIC.exe
12/2/2020 - 17:45:48.590Open2308C:\malware.exeC:\Windows\SysWOW64\wbem\WMIC.exe
12/2/2020 - 17:45:48.590Open2308C:\malware.exeC:\Windows\SysWOW64\wbem\WMIC.exe
12/2/2020 - 17:45:48.590Open2308C:\malware.exeC:\Windows\SysWOW64\wbem\WMIC.exe
12/2/2020 - 17:45:48.590Open2308C:\malware.exeC:\Windows\SysWOW64\wbem\xml
12/2/2020 - 17:45:48.590Unknown2308C:\malware.exeC:\Windows\SysWOW64\wbem\xml
12/2/2020 - 17:45:48.590Unknown2308C:\malware.exeC:\Windows\SysWOW64\wbem
12/2/2020 - 17:45:48.590Open2308C:\malware.exeC:\Windows\SysWOW64\wdi
12/2/2020 - 17:45:48.590Unknown2308C:\malware.exeC:\Windows\SysWOW64\wdi
12/2/2020 - 17:45:48.590Open2308C:\malware.exeC:\Windows\SysWOW64\wimserv.exe
12/2/2020 - 17:45:48.590Open2308C:\malware.exeC:\Windows\SysWOW64\wimserv.exe
12/2/2020 - 17:45:48.590Open2308C:\malware.exeC:\Windows\SysWOW64\wimserv.exe
12/2/2020 - 17:45:48.590Open2308C:\malware.exeC:\Windows\SysWOW64\wimserv.exe
12/2/2020 - 17:45:48.590Open2308C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell
12/2/2020 - 17:45:48.590Open2308C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
12/2/2020 - 17:45:48.590Unknown2308C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0
12/2/2020 - 17:45:48.590Unknown2308C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell
12/2/2020 - 17:45:48.590Open2308C:\malware.exeC:\Windows\SysWOW64\wininit.exe
12/2/2020 - 17:45:48.637Open2308C:\malware.exeC:\Windows\SysWOW64\wininit.exe
12/2/2020 - 17:45:48.637Open2308C:\malware.exeC:\Windows\SysWOW64\wininit.exe
12/2/2020 - 17:45:48.637Open2308C:\malware.exeC:\Windows\SysWOW64\wininit.exe
12/2/2020 - 17:45:48.637Open2308C:\malware.exeC:\Windows\SysWOW64\wusa.exe
12/2/2020 - 17:45:48.637Open2308C:\malware.exeC:\Windows\SysWOW64\wusa.exe
12/2/2020 - 17:45:48.637Open2308C:\malware.exeC:\Windows\SysWOW64\wusa.exe
12/2/2020 - 17:45:48.637Open2308C:\malware.exeC:\Windows\SysWOW64\wusa.exe
12/2/2020 - 17:45:48.637Unknown2308C:\malware.exeC:\Windows\SysWOW64
12/2/2020 - 17:45:48.637Open2308C:\malware.exeC:\
12/2/2020 - 17:45:48.637Open2308C:\malware.exeC:\PerfLogs
12/2/2020 - 17:45:48.637Unknown2308C:\malware.exeC:\PerfLogs
12/2/2020 - 17:45:48.637Open2308C:\malware.exeC:\Windows
12/2/2020 - 17:45:48.637Open2308C:\malware.exeC:\Windows\Branding
12/2/2020 - 17:45:48.637Unknown2308C:\malware.exeC:\Windows\Branding
12/2/2020 - 17:45:48.637Open2308C:\malware.exeC:\Windows\Cursors
12/2/2020 - 17:45:48.637Unknown2308C:\malware.exeC:\Windows\Cursors
12/2/2020 - 17:45:48.637Open2308C:\malware.exeC:\Windows\hh.exe
12/2/2020 - 17:45:48.684Open2308C:\malware.exeC:\Windows\hh.exe
12/2/2020 - 17:45:48.684Open2308C:\malware.exeC:\Windows\hh.exe
12/2/2020 - 17:45:48.684Open2308C:\malware.exeC:\Windows\hh.exe
12/2/2020 - 17:45:48.684Open2308C:\malware.exeC:\Windows\IME
12/2/2020 - 17:45:48.684Unknown2308C:\malware.exeC:\Windows\IME
12/2/2020 - 17:45:48.684Open2308C:\malware.exeC:\Windows\L2Schemas
12/2/2020 - 17:45:48.684Unknown2308C:\malware.exeC:\Windows\L2Schemas
12/2/2020 - 17:45:48.684Unknown2308C:\malware.exeC:\Windows\L2Schemas
12/2/2020 - 17:45:48.684Open2308C:\malware.exeC:\Windows\ModemLogs
12/2/2020 - 17:45:48.684Unknown2308C:\malware.exeC:\Windows\ModemLogs
12/2/2020 - 17:45:48.684Open2308C:\malware.exeC:\Windows\Panther
12/2/2020 - 17:45:48.684Unknown2308C:\malware.exeC:\Windows\Panther
12/2/2020 - 17:45:48.684Unknown2308C:\malware.exeC:\Windows\Panther
12/2/2020 - 17:45:48.684Open2308C:\malware.exeC:\Windows\Resources
12/2/2020 - 17:45:48.684Unknown2308C:\malware.exeC:\Windows\Resources
12/2/2020 - 17:45:48.684Open2308C:\malware.exeC:\Windows\Speech
12/2/2020 - 17:45:48.684Unknown2308C:\malware.exeC:\Windows\Speech
12/2/2020 - 17:45:48.684Open2308C:\malware.exeC:\Windows\Vss
12/2/2020 - 17:45:48.684Unknown2308C:\malware.exeC:\Windows\Vss
12/2/2020 - 17:45:48.684Open2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:48.684Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:48.731Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:48.778Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:48.825Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:48.872Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:48.918Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:48.965Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:49.12Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:49.59Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:49.106Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:49.153Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:49.200Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:49.247Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:49.293Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:49.340Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:49.387Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:49.434Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:49.481Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:49.528Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:49.575Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:49.622Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:49.668Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:49.715Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:49.762Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:49.809Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:49.856Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:49.903Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:49.950Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:49.997Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:50.43Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:50.90Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:50.137Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:50.184Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:50.231Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:50.278Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:50.325Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:50.372Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:50.418Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:50.465Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:50.512Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:50.559Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:50.606Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:50.653Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:50.700Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:50.747Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:50.793Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:50.840Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:50.887Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:50.934Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:50.981Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:51.28Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:51.75Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:51.122Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:51.168Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:51.215Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:51.262Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:51.309Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:51.356Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:51.403Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:51.450Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:51.497Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:51.543Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:51.590Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:51.637Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:51.684Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:51.731Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:51.809Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:51.856Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:51.903Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:51.950Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:51.997Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:52.43Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:52.90Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:52.137Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:52.184Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:52.231Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:52.278Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:52.325Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:52.372Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:52.418Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:52.465Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:52.512Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:52.559Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:52.606Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:52.653Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:52.700Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:52.747Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:52.793Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:52.840Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:52.887Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:52.934Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:52.981Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:53.28Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:53.75Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:53.122Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:53.168Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:53.215Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:53.262Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:53.309Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:53.356Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:53.403Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:53.450Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:53.497Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:53.543Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:53.590Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:53.637Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:53.684Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:53.731Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:53.778Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:53.825Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:53.872Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:53.918Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:53.965Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:54.12Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:54.59Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:54.106Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:54.153Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:54.200Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:54.247Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:54.293Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:54.340Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:54.387Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:54.434Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:54.481Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:54.528Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:54.575Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:54.622Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:54.668Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:54.715Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:54.762Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:54.809Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:54.856Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:54.903Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:54.950Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:54.997Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:55.43Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:55.90Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:55.137Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:55.184Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:55.231Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:55.278Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:55.325Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:55.372Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:55.418Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:55.465Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:55.512Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:55.559Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:55.606Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:55.653Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:55.700Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:55.747Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:55.793Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:55.825Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:55.872Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:55.918Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:55.965Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:56.12Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:56.59Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:56.106Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:56.153Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:56.200Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:56.247Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:56.293Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:56.340Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:56.387Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:56.434Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:56.481Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:56.528Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:56.575Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:56.622Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:56.668Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:56.715Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:56.762Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:56.809Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:56.856Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:56.903Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:56.950Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:56.997Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:57.43Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:57.90Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:57.137Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:57.184Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:57.231Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:57.278Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:57.325Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:57.372Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:57.418Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:57.465Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:57.512Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:57.559Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:57.606Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:57.653Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:57.700Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:57.747Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:57.793Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:57.840Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:57.887Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:57.934Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:57.981Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:58.28Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:58.75Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:58.122Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:58.168Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:58.215Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:58.262Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:58.309Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:58.356Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:58.403Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:58.450Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:58.497Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:58.543Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:58.590Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:58.637Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:58.684Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:58.731Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:58.778Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:58.825Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:58.872Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:58.918Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:58.965Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:59.12Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:59.59Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:59.106Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:59.153Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:59.200Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:59.247Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:59.293Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:59.340Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:59.387Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:59.434Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:59.481Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:59.528Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:59.575Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:59.622Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:59.668Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:59.715Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:59.762Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:59.809Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:59.856Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:59.903Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:59.950Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:45:59.997Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:0.43Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:0.90Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:0.137Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:0.184Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:0.231Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:0.278Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:0.325Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:0.372Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:0.418Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:0.465Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:0.512Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:0.559Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:0.606Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:0.653Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:0.700Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:0.747Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:0.793Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:0.840Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:0.887Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:0.934Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:0.981Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:1.28Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:1.75Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:1.122Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:1.168Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:1.215Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:1.262Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:1.309Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:1.356Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:1.403Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:1.450Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:1.497Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:1.543Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:1.590Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:1.637Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:1.684Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:1.731Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:1.778Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:1.825Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:1.872Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:2.12Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:2.153Open2308C:\malware.exeC:\Windows\winsxs\amd64_1394.inf_31bf3856ad364e35_6.1.7601.17514_none_59555c0e1c877c53
12/2/2020 - 17:46:2.153Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_1394.inf_31bf3856ad364e35_6.1.7601.17514_none_59555c0e1c877c53
12/2/2020 - 17:46:2.153Open2308C:\malware.exeC:\Windows\winsxs\amd64_61883.inf_31bf3856ad364e35_6.1.7600.16385_none_85f254c73905f86e
12/2/2020 - 17:46:2.153Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_61883.inf_31bf3856ad364e35_6.1.7600.16385_none_85f254c73905f86e
12/2/2020 - 17:46:2.153Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:2.293Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:2.434Open2308C:\malware.exeC:\Windows\winsxs\amd64_agp.inf_31bf3856ad364e35_6.1.7600.16385_none_c7f512edfa7ccbd0
12/2/2020 - 17:46:2.434Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_agp.inf_31bf3856ad364e35_6.1.7600.16385_none_c7f512edfa7ccbd0
12/2/2020 - 17:46:2.434Open2308C:\malware.exeC:\Windows\winsxs\amd64_amdsata.inf_31bf3856ad364e35_6.1.7601.17514_none_aa92dcaf988a9119
12/2/2020 - 17:46:2.434Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_amdsata.inf_31bf3856ad364e35_6.1.7601.17514_none_aa92dcaf988a9119
12/2/2020 - 17:46:2.434Open2308C:\malware.exeC:\Windows\winsxs\amd64_arc.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0f20f27cd87479b5
12/2/2020 - 17:46:2.434Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_arc.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0f20f27cd87479b5
12/2/2020 - 17:46:2.434Open2308C:\malware.exeC:\Windows\winsxs\amd64_arcsas.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b01bdd9b3c84d7be
12/2/2020 - 17:46:2.434Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_arcsas.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b01bdd9b3c84d7be
12/2/2020 - 17:46:2.434Open2308C:\malware.exeC:\Windows\winsxs\amd64_arcsas.inf_31bf3856ad364e35_6.1.7600.16385_none_76ecda49a2a75845
12/2/2020 - 17:46:2.434Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_arcsas.inf_31bf3856ad364e35_6.1.7600.16385_none_76ecda49a2a75845
12/2/2020 - 17:46:2.481Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:2.622Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:2.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_atiilhag.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a9e76cf4844eb38a
12/2/2020 - 17:46:2.715Read2308C:\malware.exeC:\Windows\winsxs\amd64_atiilhag.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a9e76cf4844eb38a
12/2/2020 - 17:46:2.762Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_atiilhag.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a9e76cf4844eb38a
12/2/2020 - 17:46:2.809Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:2.950Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:2.997Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:3.90Open2308C:\malware.exeC:\Windows\winsxs\amd64_averfx2swtv_noavin_x64.inf_31bf3856ad364e35_6.1.7600.16385_none_d09f0e4b6533fbdf
12/2/2020 - 17:46:3.90Read2308C:\malware.exeC:\Windows\winsxs\amd64_averfx2swtv_noavin_x64.inf_31bf3856ad364e35_6.1.7600.16385_none_d09f0e4b6533fbdf
12/2/2020 - 17:46:3.137Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_averfx2swtv_noavin_x64.inf_31bf3856ad364e35_6.1.7600.16385_none_d09f0e4b6533fbdf
12/2/2020 - 17:46:3.137Open2308C:\malware.exeC:\Windows\winsxs\amd64_averhbh826_noaverir_x64.inf_31bf3856ad364e35_6.1.7600.16385_none_627d53d0cd5664c2
12/2/2020 - 17:46:3.137Read2308C:\malware.exeC:\Windows\winsxs\amd64_averhbh826_noaverir_x64.inf_31bf3856ad364e35_6.1.7600.16385_none_627d53d0cd5664c2
12/2/2020 - 17:46:3.184Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_averhbh826_noaverir_x64.inf_31bf3856ad364e35_6.1.7600.16385_none_627d53d0cd5664c2
12/2/2020 - 17:46:3.184Open2308C:\malware.exeC:\Windows\winsxs\amd64_battery.inf.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_c4b3f8a9bd480082
12/2/2020 - 17:46:3.184Read2308C:\malware.exeC:\Windows\winsxs\amd64_battery.inf.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_c4b3f8a9bd480082
12/2/2020 - 17:46:3.231Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_battery.inf.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_c4b3f8a9bd480082
12/2/2020 - 17:46:3.231Open2308C:\malware.exeC:\Windows\winsxs\amd64_battery.inf_31bf3856ad364e35_6.1.7600.16385_none_721c84936d812c57
12/2/2020 - 17:46:3.231Read2308C:\malware.exeC:\Windows\winsxs\amd64_battery.inf_31bf3856ad364e35_6.1.7600.16385_none_721c84936d812c57
12/2/2020 - 17:46:3.278Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_battery.inf_31bf3856ad364e35_6.1.7600.16385_none_721c84936d812c57
12/2/2020 - 17:46:3.278Open2308C:\malware.exeC:\Windows\winsxs\amd64_blbdrive.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_55796f293c0effad
12/2/2020 - 17:46:3.278Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_blbdrive.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_55796f293c0effad
12/2/2020 - 17:46:3.278Open2308C:\malware.exeC:\Windows\winsxs\amd64_brmfcmf.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e829eb0693027e0a
12/2/2020 - 17:46:3.278Read2308C:\malware.exeC:\Windows\winsxs\amd64_brmfcmf.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e829eb0693027e0a
12/2/2020 - 17:46:3.325Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_brmfcmf.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e829eb0693027e0a
12/2/2020 - 17:46:3.418Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:3.559Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:3.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_brmfcsto.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_bef161c3a509acff
12/2/2020 - 17:46:3.606Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_brmfcsto.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_bef161c3a509acff
12/2/2020 - 17:46:3.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_brmfcumd.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cffe2413e86ac361
12/2/2020 - 17:46:3.606Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_brmfcumd.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cffe2413e86ac361
12/2/2020 - 17:46:3.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_brmfport.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a8223b8064e45e1f
12/2/2020 - 17:46:3.606Read2308C:\malware.exeC:\Windows\winsxs\amd64_brmfport.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a8223b8064e45e1f
12/2/2020 - 17:46:3.653Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_brmfport.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a8223b8064e45e1f
12/2/2020 - 17:46:3.747Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:3.887Open2308C:\malware.exeC:\Windows\winsxs\amd64_cdrom.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_964bf5adddf5c6b0
12/2/2020 - 17:46:3.887Read2308C:\malware.exeC:\Windows\winsxs\amd64_cdrom.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_964bf5adddf5c6b0
12/2/2020 - 17:46:3.934Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_cdrom.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_964bf5adddf5c6b0
12/2/2020 - 17:46:3.934Open2308C:\malware.exeC:\Windows\winsxs\amd64_cpu.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_54e3a199cba02353
12/2/2020 - 17:46:3.934Read2308C:\malware.exeC:\Windows\winsxs\amd64_cpu.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_54e3a199cba02353
12/2/2020 - 17:46:3.997Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_cpu.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_54e3a199cba02353
12/2/2020 - 17:46:3.997Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:4.137Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:4.278Open2308C:\malware.exeC:\Windows\winsxs\amd64_custommarshalers_b03f5f7f11d50a3a_6.1.7601.18523_none_feef599339e23bc7
12/2/2020 - 17:46:4.278Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_custommarshalers_b03f5f7f11d50a3a_6.1.7601.18523_none_feef599339e23bc7
12/2/2020 - 17:46:4.278Open2308C:\malware.exeC:\Windows\winsxs\amd64_cxraptor_fm1236mk5_ibv64.inf_31bf3856ad364e35_6.1.7600.16385_none_a0e6031d536a7892
12/2/2020 - 17:46:4.278Read2308C:\malware.exeC:\Windows\winsxs\amd64_cxraptor_fm1236mk5_ibv64.inf_31bf3856ad364e35_6.1.7600.16385_none_a0e6031d536a7892
12/2/2020 - 17:46:4.309Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_cxraptor_fm1236mk5_ibv64.inf_31bf3856ad364e35_6.1.7600.16385_none_a0e6031d536a7892
12/2/2020 - 17:46:4.309Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:4.497Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:4.543Open2308C:\malware.exeC:\Windows\winsxs\amd64_desktop_shell-search-srchadmin.resources_31bf3856ad364e35_7.0.7600.16385_pt-br_81f6d04c2f998574
12/2/2020 - 17:46:4.543Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_desktop_shell-search-srchadmin.resources_31bf3856ad364e35_7.0.7600.16385_pt-br_81f6d04c2f998574
12/2/2020 - 17:46:4.543Open2308C:\malware.exeC:\Windows\winsxs\amd64_disk.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6407cacd6a17c740
12/2/2020 - 17:46:4.543Read2308C:\malware.exeC:\Windows\winsxs\amd64_disk.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6407cacd6a17c740
12/2/2020 - 17:46:4.590Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_disk.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6407cacd6a17c740
12/2/2020 - 17:46:4.590Open2308C:\malware.exeC:\Windows\winsxs\amd64_display.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8d55448dc354284f
12/2/2020 - 17:46:4.590Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_display.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8d55448dc354284f
12/2/2020 - 17:46:4.590Open2308C:\malware.exeC:\Windows\winsxs\amd64_display.inf_31bf3856ad364e35_6.1.7600.16385_none_dc4a31b0e7fffb2c
12/2/2020 - 17:46:4.590Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_display.inf_31bf3856ad364e35_6.1.7600.16385_none_dc4a31b0e7fffb2c
12/2/2020 - 17:46:4.590Open2308C:\malware.exeC:\Windows\winsxs\amd64_dot4.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_850708d294087e2a
12/2/2020 - 17:46:4.590Read2308C:\malware.exeC:\Windows\winsxs\amd64_dot4.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_850708d294087e2a
12/2/2020 - 17:46:4.637Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_dot4.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_850708d294087e2a
12/2/2020 - 17:46:4.731Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:4.778Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:4.918Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:4.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_dot4prt.inf_31bf3856ad364e35_6.1.7601.17514_none_cb6128e5835622ff
12/2/2020 - 17:46:4.965Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_dot4prt.inf_31bf3856ad364e35_6.1.7601.17514_none_cb6128e5835622ff
12/2/2020 - 17:46:4.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_eaphost.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4c4dd95f9d02e645
12/2/2020 - 17:46:4.965Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_eaphost.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4c4dd95f9d02e645
12/2/2020 - 17:46:4.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_ehome-bdatunepia_31bf3856ad364e35_6.1.7601.17514_none_4bcd40fd63f3f7b4
12/2/2020 - 17:46:4.965Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_ehome-bdatunepia_31bf3856ad364e35_6.1.7601.17514_none_4bcd40fd63f3f7b4
12/2/2020 - 17:46:4.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_ehstorpwddrv.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1483f5670036e2b3
12/2/2020 - 17:46:4.965Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_ehstorpwddrv.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1483f5670036e2b3
12/2/2020 - 17:46:4.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_eventviewersettings.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f4c31aa31a4963b1
12/2/2020 - 17:46:4.965Read2308C:\malware.exeC:\Windows\winsxs\amd64_eventviewersettings.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f4c31aa31a4963b1
12/2/2020 - 17:46:5.12Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_eventviewersettings.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f4c31aa31a4963b1
12/2/2020 - 17:46:5.106Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:5.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_fdc.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6b5f34bf40d15edc
12/2/2020 - 17:46:5.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_fdc.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6b5f34bf40d15edc
12/2/2020 - 17:46:5.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_fdproxy_31bf3856ad364e35_6.1.7601.17514_none_d98c575f8530e950
12/2/2020 - 17:46:5.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_fdproxy_31bf3856ad364e35_6.1.7601.17514_none_d98c575f8530e950
12/2/2020 - 17:46:5.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_fdwnet_31bf3856ad364e35_6.1.7600.16385_none_971d9ecc8dc2c18a
12/2/2020 - 17:46:5.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_fdwnet_31bf3856ad364e35_6.1.7600.16385_none_971d9ecc8dc2c18a
12/2/2020 - 17:46:5.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_fdwsd_31bf3856ad364e35_6.1.7600.16385_none_d99d751adbd6df3c
12/2/2020 - 17:46:5.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_fdwsd_31bf3856ad364e35_6.1.7600.16385_none_d99d751adbd6df3c
12/2/2020 - 17:46:5.293Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:5.434Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:5.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_flpydisk.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_719568c988232f75
12/2/2020 - 17:46:5.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_flpydisk.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_719568c988232f75
12/2/2020 - 17:46:5.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_hcw85b64.inf_31bf3856ad364e35_6.1.7600.16385_none_61287d00f82bbdeb
12/2/2020 - 17:46:5.528Read2308C:\malware.exeC:\Windows\winsxs\amd64_hcw85b64.inf_31bf3856ad364e35_6.1.7600.16385_none_61287d00f82bbdeb
12/2/2020 - 17:46:5.575Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_hcw85b64.inf_31bf3856ad364e35_6.1.7600.16385_none_61287d00f82bbdeb
12/2/2020 - 17:46:5.575Open2308C:\malware.exeC:\Windows\winsxs\amd64_hdaudio.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3f30304bb27d5f13
12/2/2020 - 17:46:5.575Read2308C:\malware.exeC:\Windows\winsxs\amd64_hdaudio.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3f30304bb27d5f13
12/2/2020 - 17:46:5.622Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_hdaudio.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3f30304bb27d5f13
12/2/2020 - 17:46:5.668Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:5.809Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:5.903Open2308C:\malware.exeC:\Windows\winsxs\amd64_hid-user.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c333b82771977243
12/2/2020 - 17:46:5.903Read2308C:\malware.exeC:\Windows\winsxs\amd64_hid-user.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c333b82771977243
12/2/2020 - 17:46:5.950Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_hid-user.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c333b82771977243
12/2/2020 - 17:46:5.950Open2308C:\malware.exeC:\Windows\winsxs\amd64_hidir.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_60adf4130033106f
12/2/2020 - 17:46:5.950Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_hidir.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_60adf4130033106f
12/2/2020 - 17:46:5.950Open2308C:\malware.exeC:\Windows\winsxs\amd64_hpoa1sd.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0ab355d533e6032b
12/2/2020 - 17:46:5.950Read2308C:\malware.exeC:\Windows\winsxs\amd64_hpoa1sd.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0ab355d533e6032b
12/2/2020 - 17:46:5.997Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_hpoa1sd.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0ab355d533e6032b
12/2/2020 - 17:46:6.90Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:6.231Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:6.278Open2308C:\malware.exeC:\Windows\winsxs\amd64_hpoa1ss.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_30abed345769e74c
12/2/2020 - 17:46:6.278Read2308C:\malware.exeC:\Windows\winsxs\amd64_hpoa1ss.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_30abed345769e74c
12/2/2020 - 17:46:6.325Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_hpoa1ss.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_30abed345769e74c
12/2/2020 - 17:46:6.325Open2308C:\malware.exeC:\Windows\winsxs\amd64_hpoa1ss.inf_31bf3856ad364e35_6.1.7600.16385_none_551deeb482597ed9
12/2/2020 - 17:46:6.325Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_hpoa1ss.inf_31bf3856ad364e35_6.1.7600.16385_none_551deeb482597ed9
12/2/2020 - 17:46:6.325Open2308C:\malware.exeC:\Windows\winsxs\amd64_hpsamd.inf_31bf3856ad364e35_6.1.7601.17514_none_5b5cf553a3ff2443
12/2/2020 - 17:46:6.325Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_hpsamd.inf_31bf3856ad364e35_6.1.7601.17514_none_5b5cf553a3ff2443
12/2/2020 - 17:46:6.418Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:6.465Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:6.606Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:6.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_infocard.resources_b77a5c561934e089_6.1.7601.22733_pt-br_f9105674a24b7dde
12/2/2020 - 17:46:6.653Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_infocard.resources_b77a5c561934e089_6.1.7601.22733_pt-br_f9105674a24b7dde
12/2/2020 - 17:46:6.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_infocard_b77a5c561934e089_6.1.7601.17514_none_583a8c60c0b305a1
12/2/2020 - 17:46:6.653Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_infocard_b77a5c561934e089_6.1.7601.17514_none_583a8c60c0b305a1
12/2/2020 - 17:46:6.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_input.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7f30db4d431b0f89
12/2/2020 - 17:46:6.653Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_input.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7f30db4d431b0f89
12/2/2020 - 17:46:6.793Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:6.887Open2308C:\malware.exeC:\Windows\winsxs\amd64_ipmidrv.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a5a441d7420076c8
12/2/2020 - 17:46:6.887Read2308C:\malware.exeC:\Windows\winsxs\amd64_ipmidrv.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a5a441d7420076c8
12/2/2020 - 17:46:7.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_ipmidrv.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a5a441d7420076c8
12/2/2020 - 17:46:7.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_ipmidrv.inf_31bf3856ad364e35_6.1.7601.17514_none_59cef7610231e41b
12/2/2020 - 17:46:7.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_ipmidrv.inf_31bf3856ad364e35_6.1.7601.17514_none_59cef7610231e41b
12/2/2020 - 17:46:7.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_iscsi.inf_31bf3856ad364e35_6.1.7601.18386_none_9aa001af0a7d5207
12/2/2020 - 17:46:7.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_iscsi.inf_31bf3856ad364e35_6.1.7601.18386_none_9aa001af0a7d5207
12/2/2020 - 17:46:7.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_isymwrapper_b03f5f7f11d50a3a_6.1.7601.18523_none_950bd9febb4691e9
12/2/2020 - 17:46:7.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_isymwrapper_b03f5f7f11d50a3a_6.1.7601.18523_none_950bd9febb4691e9
12/2/2020 - 17:46:7.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_keyboard.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8c39f9b4f2c338ee
12/2/2020 - 17:46:7.28Read2308C:\malware.exeC:\Windows\winsxs\amd64_keyboard.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8c39f9b4f2c338ee
12/2/2020 - 17:46:7.122Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_keyboard.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8c39f9b4f2c338ee
12/2/2020 - 17:46:7.168Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:7.309Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:7.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_lsi_sas.inf_31bf3856ad364e35_6.1.7600.16385_none_5b5d0e1d4a52a336
12/2/2020 - 17:46:7.403Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_lsi_sas.inf_31bf3856ad364e35_6.1.7600.16385_none_5b5d0e1d4a52a336
12/2/2020 - 17:46:7.450Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:7.637Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:7.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmadc.inf_31bf3856ad364e35_6.1.7600.16385_none_f579a91fad889610
12/2/2020 - 17:46:7.731Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmadc.inf_31bf3856ad364e35_6.1.7600.16385_none_f579a91fad889610
12/2/2020 - 17:46:7.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmags64.inf_31bf3856ad364e35_6.1.7600.16385_none_8abdabbbcd196853
12/2/2020 - 17:46:7.731Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmags64.inf_31bf3856ad364e35_6.1.7600.16385_none_8abdabbbcd196853
12/2/2020 - 17:46:7.778Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:7.918Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:8.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmarch.inf_31bf3856ad364e35_6.1.7600.16385_none_5a4aa286326cef32
12/2/2020 - 17:46:8.12Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmarch.inf_31bf3856ad364e35_6.1.7600.16385_none_5a4aa286326cef32
12/2/2020 - 17:46:8.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmarn.inf_31bf3856ad364e35_6.1.7600.16385_none_36c04b56b6587575
12/2/2020 - 17:46:8.12Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmarn.inf_31bf3856ad364e35_6.1.7600.16385_none_36c04b56b6587575
12/2/2020 - 17:46:8.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmati.inf_31bf3856ad364e35_6.1.7600.16385_none_594ca36ceb4ed556
12/2/2020 - 17:46:8.12Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmati.inf_31bf3856ad364e35_6.1.7600.16385_none_594ca36ceb4ed556
12/2/2020 - 17:46:8.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmatm2k.inf_31bf3856ad364e35_6.1.7600.16385_none_35b788d12f1fd743
12/2/2020 - 17:46:8.12Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmatm2k.inf_31bf3856ad364e35_6.1.7600.16385_none_35b788d12f1fd743
12/2/2020 - 17:46:8.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmboca.inf_31bf3856ad364e35_6.1.7600.16385_none_a1b25faa0f4a1e75
12/2/2020 - 17:46:8.12Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmboca.inf_31bf3856ad364e35_6.1.7600.16385_none_a1b25faa0f4a1e75
12/2/2020 - 17:46:8.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmbr002.inf_31bf3856ad364e35_6.1.7600.16385_none_bff4698a07fe9888
12/2/2020 - 17:46:8.12Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmbr002.inf_31bf3856ad364e35_6.1.7600.16385_none_bff4698a07fe9888
12/2/2020 - 17:46:8.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmbr006.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d65135c919d11017
12/2/2020 - 17:46:8.12Read2308C:\malware.exeC:\Windows\winsxs\amd64_mdmbr006.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d65135c919d11017
12/2/2020 - 17:46:8.59Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmbr006.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d65135c919d11017
12/2/2020 - 17:46:8.106Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:8.153Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:8.340Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:8.387Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmbr007.inf_31bf3856ad364e35_6.1.7600.16385_none_c2a1c4938595c695
12/2/2020 - 17:46:8.387Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmbr007.inf_31bf3856ad364e35_6.1.7600.16385_none_c2a1c4938595c695
12/2/2020 - 17:46:8.387Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmbr008.inf_31bf3856ad364e35_6.1.7600.16385_none_c32ad6c89eb402fe
12/2/2020 - 17:46:8.387Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmbr008.inf_31bf3856ad364e35_6.1.7600.16385_none_c32ad6c89eb402fe
12/2/2020 - 17:46:8.387Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmbsb.inf_31bf3856ad364e35_6.1.7600.16385_none_baf00341e98f4c31
12/2/2020 - 17:46:8.387Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmbsb.inf_31bf3856ad364e35_6.1.7600.16385_none_baf00341e98f4c31
12/2/2020 - 17:46:8.387Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmbw561.inf_31bf3856ad364e35_6.1.7600.16385_none_ccdcd7e1bbd30d11
12/2/2020 - 17:46:8.387Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmbw561.inf_31bf3856ad364e35_6.1.7600.16385_none_ccdcd7e1bbd30d11
12/2/2020 - 17:46:8.387Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmcm28.inf_31bf3856ad364e35_6.1.7600.16385_none_d130a4ccfd6ae450
12/2/2020 - 17:46:8.387Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmcm28.inf_31bf3856ad364e35_6.1.7600.16385_none_d130a4ccfd6ae450
12/2/2020 - 17:46:8.481Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:8.622Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmcpq.inf_31bf3856ad364e35_6.1.7601.17514_none_d13aa360cb6ad78e
12/2/2020 - 17:46:8.622Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmcpq.inf_31bf3856ad364e35_6.1.7601.17514_none_d13aa360cb6ad78e
12/2/2020 - 17:46:8.622Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmdgitn.inf_31bf3856ad364e35_6.1.7600.16385_none_e651271284ede08a
12/2/2020 - 17:46:8.622Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmdgitn.inf_31bf3856ad364e35_6.1.7600.16385_none_e651271284ede08a
12/2/2020 - 17:46:8.622Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:8.762Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:8.903Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmdp2.inf_31bf3856ad364e35_6.1.7600.16385_none_ab1fe39a35e45f56
12/2/2020 - 17:46:8.903Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmdp2.inf_31bf3856ad364e35_6.1.7600.16385_none_ab1fe39a35e45f56
12/2/2020 - 17:46:8.903Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmdsi.inf_31bf3856ad364e35_6.1.7600.16385_none_31d603eabdc39192
12/2/2020 - 17:46:8.903Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmdsi.inf_31bf3856ad364e35_6.1.7600.16385_none_31d603eabdc39192
12/2/2020 - 17:46:8.903Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmdyna.inf_31bf3856ad364e35_6.1.7600.16385_none_3fc3cdc566be92b0
12/2/2020 - 17:46:8.903Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmdyna.inf_31bf3856ad364e35_6.1.7600.16385_none_3fc3cdc566be92b0
12/2/2020 - 17:46:8.903Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmeric2.inf_31bf3856ad364e35_6.1.7600.16385_none_b9ce6cb341a5637b
12/2/2020 - 17:46:8.903Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmeric2.inf_31bf3856ad364e35_6.1.7600.16385_none_b9ce6cb341a5637b
12/2/2020 - 17:46:8.903Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmetech.inf_31bf3856ad364e35_6.1.7600.16385_none_9c62e005b58d9ebb
12/2/2020 - 17:46:8.903Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmetech.inf_31bf3856ad364e35_6.1.7600.16385_none_9c62e005b58d9ebb
12/2/2020 - 17:46:8.903Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmfj2.inf_31bf3856ad364e35_6.1.7600.16385_none_b5c7033b92bd022e
12/2/2020 - 17:46:8.903Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmfj2.inf_31bf3856ad364e35_6.1.7600.16385_none_b5c7033b92bd022e
12/2/2020 - 17:46:8.903Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmgatew.inf_31bf3856ad364e35_6.1.7600.16385_none_e996a8c57d55e098
12/2/2020 - 17:46:8.903Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmgatew.inf_31bf3856ad364e35_6.1.7600.16385_none_e996a8c57d55e098
12/2/2020 - 17:46:8.903Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmgen.inf_31bf3856ad364e35_6.1.7601.18247_none_2622614a26648096
12/2/2020 - 17:46:8.903Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmgen.inf_31bf3856ad364e35_6.1.7601.18247_none_2622614a26648096
12/2/2020 - 17:46:8.950Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:9.90Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:9.184Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmiodat.inf_31bf3856ad364e35_6.1.7600.16385_none_a748894c03713031
12/2/2020 - 17:46:9.184Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmiodat.inf_31bf3856ad364e35_6.1.7600.16385_none_a748894c03713031
12/2/2020 - 17:46:9.231Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:9.372Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:9.465Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmke.inf_31bf3856ad364e35_6.1.7600.16385_none_e36071b63c091954
12/2/2020 - 17:46:9.465Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmke.inf_31bf3856ad364e35_6.1.7600.16385_none_e36071b63c091954
12/2/2020 - 17:46:9.465Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmlucnt.inf_31bf3856ad364e35_6.1.7600.16385_none_e4d68afaabffe67a
12/2/2020 - 17:46:9.465Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmlucnt.inf_31bf3856ad364e35_6.1.7600.16385_none_e4d68afaabffe67a
12/2/2020 - 17:46:9.465Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmmcd.inf_31bf3856ad364e35_6.1.7600.16385_none_75f2f184549e8f36
12/2/2020 - 17:46:9.465Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmmcd.inf_31bf3856ad364e35_6.1.7600.16385_none_75f2f184549e8f36
12/2/2020 - 17:46:9.465Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmmct.inf_31bf3856ad364e35_6.1.7600.16385_none_a7d732137db062c6
12/2/2020 - 17:46:9.465Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmmct.inf_31bf3856ad364e35_6.1.7600.16385_none_a7d732137db062c6
12/2/2020 - 17:46:9.512Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:9.559Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:9.700Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:9.747Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmmod.inf_31bf3856ad364e35_6.1.7600.16385_none_62c8fb15ff663b2a
12/2/2020 - 17:46:9.747Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmmod.inf_31bf3856ad364e35_6.1.7600.16385_none_62c8fb15ff663b2a
12/2/2020 - 17:46:9.747Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmmot64.inf_31bf3856ad364e35_6.1.7600.16385_none_e5bc62f58910b398
12/2/2020 - 17:46:9.747Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmmot64.inf_31bf3856ad364e35_6.1.7600.16385_none_e5bc62f58910b398
12/2/2020 - 17:46:9.747Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmnis2u.inf_31bf3856ad364e35_6.1.7600.16385_none_ed46e0a714e373a9
12/2/2020 - 17:46:9.747Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmnis2u.inf_31bf3856ad364e35_6.1.7600.16385_none_ed46e0a714e373a9
12/2/2020 - 17:46:9.840Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:9.981Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:10.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmnttd2.inf_31bf3856ad364e35_6.1.7600.16385_none_0f272be87f4643ca
12/2/2020 - 17:46:10.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmnttd2.inf_31bf3856ad364e35_6.1.7600.16385_none_0f272be87f4643ca
12/2/2020 - 17:46:10.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmolic.inf_31bf3856ad364e35_6.1.7600.16385_none_5afe0c15d667b4c1
12/2/2020 - 17:46:10.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmolic.inf_31bf3856ad364e35_6.1.7600.16385_none_5afe0c15d667b4c1
12/2/2020 - 17:46:10.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmpin.inf_31bf3856ad364e35_6.1.7600.16385_none_cd27d545ef083ea5
12/2/2020 - 17:46:10.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmpin.inf_31bf3856ad364e35_6.1.7600.16385_none_cd27d545ef083ea5
12/2/2020 - 17:46:10.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmpn1.inf_31bf3856ad364e35_6.1.7600.16385_none_bc4acdcb7ef2250b
12/2/2020 - 17:46:10.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmpn1.inf_31bf3856ad364e35_6.1.7600.16385_none_bc4acdcb7ef2250b
12/2/2020 - 17:46:10.168Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:10.309Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmpp.inf_31bf3856ad364e35_6.1.7600.16385_none_a9d2002feb81fa56
12/2/2020 - 17:46:10.309Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmpp.inf_31bf3856ad364e35_6.1.7600.16385_none_a9d2002feb81fa56
12/2/2020 - 17:46:10.309Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmsuprv.inf_31bf3856ad364e35_6.1.7600.16385_none_4fb7d394934f6d4e
12/2/2020 - 17:46:10.309Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmsuprv.inf_31bf3856ad364e35_6.1.7600.16385_none_4fb7d394934f6d4e
12/2/2020 - 17:46:10.309Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:10.450Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:10.590Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmtdkj2.inf_31bf3856ad364e35_6.1.7600.16385_none_0a23444b9e8721bd
12/2/2020 - 17:46:10.590Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmtdkj2.inf_31bf3856ad364e35_6.1.7600.16385_none_0a23444b9e8721bd
12/2/2020 - 17:46:10.590Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmtkr.inf_31bf3856ad364e35_6.1.7600.16385_none_ade8da810f91972b
12/2/2020 - 17:46:10.590Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmtkr.inf_31bf3856ad364e35_6.1.7600.16385_none_ade8da810f91972b
12/2/2020 - 17:46:10.590Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmusrgl.inf_31bf3856ad364e35_6.1.7600.16385_none_b2c1c88417dc71f1
12/2/2020 - 17:46:10.590Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmusrgl.inf_31bf3856ad364e35_6.1.7600.16385_none_b2c1c88417dc71f1
12/2/2020 - 17:46:10.590Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmusrk1.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_16c450346d7fdfc3
12/2/2020 - 17:46:10.590Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmusrk1.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_16c450346d7fdfc3
12/2/2020 - 17:46:10.590Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:10.778Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:10.872Open2308C:\malware.exeC:\Windows\winsxs\amd64_mdmvv.inf_31bf3856ad364e35_6.1.7600.16385_none_a3737237579b3ac6
12/2/2020 - 17:46:10.872Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mdmvv.inf_31bf3856ad364e35_6.1.7600.16385_none_a3737237579b3ac6
12/2/2020 - 17:46:10.918Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:10.965Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:11.106Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:11.153Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..-provider.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5378650fc0d2a021
12/2/2020 - 17:46:11.153Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..-provider.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5378650fc0d2a021
12/2/2020 - 17:46:11.247Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:11.340Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:11.434Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..core-base.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c7bc9cbe7a37cdee
12/2/2020 - 17:46:11.434Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..core-base.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c7bc9cbe7a37cdee
12/2/2020 - 17:46:11.434Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..dcredentialprovider_31bf3856ad364e35_6.1.7601.22472_none_a0774c43f27d0fb8
12/2/2020 - 17:46:11.434Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..dcredentialprovider_31bf3856ad364e35_6.1.7601.22472_none_a0774c43f27d0fb8
12/2/2020 - 17:46:11.434Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..e-results.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_bf38ed8132bb8490
12/2/2020 - 17:46:11.434Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..e-results.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_bf38ed8132bb8490
12/2/2020 - 17:46:11.481Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:11.622Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:11.668Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.1.7601.17514_none_3337092d63596104
12/2/2020 - 17:46:11.668Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.1.7601.17514_none_3337092d63596104
12/2/2020 - 17:46:11.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.1.7601.17514_none_3337092d63596104
12/2/2020 - 17:46:11.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.1.7601.22298_none_6a7f3dcc2246ffc1
12/2/2020 - 17:46:11.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.1.7601.22298_none_6a7f3dcc2246ffc1
12/2/2020 - 17:46:11.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.1.7600.16385_none_68192a650bfba522
12/2/2020 - 17:46:11.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.1.7600.16385_none_68192a650bfba522
12/2/2020 - 17:46:11.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.1.7600.16385_none_681a2aaf0bfabe79
12/2/2020 - 17:46:11.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.1.7600.16385_none_681a2aaf0bfabe79
12/2/2020 - 17:46:11.809Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:11.903Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.1.7601.22248_none_6ab84e46221bc011
12/2/2020 - 17:46:11.903Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.1.7601.22248_none_6ab84e46221bc011
12/2/2020 - 17:46:11.903Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.1.7601.17514_none_6a4c3ec108e85b6a
12/2/2020 - 17:46:11.903Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.1.7601.17514_none_6a4c3ec108e85b6a
12/2/2020 - 17:46:11.903Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ercomtool.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a925c78e20ba1082
12/2/2020 - 17:46:11.903Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ercomtool.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a925c78e20ba1082
12/2/2020 - 17:46:11.903Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..figurator.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1e5f34beeb8f2487
12/2/2020 - 17:46:11.903Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..figurator.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1e5f34beeb8f2487
12/2/2020 - 17:46:11.903Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:11.950Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:12.90Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:12.184Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..iles-help.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ec0b349bd61d1d1e
12/2/2020 - 17:46:12.184Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..iles-help.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ec0b349bd61d1d1e
12/2/2020 - 17:46:12.231Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..iles-help.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ec0b349bd61d1d1e
12/2/2020 - 17:46:12.231Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ion-telemetry-agent_31bf3856ad364e35_6.1.7601.17514_none_3092574c7d41010b
12/2/2020 - 17:46:12.231Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ion-telemetry-agent_31bf3856ad364e35_6.1.7601.17514_none_3092574c7d41010b
12/2/2020 - 17:46:12.278Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:12.418Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:12.512Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..leshooter.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_683b0a010c48cc3d
12/2/2020 - 17:46:12.512Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..leshooter.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_683b0a010c48cc3d
12/2/2020 - 17:46:12.512Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..managerui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a1f8876c9b8b4377
12/2/2020 - 17:46:12.512Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..managerui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a1f8876c9b8b4377
12/2/2020 - 17:46:12.512Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..mecontrol.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3ac9202c2703e587
12/2/2020 - 17:46:12.512Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..mecontrol.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3ac9202c2703e587
12/2/2020 - 17:46:12.559Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..mecontrol.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3ac9202c2703e587
12/2/2020 - 17:46:12.559Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..oldertool.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_70e17e9120c2bc39
12/2/2020 - 17:46:12.559Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..oldertool.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_70e17e9120c2bc39
12/2/2020 - 17:46:12.559Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..on-authui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e90dbf9a236e7f34
12/2/2020 - 17:46:12.559Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..on-authui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e90dbf9a236e7f34
12/2/2020 - 17:46:12.559Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:12.700Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:12.793Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..on-authui.resources_31bf3856ad364e35_6.1.7601.18276_pt-br_eaffd7f4208bff4e
12/2/2020 - 17:46:12.793Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..on-authui.resources_31bf3856ad364e35_6.1.7601.18276_pt-br_eaffd7f4208bff4e
12/2/2020 - 17:46:12.793Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.1.7601.17514_none_f2f02c72bf119df2
12/2/2020 - 17:46:12.793Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.1.7601.17514_none_f2f02c72bf119df2
12/2/2020 - 17:46:12.793Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..on-logger.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f7297107ae9dece3
12/2/2020 - 17:46:12.793Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..on-logger.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f7297107ae9dece3
12/2/2020 - 17:46:12.793Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..orecodecs.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a1ada6d5491f1013
12/2/2020 - 17:46:12.793Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..orecodecs.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a1ada6d5491f1013
12/2/2020 - 17:46:12.840Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..orecodecs.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a1ada6d5491f1013
12/2/2020 - 17:46:12.887Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:13.28Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:13.75Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:13.122Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:13.168Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-aclui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9f62fc5a3750b9c7
12/2/2020 - 17:46:13.168Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-aclui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9f62fc5a3750b9c7
12/2/2020 - 17:46:13.168Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-aclui_31bf3856ad364e35_6.1.7600.16385_none_b0ff4fc4cd57c163
12/2/2020 - 17:46:13.168Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-aclui_31bf3856ad364e35_6.1.7600.16385_none_b0ff4fc4cd57c163
12/2/2020 - 17:46:13.262Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:13.403Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:13.450Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-adaptertroubleshooter_31bf3856ad364e35_6.1.7600.16385_none_2df6395b9cf7e9a5
12/2/2020 - 17:46:13.450Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-adaptertroubleshooter_31bf3856ad364e35_6.1.7600.16385_none_2df6395b9cf7e9a5
12/2/2020 - 17:46:13.450Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-advapi32.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_761aa05f3739f3dd
12/2/2020 - 17:46:13.450Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-advapi32.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_761aa05f3739f3dd
12/2/2020 - 17:46:13.450Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-advapi32.resources_31bf3856ad364e35_6.1.7601.19135_pt-br_7836df7134380756
12/2/2020 - 17:46:13.450Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-advapi32.resources_31bf3856ad364e35_6.1.7601.19135_pt-br_7836df7134380756
12/2/2020 - 17:46:13.450Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-advapi32.resources_31bf3856ad364e35_6.1.7601.23338_pt-br_78c37f004d52f04c
12/2/2020 - 17:46:13.450Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-advapi32.resources_31bf3856ad364e35_6.1.7601.23338_pt-br_78c37f004d52f04c
12/2/2020 - 17:46:13.450Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-advapi32.resources_31bf3856ad364e35_6.1.7601.23392_pt-br_787c9dbc4d88ffe8
12/2/2020 - 17:46:13.450Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-advapi32.resources_31bf3856ad364e35_6.1.7601.23392_pt-br_787c9dbc4d88ffe8
12/2/2020 - 17:46:13.543Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:13.637Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-advpack.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_af733c880603d8d8
12/2/2020 - 17:46:13.637Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-advpack.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_af733c880603d8d8
12/2/2020 - 17:46:13.637Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-alttab_31bf3856ad364e35_6.1.7600.16385_none_c4d243efd8c27ee9
12/2/2020 - 17:46:13.637Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-alttab_31bf3856ad364e35_6.1.7600.16385_none_c4d243efd8c27ee9
12/2/2020 - 17:46:13.637Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_93bbb12f333fc90f
12/2/2020 - 17:46:13.637Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_93bbb12f333fc90f
12/2/2020 - 17:46:13.684Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_93bbb12f333fc90f
12/2/2020 - 17:46:13.731Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:13.872Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:13.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.17514_none_b57215bac8c6d647
12/2/2020 - 17:46:13.965Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.17514_none_b57215bac8c6d647
12/2/2020 - 17:46:14.12Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.17514_none_b57215bac8c6d647
12/2/2020 - 17:46:14.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22948_none_b5df32d3e1f94056
12/2/2020 - 17:46:14.12Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22948_none_b5df32d3e1f94056
12/2/2020 - 17:46:14.59Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22948_none_b5df32d3e1f94056\appidcertstorecheck.exe
12/2/2020 - 17:46:14.106Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22948_none_b5df32d3e1f94056\appidcertstorecheck.exeappidcertstorecheck.exe
12/2/2020 - 17:46:14.106Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22948_none_b5df32d3e1f94056\appidcertstorecheck.exe
12/2/2020 - 17:46:14.106Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22948_none_b5df32d3e1f94056\appidcertstorecheck.exe
12/2/2020 - 17:46:14.106Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22948_none_b5df32d3e1f94056\appidcertstorecheck.exe
12/2/2020 - 17:46:14.106Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22948_none_b5df32d3e1f94056
12/2/2020 - 17:46:14.153Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:14.293Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:14.387Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-audio-mci.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1c2735ff755a7fa3
12/2/2020 - 17:46:14.387Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-audio-mci.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1c2735ff755a7fa3
12/2/2020 - 17:46:14.434Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-audio-mci.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1c2735ff755a7fa3
12/2/2020 - 17:46:14.481Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:14.528Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:14.668Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:14.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-audio-mmecore-acm_31bf3856ad364e35_6.1.7600.16385_none_3cda7ac5faba7582
12/2/2020 - 17:46:14.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-audio-mmecore-acm_31bf3856ad364e35_6.1.7600.16385_none_3cda7ac5faba7582
12/2/2020 - 17:46:14.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-audio-mmecore-base_31bf3856ad364e35_6.1.7600.16385_none_11d4ade16b61222e
12/2/2020 - 17:46:14.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-audio-mmecore-base_31bf3856ad364e35_6.1.7600.16385_none_11d4ade16b61222e
12/2/2020 - 17:46:14.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-authentication-authui_31bf3856ad364e35_6.1.7601.17514_none_6a1982860c076c38
12/2/2020 - 17:46:14.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-authentication-authui_31bf3856ad364e35_6.1.7601.17514_none_6a1982860c076c38
12/2/2020 - 17:46:14.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-authentication-authui_31bf3856ad364e35_6.1.7601.18276_none_69da87180c3668b8
12/2/2020 - 17:46:14.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-authentication-authui_31bf3856ad364e35_6.1.7601.18276_none_69da87180c3668b8
12/2/2020 - 17:46:14.809Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:14.981Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30
12/2/2020 - 17:46:14.981Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30
12/2/2020 - 17:46:14.981Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-autoconv.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_645af24f2167e40e
12/2/2020 - 17:46:14.981Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-autoconv.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_645af24f2167e40e
12/2/2020 - 17:46:14.981Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:15.122Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:15.215Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..dlinetool.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7e9eebb5feb4e62b
12/2/2020 - 17:46:15.215Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..dlinetool.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7e9eebb5feb4e62b
12/2/2020 - 17:46:15.262Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:15.356Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:15.450Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.18741_none_c73b18fba3854417
12/2/2020 - 17:46:15.450Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.18741_none_c73b18fba3854417
12/2/2020 - 17:46:15.497Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.18741_none_c73b18fba3854417
12/2/2020 - 17:46:15.497Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.23136_none_c7d46312bc967433
12/2/2020 - 17:46:15.497Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.23136_none_c7d46312bc967433
12/2/2020 - 17:46:15.543Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.23136_none_c7d46312bc967433
12/2/2020 - 17:46:15.543Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.23392_none_c78f862ebccab0cb
12/2/2020 - 17:46:15.543Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.23392_none_c78f862ebccab0cb
12/2/2020 - 17:46:15.590Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.23392_none_c78f862ebccab0cb
12/2/2020 - 17:46:15.637Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:15.684Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:15.825Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:15.872Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.21655_none_703aeff2dc87a23b
12/2/2020 - 17:46:15.872Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.21655_none_703aeff2dc87a23b
12/2/2020 - 17:46:15.872Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..iondata-cmdlinetool_31bf3856ad364e35_6.1.7601.17514_none_e6510234bbcb2a8c
12/2/2020 - 17:46:15.872Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..iondata-cmdlinetool_31bf3856ad364e35_6.1.7601.17514_none_e6510234bbcb2a8c
12/2/2020 - 17:46:15.872Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_es-es_da98436802c4e6bb
12/2/2020 - 17:46:15.872Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_es-es_da98436802c4e6bb
12/2/2020 - 17:46:15.918Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_es-es_da98436802c4e6bb
12/2/2020 - 17:46:16.12Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:16.106Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:16.200Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_fi-fi_79b34814f7ded8e5
12/2/2020 - 17:46:16.200Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_fi-fi_79b34814f7ded8e5
12/2/2020 - 17:46:16.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_fi-fi_79b34814f7ded8e5
12/2/2020 - 17:46:16.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6777afadccc8e29b
12/2/2020 - 17:46:16.247Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6777afadccc8e29b
12/2/2020 - 17:46:16.293Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6777afadccc8e29b
12/2/2020 - 17:46:16.293Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_099d2ebabfe3f476
12/2/2020 - 17:46:16.293Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_099d2ebabfe3f476
12/2/2020 - 17:46:16.340Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_099d2ebabfe3f476
12/2/2020 - 17:46:16.340Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_dc691d086f51f2b5
12/2/2020 - 17:46:16.340Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_dc691d086f51f2b5
12/2/2020 - 17:46:16.387Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_dc691d086f51f2b5
12/2/2020 - 17:46:16.434Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:16.575Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:16.622Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_zh-hk_38fe497fea9b41b8
12/2/2020 - 17:46:16.622Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_zh-hk_38fe497fea9b41b8
12/2/2020 - 17:46:16.668Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_zh-hk_38fe497fea9b41b8
12/2/2020 - 17:46:16.762Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:16.856Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23136_pt-br_d6d0bc728083aa2c
12/2/2020 - 17:46:16.856Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23136_pt-br_d6d0bc728083aa2c
12/2/2020 - 17:46:16.903Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23136_pt-br_d6d0bc728083aa2c
12/2/2020 - 17:46:16.903Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.17514_none_365b53d91b3ce4ff
12/2/2020 - 17:46:16.903Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.17514_none_365b53d91b3ce4ff
12/2/2020 - 17:46:16.903Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:16.950Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:17.90Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:17.184Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..t-windows.resources_31bf3856ad364e35_6.1.7601.22948_pt-br_7cac51c0ccaf3c45
12/2/2020 - 17:46:17.184Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..t-windows.resources_31bf3856ad364e35_6.1.7601.22948_pt-br_7cac51c0ccaf3c45
12/2/2020 - 17:46:17.231Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..t-windows.resources_31bf3856ad364e35_6.1.7601.22948_pt-br_7cac51c0ccaf3c45
12/2/2020 - 17:46:17.231Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..t-windows.resources_31bf3856ad364e35_6.1.7601.23338_pt-br_7cb6ff80cca74b0b
12/2/2020 - 17:46:17.231Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..t-windows.resources_31bf3856ad364e35_6.1.7601.23338_pt-br_7cb6ff80cca74b0b
12/2/2020 - 17:46:17.278Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..t-windows.resources_31bf3856ad364e35_6.1.7601.23338_pt-br_7cb6ff80cca74b0b
12/2/2020 - 17:46:17.278Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..trics-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_86a30de23863f859
12/2/2020 - 17:46:17.278Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..trics-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_86a30de23863f859
12/2/2020 - 17:46:17.325Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:17.465Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:17.559Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_b9293c0383618646
12/2/2020 - 17:46:17.559Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_b9293c0383618646
12/2/2020 - 17:46:17.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_b9293c0383618646\winresume.exe
12/2/2020 - 17:46:17.653Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_b9293c0383618646\winresume.exewinresume.exe
12/2/2020 - 17:46:17.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_b9293c0383618646\winresume.exe
12/2/2020 - 17:46:17.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_b9293c0383618646\winresume.exe
12/2/2020 - 17:46:17.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_b9293c0383618646\winresume.exe
12/2/2020 - 17:46:17.653Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_b9293c0383618646
12/2/2020 - 17:46:17.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23338_none_b9c48a7a9c70e35e
12/2/2020 - 17:46:17.653Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23338_none_b9c48a7a9c70e35e
12/2/2020 - 17:46:17.700Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23338_none_b9c48a7a9c70e35e
12/2/2020 - 17:46:17.700Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:17.840Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:17.934Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23418_none_b9da2c389c60a8a3
12/2/2020 - 17:46:17.934Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23418_none_b9da2c389c60a8a3
12/2/2020 - 17:46:17.981Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23418_none_b9da2c389c60a8a3\winload.exe
12/2/2020 - 17:46:18.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23418_none_b9da2c389c60a8a3\winload.exe
12/2/2020 - 17:46:18.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23418_none_b9da2c389c60a8a3\winload.exe
12/2/2020 - 17:46:18.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23418_none_b9da2c389c60a8a3\winload.exe
12/2/2020 - 17:46:18.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23418_none_b9da2c389c60a8a3
12/2/2020 - 17:46:18.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-backup-cpl.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2bd043448937adeb
12/2/2020 - 17:46:18.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-backup-cpl.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2bd043448937adeb
12/2/2020 - 17:46:18.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-basesrv_31bf3856ad364e35_6.1.7601.18923_none_6ae510defa6368e8
12/2/2020 - 17:46:18.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-basesrv_31bf3856ad364e35_6.1.7601.18923_none_6ae510defa6368e8
12/2/2020 - 17:46:18.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-batmeter.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cfbd2456f828a707
12/2/2020 - 17:46:18.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-batmeter.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cfbd2456f828a707
12/2/2020 - 17:46:18.75Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:18.215Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:18.262Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:18.403Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:18.543Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:18.684Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:18.825Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-blb-engine-main_31bf3856ad364e35_6.1.7601.17514_none_4207fb67165f731a
12/2/2020 - 17:46:18.825Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-blb-engine-main_31bf3856ad364e35_6.1.7601.17514_none_4207fb67165f731a
12/2/2020 - 17:46:18.825Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bootconfig_31bf3856ad364e35_6.1.7600.16385_none_680b6eb133f91b1b
12/2/2020 - 17:46:18.825Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bootconfig_31bf3856ad364e35_6.1.7600.16385_none_680b6eb133f91b1b
12/2/2020 - 17:46:18.825Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bowser_31bf3856ad364e35_6.1.7600.16385_none_82547e9b3df1983f
12/2/2020 - 17:46:18.825Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bowser_31bf3856ad364e35_6.1.7600.16385_none_82547e9b3df1983f
12/2/2020 - 17:46:18.825Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:18.965Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:19.59Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bowser_31bf3856ad364e35_6.1.7601.21666_none_84db202654247a06
12/2/2020 - 17:46:19.59Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bowser_31bf3856ad364e35_6.1.7601.21666_none_84db202654247a06
12/2/2020 - 17:46:19.59Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.22044_none_d7783703cdd41e02
12/2/2020 - 17:46:19.59Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.22044_none_d7783703cdd41e02
12/2/2020 - 17:46:19.59Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-browseui_31bf3856ad364e35_6.1.7601.17514_none_8f08e721fcf5575d
12/2/2020 - 17:46:19.59Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-browseui_31bf3856ad364e35_6.1.7601.17514_none_8f08e721fcf5575d
12/2/2020 - 17:46:19.59Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bthpancontexthandler_31bf3856ad364e35_6.1.7600.16385_none_27477e7fc95c1d8d
12/2/2020 - 17:46:19.59Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bthpancontexthandler_31bf3856ad364e35_6.1.7600.16385_none_27477e7fc95c1d8d
12/2/2020 - 17:46:19.106Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:19.247Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:19.340Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bubbles.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_29e9a7cd238c8c56
12/2/2020 - 17:46:19.340Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bubbles.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_29e9a7cd238c8c56
12/2/2020 - 17:46:19.387Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:19.434Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:19.575Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:19.622Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..entsnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d4d5367b7583b450
12/2/2020 - 17:46:19.622Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..entsnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d4d5367b7583b450
12/2/2020 - 17:46:19.622Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..er-office.resources_31bf3856ad364e35_7.0.7600.16385_pt-br_05e777799ad34580
12/2/2020 - 17:46:19.622Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..er-office.resources_31bf3856ad364e35_7.0.7600.16385_pt-br_05e777799ad34580
12/2/2020 - 17:46:19.622Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..fe-catsrvut-comsvcs_31bf3856ad364e35_6.1.7600.16385_none_ceb756d4b98f01a4
12/2/2020 - 17:46:19.622Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..fe-catsrvut-comsvcs_31bf3856ad364e35_6.1.7600.16385_none_ceb756d4b98f01a4
12/2/2020 - 17:46:19.622Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..fe-catsrvut-comsvcs_31bf3856ad364e35_6.1.7601.23278_none_d134f3dfcfc870b0
12/2/2020 - 17:46:19.622Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..fe-catsrvut-comsvcs_31bf3856ad364e35_6.1.7601.23278_none_d134f3dfcfc870b0
12/2/2020 - 17:46:19.668Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:19.809Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:19.856Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..integrity.resources_31bf3856ad364e35_6.1.7601.22923_en-us_57d8418f7d20c468
12/2/2020 - 17:46:19.856Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..integrity.resources_31bf3856ad364e35_6.1.7601.22923_en-us_57d8418f7d20c468
12/2/2020 - 17:46:19.856Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..integrity.resources_31bf3856ad364e35_6.1.7601.22948_en-us_57c7a3297d2c7afd
12/2/2020 - 17:46:19.856Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..integrity.resources_31bf3856ad364e35_6.1.7601.22948_en-us_57c7a3297d2c7afd
12/2/2020 - 17:46:19.856Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..integrity.resources_31bf3856ad364e35_6.1.7601.23338_en-us_57d250e97d2489c3
12/2/2020 - 17:46:19.856Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..integrity.resources_31bf3856ad364e35_6.1.7601.23338_en-us_57d250e97d2489c3
12/2/2020 - 17:46:19.856Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..ityclient.resources_31bf3856ad364e35_6.1.7601.18833_pt-br_c46ae1a6233970b4
12/2/2020 - 17:46:19.856Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..ityclient.resources_31bf3856ad364e35_6.1.7601.18833_pt-br_c46ae1a6233970b4
12/2/2020 - 17:46:19.950Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:20.43Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..ityclient.resources_31bf3856ad364e35_6.1.7601.22843_pt-br_c4e9ac9f3c5f2f48
12/2/2020 - 17:46:20.43Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..ityclient.resources_31bf3856ad364e35_6.1.7601.22843_pt-br_c4e9ac9f3c5f2f48
12/2/2020 - 17:46:20.43Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..ityclient.resources_31bf3856ad364e35_6.1.7601.22923_pt-br_c4ff4e5d3c4ef48d
12/2/2020 - 17:46:20.43Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..ityclient.resources_31bf3856ad364e35_6.1.7601.22923_pt-br_c4ff4e5d3c4ef48d
12/2/2020 - 17:46:20.43Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..ityclient.resources_31bf3856ad364e35_6.1.7601.23136_pt-br_c4f759573c548cec
12/2/2020 - 17:46:20.43Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..ityclient.resources_31bf3856ad364e35_6.1.7601.23136_pt-br_c4f759573c548cec
12/2/2020 - 17:46:20.43Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..ityclient.resources_31bf3856ad364e35_6.1.7601.23418_pt-br_c50eff753c427f2d
12/2/2020 - 17:46:20.43Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..ityclient.resources_31bf3856ad364e35_6.1.7601.23418_pt-br_c50eff753c427f2d
12/2/2020 - 17:46:20.90Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:20.184Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:20.325Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..ltdel-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9d154f1b5c392d91
12/2/2020 - 17:46:20.325Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..ltdel-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9d154f1b5c392d91
12/2/2020 - 17:46:20.325Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..lus-setup.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f828316ceeb0b308
12/2/2020 - 17:46:20.325Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..lus-setup.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f828316ceeb0b308
12/2/2020 - 17:46:20.325Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..mplus-admin-comrepl_31bf3856ad364e35_6.1.7600.16385_none_45fe6fe8a9201e55
12/2/2020 - 17:46:20.325Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..mplus-admin-comrepl_31bf3856ad364e35_6.1.7600.16385_none_45fe6fe8a9201e55
12/2/2020 - 17:46:20.325Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:20.372Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:20.512Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:20.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..order-adm.resources_31bf3856ad364e35_6.1.7601.23037_pt-br_48f79c81cf6c153e
12/2/2020 - 17:46:20.606Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..order-adm.resources_31bf3856ad364e35_6.1.7601.23037_pt-br_48f79c81cf6c153e
12/2/2020 - 17:46:20.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..perftrack.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a2875f85298d2992
12/2/2020 - 17:46:20.606Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..perftrack.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a2875f85298d2992
12/2/2020 - 17:46:20.653Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:20.747Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:20.840Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..splay-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f9f432e1944d7b4d
12/2/2020 - 17:46:20.840Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..splay-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f9f432e1944d7b4d
12/2/2020 - 17:46:20.840Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..tasp1.res.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6f34ff7c0a06ba1c
12/2/2020 - 17:46:20.840Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..tasp1.res.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6f34ff7c0a06ba1c
12/2/2020 - 17:46:20.887Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:21.28Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:21.75Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..tionauthorityclient_31bf3856ad364e35_6.1.7601.22843_none_360bd4ac6c7e009c
12/2/2020 - 17:46:21.75Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..tionauthorityclient_31bf3856ad364e35_6.1.7601.22843_none_360bd4ac6c7e009c
12/2/2020 - 17:46:21.75Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..tionauthorityclient_31bf3856ad364e35_6.1.7601.23017_none_36301fa06c62428e
12/2/2020 - 17:46:21.75Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..tionauthorityclient_31bf3856ad364e35_6.1.7601.23017_none_36301fa06c62428e
12/2/2020 - 17:46:21.75Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..tionauthorityclient_31bf3856ad364e35_6.1.7601.23126_none_362451506c6b424f
12/2/2020 - 17:46:21.75Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..tionauthorityclient_31bf3856ad364e35_6.1.7601.23126_none_362451506c6b424f
12/2/2020 - 17:46:21.168Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:21.309Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:21.356Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:21.403Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:21.450Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..us-runtime-stclient_31bf3856ad364e35_6.1.7600.16385_none_058338887ebf0562
12/2/2020 - 17:46:21.450Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..us-runtime-stclient_31bf3856ad364e35_6.1.7600.16385_none_058338887ebf0562
12/2/2020 - 17:46:21.450Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..utermanagerlauncher_31bf3856ad364e35_6.1.7600.16385_none_ea0a643b0e032c19
12/2/2020 - 17:46:21.450Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..utermanagerlauncher_31bf3856ad364e35_6.1.7600.16385_none_ea0a643b0e032c19
12/2/2020 - 17:46:21.450Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cabview.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3ea01504597da81e
12/2/2020 - 17:46:21.450Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cabview.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3ea01504597da81e
12/2/2020 - 17:46:21.450Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-capisp-dll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6fe68728e0e372d3
12/2/2020 - 17:46:21.450Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-capisp-dll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6fe68728e0e372d3
12/2/2020 - 17:46:21.543Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:21.637Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_ar-sa_29d12cdb138d0965
12/2/2020 - 17:46:21.637Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_ar-sa_29d12cdb138d0965
12/2/2020 - 17:46:21.637Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_7b1a84fef19536e7
12/2/2020 - 17:46:21.637Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_7b1a84fef19536e7
12/2/2020 - 17:46:21.637Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_en-us_be70d05ad88f9345
12/2/2020 - 17:46:21.637Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_en-us_be70d05ad88f9345
12/2/2020 - 17:46:21.637Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_ko-kr_90aaf546884659bb
12/2/2020 - 17:46:21.637Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_ko-kr_90aaf546884659bb
12/2/2020 - 17:46:21.684Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:21.825Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:21.918Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_pl-pl_bdb91c3b46b9fd00
12/2/2020 - 17:46:21.918Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_pl-pl_bdb91c3b46b9fd00
12/2/2020 - 17:46:21.965Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:22.106Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:22.153Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-certutil.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2db3f507a496df2f
12/2/2020 - 17:46:22.153Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-certutil.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2db3f507a496df2f
12/2/2020 - 17:46:22.200Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-certutil.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2db3f507a496df2f
12/2/2020 - 17:46:22.200Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-certutil.resources_31bf3856ad364e35_6.1.7601.18151_pt-br_2fb6a9e1a1a8ab8d
12/2/2020 - 17:46:22.200Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-certutil.resources_31bf3856ad364e35_6.1.7601.18151_pt-br_2fb6a9e1a1a8ab8d
12/2/2020 - 17:46:22.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-certutil.resources_31bf3856ad364e35_6.1.7601.18151_pt-br_2fb6a9e1a1a8ab8d
12/2/2020 - 17:46:22.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-certutil_31bf3856ad364e35_6.1.7600.16385_none_1179f9944d0d9973
12/2/2020 - 17:46:22.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-certutil_31bf3856ad364e35_6.1.7600.16385_none_1179f9944d0d9973
12/2/2020 - 17:46:22.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-chkdsk_31bf3856ad364e35_6.1.7600.16385_none_1ddb4b87a6618437
12/2/2020 - 17:46:22.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-chkdsk_31bf3856ad364e35_6.1.7600.16385_none_1ddb4b87a6618437\chkdsk.exe
12/2/2020 - 17:46:22.293Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-chkdsk_31bf3856ad364e35_6.1.7600.16385_none_1ddb4b87a6618437\chkdsk.exe
12/2/2020 - 17:46:22.293Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-chkdsk_31bf3856ad364e35_6.1.7600.16385_none_1ddb4b87a6618437\chkdsk.exe
12/2/2020 - 17:46:22.293Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-chkdsk_31bf3856ad364e35_6.1.7600.16385_none_1ddb4b87a6618437\chkdsk.exe
12/2/2020 - 17:46:22.293Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-chkdsk_31bf3856ad364e35_6.1.7600.16385_none_1ddb4b87a6618437
12/2/2020 - 17:46:22.387Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:22.528Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:22.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-choice.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cea52ee78fd6383c
12/2/2020 - 17:46:22.606Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-choice.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cea52ee78fd6383c
12/2/2020 - 17:46:22.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ciphersuiteorder-adm_31bf3856ad364e35_6.1.7601.22814_none_534f44ae5b481c54
12/2/2020 - 17:46:22.606Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ciphersuiteorder-adm_31bf3856ad364e35_6.1.7601.22814_none_534f44ae5b481c54
12/2/2020 - 17:46:22.700Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:22.747Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:22.840Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-clipsinthelibrary_31bf3856ad364e35_6.1.7601.17514_none_9c24039fbeb72625
12/2/2020 - 17:46:22.840Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-clipsinthelibrary_31bf3856ad364e35_6.1.7601.17514_none_9c24039fbeb72625
12/2/2020 - 17:46:22.840Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cmiadapter_31bf3856ad364e35_6.1.7601.17514_none_1c3b3f6c27d2a999
12/2/2020 - 17:46:22.840Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cmiadapter_31bf3856ad364e35_6.1.7601.17514_none_1c3b3f6c27d2a999
12/2/2020 - 17:46:22.840Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cmitrustinfoinstallers_1122334455667788_6.1.7601.18766_none_eff6dbbccdcdcee0
12/2/2020 - 17:46:22.840Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cmitrustinfoinstallers_1122334455667788_6.1.7601.18766_none_eff6dbbccdcdcee0
12/2/2020 - 17:46:22.887Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:23.28Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:23.122Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-codeintegrity_31bf3856ad364e35_6.1.7601.22948_none_ff0b13c63491d896
12/2/2020 - 17:46:23.122Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-codeintegrity_31bf3856ad364e35_6.1.7601.22948_none_ff0b13c63491d896
12/2/2020 - 17:46:23.122Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-codeintegrity_31bf3856ad364e35_6.1.7601.23136_none_ff13bd26348bba60
12/2/2020 - 17:46:23.122Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-codeintegrity_31bf3856ad364e35_6.1.7601.23136_none_ff13bd26348bba60
12/2/2020 - 17:46:23.122Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-adm_31bf3856ad364e35_6.1.7600.16385_none_55a3ce2bcf2339d9
12/2/2020 - 17:46:23.122Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-adm_31bf3856ad364e35_6.1.7600.16385_none_55a3ce2bcf2339d9
12/2/2020 - 17:46:23.122Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d
12/2/2020 - 17:46:23.122Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d
12/2/2020 - 17:46:23.122Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-base.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1610e44ac40da27c
12/2/2020 - 17:46:23.122Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-base.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1610e44ac40da27c
12/2/2020 - 17:46:23.168Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-base.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1610e44ac40da27c
12/2/2020 - 17:46:23.168Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-base_31bf3856ad364e35_6.1.7600.16385_none_69e3281e403684ea
12/2/2020 - 17:46:23.168Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-base_31bf3856ad364e35_6.1.7600.16385_none_69e3281e403684ea
12/2/2020 - 17:46:23.215Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:23.356Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:23.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-complus-setup_31bf3856ad364e35_6.1.7600.16385_none_459ccaf008ff34f6
12/2/2020 - 17:46:23.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-complus-setup_31bf3856ad364e35_6.1.7600.16385_none_459ccaf008ff34f6\mtstocom.exe
12/2/2020 - 17:46:23.450Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-complus-setup_31bf3856ad364e35_6.1.7600.16385_none_459ccaf008ff34f6\mtstocom.exe
12/2/2020 - 17:46:23.450Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-complus-setup_31bf3856ad364e35_6.1.7600.16385_none_459ccaf008ff34f6\mtstocom.exe
12/2/2020 - 17:46:23.450Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-complus-setup_31bf3856ad364e35_6.1.7600.16385_none_459ccaf008ff34f6\mtstocom.exe
12/2/2020 - 17:46:23.450Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-complus-setup_31bf3856ad364e35_6.1.7600.16385_none_459ccaf008ff34f6
12/2/2020 - 17:46:23.450Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-dtc-oraclesupport_31bf3856ad364e35_6.1.7601.23338_none_4c0dfab798359615
12/2/2020 - 17:46:23.450Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-dtc-oraclesupport_31bf3856ad364e35_6.1.7601.23338_none_4c0dfab798359615
12/2/2020 - 17:46:23.543Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:23.637Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:23.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-oleui_31bf3856ad364e35_6.1.7600.16385_none_7c68eba6c772803d
12/2/2020 - 17:46:23.731Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-oleui_31bf3856ad364e35_6.1.7600.16385_none_7c68eba6c772803d
12/2/2020 - 17:46:23.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_et-ee_b849dde6b3c0da01
12/2/2020 - 17:46:23.731Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_et-ee_b849dde6b3c0da01
12/2/2020 - 17:46:23.778Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:23.918Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:23.965Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:24.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_nl-nl_77caa6d1389c07d4
12/2/2020 - 17:46:24.12Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_nl-nl_77caa6d1389c07d4
12/2/2020 - 17:46:24.106Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:24.200Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:24.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_sr-..-cs_4596701e6fa56fc9
12/2/2020 - 17:46:24.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_sr-..-cs_4596701e6fa56fc9
12/2/2020 - 17:46:24.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_th-th_48e4d94ee906cf10
12/2/2020 - 17:46:24.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_th-th_48e4d94ee906cf10
12/2/2020 - 17:46:24.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_uk-ua_e8c7e489ddaf3a0c
12/2/2020 - 17:46:24.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_uk-ua_e8c7e489ddaf3a0c
12/2/2020 - 17:46:24.340Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:24.481Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_da-dk_a2ffc87595d912be
12/2/2020 - 17:46:24.481Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_da-dk_a2ffc87595d912be
12/2/2020 - 17:46:24.481Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:24.622Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:24.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_it-it_d5c6fcd450b860a2
12/2/2020 - 17:46:24.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_it-it_d5c6fcd450b860a2
12/2/2020 - 17:46:24.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_ko-kr_1b56589636443993
12/2/2020 - 17:46:24.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_ko-kr_1b56589636443993
12/2/2020 - 17:46:24.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_lt-lt_bf218497286c0530
12/2/2020 - 17:46:24.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_lt-lt_bf218497286c0530
12/2/2020 - 17:46:24.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_pl-pl_48647f8af4b7dcd8
12/2/2020 - 17:46:24.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_pl-pl_48647f8af4b7dcd8
12/2/2020 - 17:46:24.762Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:24.903Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:24.950Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:25.43Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_uk-ua_732562c1b4a8a15c
12/2/2020 - 17:46:25.43Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_uk-ua_732562c1b4a8a15c
12/2/2020 - 17:46:25.90Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:25.231Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:25.278Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-compact.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2b540eb001a44492
12/2/2020 - 17:46:25.278Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-compact.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2b540eb001a44492
12/2/2020 - 17:46:25.372Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:25.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.18229_none_d27be1cc18bd0cc4
12/2/2020 - 17:46:25.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.18229_none_d27be1cc18bd0cc4
12/2/2020 - 17:46:25.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-content-filter-mime_31bf3856ad364e35_7.0.7601.17514_none_a697591bb72ee778
12/2/2020 - 17:46:25.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-content-filter-mime_31bf3856ad364e35_7.0.7601.17514_none_a697591bb72ee778
12/2/2020 - 17:46:25.528Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:25.668Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:25.762Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.17514_none_83784bb654f0d178
12/2/2020 - 17:46:25.762Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.17514_none_83784bb654f0d178
12/2/2020 - 17:46:25.809Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.17514_none_83784bb654f0d178
12/2/2020 - 17:46:25.809Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-corruptedfilerecovery_31bf3856ad364e35_6.1.7600.16385_none_e3aea9874278550c
12/2/2020 - 17:46:25.809Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-corruptedfilerecovery_31bf3856ad364e35_6.1.7600.16385_none_e3aea9874278550c\cofire.exe
12/2/2020 - 17:46:25.809Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-corruptedfilerecovery_31bf3856ad364e35_6.1.7600.16385_none_e3aea9874278550c\cofire.exe
12/2/2020 - 17:46:25.809Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-corruptedfilerecovery_31bf3856ad364e35_6.1.7600.16385_none_e3aea9874278550c\cofire.exe
12/2/2020 - 17:46:25.809Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-corruptedfilerecovery_31bf3856ad364e35_6.1.7600.16385_none_e3aea9874278550c\cofire.exe
12/2/2020 - 17:46:25.809Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-corruptedfilerecovery_31bf3856ad364e35_6.1.7600.16385_none_e3aea9874278550c
12/2/2020 - 17:46:25.856Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:25.997Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:26.90Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cpfilters_31bf3856ad364e35_6.1.7601.21626_none_9611c46b0df1c834
12/2/2020 - 17:46:26.90Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cpfilters_31bf3856ad364e35_6.1.7601.21626_none_9611c46b0df1c834
12/2/2020 - 17:46:26.90Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-credssp-adm.resources_31bf3856ad364e35_6.1.7601.22712_pt-br_9833c3573dc03aa8
12/2/2020 - 17:46:26.90Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-credssp-adm.resources_31bf3856ad364e35_6.1.7601.22712_pt-br_9833c3573dc03aa8
12/2/2020 - 17:46:26.137Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:26.184Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:26.325Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:26.372Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-credssp-adm_31bf3856ad364e35_6.1.7601.22712_none_3791b4e68b37e75e
12/2/2020 - 17:46:26.372Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-credssp-adm_31bf3856ad364e35_6.1.7601.22712_none_3791b4e68b37e75e
12/2/2020 - 17:46:26.372Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-credwiz.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6d95dd3a49ef5503
12/2/2020 - 17:46:26.372Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-credwiz.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6d95dd3a49ef5503
12/2/2020 - 17:46:26.465Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:26.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-crypt32-dll.resources_31bf3856ad364e35_6.1.7601.22948_pt-br_2e56369b56cc668e
12/2/2020 - 17:46:26.606Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-crypt32-dll.resources_31bf3856ad364e35_6.1.7601.22948_pt-br_2e56369b56cc668e
12/2/2020 - 17:46:26.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.1.7601.22948_none_ba02e4640da5bb2a
12/2/2020 - 17:46:26.606Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.1.7601.22948_none_ba02e4640da5bb2a
12/2/2020 - 17:46:26.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.18923_none_c37ffb81c4a2924d
12/2/2020 - 17:46:26.606Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.18923_none_c37ffb81c4a2924d
12/2/2020 - 17:46:26.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.19135_none_c3770631c4a91155
12/2/2020 - 17:46:26.606Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.19135_none_c3770631c4a91155
12/2/2020 - 17:46:26.606Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:26.747Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:26.840Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23338_none_c403a5c0ddc3fa4b
12/2/2020 - 17:46:26.840Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23338_none_c403a5c0ddc3fa4b
12/2/2020 - 17:46:26.840Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23392_none_c3bcc47cddfa09e7
12/2/2020 - 17:46:26.840Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7601.23392_none_c3bcc47cddfa09e7
12/2/2020 - 17:46:26.840Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptdlg-dll_31bf3856ad364e35_6.1.7601.18150_none_807f03592ed9c948
12/2/2020 - 17:46:26.840Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptdlg-dll_31bf3856ad364e35_6.1.7601.18150_none_807f03592ed9c948
12/2/2020 - 17:46:26.887Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:27.28Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:27.122Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptsp-dll_31bf3856ad364e35_6.1.7600.16385_none_85525fb4207d890f
12/2/2020 - 17:46:27.122Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptsp-dll_31bf3856ad364e35_6.1.7600.16385_none_85525fb4207d890f
12/2/2020 - 17:46:27.122Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptsp-dll_31bf3856ad364e35_6.1.7601.22948_none_87f09095369e76b8
12/2/2020 - 17:46:27.122Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptsp-dll_31bf3856ad364e35_6.1.7601.22948_none_87f09095369e76b8
12/2/2020 - 17:46:27.122Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0257fc2e7cf14786
12/2/2020 - 17:46:27.122Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0257fc2e7cf14786
12/2/2020 - 17:46:27.168Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:27.309Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:27.356Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:27.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18741_none_d4021b35b189f3e7
12/2/2020 - 17:46:27.403Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18741_none_d4021b35b189f3e7
12/2/2020 - 17:46:27.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptui-dll_31bf3856ad364e35_6.1.7601.18741_none_e3f0dd2faeddf915
12/2/2020 - 17:46:27.403Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptui-dll_31bf3856ad364e35_6.1.7601.18741_none_e3f0dd2faeddf915
12/2/2020 - 17:46:27.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptui-dll_31bf3856ad364e35_6.1.7601.22948_none_e4817de6c7f54767
12/2/2020 - 17:46:27.403Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptui-dll_31bf3856ad364e35_6.1.7601.22948_none_e4817de6c7f54767
12/2/2020 - 17:46:27.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7600.16385_none_257c28acbf0ea870
12/2/2020 - 17:46:27.403Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7600.16385_none_257c28acbf0ea870
12/2/2020 - 17:46:27.497Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:27.637Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-csrss.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3822334267d5a34b
12/2/2020 - 17:46:27.637Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-csrss.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3822334267d5a34b
12/2/2020 - 17:46:27.637Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3
12/2/2020 - 17:46:27.637Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3
12/2/2020 - 17:46:27.637Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:27.778Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:27.918Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:28.59Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:28.200Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:28.293Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:28.340Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:28.434Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab
12/2/2020 - 17:46:28.434Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab
12/2/2020 - 17:46:28.481Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:28.622Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:28.668Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..entsnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_da7c2dcbca88be67
12/2/2020 - 17:46:28.668Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..entsnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_da7c2dcbca88be67
12/2/2020 - 17:46:28.668Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_de-de_772af58d442606dc
12/2/2020 - 17:46:28.668Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_de-de_772af58d442606dc
12/2/2020 - 17:46:28.668Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_el-gr_1fc12320333b6f6a
12/2/2020 - 17:46:28.668Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_el-gr_1fc12320333b6f6a
12/2/2020 - 17:46:28.668Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_en-us_201bcb86330412a1
12/2/2020 - 17:46:28.668Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_en-us_201bcb86330412a1
12/2/2020 - 17:46:28.668Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_es-es_1fe7286a332b0446
12/2/2020 - 17:46:28.668Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_es-es_1fe7286a332b0446
12/2/2020 - 17:46:28.668Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_fi-fi_bf022d172844f670
12/2/2020 - 17:46:28.668Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_fi-fi_bf022d172844f670
12/2/2020 - 17:46:28.668Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_hu-hu_0a0f1eb10a5ce9c4
12/2/2020 - 17:46:28.668Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_hu-hu_0a0f1eb10a5ce9c4
12/2/2020 - 17:46:28.762Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:28.856Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:28.950Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_it-it_acc694affd2f0026
12/2/2020 - 17:46:28.950Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_it-it_acc694affd2f0026
12/2/2020 - 17:46:28.950Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_nl-nl_d927bce4bc0c0ea8
12/2/2020 - 17:46:28.950Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_nl-nl_d927bce4bc0c0ea8
12/2/2020 - 17:46:28.950Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_pt-pt_2299d1769f27801c
12/2/2020 - 17:46:28.950Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_pt-pt_2299d1769f27801c
12/2/2020 - 17:46:28.950Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_sv-se_0537cdaf7b3218a3
12/2/2020 - 17:46:28.950Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_sv-se_0537cdaf7b3218a3
12/2/2020 - 17:46:28.997Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:29.137Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:29.184Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.1.7601.18489_none_152cf856bbc008d0
12/2/2020 - 17:46:29.184Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.1.7601.18489_none_152cf856bbc008d0
12/2/2020 - 17:46:29.231Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.1.7601.18489_none_152cf856bbc008d0
12/2/2020 - 17:46:29.231Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.1.7601.18741_none_15503b68bba6c5c9
12/2/2020 - 17:46:29.231Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.1.7601.18741_none_15503b68bba6c5c9
12/2/2020 - 17:46:29.278Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.1.7601.18741_none_15503b68bba6c5c9
12/2/2020 - 17:46:29.372Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:29.418Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:29.512Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..ic-module.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ea13ff48808f168e
12/2/2020 - 17:46:29.512Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..ic-module.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ea13ff48808f168e
12/2/2020 - 17:46:29.512Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:29.653Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:29.747Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..japanese-propertyui_31bf3856ad364e35_6.1.7600.16385_none_eeb6127e83dcc0aa
12/2/2020 - 17:46:29.747Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..japanese-propertyui_31bf3856ad364e35_6.1.7600.16385_none_eeb6127e83dcc0aa
12/2/2020 - 17:46:29.793Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:29.934Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:30.28Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:30.168Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:30.262Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..nt-winproviders-msi_31bf3856ad364e35_6.1.7600.16385_none_3d973b8b74e755c8
12/2/2020 - 17:46:30.262Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..nt-winproviders-msi_31bf3856ad364e35_6.1.7600.16385_none_3d973b8b74e755c8
12/2/2020 - 17:46:30.262Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..olorspaceconverters_31bf3856ad364e35_6.1.7601.17514_none_c3ab12c1c499b774
12/2/2020 - 17:46:30.262Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..olorspaceconverters_31bf3856ad364e35_6.1.7601.17514_none_c3ab12c1c499b774
12/2/2020 - 17:46:30.262Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..owmanager.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_078a63e642356f40
12/2/2020 - 17:46:30.262Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..owmanager.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_078a63e642356f40
12/2/2020 - 17:46:30.309Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..owmanager.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_078a63e642356f40
12/2/2020 - 17:46:30.356Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:30.403Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:30.450Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:30.590Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:30.637Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..providers.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_d0c4fe1febdf500a
12/2/2020 - 17:46:30.637Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..providers.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_d0c4fe1febdf500a
12/2/2020 - 17:46:30.684Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..providers.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_d0c4fe1febdf500a
12/2/2020 - 17:46:30.684Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..providers.resources_31bf3856ad364e35_6.1.7601.18489_pt-br_d07e376fec13aece
12/2/2020 - 17:46:30.684Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..providers.resources_31bf3856ad364e35_6.1.7601.18489_pt-br_d07e376fec13aece
12/2/2020 - 17:46:30.731Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..providers.resources_31bf3856ad364e35_6.1.7601.18489_pt-br_d07e376fec13aece
12/2/2020 - 17:46:30.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..rectplay8.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_96707404a81d2e60
12/2/2020 - 17:46:30.731Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..rectplay8.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_96707404a81d2e60
12/2/2020 - 17:46:30.778Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..rectplay8.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_96707404a81d2e60
12/2/2020 - 17:46:30.825Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:30.965Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:31.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..serverapi.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4f288ade8e3c8e91
12/2/2020 - 17:46:31.12Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..serverapi.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4f288ade8e3c8e91
12/2/2020 - 17:46:31.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..sh-helper.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_6ff01f0d2d8f364d
12/2/2020 - 17:46:31.12Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..sh-helper.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_6ff01f0d2d8f364d
12/2/2020 - 17:46:31.137Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:31.278Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:31.325Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..thmtpcontexthandler_31bf3856ad364e35_6.1.7600.16385_none_98d68f6e6e99a5c5
12/2/2020 - 17:46:31.325Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..thmtpcontexthandler_31bf3856ad364e35_6.1.7600.16385_none_98d68f6e6e99a5c5
12/2/2020 - 17:46:31.325Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.19091_none_45cdea7fae2fa3d4
12/2/2020 - 17:46:31.325Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.19091_none_45cdea7fae2fa3d4
12/2/2020 - 17:46:31.325Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.23290_none_465688e6c74e276e
12/2/2020 - 17:46:31.325Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.23290_none_465688e6c74e276e
12/2/2020 - 17:46:31.372Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:31.512Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:31.559Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:31.700Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:31.840Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_ko-kr_b8f034ce9c5a20f3
12/2/2020 - 17:46:31.840Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_ko-kr_b8f034ce9c5a20f3
12/2/2020 - 17:46:31.840Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:31.981Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:32.75Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_zh-hk_44e772ded4a0a71f
12/2/2020 - 17:46:32.75Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_zh-hk_44e772ded4a0a71f
12/2/2020 - 17:46:32.75Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d2d_31bf3856ad364e35_6.1.7601.17514_none_05c2ec3372908373
12/2/2020 - 17:46:32.75Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d2d_31bf3856ad364e35_6.1.7601.17514_none_05c2ec3372908373
12/2/2020 - 17:46:32.75Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dataclen.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1ad8e64fa36e1f3b
12/2/2020 - 17:46:32.75Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dataclen.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1ad8e64fa36e1f3b
12/2/2020 - 17:46:32.75Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-defrag-cmdline_31bf3856ad364e35_6.1.7600.16385_none_2370c162e00680c3
12/2/2020 - 17:46:32.75Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-defrag-cmdline_31bf3856ad364e35_6.1.7600.16385_none_2370c162e00680c3
12/2/2020 - 17:46:32.122Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:32.262Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:32.356Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-defrag-core_31bf3856ad364e35_6.1.7600.16385_none_74535a2cd1bda1d0
12/2/2020 - 17:46:32.356Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-defrag-core_31bf3856ad364e35_6.1.7600.16385_none_74535a2cd1bda1d0
12/2/2020 - 17:46:32.403Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-defrag-core_31bf3856ad364e35_6.1.7600.16385_none_74535a2cd1bda1d0
12/2/2020 - 17:46:32.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-deskperf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7cf328d9ea80610b
12/2/2020 - 17:46:32.403Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-deskperf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7cf328d9ea80610b
12/2/2020 - 17:46:32.450Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:32.590Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:32.637Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-desk_31bf3856ad364e35_6.1.7601.17514_none_0aa8deb62f9d0152
12/2/2020 - 17:46:32.637Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-desk_31bf3856ad364e35_6.1.7601.17514_none_0aa8deb62f9d0152
12/2/2020 - 17:46:32.637Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-devicecenterdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_68ab4bc1ef499c45
12/2/2020 - 17:46:32.637Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-devicecenterdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_68ab4bc1ef499c45
12/2/2020 - 17:46:32.684Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-devicecenterdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_68ab4bc1ef499c45
12/2/2020 - 17:46:32.684Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-devicemetadataparsers_31bf3856ad364e35_6.1.7600.16385_none_22e80705d605ae66
12/2/2020 - 17:46:32.684Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-devicemetadataparsers_31bf3856ad364e35_6.1.7600.16385_none_22e80705d605ae66
12/2/2020 - 17:46:32.684Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-devicepairinghandler_31bf3856ad364e35_6.1.7600.16385_none_82107a82f9b9104d
12/2/2020 - 17:46:32.684Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-devicepairinghandler_31bf3856ad364e35_6.1.7600.16385_none_82107a82f9b9104d
12/2/2020 - 17:46:32.731Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-devicepairinghandler_31bf3856ad364e35_6.1.7600.16385_none_82107a82f9b9104d
12/2/2020 - 17:46:32.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-deviceuxres_31bf3856ad364e35_6.1.7600.16385_none_7c639e00e7a86c14
12/2/2020 - 17:46:32.731Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-deviceuxres_31bf3856ad364e35_6.1.7600.16385_none_7c639e00e7a86c14
12/2/2020 - 17:46:32.778Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-deviceuxres_31bf3856ad364e35_6.1.7600.16385_none_7c639e00e7a86c14
12/2/2020 - 17:46:32.872Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:32.918Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:33.59Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.1.7601.17970_none_353b55f7456390a1
12/2/2020 - 17:46:33.59Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.1.7601.17970_none_353b55f7456390a1
12/2/2020 - 17:46:33.106Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.1.7601.17970_none_353b55f7456390a1
12/2/2020 - 17:46:33.106Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:33.247Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:33.340Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-difxapi_31bf3856ad364e35_6.1.7600.16385_none_64388f35afe32304
12/2/2020 - 17:46:33.340Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-difxapi_31bf3856ad364e35_6.1.7600.16385_none_64388f35afe32304
12/2/2020 - 17:46:33.340Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dims.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_759c49dbbfa69822
12/2/2020 - 17:46:33.340Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dims.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_759c49dbbfa69822
12/2/2020 - 17:46:33.387Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:33.528Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:33.622Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.1.7601.23390_none_104347cdd0f66e68
12/2/2020 - 17:46:33.622Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.1.7601.23390_none_104347cdd0f66e68
12/2/2020 - 17:46:33.622Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-asf_31bf3856ad364e35_6.1.7601.19091_none_7889cdf9156dd120
12/2/2020 - 17:46:33.622Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-asf_31bf3856ad364e35_6.1.7601.19091_none_7889cdf9156dd120
12/2/2020 - 17:46:33.622Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-core_31bf3856ad364e35_6.1.7601.19091_none_043c860404c98acf
12/2/2020 - 17:46:33.622Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-core_31bf3856ad364e35_6.1.7601.19091_none_043c860404c98acf
12/2/2020 - 17:46:33.622Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-core_31bf3856ad364e35_6.1.7601.23290_none_04c5246b1de80e69
12/2/2020 - 17:46:33.622Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-core_31bf3856ad364e35_6.1.7601.23290_none_04c5246b1de80e69
12/2/2020 - 17:46:33.622Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-devenum_31bf3856ad364e35_6.1.7600.16385_none_b5329db3599c7800
12/2/2020 - 17:46:33.622Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-devenum_31bf3856ad364e35_6.1.7600.16385_none_b5329db3599c7800
12/2/2020 - 17:46:33.668Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:33.809Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:33.856Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-dvdsupport_31bf3856ad364e35_6.1.7601.17713_none_b24733c2ea78fe94
12/2/2020 - 17:46:33.856Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-dvdsupport_31bf3856ad364e35_6.1.7601.17713_none_b24733c2ea78fe94
12/2/2020 - 17:46:33.856Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-dvdsupport_31bf3856ad364e35_6.1.7601.22948_none_b2b54d5a03aa87ac
12/2/2020 - 17:46:33.856Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-dvdsupport_31bf3856ad364e35_6.1.7601.22948_none_b2b54d5a03aa87ac
12/2/2020 - 17:46:33.856Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-dvdupgrd_31bf3856ad364e35_6.1.7600.16385_none_d9bb586ff6564bbc
12/2/2020 - 17:46:33.856Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-dvdupgrd_31bf3856ad364e35_6.1.7600.16385_none_d9bb586ff6564bbc
12/2/2020 - 17:46:33.856Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-mpeg2_31bf3856ad364e35_6.1.7601.17514_none_1435300cb8e4b445
12/2/2020 - 17:46:33.856Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-mpeg2_31bf3856ad364e35_6.1.7601.17514_none_1435300cb8e4b445
12/2/2020 - 17:46:33.950Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:34.90Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite-fontcache_31bf3856ad364e35_7.1.7601.16492_none_53e824eeb317fe3e
12/2/2020 - 17:46:34.90Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite-fontcache_31bf3856ad364e35_7.1.7601.16492_none_53e824eeb317fe3e
12/2/2020 - 17:46:34.90Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:34.137Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:34.278Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:34.372Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_de-de_37cf884e81278264
12/2/2020 - 17:46:34.372Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_de-de_37cf884e81278264
12/2/2020 - 17:46:34.372Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_es-es_e08bbb2b702c7fce
12/2/2020 - 17:46:34.372Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_es-es_e08bbb2b702c7fce
12/2/2020 - 17:46:34.418Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:34.559Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:34.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_tr-tr_6ee9aab7a6ef961c
12/2/2020 - 17:46:34.606Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_tr-tr_6ee9aab7a6ef961c
12/2/2020 - 17:46:34.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_zh-hk_3ef1c1435802dacb
12/2/2020 - 17:46:34.606Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_zh-hk_3ef1c1435802dacb
12/2/2020 - 17:46:34.700Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:34.840Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:34.887Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite_31bf3856ad364e35_7.1.7601.16492_none_21db85c4a137d8d6
12/2/2020 - 17:46:34.887Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite_31bf3856ad364e35_7.1.7601.16492_none_21db85c4a137d8d6
12/2/2020 - 17:46:34.887Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite_31bf3856ad364e35_7.1.7601.18946_none_22157276a10bd782
12/2/2020 - 17:46:34.887Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite_31bf3856ad364e35_7.1.7601.18946_none_22157276a10bd782
12/2/2020 - 17:46:34.887Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_6.1.7601.17514_none_ae4f82d4c031a13b
12/2/2020 - 17:46:34.887Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_6.1.7601.17514_none_ae4f82d4c031a13b
12/2/2020 - 17:46:34.981Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:35.75Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directx-rgbrast_31bf3856ad364e35_6.1.7600.16385_none_d04d147c112aeb20
12/2/2020 - 17:46:35.75Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directx-rgbrast_31bf3856ad364e35_6.1.7600.16385_none_d04d147c112aeb20
12/2/2020 - 17:46:35.122Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:35.168Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:35.309Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:35.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directx-warp10_31bf3856ad364e35_7.1.7601.18351_none_39cbca76f855d4a3
12/2/2020 - 17:46:35.403Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directx-warp10_31bf3856ad364e35_7.1.7601.18351_none_39cbca76f855d4a3
12/2/2020 - 17:46:35.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-diskcopy.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cd0f240592535d01
12/2/2020 - 17:46:35.403Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-diskcopy.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cd0f240592535d01
12/2/2020 - 17:46:35.450Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:35.590Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:35.637Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-diskdump_31bf3856ad364e35_6.1.7601.22589_none_c5271196c737b9ac
12/2/2020 - 17:46:35.637Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-diskdump_31bf3856ad364e35_6.1.7601.22589_none_c5271196c737b9ac
12/2/2020 - 17:46:35.637Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-diskpart_31bf3856ad364e35_6.1.7601.17514_none_c6fe6ac9ac8c7105
12/2/2020 - 17:46:35.637Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-diskpart_31bf3856ad364e35_6.1.7601.17514_none_c6fe6ac9ac8c7105
12/2/2020 - 17:46:35.637Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-diskraid_31bf3856ad364e35_6.1.7601.17514_none_c3afa97fae99bbe4
12/2/2020 - 17:46:35.637Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-diskraid_31bf3856ad364e35_6.1.7601.17514_none_c3afa97fae99bbe4
12/2/2020 - 17:46:35.637Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-displayswitch_31bf3856ad364e35_6.1.7600.16385_none_48b6a2a03e2c7b21
12/2/2020 - 17:46:35.637Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-displayswitch_31bf3856ad364e35_6.1.7600.16385_none_48b6a2a03e2c7b21
12/2/2020 - 17:46:35.684Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-displayswitch_31bf3856ad364e35_6.1.7600.16385_none_48b6a2a03e2c7b21
12/2/2020 - 17:46:35.684Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-display_31bf3856ad364e35_6.1.7601.17514_none_b66e6297f95421b9
12/2/2020 - 17:46:35.684Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-display_31bf3856ad364e35_6.1.7601.17514_none_b66e6297f95421b9
12/2/2020 - 17:46:35.778Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:35.950Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:36.90Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:36.184Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dot3gpclient_31bf3856ad364e35_6.1.7600.16385_none_d648d8f4d6289ce9
12/2/2020 - 17:46:36.184Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dot3gpclient_31bf3856ad364e35_6.1.7600.16385_none_d648d8f4d6289ce9
12/2/2020 - 17:46:36.184Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dot3gpui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_797f1fcdc719f88c
12/2/2020 - 17:46:36.184Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dot3gpui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_797f1fcdc719f88c
12/2/2020 - 17:46:36.184Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dot3svc-mof_31bf3856ad364e35_6.1.7601.17514_none_f480a6036336c07e
12/2/2020 - 17:46:36.184Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dot3svc-mof_31bf3856ad364e35_6.1.7601.17514_none_f480a6036336c07e
12/2/2020 - 17:46:36.184Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dot3ui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b7836281bb43a62d
12/2/2020 - 17:46:36.184Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dot3ui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b7836281bb43a62d
12/2/2020 - 17:46:36.184Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dot3ui_31bf3856ad364e35_6.1.7601.17514_none_8707edeb6be1399d
12/2/2020 - 17:46:36.184Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dot3ui_31bf3856ad364e35_6.1.7601.17514_none_8707edeb6be1399d
12/2/2020 - 17:46:36.184Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dpapi-keys.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_467de6beac481066
12/2/2020 - 17:46:36.184Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dpapi-keys.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_467de6beac481066
12/2/2020 - 17:46:36.231Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:36.372Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:36.418Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:36.512Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-driverquery_31bf3856ad364e35_6.1.7600.16385_none_f217bd1caebaa683
12/2/2020 - 17:46:36.512Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-driverquery_31bf3856ad364e35_6.1.7600.16385_none_f217bd1caebaa683
12/2/2020 - 17:46:36.512Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dsquery.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b4a033b1eebe2d5a
12/2/2020 - 17:46:36.512Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dsquery.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b4a033b1eebe2d5a
12/2/2020 - 17:46:36.559Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:36.700Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:36.747Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dumpata_31bf3856ad364e35_6.1.7600.16385_none_c5330fa587ba01cb
12/2/2020 - 17:46:36.747Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dumpata_31bf3856ad364e35_6.1.7600.16385_none_c5330fa587ba01cb
12/2/2020 - 17:46:36.840Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:36.934Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:37.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..-ehchsime.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a8ee3dbfef0d2e09
12/2/2020 - 17:46:37.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..-ehchsime.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a8ee3dbfef0d2e09
12/2/2020 - 17:46:37.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..-mcetuningoverrides_31bf3856ad364e35_6.1.7600.16385_none_2b64302bc8dc3b49
12/2/2020 - 17:46:37.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..-mcetuningoverrides_31bf3856ad364e35_6.1.7600.16385_none_2b64302bc8dc3b49
12/2/2020 - 17:46:37.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..-mcupdate.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_004bba4a83d69bc1
12/2/2020 - 17:46:37.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..-mcupdate.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_004bba4a83d69bc1
12/2/2020 - 17:46:37.75Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:37.215Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:37.262Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..e-devices-netbridge_31bf3856ad364e35_6.1.7601.17514_none_93f3ad825cfa22ce
12/2/2020 - 17:46:37.262Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..e-devices-netbridge_31bf3856ad364e35_6.1.7601.17514_none_93f3ad825cfa22ce
12/2/2020 - 17:46:37.262Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..e-ehrecvr.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ffb73a8d3e9fbb6d
12/2/2020 - 17:46:37.262Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..e-ehrecvr.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ffb73a8d3e9fbb6d
12/2/2020 - 17:46:37.262Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..e-ehsched.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_acc180920edf3240
12/2/2020 - 17:46:37.262Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..e-ehsched.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_acc180920edf3240
12/2/2020 - 17:46:37.356Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:37.403Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:37.497Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..gadgetxml.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_91ec0cfe966035a5
12/2/2020 - 17:46:37.497Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..gadgetxml.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_91ec0cfe966035a5
12/2/2020 - 17:46:37.497Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..iewer-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a6c7d3b81a2ca152
12/2/2020 - 17:46:37.497Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..iewer-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a6c7d3b81a2ca152
12/2/2020 - 17:46:37.497Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:37.637Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:37.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..nt-client.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_437ea5f49507bcb8
12/2/2020 - 17:46:37.731Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..nt-client.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_437ea5f49507bcb8
12/2/2020 - 17:46:37.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..ocol-legacy-schemas_31bf3856ad364e35_6.1.7600.16385_none_1403086062c9f8bf
12/2/2020 - 17:46:37.731Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..ocol-legacy-schemas_31bf3856ad364e35_6.1.7600.16385_none_1403086062c9f8bf
12/2/2020 - 17:46:37.778Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..ocol-legacy-schemas_31bf3856ad364e35_6.1.7600.16385_none_1403086062c9f8bf
12/2/2020 - 17:46:37.778Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..orage-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9a4ca91789edcf05
12/2/2020 - 17:46:37.778Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..orage-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9a4ca91789edcf05
12/2/2020 - 17:46:37.825Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:37.965Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:38.59Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..otocol-host-service_31bf3856ad364e35_6.1.7600.16385_none_e63ed98817cf16b1
12/2/2020 - 17:46:38.59Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..otocol-host-service_31bf3856ad364e35_6.1.7600.16385_none_e63ed98817cf16b1
12/2/2020 - 17:46:38.59Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..rformancemonitoring_31bf3856ad364e35_6.1.7600.16385_none_0d7e44ffcdcf5676
12/2/2020 - 17:46:38.59Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..rformancemonitoring_31bf3856ad364e35_6.1.7600.16385_none_0d7e44ffcdcf5676
12/2/2020 - 17:46:38.59Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..rting-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a786d2d0c7ba7fba
12/2/2020 - 17:46:38.59Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..rting-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a786d2d0c7ba7fba
12/2/2020 - 17:46:38.59Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..t-service.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_fcd5341c37a78e8f
12/2/2020 - 17:46:38.59Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..t-service.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_fcd5341c37a78e8f
12/2/2020 - 17:46:38.106Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:38.247Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:38.293Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..tvratings.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8358aa274f88ac93
12/2/2020 - 17:46:38.293Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..tvratings.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8358aa274f88ac93
12/2/2020 - 17:46:38.293Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eapmethods_31bf3856ad364e35_6.1.7600.16385_none_0280a5f69aef66f7
12/2/2020 - 17:46:38.293Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eapmethods_31bf3856ad364e35_6.1.7600.16385_none_0280a5f69aef66f7
12/2/2020 - 17:46:38.340Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eapmethods_31bf3856ad364e35_6.1.7600.16385_none_0280a5f69aef66f7
12/2/2020 - 17:46:38.340Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-edition-transmogrifier_31bf3856ad364e35_6.1.7601.17514_none_73b6d86e51cdee82
12/2/2020 - 17:46:38.340Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-edition-transmogrifier_31bf3856ad364e35_6.1.7601.17514_none_73b6d86e51cdee82
12/2/2020 - 17:46:38.340Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-efs-rekeywiz.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_16e586d4c0c32194
12/2/2020 - 17:46:38.340Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-efs-rekeywiz.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_16e586d4c0c32194
12/2/2020 - 17:46:38.340Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-efs-util-library_31bf3856ad364e35_6.1.7600.16385_none_a30e530ebc7f9b22
12/2/2020 - 17:46:38.340Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-efs-util-library_31bf3856ad364e35_6.1.7600.16385_none_a30e530ebc7f9b22
12/2/2020 - 17:46:38.434Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:38.481Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:38.622Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:38.668Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.1.7601.17514_none_2c49a970e066e812
12/2/2020 - 17:46:38.668Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.1.7601.17514_none_2c49a970e066e812
12/2/2020 - 17:46:38.668Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-dmrxml_31bf3856ad364e35_6.1.7600.16385_none_9d23d74d960a8256
12/2/2020 - 17:46:38.668Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-dmrxml_31bf3856ad364e35_6.1.7600.16385_none_9d23d74d960a8256
12/2/2020 - 17:46:38.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-dmrxml_31bf3856ad364e35_6.1.7600.16385_none_9d23d74d960a8256
12/2/2020 - 17:46:38.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-disp-calibration_31bf3856ad364e35_6.1.7600.16385_none_3855776f8128d121
12/2/2020 - 17:46:38.715Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-disp-calibration_31bf3856ad364e35_6.1.7600.16385_none_3855776f8128d121
12/2/2020 - 17:46:38.762Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-disp-calibration_31bf3856ad364e35_6.1.7600.16385_none_3855776f8128d121
12/2/2020 - 17:46:38.856Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:38.950Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehcmres_31bf3856ad364e35_6.1.7600.16385_none_931a556b7db95a55
12/2/2020 - 17:46:38.950Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehcmres_31bf3856ad364e35_6.1.7600.16385_none_931a556b7db95a55
12/2/2020 - 17:46:38.950Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehdrop.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d023847b17cf26c6
12/2/2020 - 17:46:38.950Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehdrop.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d023847b17cf26c6
12/2/2020 - 17:46:38.997Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:39.137Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:39.231Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehprivjob_31bf3856ad364e35_6.1.7601.17514_none_53393627486ae37b
12/2/2020 - 17:46:39.231Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehprivjob_31bf3856ad364e35_6.1.7601.17514_none_53393627486ae37b
12/2/2020 - 17:46:39.231Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehshell_31bf3856ad364e35_6.1.7600.16385_none_95955bd51390781b
12/2/2020 - 17:46:39.231Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehshell_31bf3856ad364e35_6.1.7600.16385_none_95955bd51390781b
12/2/2020 - 17:46:39.278Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:39.418Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:39.465Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehsso_31bf3856ad364e35_6.1.7600.16385_none_ac3a9a3e6b4da0cc
12/2/2020 - 17:46:39.465Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehsso_31bf3856ad364e35_6.1.7600.16385_none_ac3a9a3e6b4da0cc
12/2/2020 - 17:46:39.465Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehtray_31bf3856ad364e35_6.1.7601.17514_none_88ff132e83a8a275
12/2/2020 - 17:46:39.465Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehtray_31bf3856ad364e35_6.1.7601.17514_none_88ff132e83a8a275
12/2/2020 - 17:46:39.465Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.1.7601.17514_none_a98ec3ba6b5b3e54
12/2/2020 - 17:46:39.465Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.1.7601.17514_none_a98ec3ba6b5b3e54
12/2/2020 - 17:46:39.559Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:39.700Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:39.747Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:39.793Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:39.840Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-mcplayer_31bf3856ad364e35_6.1.7601.17514_none_c1bb5f0dce81d663
12/2/2020 - 17:46:39.840Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-mcplayer_31bf3856ad364e35_6.1.7601.17514_none_c1bb5f0dce81d663
12/2/2020 - 17:46:39.840Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-msdri_31bf3856ad364e35_6.1.7601.17514_none_c42ec687fee190a5
12/2/2020 - 17:46:39.840Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-msdri_31bf3856ad364e35_6.1.7601.17514_none_c42ec687fee190a5
12/2/2020 - 17:46:39.840Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-mstvcapn_31bf3856ad364e35_6.1.7601.17715_none_b877d5d511220d81
12/2/2020 - 17:46:39.840Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-mstvcapn_31bf3856ad364e35_6.1.7601.17715_none_b877d5d511220d81
12/2/2020 - 17:46:39.934Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:40.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-encryptfilesonmove-adm_31bf3856ad364e35_6.1.7600.16385_none_0f3bfe2038024204
12/2/2020 - 17:46:40.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-encryptfilesonmove-adm_31bf3856ad364e35_6.1.7600.16385_none_0f3bfe2038024204
12/2/2020 - 17:46:40.75Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:40.215Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:40.309Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-es-authentication_31bf3856ad364e35_6.1.7600.16385_none_9db1ae483049e160
12/2/2020 - 17:46:40.309Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-es-authentication_31bf3856ad364e35_6.1.7600.16385_none_9db1ae483049e160
12/2/2020 - 17:46:40.356Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:40.497Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:40.543Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_6.1.7600.16385_none_1cc9274696810e2f
12/2/2020 - 17:46:40.543Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_6.1.7600.16385_none_1cc9274696810e2f
12/2/2020 - 17:46:40.637Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:40.778Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:40.825Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eventlog_31bf3856ad364e35_6.1.7601.17514_none_3aea61892978b9c5
12/2/2020 - 17:46:40.825Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eventlog_31bf3856ad364e35_6.1.7601.17514_none_3aea61892978b9c5
12/2/2020 - 17:46:40.825Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eventviewer-adm_31bf3856ad364e35_6.1.7600.16385_none_72dbabfca80278e2
12/2/2020 - 17:46:40.825Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eventviewer-adm_31bf3856ad364e35_6.1.7600.16385_none_72dbabfca80278e2
12/2/2020 - 17:46:40.825Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eventviewer_31bf3856ad364e35_6.1.7601.23259_none_cc744f6bcbf3e9d6
12/2/2020 - 17:46:40.825Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eventviewer_31bf3856ad364e35_6.1.7601.23259_none_cc744f6bcbf3e9d6
12/2/2020 - 17:46:40.825Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-exfat_31bf3856ad364e35_6.1.7600.16385_none_b15bd0bb32dc99fb
12/2/2020 - 17:46:40.825Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-exfat_31bf3856ad364e35_6.1.7600.16385_none_b15bd0bb32dc99fb
12/2/2020 - 17:46:40.965Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:41.12Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:41.106Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..-truetype-cordianew_31bf3856ad364e35_6.1.7600.16385_none_de85488c0241f96e
12/2/2020 - 17:46:41.106Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..-truetype-cordianew_31bf3856ad364e35_6.1.7600.16385_none_de85488c0241f96e
12/2/2020 - 17:46:41.153Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..-truetype-cordianew_31bf3856ad364e35_6.1.7600.16385_none_de85488c0241f96e
12/2/2020 - 17:46:41.153Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..-truetype-dokchampa_31bf3856ad364e35_6.1.7601.17514_none_afa74777185b3852
12/2/2020 - 17:46:41.153Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..-truetype-dokchampa_31bf3856ad364e35_6.1.7601.17514_none_afa74777185b3852
12/2/2020 - 17:46:41.153Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:41.293Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:41.387Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..ager-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b1ae19ff8e79de86
12/2/2020 - 17:46:41.387Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..ager-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b1ae19ff8e79de86
12/2/2020 - 17:46:41.387Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..allconfig-installer_31bf3856ad364e35_6.1.7600.16385_none_731e1fe6187914ea
12/2/2020 - 17:46:41.387Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..allconfig-installer_31bf3856ad364e35_6.1.7600.16385_none_731e1fe6187914ea
12/2/2020 - 17:46:41.387Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_6.1.7601.17514_none_d71fb1d63f05ef22
12/2/2020 - 17:46:41.387Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_6.1.7601.17514_none_d71fb1d63f05ef22
12/2/2020 - 17:46:41.434Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_6.1.7601.17514_none_d71fb1d63f05ef22
12/2/2020 - 17:46:41.434Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_6.1.7601.17559_none_d6f973983f21dd99
12/2/2020 - 17:46:41.434Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_6.1.7601.17559_none_d6f973983f21dd99
12/2/2020 - 17:46:41.481Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_6.1.7601.17559_none_d6f973983f21dd99\FXSCOVER.exe
12/2/2020 - 17:46:41.481Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_6.1.7601.17559_none_d6f973983f21dd99\FXSCOVER.exe
12/2/2020 - 17:46:41.481Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_6.1.7601.17559_none_d6f973983f21dd99\FXSCOVER.exe
12/2/2020 - 17:46:41.481Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_6.1.7601.17559_none_d6f973983f21dd99\FXSCOVER.exe
12/2/2020 - 17:46:41.481Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_6.1.7601.17559_none_d6f973983f21dd99
12/2/2020 - 17:46:41.528Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:41.668Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:41.762Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..e-sakkalmajallabold_31bf3856ad364e35_6.1.7600.16385_none_48cbf868d7b65eee
12/2/2020 - 17:46:41.762Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..e-sakkalmajallabold_31bf3856ad364e35_6.1.7600.16385_none_48cbf868d7b65eee
12/2/2020 - 17:46:41.762Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..ependencyminifilter_31bf3856ad364e35_6.1.7601.17514_none_8878ff5a9e1a8a48
12/2/2020 - 17:46:41.762Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..ependencyminifilter_31bf3856ad364e35_6.1.7601.17514_none_8878ff5a9e1a8a48
12/2/2020 - 17:46:41.762Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:41.903Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:41.997Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..mutilityntfslibrary_31bf3856ad364e35_6.1.7601.17514_none_5ce9bd3c0a8cb522
12/2/2020 - 17:46:41.997Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..mutilityntfslibrary_31bf3856ad364e35_6.1.7601.17514_none_5ce9bd3c0a8cb522
12/2/2020 - 17:46:41.997Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..mutilityudfslibrary_31bf3856ad364e35_6.1.7600.16385_none_47b58277763a90ff
12/2/2020 - 17:46:41.997Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..mutilityudfslibrary_31bf3856ad364e35_6.1.7600.16385_none_47b58277763a90ff
12/2/2020 - 17:46:41.997Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..opycompareutilities_31bf3856ad364e35_6.1.7600.16385_none_3575d2dc8edf4a22
12/2/2020 - 17:46:41.997Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..opycompareutilities_31bf3856ad364e35_6.1.7600.16385_none_3575d2dc8edf4a22
12/2/2020 - 17:46:41.997Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..overy-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ab44a9d559a8747b
12/2/2020 - 17:46:41.997Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..overy-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ab44a9d559a8747b
12/2/2020 - 17:46:41.997Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..pe-estrangeloedessa_31bf3856ad364e35_6.1.7600.16385_none_58a3b21a93a6012d
12/2/2020 - 17:46:41.997Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..pe-estrangeloedessa_31bf3856ad364e35_6.1.7600.16385_none_58a3b21a93a6012d
12/2/2020 - 17:46:41.997Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..pe-malgungothicbold_31bf3856ad364e35_6.1.7600.16385_none_41783c072f347b6d
12/2/2020 - 17:46:41.997Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..pe-malgungothicbold_31bf3856ad364e35_6.1.7600.16385_none_41783c072f347b6d
12/2/2020 - 17:46:42.43Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:42.90Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:42.231Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:42.278Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..ruetype-new_tai_lue_31bf3856ad364e35_6.1.7600.16385_none_325f57c8c0ee36a8
12/2/2020 - 17:46:42.278Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..ruetype-new_tai_lue_31bf3856ad364e35_6.1.7600.16385_none_325f57c8c0ee36a8
12/2/2020 - 17:46:42.278Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..temutilitylibraries_31bf3856ad364e35_6.1.7601.17514_none_47bc5d47064ce3d9
12/2/2020 - 17:46:42.278Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..temutilitylibraries_31bf3856ad364e35_6.1.7601.17514_none_47bc5d47064ce3d9
12/2/2020 - 17:46:42.325Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:42.465Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:42.512Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..truetype-jasmineupc_31bf3856ad364e35_6.1.7600.16385_none_fffdf1db5de6d26d
12/2/2020 - 17:46:42.512Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..truetype-jasmineupc_31bf3856ad364e35_6.1.7600.16385_none_fffdf1db5de6d26d
12/2/2020 - 17:46:42.559Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..truetype-jasmineupc_31bf3856ad364e35_6.1.7600.16385_none_fffdf1db5de6d26d
12/2/2020 - 17:46:42.559Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..type-franklingothic_31bf3856ad364e35_6.1.7600.16385_none_e64fc709d20b9685
12/2/2020 - 17:46:42.559Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..type-franklingothic_31bf3856ad364e35_6.1.7600.16385_none_e64fc709d20b9685
12/2/2020 - 17:46:42.653Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:42.793Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:42.840Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-fat_31bf3856ad364e35_6.1.7600.16385_none_0aa81d2771152f86
12/2/2020 - 17:46:42.840Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-fat_31bf3856ad364e35_6.1.7600.16385_none_0aa81d2771152f86
12/2/2020 - 17:46:42.934Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:43.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-fdeploy-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8f568f65db7451e5
12/2/2020 - 17:46:43.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-fdeploy-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8f568f65db7451e5
12/2/2020 - 17:46:43.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-fdeploy-adm_31bf3856ad364e35_6.1.7600.16385_none_12a79dbfde8042f1
12/2/2020 - 17:46:43.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-fdeploy-adm_31bf3856ad364e35_6.1.7600.16385_none_12a79dbfde8042f1
12/2/2020 - 17:46:43.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-fdeploy.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6b2b909dc2921b28
12/2/2020 - 17:46:43.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-fdeploy.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6b2b909dc2921b28
12/2/2020 - 17:46:43.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-fdeploy_31bf3856ad364e35_6.1.7601.17514_none_3ddb97ac675ddf20
12/2/2020 - 17:46:43.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-fdeploy_31bf3856ad364e35_6.1.7601.17514_none_3ddb97ac675ddf20
12/2/2020 - 17:46:43.75Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:43.215Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:43.262Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:43.403Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:43.543Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:43.590Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-bitmap-vgaoem_31bf3856ad364e35_6.1.7600.16385_none_73966d7b932081de
12/2/2020 - 17:46:43.590Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-bitmap-vgaoem_31bf3856ad364e35_6.1.7600.16385_none_73966d7b932081de
12/2/2020 - 17:46:43.590Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_fi-fi_bfb240270a830f20
12/2/2020 - 17:46:43.590Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_fi-fi_bfb240270a830f20
12/2/2020 - 17:46:43.684Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:43.825Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:43.872Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_he-il_0263a9e00522c0ca
12/2/2020 - 17:46:43.872Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_he-il_0263a9e00522c0ca
12/2/2020 - 17:46:43.872Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_it-it_0d9eaf338e48b7ba
12/2/2020 - 17:46:43.872Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_it-it_0d9eaf338e48b7ba
12/2/2020 - 17:46:43.872Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_40835b7502551707
12/2/2020 - 17:46:43.872Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_40835b7502551707
12/2/2020 - 17:46:43.872Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3633f737d77726d0
12/2/2020 - 17:46:43.872Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3633f737d77726d0
12/2/2020 - 17:46:44.12Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:44.106Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_cd6ac2d832b4b50e
12/2/2020 - 17:46:44.106Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_cd6ac2d832b4b50e
12/2/2020 - 17:46:44.106Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_tr-tr_d9aa4695bb90c9dc
12/2/2020 - 17:46:44.106Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_tr-tr_d9aa4695bb90c9dc
12/2/2020 - 17:46:44.153Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:44.293Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:44.340Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:44.434Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.1.7601.17514_none_d0a9759ec3fa9e2d
12/2/2020 - 17:46:44.434Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.1.7601.17514_none_d0a9759ec3fa9e2d
12/2/2020 - 17:46:44.481Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.1.7601.17514_none_d0a9759ec3fa9e2d
12/2/2020 - 17:46:44.481Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-calibri_31bf3856ad364e35_6.1.7600.16385_none_469b1ef409759322
12/2/2020 - 17:46:44.481Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-calibri_31bf3856ad364e35_6.1.7600.16385_none_469b1ef409759322
12/2/2020 - 17:46:44.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-calibri_31bf3856ad364e35_6.1.7600.16385_none_469b1ef409759322
12/2/2020 - 17:46:44.575Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:44.715Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:44.762Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-daunpenh_31bf3856ad364e35_6.1.7601.17514_none_65eab3ba3a64f6af
12/2/2020 - 17:46:44.762Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-daunpenh_31bf3856ad364e35_6.1.7601.17514_none_65eab3ba3a64f6af
12/2/2020 - 17:46:44.762Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-david_31bf3856ad364e35_6.1.7600.16385_none_b50b10afa0728978
12/2/2020 - 17:46:44.762Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-david_31bf3856ad364e35_6.1.7600.16385_none_b50b10afa0728978
12/2/2020 - 17:46:44.762Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-ebrima_31bf3856ad364e35_6.1.7600.16385_none_2a70c05575ba0bb8
12/2/2020 - 17:46:44.762Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-ebrima_31bf3856ad364e35_6.1.7600.16385_none_2a70c05575ba0bb8
12/2/2020 - 17:46:44.762Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-euphemia_31bf3856ad364e35_6.1.7600.16385_none_14191eff72a98c54
12/2/2020 - 17:46:44.762Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-euphemia_31bf3856ad364e35_6.1.7600.16385_none_14191eff72a98c54
12/2/2020 - 17:46:44.762Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-gisha_31bf3856ad364e35_6.1.7600.16385_none_9cb7ddca79444d70
12/2/2020 - 17:46:44.762Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-gisha_31bf3856ad364e35_6.1.7600.16385_none_9cb7ddca79444d70
12/2/2020 - 17:46:44.856Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:44.950Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-irisupc_31bf3856ad364e35_6.1.7600.16385_none_2449677664faf8df
12/2/2020 - 17:46:44.950Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-irisupc_31bf3856ad364e35_6.1.7600.16385_none_2449677664faf8df
12/2/2020 - 17:46:44.997Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-irisupc_31bf3856ad364e35_6.1.7600.16385_none_2449677664faf8df
12/2/2020 - 17:46:44.997Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-mangal_31bf3856ad364e35_6.1.7601.17514_none_125c068ced09fd34
12/2/2020 - 17:46:44.997Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-mangal_31bf3856ad364e35_6.1.7601.17514_none_125c068ced09fd34
12/2/2020 - 17:46:45.43Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:45.184Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:45.231Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-miriam_31bf3856ad364e35_6.1.7600.16385_none_7b7a9e11df9f30a1
12/2/2020 - 17:46:45.231Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-miriam_31bf3856ad364e35_6.1.7600.16385_none_7b7a9e11df9f30a1
12/2/2020 - 17:46:45.231Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-nyala_31bf3856ad364e35_6.1.7600.16385_none_11cc5af51bce7775
12/2/2020 - 17:46:45.231Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-nyala_31bf3856ad364e35_6.1.7600.16385_none_11cc5af51bce7775
12/2/2020 - 17:46:45.231Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-raavi_31bf3856ad364e35_6.1.7600.16385_none_a2d43ed8e3097243
12/2/2020 - 17:46:45.231Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-raavi_31bf3856ad364e35_6.1.7600.16385_none_a2d43ed8e3097243
12/2/2020 - 17:46:45.231Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_6.1.7600.16385_none_2cb0f5602bedb50f
12/2/2020 - 17:46:45.231Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_6.1.7600.16385_none_2cb0f5602bedb50f
12/2/2020 - 17:46:45.278Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_6.1.7600.16385_none_2cb0f5602bedb50f
12/2/2020 - 17:46:45.372Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:45.512Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-simhei_31bf3856ad364e35_6.1.7600.16385_none_501ca8058dc5e9fb
12/2/2020 - 17:46:45.512Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-simhei_31bf3856ad364e35_6.1.7600.16385_none_501ca8058dc5e9fb
12/2/2020 - 17:46:45.512Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-simkai_31bf3856ad364e35_6.1.7600.16385_none_4e5646f58eea24c2
12/2/2020 - 17:46:45.512Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-simkai_31bf3856ad364e35_6.1.7600.16385_none_4e5646f58eea24c2
12/2/2020 - 17:46:45.512Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-symbol_31bf3856ad364e35_6.1.7600.16385_none_2b1957ff6a01d63e
12/2/2020 - 17:46:45.512Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-symbol_31bf3856ad364e35_6.1.7600.16385_none_2b1957ff6a01d63e
12/2/2020 - 17:46:45.512Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-tahoma_31bf3856ad364e35_6.1.7601.17621_none_8de4a1378b4dcecd
12/2/2020 - 17:46:45.512Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-tahoma_31bf3856ad364e35_6.1.7601.17621_none_8de4a1378b4dcecd
12/2/2020 - 17:46:45.512Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:45.559Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:45.700Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:45.793Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-tahoma_31bf3856ad364e35_6.1.7601.22739_none_8e6b599ea46c6ee1
12/2/2020 - 17:46:45.793Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-tahoma_31bf3856ad364e35_6.1.7601.22739_none_8e6b599ea46c6ee1
12/2/2020 - 17:46:45.793Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-verdana_31bf3856ad364e35_6.1.7601.17514_none_1c9f288f15cd6e81
12/2/2020 - 17:46:45.793Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-verdana_31bf3856ad364e35_6.1.7601.17514_none_1c9f288f15cd6e81
12/2/2020 - 17:46:45.840Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-verdana_31bf3856ad364e35_6.1.7601.17514_none_1c9f288f15cd6e81
12/2/2020 - 17:46:45.840Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-vijaya_31bf3856ad364e35_6.1.7601.17514_none_44db357a5c7540d8
12/2/2020 - 17:46:45.840Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-vijaya_31bf3856ad364e35_6.1.7601.17514_none_44db357a5c7540d8
12/2/2020 - 17:46:45.840Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-webdings_31bf3856ad364e35_6.1.7600.16385_none_0afbb87eda82d5dd
12/2/2020 - 17:46:45.840Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-webdings_31bf3856ad364e35_6.1.7600.16385_none_0afbb87eda82d5dd
12/2/2020 - 17:46:45.934Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:46.75Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:46.122Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-forfiles.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_363ff22c7096007b
12/2/2020 - 17:46:46.122Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-forfiles.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_363ff22c7096007b
12/2/2020 - 17:46:46.215Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:46.356Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:46.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ftp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6fafec39264f69b9
12/2/2020 - 17:46:46.403Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ftp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6fafec39264f69b9
12/2/2020 - 17:46:46.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g...scrptadm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_682607ddbf47daac
12/2/2020 - 17:46:46.403Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g...scrptadm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_682607ddbf47daac
12/2/2020 - 17:46:46.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..acheclean-lithuania_31bf3856ad364e35_6.1.7601.22919_none_32924e9c785abcce
12/2/2020 - 17:46:46.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..acheclean-lithuania_31bf3856ad364e35_6.1.7601.22919_none_32924e9c785abcce\cleanupusercurrency.exe
12/2/2020 - 17:46:46.450Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..acheclean-lithuania_31bf3856ad364e35_6.1.7601.22919_none_32924e9c785abcce\cleanupusercurrency.execleanupusercurrency.exe
12/2/2020 - 17:46:46.450Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..acheclean-lithuania_31bf3856ad364e35_6.1.7601.22919_none_32924e9c785abcce\cleanupusercurrency.exe
12/2/2020 - 17:46:46.450Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..acheclean-lithuania_31bf3856ad364e35_6.1.7601.22919_none_32924e9c785abcce\cleanupusercurrency.exe
12/2/2020 - 17:46:46.450Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..acheclean-lithuania_31bf3856ad364e35_6.1.7601.22919_none_32924e9c785abcce\cleanupusercurrency.exe
12/2/2020 - 17:46:46.450Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..acheclean-lithuania_31bf3856ad364e35_6.1.7601.22919_none_32924e9c785abcce
12/2/2020 - 17:46:46.497Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:46.637Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:46.684Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:46.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..decacheclean-canada_31bf3856ad364e35_6.1.7601.18355_none_a6c2580338911f55
12/2/2020 - 17:46:46.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..decacheclean-canada_31bf3856ad364e35_6.1.7601.18355_none_a6c2580338911f55\cleanupintlcache.exe
12/2/2020 - 17:46:46.731Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..decacheclean-canada_31bf3856ad364e35_6.1.7601.18355_none_a6c2580338911f55\cleanupintlcache.execleanupintlcache.exe
12/2/2020 - 17:46:46.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..decacheclean-canada_31bf3856ad364e35_6.1.7601.18355_none_a6c2580338911f55\cleanupintlcache.exe
12/2/2020 - 17:46:46.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..decacheclean-canada_31bf3856ad364e35_6.1.7601.18355_none_a6c2580338911f55\cleanupintlcache.exe
12/2/2020 - 17:46:46.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..decacheclean-canada_31bf3856ad364e35_6.1.7601.18355_none_a6c2580338911f55\cleanupintlcache.exe
12/2/2020 - 17:46:46.731Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..decacheclean-canada_31bf3856ad364e35_6.1.7601.18355_none_a6c2580338911f55
12/2/2020 - 17:46:46.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..decacheclean-canada_31bf3856ad364e35_6.1.7601.18528_none_a6e5cc71387611d5
12/2/2020 - 17:46:46.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..decacheclean-canada_31bf3856ad364e35_6.1.7601.18528_none_a6e5cc71387611d5\cleanupintlcache.exe
12/2/2020 - 17:46:46.731Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..decacheclean-canada_31bf3856ad364e35_6.1.7601.18528_none_a6e5cc71387611d5\cleanupintlcache.execleanupintlcache.exe
12/2/2020 - 17:46:46.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..decacheclean-canada_31bf3856ad364e35_6.1.7601.18528_none_a6e5cc71387611d5\cleanupintlcache.exe
12/2/2020 - 17:46:46.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..decacheclean-canada_31bf3856ad364e35_6.1.7601.18528_none_a6e5cc71387611d5\cleanupintlcache.exe
12/2/2020 - 17:46:46.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..decacheclean-canada_31bf3856ad364e35_6.1.7601.18528_none_a6e5cc71387611d5\cleanupintlcache.exe
12/2/2020 - 17:46:46.731Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..decacheclean-canada_31bf3856ad364e35_6.1.7601.18528_none_a6e5cc71387611d5
12/2/2020 - 17:46:46.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_dd989f723fc773af
12/2/2020 - 17:46:46.731Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_dd989f723fc773af
12/2/2020 - 17:46:46.778Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_dd989f723fc773af
12/2/2020 - 17:46:46.778Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17
12/2/2020 - 17:46:46.778Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17
12/2/2020 - 17:46:46.825Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17
12/2/2020 - 17:46:46.918Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:47.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..in-appmgr.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3f1caa543ace4eec
12/2/2020 - 17:46:47.12Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..in-appmgr.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3f1caa543ace4eec
12/2/2020 - 17:46:47.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..it-snapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0870d4d156ba0246
12/2/2020 - 17:46:47.12Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..it-snapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0870d4d156ba0246
12/2/2020 - 17:46:47.59Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:47.153Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:47.293Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..linetools.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f1a3fed32cc77498
12/2/2020 - 17:46:47.293Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..linetools.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f1a3fed32cc77498
12/2/2020 - 17:46:47.340Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..linetools.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f1a3fed32cc77498
12/2/2020 - 17:46:47.340Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_43d249d90a8ac4ec
12/2/2020 - 17:46:47.340Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_43d249d90a8ac4ec
12/2/2020 - 17:46:47.340Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.1.7600.16385_none_ddc3da0b75baa7e0
12/2/2020 - 17:46:47.340Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.1.7600.16385_none_ddc3da0b75baa7e0
12/2/2020 - 17:46:47.340Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75
12/2/2020 - 17:46:47.340Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75
12/2/2020 - 17:46:47.387Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75
12/2/2020 - 17:46:47.434Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75
12/2/2020 - 17:46:47.481Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75
12/2/2020 - 17:46:47.528Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75
12/2/2020 - 17:46:47.575Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75
12/2/2020 - 17:46:47.575Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..policy-admin-gpedit_31bf3856ad364e35_6.1.7600.16385_none_2a271e3c7e986f2c
12/2/2020 - 17:46:47.575Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..policy-admin-gpedit_31bf3856ad364e35_6.1.7600.16385_none_2a271e3c7e986f2c
12/2/2020 - 17:46:47.575Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_6.1.7600.16385_none_975df0a6f5a54628
12/2/2020 - 17:46:47.575Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_6.1.7600.16385_none_975df0a6f5a54628
12/2/2020 - 17:46:47.575Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:47.715Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:47.809Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..validatefntcache-02_31bf3856ad364e35_6.1.7601.17621_none_a6f11fcb312ed12d
12/2/2020 - 17:46:47.809Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..validatefntcache-02_31bf3856ad364e35_6.1.7601.17621_none_a6f11fcb312ed12d
12/2/2020 - 17:46:47.809Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..validatefntcache-03_31bf3856ad364e35_6.1.7600.17057_none_a4e55ed934239d78
12/2/2020 - 17:46:47.809Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..validatefntcache-03_31bf3856ad364e35_6.1.7600.17057_none_a4e55ed934239d78
12/2/2020 - 17:46:47.809Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..validatefntcache-03_31bf3856ad364e35_6.1.7601.17888_none_a6ac762931614073
12/2/2020 - 17:46:47.809Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..validatefntcache-03_31bf3856ad364e35_6.1.7601.17888_none_a6ac762931614073\invalidateFntcache.exe
12/2/2020 - 17:46:47.856Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..validatefntcache-03_31bf3856ad364e35_6.1.7601.17888_none_a6ac762931614073\invalidateFntcache.exeinvalidateFntcache.exe
12/2/2020 - 17:46:47.856Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..validatefntcache-03_31bf3856ad364e35_6.1.7601.17888_none_a6ac762931614073\invalidateFntcache.exe
12/2/2020 - 17:46:47.856Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..validatefntcache-03_31bf3856ad364e35_6.1.7601.17888_none_a6ac762931614073\invalidateFntcache.exe
12/2/2020 - 17:46:47.856Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..validatefntcache-03_31bf3856ad364e35_6.1.7601.17888_none_a6ac762931614073\invalidateFntcache.exe
12/2/2020 - 17:46:47.856Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..validatefntcache-03_31bf3856ad364e35_6.1.7601.17888_none_a6ac762931614073
12/2/2020 - 17:46:47.856Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..validatefntcache-03_31bf3856ad364e35_6.1.7601.22045_none_a75e29e84a6157b6
12/2/2020 - 17:46:47.856Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..validatefntcache-03_31bf3856ad364e35_6.1.7601.22045_none_a75e29e84a6157b6
12/2/2020 - 17:46:47.903Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:48.43Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:48.90Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:48.137Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:48.184Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gacinstaller_1122334455667788_6.1.7600.16385_none_fd533d0655fd0449
12/2/2020 - 17:46:48.184Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gacinstaller_1122334455667788_6.1.7600.16385_none_fd533d0655fd0449
12/2/2020 - 17:46:48.278Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:48.418Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:48.465Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.23149_none_086715528a579b5c
12/2/2020 - 17:46:48.465Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.23149_none_086715528a579b5c
12/2/2020 - 17:46:48.512Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.23149_none_086715528a579b5c
12/2/2020 - 17:46:48.606Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:48.747Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:48.793Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-getmac.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_169c41df232a438c
12/2/2020 - 17:46:48.793Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-getmac.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_169c41df232a438c
12/2/2020 - 17:46:48.793Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gettingstarted_31bf3856ad364e35_6.1.7600.16385_none_dc7256ed0ded6c12
12/2/2020 - 17:46:48.793Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gettingstarted_31bf3856ad364e35_6.1.7600.16385_none_dc7256ed0ded6c12
12/2/2020 - 17:46:48.793Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-grouppolicy-base-mof_31bf3856ad364e35_6.1.7600.16385_none_4eb927112be23dff
12/2/2020 - 17:46:48.793Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-grouppolicy-base-mof_31bf3856ad364e35_6.1.7600.16385_none_4eb927112be23dff
12/2/2020 - 17:46:48.887Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:48.981Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-grouppolicy-base_31bf3856ad364e35_6.1.7601.23452_none_86a5927916e2461a
12/2/2020 - 17:46:48.981Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-grouppolicy-base_31bf3856ad364e35_6.1.7601.23452_none_86a5927916e2461a
12/2/2020 - 17:46:48.981Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-grouppolicy-license_31bf3856ad364e35_6.1.7600.16385_none_91d5eda96e27b8a8
12/2/2020 - 17:46:48.981Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-grouppolicy-license_31bf3856ad364e35_6.1.7600.16385_none_91d5eda96e27b8a8
12/2/2020 - 17:46:48.981Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-grpconv_31bf3856ad364e35_6.1.7600.16385_none_fe7d1685575edfa6
12/2/2020 - 17:46:48.981Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-grpconv_31bf3856ad364e35_6.1.7600.16385_none_fe7d1685575edfa6
12/2/2020 - 17:46:48.981Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..-blutooth.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ef273be08cf99a62
12/2/2020 - 17:46:48.981Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..-blutooth.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ef273be08cf99a62
12/2/2020 - 17:46:48.981Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:49.122Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:49.215Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..ctivation.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_59bb7ae952eba065
12/2/2020 - 17:46:49.215Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..ctivation.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_59bb7ae952eba065
12/2/2020 - 17:46:49.215Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..datalayer.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_596a0a23fc44c05c
12/2/2020 - 17:46:49.215Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..datalayer.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_596a0a23fc44c05c
12/2/2020 - 17:46:49.262Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:49.309Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:49.450Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:49.543Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:49.684Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:49.778Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..statement.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_8ff3ae0680d65a31
12/2/2020 - 17:46:49.778Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..statement.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_8ff3ae0680d65a31
12/2/2020 - 17:46:49.778Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0b95f202f201ea4d
12/2/2020 - 17:46:49.778Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0b95f202f201ea4d
12/2/2020 - 17:46:49.778Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-healthcenter.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4caf22d17d3fbad2
12/2/2020 - 17:46:49.778Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-healthcenter.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4caf22d17d3fbad2
12/2/2020 - 17:46:49.825Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:49.965Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:50.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-app3rd.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b3bad7ed9f324d4f
12/2/2020 - 17:46:50.12Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-app3rd.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b3bad7ed9f324d4f
12/2/2020 - 17:46:50.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-articon.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_64c0d782a6d552b3
12/2/2020 - 17:46:50.12Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-articon.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_64c0d782a6d552b3
12/2/2020 - 17:46:50.106Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:50.247Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:50.293Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:50.340Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-basics.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a098d2f6cf58aa52
12/2/2020 - 17:46:50.340Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-basics.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a098d2f6cf58aa52
12/2/2020 - 17:46:50.434Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:50.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-client_31bf3856ad364e35_6.1.7600.16385_none_c80d81c947c7b794
12/2/2020 - 17:46:50.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-client_31bf3856ad364e35_6.1.7600.16385_none_c80d81c947c7b794
12/2/2020 - 17:46:50.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-efs.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7cdf1630ae0efc15
12/2/2020 - 17:46:50.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-efs.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7cdf1630ae0efc15
12/2/2020 - 17:46:50.575Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:50.715Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:50.762Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-helpcins_31bf3856ad364e35_6.1.7601.17514_none_ee4731f0b3e39e23
12/2/2020 - 17:46:50.762Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-helpcins_31bf3856ad364e35_6.1.7601.17514_none_ee4731f0b3e39e23
12/2/2020 - 17:46:50.762Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-helpplc.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1c46555bc85686c7
12/2/2020 - 17:46:50.762Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-helpplc.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1c46555bc85686c7
12/2/2020 - 17:46:50.809Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:50.950Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:51.59Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-license.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b1831b571bd8003c
12/2/2020 - 17:46:51.59Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-license.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b1831b571bd8003c
12/2/2020 - 17:46:51.59Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-mail.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ab7a647edb68914c
12/2/2020 - 17:46:51.59Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-mail.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ab7a647edb68914c
12/2/2020 - 17:46:51.59Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-mobile.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_522423fd8058c7ff
12/2/2020 - 17:46:51.59Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-mobile.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_522423fd8058c7ff
12/2/2020 - 17:46:51.122Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:51.262Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:51.309Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:51.356Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-netw.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_004d473962d12059
12/2/2020 - 17:46:51.356Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-netw.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_004d473962d12059
12/2/2020 - 17:46:51.356Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-perf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_90953e1bf411839c
12/2/2020 - 17:46:51.356Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-perf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_90953e1bf411839c
12/2/2020 - 17:46:51.450Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:51.543Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-presset.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_50de558a7282943b
12/2/2020 - 17:46:51.543Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-presset.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_50de558a7282943b
12/2/2020 - 17:46:51.543Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-rdb.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1a36186897e9e3f1
12/2/2020 - 17:46:51.543Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-rdb.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1a36186897e9e3f1
12/2/2020 - 17:46:51.543Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-restore.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4339a246872ae923
12/2/2020 - 17:46:51.543Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-restore.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4339a246872ae923
12/2/2020 - 17:46:51.543Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:51.684Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:51.778Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-secpol.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8f245fc739256fad
12/2/2020 - 17:46:51.778Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-secpol.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8f245fc739256fad
12/2/2020 - 17:46:51.778Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-storagelayer_31bf3856ad364e35_6.1.7600.16385_none_3a92179d1e7ea21d
12/2/2020 - 17:46:51.778Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-storagelayer_31bf3856ad364e35_6.1.7600.16385_none_3a92179d1e7ea21d
12/2/2020 - 17:46:51.778Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-tablet.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6c5449b7ed653947
12/2/2020 - 17:46:51.778Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-tablet.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6c5449b7ed653947
12/2/2020 - 17:46:51.825Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:51.965Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:52.59Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-wasw.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_80a93fe93d0da087
12/2/2020 - 17:46:52.59Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-wasw.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_80a93fe93d0da087
12/2/2020 - 17:46:52.59Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-wnewue.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ea4a9ddddfdd87a6
12/2/2020 - 17:46:52.59Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-wnewue.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ea4a9ddddfdd87a6
12/2/2020 - 17:46:52.59Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-hid-user_31bf3856ad364e35_6.1.7600.16385_none_32a13a14a11faede
12/2/2020 - 17:46:52.59Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-hid-user_31bf3856ad364e35_6.1.7600.16385_none_32a13a14a11faede
12/2/2020 - 17:46:52.106Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:52.247Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:52.293Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-htmlhelp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_12df6ed3076ce2ef
12/2/2020 - 17:46:52.293Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-htmlhelp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_12df6ed3076ce2ef
12/2/2020 - 17:46:52.387Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-htmlhelp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_12df6ed3076ce2ef
12/2/2020 - 17:46:52.481Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:52.528Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:52.668Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..-nlsbuild.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d42032e9145f9353
12/2/2020 - 17:46:52.668Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..-nlsbuild.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d42032e9145f9353
12/2/2020 - 17:46:52.668Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..-platform.resources_31bf3856ad364e35_11.2.9600.16428_en-us_adec71edafb3cadb
12/2/2020 - 17:46:52.668Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..-platform.resources_31bf3856ad364e35_11.2.9600.16428_en-us_adec71edafb3cadb
12/2/2020 - 17:46:52.668Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..-service-mmc-snapin_31bf3856ad364e35_6.1.7600.16385_none_76a3e7136851eccf
12/2/2020 - 17:46:52.668Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..-service-mmc-snapin_31bf3856ad364e35_6.1.7600.16385_none_76a3e7136851eccf
12/2/2020 - 17:46:52.668Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:52.809Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:52.903Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_8.0.7600.16385_none_7f263a8951bc5a48
12/2/2020 - 17:46:52.903Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_8.0.7600.16385_none_7f263a8951bc5a48\SetIEInstalledDate.exe
12/2/2020 - 17:46:52.903Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_8.0.7600.16385_none_7f263a8951bc5a48\SetIEInstalledDate.exeSetIEInstalledDate.exe
12/2/2020 - 17:46:52.903Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_8.0.7600.16385_none_7f263a8951bc5a48\SetIEInstalledDate.exe
12/2/2020 - 17:46:52.903Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_8.0.7600.16385_none_7f263a8951bc5a48\SetIEInstalledDate.exe
12/2/2020 - 17:46:52.903Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_8.0.7600.16385_none_7f263a8951bc5a48\SetIEInstalledDate.exe
12/2/2020 - 17:46:52.903Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_8.0.7600.16385_none_7f263a8951bc5a48
12/2/2020 - 17:46:52.903Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:53.43Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:53.137Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..converter.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_c359fa71567a65ae
12/2/2020 - 17:46:53.137Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..converter.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_c359fa71567a65ae
12/2/2020 - 17:46:53.184Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:53.356Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:53.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..e-defaultcasingfile_31bf3856ad364e35_6.1.7600.16385_none_d004485fa93c407a
12/2/2020 - 17:46:53.403Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..e-defaultcasingfile_31bf3856ad364e35_6.1.7600.16385_none_d004485fa93c407a
12/2/2020 - 17:46:53.450Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:53.497Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:53.637Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:53.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_da-dk_ff2b8a4884ab92de
12/2/2020 - 17:46:53.731Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_da-dk_ff2b8a4884ab92de
12/2/2020 - 17:46:53.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_47cac8606858fb44
12/2/2020 - 17:46:53.731Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_47cac8606858fb44
12/2/2020 - 17:46:53.778Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:53.918Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:53.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_it-it_31f2bea73f8ae0c2
12/2/2020 - 17:46:53.965Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_it-it_31f2bea73f8ae0c2
12/2/2020 - 17:46:53.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_lv-lv_1c1ab4ee16bcc640
12/2/2020 - 17:46:53.965Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_lv-lv_1c1ab4ee16bcc640
12/2/2020 - 17:46:53.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_nb-no_60149b9dfd3be56f
12/2/2020 - 17:46:53.965Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_nb-no_60149b9dfd3be56f
12/2/2020 - 17:46:54.12Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:54.153Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:54.200Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_sv-se_8a63f7a6bd8df93f
12/2/2020 - 17:46:54.200Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_sv-se_8a63f7a6bd8df93f
12/2/2020 - 17:46:54.200Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_tr-tr_337141edac49fb30
12/2/2020 - 17:46:54.200Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_tr-tr_337141edac49fb30
12/2/2020 - 17:46:54.200Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_zh-cn_04ce5feb5c81cd4f
12/2/2020 - 17:46:54.200Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_zh-cn_04ce5feb5c81cd4f
12/2/2020 - 17:46:54.200Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..escriptdetectiondll_31bf3856ad364e35_6.1.7600.16385_none_7ee0a08eb1402461
12/2/2020 - 17:46:54.200Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..escriptdetectiondll_31bf3856ad364e35_6.1.7600.16385_none_7ee0a08eb1402461
12/2/2020 - 17:46:54.293Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:54.387Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17691_none_7aff72f3c2dd2c7d
12/2/2020 - 17:46:54.387Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17691_none_7aff72f3c2dd2c7d\iexplore.exe
12/2/2020 - 17:46:54.387Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17691_none_7aff72f3c2dd2c7d\iexplore.exe
12/2/2020 - 17:46:54.387Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17691_none_7aff72f3c2dd2c7d\iexplore.exe
12/2/2020 - 17:46:54.387Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17691_none_7aff72f3c2dd2c7d\iexplore.exe
12/2/2020 - 17:46:54.387Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17691_none_7aff72f3c2dd2c7d
12/2/2020 - 17:46:54.387Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..favorites.resources_31bf3856ad364e35_11.2.9600.16428_en-us_735452c879aa5274
12/2/2020 - 17:46:54.387Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..favorites.resources_31bf3856ad364e35_11.2.9600.16428_en-us_735452c879aa5274
12/2/2020 - 17:46:54.387Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..favorites.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_74f0894ce65e5013
12/2/2020 - 17:46:54.387Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..favorites.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_74f0894ce65e5013
12/2/2020 - 17:46:54.387Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..favorites.resources_31bf3856ad364e35_11.2.9600.18349_pt-br_74fd46d0e6547abf
12/2/2020 - 17:46:54.387Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..favorites.resources_31bf3856ad364e35_11.2.9600.18349_pt-br_74fd46d0e6547abf
12/2/2020 - 17:46:54.434Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:54.481Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:54.575Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:54.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..filercore.resources_31bf3856ad364e35_8.0.7600.16385_en-us_da378a9384df5433
12/2/2020 - 17:46:54.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..filercore.resources_31bf3856ad364e35_8.0.7600.16385_en-us_da378a9384df5433
12/2/2020 - 17:46:54.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.1.7600.16385_none_39dd2292c22c1d9e
12/2/2020 - 17:46:54.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.1.7600.16385_none_39dd2292c22c1d9e
12/2/2020 - 17:46:54.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.1.7601.17514_none_fdf0304032171a90
12/2/2020 - 17:46:54.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.1.7601.17514_none_fdf0304032171a90
12/2/2020 - 17:46:54.715Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:54.856Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:54.950Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_523e72fe4adcd1e6
12/2/2020 - 17:46:54.950Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_523e72fe4adcd1e6
12/2/2020 - 17:46:54.997Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_523e72fe4adcd1e6
12/2/2020 - 17:46:54.997Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ingconfig.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c8a3adb16c567736
12/2/2020 - 17:46:54.997Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ingconfig.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c8a3adb16c567736
12/2/2020 - 17:46:54.997Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..integration-support_31bf3856ad364e35_6.1.7600.16385_none_8429bbdebd38db4a
12/2/2020 - 17:46:54.997Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..integration-support_31bf3856ad364e35_6.1.7600.16385_none_8429bbdebd38db4a
12/2/2020 - 17:46:55.43Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..integration-support_31bf3856ad364e35_6.1.7600.16385_none_8429bbdebd38db4a
12/2/2020 - 17:46:55.43Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1140_31bf3856ad364e35_6.1.7600.16385_none_7d2cc8c1248fcdc7
12/2/2020 - 17:46:55.43Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1140_31bf3856ad364e35_6.1.7600.16385_none_7d2cc8c1248fcdc7
12/2/2020 - 17:46:55.90Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:55.184Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:55.278Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1141_31bf3856ad364e35_6.1.7600.16385_none_7d9e4fef2446d24e
12/2/2020 - 17:46:55.278Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1141_31bf3856ad364e35_6.1.7600.16385_none_7d9e4fef2446d24e
12/2/2020 - 17:46:55.278Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1142_31bf3856ad364e35_6.1.7600.16385_none_7e0fd71d23fdd6d5
12/2/2020 - 17:46:55.278Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1142_31bf3856ad364e35_6.1.7600.16385_none_7e0fd71d23fdd6d5
12/2/2020 - 17:46:55.278Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1145_31bf3856ad364e35_6.1.7600.16385_none_7f646ca72322e46a
12/2/2020 - 17:46:55.278Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1145_31bf3856ad364e35_6.1.7600.16385_none_7f646ca72322e46a
12/2/2020 - 17:46:55.278Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1149_31bf3856ad364e35_6.1.7600.16385_none_812a895f21fef686
12/2/2020 - 17:46:55.278Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1149_31bf3856ad364e35_6.1.7600.16385_none_812a895f21fef686
12/2/2020 - 17:46:55.325Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:55.465Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:55.512Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:55.559Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:55.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1255_31bf3856ad364e35_6.1.7600.16385_none_7f65562923221762
12/2/2020 - 17:46:55.606Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1255_31bf3856ad364e35_6.1.7600.16385_none_7f65562923221762
12/2/2020 - 17:46:55.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1256_31bf3856ad364e35_6.1.7600.16385_none_7fd6dd5722d91be9
12/2/2020 - 17:46:55.606Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1256_31bf3856ad364e35_6.1.7600.16385_none_7fd6dd5722d91be9
12/2/2020 - 17:46:55.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..isapifilterbinaries_31bf3856ad364e35_6.1.7600.16385_none_c88e1b5552ce33ba
12/2/2020 - 17:46:55.606Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..isapifilterbinaries_31bf3856ad364e35_6.1.7600.16385_none_c88e1b5552ce33ba
12/2/2020 - 17:46:55.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.1.7601.17514_none_3899b0ad2bb77a86
12/2/2020 - 17:46:55.606Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.1.7601.17514_none_3899b0ad2bb77a86
12/2/2020 - 17:46:55.653Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.1.7601.17514_none_3899b0ad2bb77a86
12/2/2020 - 17:46:55.747Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:55.840Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:55.981Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000401_31bf3856ad364e35_6.1.7600.16385_none_433715f27de8c031
12/2/2020 - 17:46:55.981Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000401_31bf3856ad364e35_6.1.7600.16385_none_433715f27de8c031
12/2/2020 - 17:46:55.981Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000407_31bf3856ad364e35_6.1.7600.16385_none_45e041067c32db5b
12/2/2020 - 17:46:55.981Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000407_31bf3856ad364e35_6.1.7600.16385_none_45e041067c32db5b
12/2/2020 - 17:46:56.28Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:56.168Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:56.215Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000419_31bf3856ad364e35_6.1.7600.16385_none_46c3389a7ba0fe0a
12/2/2020 - 17:46:56.215Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000419_31bf3856ad364e35_6.1.7600.16385_none_46c3389a7ba0fe0a
12/2/2020 - 17:46:56.215Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000041d_31bf3856ad364e35_6.1.7600.16385_none_59d4ed546f5ec0b7
12/2/2020 - 17:46:56.215Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000041d_31bf3856ad364e35_6.1.7600.16385_none_59d4ed546f5ec0b7
12/2/2020 - 17:46:56.215Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000041e_31bf3856ad364e35_6.1.7600.16385_none_5a4674826f15c53e
12/2/2020 - 17:46:56.215Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000041e_31bf3856ad364e35_6.1.7600.16385_none_5a4674826f15c53e
12/2/2020 - 17:46:56.309Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:56.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000422_31bf3856ad364e35_6.1.7600.16385_none_43a86f907d9ff7fa
12/2/2020 - 17:46:56.403Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000422_31bf3856ad364e35_6.1.7600.16385_none_43a86f907d9ff7fa
12/2/2020 - 17:46:56.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000428_31bf3856ad364e35_6.1.7601.17514_none_4882ae6c78d896be
12/2/2020 - 17:46:56.403Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000428_31bf3856ad364e35_6.1.7601.17514_none_4882ae6c78d896be
12/2/2020 - 17:46:56.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000429_31bf3856ad364e35_6.1.7600.16385_none_46c321d27ba117ab
12/2/2020 - 17:46:56.403Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000429_31bf3856ad364e35_6.1.7600.16385_none_46c321d27ba117ab
12/2/2020 - 17:46:56.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000042a_31bf3856ad364e35_6.1.7600.16385_none_588041027039ccc3
12/2/2020 - 17:46:56.403Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000042a_31bf3856ad364e35_6.1.7600.16385_none_588041027039ccc3
12/2/2020 - 17:46:56.403Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:56.543Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:56.590Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:56.684Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000042f_31bf3856ad364e35_6.1.7600.16385_none_5ab7e4e86ecce366
12/2/2020 - 17:46:56.684Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000042f_31bf3856ad364e35_6.1.7600.16385_none_5ab7e4e86ecce366
12/2/2020 - 17:46:56.684Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000438_31bf3856ad364e35_6.1.7600.16385_none_465183dc7bea2cc5
12/2/2020 - 17:46:56.684Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000438_31bf3856ad364e35_6.1.7600.16385_none_465183dc7bea2cc5
12/2/2020 - 17:46:56.684Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000439_31bf3856ad364e35_6.1.7600.16385_none_46c30b0a7ba1314c
12/2/2020 - 17:46:56.684Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000439_31bf3856ad364e35_6.1.7600.16385_none_46c30b0a7ba1314c
12/2/2020 - 17:46:56.684Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000442_31bf3856ad364e35_6.1.7601.17514_none_45d955c87a8eaed6
12/2/2020 - 17:46:56.684Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000442_31bf3856ad364e35_6.1.7601.17514_none_45d955c87a8eaed6
12/2/2020 - 17:46:56.731Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:56.872Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:56.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000449_31bf3856ad364e35_6.1.7601.17514_none_48f4080a788fce87
12/2/2020 - 17:46:56.965Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000449_31bf3856ad364e35_6.1.7601.17514_none_48f4080a788fce87
12/2/2020 - 17:46:56.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000044b_31bf3856ad364e35_6.1.7601.17514_none_5b22ae686cdf8826
12/2/2020 - 17:46:56.965Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000044b_31bf3856ad364e35_6.1.7601.17514_none_5b22ae686cdf8826
12/2/2020 - 17:46:56.965Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:57.106Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:57.200Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000046d_31bf3856ad364e35_6.1.7601.22739_none_5c7e78b78577319d
12/2/2020 - 17:46:57.200Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000046d_31bf3856ad364e35_6.1.7601.22739_none_5c7e78b78577319d
12/2/2020 - 17:46:57.247Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:57.387Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:57.434Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000488_31bf3856ad364e35_6.1.7600.16385_none_465111f47beaacea
12/2/2020 - 17:46:57.434Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000488_31bf3856ad364e35_6.1.7600.16385_none_465111f47beaacea
12/2/2020 - 17:46:57.481Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:57.528Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:57.668Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:57.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000850_31bf3856ad364e35_6.1.7600.16385_none_42c91e047e2ea12b
12/2/2020 - 17:46:57.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000850_31bf3856ad364e35_6.1.7600.16385_none_42c91e047e2ea12b
12/2/2020 - 17:46:57.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000c1a_31bf3856ad364e35_6.1.7600.16385_none_58af6560700f5a1b
12/2/2020 - 17:46:57.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000c1a_31bf3856ad364e35_6.1.7600.16385_none_58af6560700f5a1b
12/2/2020 - 17:46:57.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00001009_31bf3856ad364e35_6.1.7600.16385_none_46b47e4e7bac9afe
12/2/2020 - 17:46:57.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00001009_31bf3856ad364e35_6.1.7600.16385_none_46b47e4e7bac9afe
12/2/2020 - 17:46:57.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000201a_31bf3856ad364e35_6.1.7600.16385_none_5866b6ca704d85a8
12/2/2020 - 17:46:57.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000201a_31bf3856ad364e35_6.1.7600.16385_none_5866b6ca704d85a8
12/2/2020 - 17:46:57.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010407_31bf3856ad364e35_6.1.7601.17514_none_eb2f98d76bb27c2e
12/2/2020 - 17:46:57.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010407_31bf3856ad364e35_6.1.7601.17514_none_eb2f98d76bb27c2e
12/2/2020 - 17:46:57.809Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:57.950Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:57.997Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010418_31bf3856ad364e35_6.1.7600.16385_none_e96ff5756e7b16bc
12/2/2020 - 17:46:57.997Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010418_31bf3856ad364e35_6.1.7600.16385_none_e96ff5756e7b16bc
12/2/2020 - 17:46:57.997Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010419_31bf3856ad364e35_6.1.7601.18528_none_ec0baadf6b2539cb
12/2/2020 - 17:46:57.997Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010419_31bf3856ad364e35_6.1.7601.18528_none_ec0baadf6b2539cb
12/2/2020 - 17:46:57.997Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0001041b_31bf3856ad364e35_6.1.7600.16385_none_fc1023016281d4e2
12/2/2020 - 17:46:57.997Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0001041b_31bf3856ad364e35_6.1.7600.16385_none_fc1023016281d4e2
12/2/2020 - 17:46:58.43Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:58.184Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0001043c_31bf3856ad364e35_6.1.7600.16385_none_fc817c9f62390cab
12/2/2020 - 17:46:58.184Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0001043c_31bf3856ad364e35_6.1.7600.16385_none_fc817c9f62390cab
12/2/2020 - 17:46:58.184Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:58.325Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:58.418Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00020409_31bf3856ad364e35_6.1.7600.16385_none_8cffd77460c31edb
12/2/2020 - 17:46:58.418Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00020409_31bf3856ad364e35_6.1.7600.16385_none_8cffd77460c31edb
12/2/2020 - 17:46:58.418Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0002041e_31bf3856ad364e35_6.1.7600.16385_none_a082fc945437ffb0
12/2/2020 - 17:46:58.418Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0002041e_31bf3856ad364e35_6.1.7600.16385_none_a082fc945437ffb0
12/2/2020 - 17:46:58.465Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:58.512Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:58.606Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:58.700Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0002083b_31bf3856ad364e35_6.1.7600.16385_none_9f323aa2550f8ab9
12/2/2020 - 17:46:58.700Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0002083b_31bf3856ad364e35_6.1.7600.16385_none_9f323aa2550f8ab9
12/2/2020 - 17:46:58.700Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00050408_31bf3856ad364e35_6.1.7601.17514_none_781a302935adf599
12/2/2020 - 17:46:58.700Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00050408_31bf3856ad364e35_6.1.7601.17514_none_781a302935adf599
12/2/2020 - 17:46:58.747Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:58.887Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:58.981Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_50d1cf4f1b2e14c3
12/2/2020 - 17:46:58.981Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_50d1cf4f1b2e14c3
12/2/2020 - 17:46:58.981Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..mentation.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_fc43f497db6b619a
12/2/2020 - 17:46:58.981Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..mentation.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_fc43f497db6b619a
12/2/2020 - 17:46:59.28Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:59.122Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:59.215Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..nal-core-locale-nls_31bf3856ad364e35_6.1.7601.18015_none_c8df164cbfe48d47
12/2/2020 - 17:46:59.215Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..nal-core-locale-nls_31bf3856ad364e35_6.1.7601.18015_none_c8df164cbfe48d47
12/2/2020 - 17:46:59.215Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..nal-core-locale-nls_31bf3856ad364e35_6.1.7601.18355_none_c8b3dc4ec004f480
12/2/2020 - 17:46:59.215Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..nal-core-locale-nls_31bf3856ad364e35_6.1.7601.18355_none_c8b3dc4ec004f480
12/2/2020 - 17:46:59.215Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..nal-core-locale-nls_31bf3856ad364e35_6.1.7601.22739_none_c9571fcbd90eb939
12/2/2020 - 17:46:59.215Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..nal-core-locale-nls_31bf3856ad364e35_6.1.7601.22739_none_c9571fcbd90eb939
12/2/2020 - 17:46:59.262Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:59.403Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:59.450Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:59.497Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ngsupport.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_af0ed1b6791d1c4b
12/2/2020 - 17:46:59.497Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ngsupport.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_af0ed1b6791d1c4b
12/2/2020 - 17:46:59.497Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ntconsole.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ecfed8f3ac09428f
12/2/2020 - 17:46:59.497Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ntconsole.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ecfed8f3ac09428f
12/2/2020 - 17:46:59.590Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:59.684Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:59.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..odepage-57002-57011_31bf3856ad364e35_6.1.7601.17514_none_97919e55eef2d736
12/2/2020 - 17:46:59.731Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..odepage-57002-57011_31bf3856ad364e35_6.1.7601.17514_none_97919e55eef2d736
12/2/2020 - 17:46:59.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..odepage-iso2022core_31bf3856ad364e35_6.1.7600.16385_none_bc1ef2b789f7bb65
12/2/2020 - 17:46:59.731Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..odepage-iso2022core_31bf3856ad364e35_6.1.7600.16385_none_bc1ef2b789f7bb65
12/2/2020 - 17:46:59.825Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:46:59.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-10006_31bf3856ad364e35_6.1.7600.16385_none_7fed1a82e27e9570
12/2/2020 - 17:46:59.965Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-10006_31bf3856ad364e35_6.1.7600.16385_none_7fed1a82e27e9570
12/2/2020 - 17:46:59.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-10010_31bf3856ad364e35_6.1.7600.16385_none_809f8138e204f251
12/2/2020 - 17:46:59.965Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-10010_31bf3856ad364e35_6.1.7600.16385_none_809f8138e204f251
12/2/2020 - 17:46:59.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-10017_31bf3856ad364e35_6.1.7600.16385_none_8053d1c4e23db5e8
12/2/2020 - 17:46:59.965Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-10017_31bf3856ad364e35_6.1.7600.16385_none_8053d1c4e23db5e8
12/2/2020 - 17:46:59.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20002_31bf3856ad364e35_6.1.7600.16385_none_ad832f27004e05fb
12/2/2020 - 17:46:59.965Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20002_31bf3856ad364e35_6.1.7600.16385_none_ad832f27004e05fb
12/2/2020 - 17:46:59.965Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:0.106Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:0.200Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20003_31bf3856ad364e35_6.1.7600.16385_none_ad785f3b005621ec
12/2/2020 - 17:47:0.200Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20003_31bf3856ad364e35_6.1.7600.16385_none_ad785f3b005621ec
12/2/2020 - 17:47:0.200Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20261_31bf3856ad364e35_6.1.7600.16385_none_b036fc96fe903876
12/2/2020 - 17:47:0.200Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20261_31bf3856ad364e35_6.1.7600.16385_none_b036fc96fe903876
12/2/2020 - 17:47:0.200Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20273_31bf3856ad364e35_6.1.7600.16385_none_b092e3ecfe5774df
12/2/2020 - 17:47:0.200Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20273_31bf3856ad364e35_6.1.7600.16385_none_b092e3ecfe5774df
12/2/2020 - 17:47:0.200Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:0.340Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:0.387Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:0.481Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20423_31bf3856ad364e35_6.1.7600.16385_none_ae5b1276ffc4917e
12/2/2020 - 17:47:0.481Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20423_31bf3856ad364e35_6.1.7600.16385_none_ae5b1276ffc4917e
12/2/2020 - 17:47:0.481Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20833_31bf3856ad364e35_6.1.7600.16385_none_aecc3e84ff7bfc89
12/2/2020 - 17:47:0.481Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20833_31bf3856ad364e35_6.1.7600.16385_none_aecc3e84ff7bfc89
12/2/2020 - 17:47:0.481Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20838_31bf3856ad364e35_6.1.7600.16385_none_ae962ee8ffa4883e
12/2/2020 - 17:47:0.481Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20838_31bf3856ad364e35_6.1.7600.16385_none_ae962ee8ffa4883e
12/2/2020 - 17:47:0.481Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20866_31bf3856ad364e35_6.1.7600.16385_none_b000644afeb95df1
12/2/2020 - 17:47:0.481Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20866_31bf3856ad364e35_6.1.7600.16385_none_b000644afeb95df1
12/2/2020 - 17:47:0.528Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:0.668Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:0.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-21027_31bf3856ad364e35_6.1.7600.16385_none_ae312e30ffe3b415
12/2/2020 - 17:47:0.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-21027_31bf3856ad364e35_6.1.7600.16385_none_ae312e30ffe3b415
12/2/2020 - 17:47:0.762Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:0.950Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:1.43Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-28599_31bf3856ad364e35_6.1.7600.16385_none_b13cd0b8fdef3d2e
12/2/2020 - 17:47:1.43Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-28599_31bf3856ad364e35_6.1.7600.16385_none_b13cd0b8fdef3d2e
12/2/2020 - 17:47:1.43Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-keyboard-kbdcr_31bf3856ad364e35_6.1.7600.16385_none_d2b65c87335d3038
12/2/2020 - 17:47:1.43Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-keyboard-kbdcr_31bf3856ad364e35_6.1.7600.16385_none_d2b65c87335d3038
12/2/2020 - 17:47:1.43Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-keyboard-kbdsf_31bf3856ad364e35_6.1.7601.17514_none_dc81a23f2b5aacf6
12/2/2020 - 17:47:1.43Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-keyboard-kbdsf_31bf3856ad364e35_6.1.7601.17514_none_dc81a23f2b5aacf6
12/2/2020 - 17:47:1.43Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-keyboard-kbdus_31bf3856ad364e35_6.1.7601.17514_none_dcd8219f2b322141
12/2/2020 - 17:47:1.43Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-keyboard-kbdus_31bf3856ad364e35_6.1.7601.17514_none_dcd8219f2b322141
12/2/2020 - 17:47:1.90Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:1.231Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:1.278Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..otmailapi.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0133233f627b01e9
12/2/2020 - 17:47:1.278Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..otmailapi.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0133233f627b01e9
12/2/2020 - 17:47:1.325Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:1.372Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:1.512Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:1.559Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..resources.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_1f6079f7995b15b7
12/2/2020 - 17:47:1.559Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..resources.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_1f6079f7995b15b7
12/2/2020 - 17:47:1.559Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..resources.resources_31bf3856ad364e35_11.2.9600.17691_en-us_1db646ff2cb04b1b
12/2/2020 - 17:47:1.559Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..resources.resources_31bf3856ad364e35_11.2.9600.17691_en-us_1db646ff2cb04b1b
12/2/2020 - 17:47:1.559Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..resources.resources_31bf3856ad364e35_11.2.9600.18349_en-us_1dd100f72c9d42c4
12/2/2020 - 17:47:1.559Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..resources.resources_31bf3856ad364e35_11.2.9600.18349_en-us_1dd100f72c9d42c4
12/2/2020 - 17:47:1.606Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:1.700Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..riptcollectionagent_31bf3856ad364e35_11.2.9600.18349_none_982b189fadcec773
12/2/2020 - 17:47:1.700Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..riptcollectionagent_31bf3856ad364e35_11.2.9600.18349_none_982b189fadcec773
12/2/2020 - 17:47:1.700Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..rityzones.resources_31bf3856ad364e35_11.2.9600.17691_en-us_50cbc839f690ccf3
12/2/2020 - 17:47:1.700Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..rityzones.resources_31bf3856ad364e35_11.2.9600.17691_en-us_50cbc839f690ccf3
12/2/2020 - 17:47:1.747Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:1.840Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:1.981Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7601.23418_none_73fac87c394bd93e
12/2/2020 - 17:47:1.981Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7601.23418_none_73fac87c394bd93e
12/2/2020 - 17:47:1.981Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:2.122Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:2.262Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:2.309Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:2.356Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:2.403Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:2.497Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:2.590Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-708_31bf3856ad364e35_6.1.7600.16385_none_2ae246a0b4dfd97e
12/2/2020 - 17:47:2.590Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-708_31bf3856ad364e35_6.1.7600.16385_none_2ae246a0b4dfd97e
12/2/2020 - 17:47:2.637Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:2.778Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:2.825Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-863_31bf3856ad364e35_6.1.7600.16385_none_2addea58b4e20d54
12/2/2020 - 17:47:2.825Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-863_31bf3856ad364e35_6.1.7600.16385_none_2addea58b4e20d54
12/2/2020 - 17:47:2.825Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-864_31bf3856ad364e35_6.1.7600.16385_none_2addd390b4e226f5
12/2/2020 - 17:47:2.825Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-864_31bf3856ad364e35_6.1.7600.16385_none_2addd390b4e226f5
12/2/2020 - 17:47:2.825Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-869_31bf3856ad364e35_6.1.7600.16385_none_2add61a8b4e2a71a
12/2/2020 - 17:47:2.825Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-869_31bf3856ad364e35_6.1.7600.16385_none_2add61a8b4e2a71a
12/2/2020 - 17:47:2.918Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:3.12Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:3.106Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-936_31bf3856ad364e35_6.1.7600.16385_none_2acfd536b4ed2a23
12/2/2020 - 17:47:3.106Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-936_31bf3856ad364e35_6.1.7600.16385_none_2acfd536b4ed2a23
12/2/2020 - 17:47:3.153Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:3.293Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_34c62a595889f9a3
12/2/2020 - 17:47:3.293Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_34c62a595889f9a3
12/2/2020 - 17:47:3.293Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..uestmonitorbinaries_31bf3856ad364e35_6.1.7600.16385_none_94602ba97f30f087
12/2/2020 - 17:47:3.293Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..uestmonitorbinaries_31bf3856ad364e35_6.1.7600.16385_none_94602ba97f30f087
12/2/2020 - 17:47:3.293Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:3.340Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:3.481Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:3.575Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-identitycrl_31bf3856ad364e35_6.1.7600.16385_none_ad82c592580f75ca
12/2/2020 - 17:47:3.575Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-identitycrl_31bf3856ad364e35_6.1.7600.16385_none_ad82c592580f75ca
12/2/2020 - 17:47:3.622Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-identitycrl_31bf3856ad364e35_6.1.7600.16385_none_ad82c592580f75ca
12/2/2020 - 17:47:3.668Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:3.809Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:3.903Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_11.2.9600.17691_none_dddb2cf180d5f0e2
12/2/2020 - 17:47:3.903Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_11.2.9600.17691_none_dddb2cf180d5f0e2
12/2/2020 - 17:47:3.903Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_11.2.9600.18349_none_ddf5e6e980c2e88b
12/2/2020 - 17:47:3.903Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_11.2.9600.18349_none_ddf5e6e980c2e88b
12/2/2020 - 17:47:3.950Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:4.90Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:4.137Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-controls_31bf3856ad364e35_11.2.9600.16428_none_ac386af86500ea73
12/2/2020 - 17:47:4.137Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-controls_31bf3856ad364e35_11.2.9600.16428_none_ac386af86500ea73
12/2/2020 - 17:47:4.137Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-datacontrol_31bf3856ad364e35_11.2.9600.16428_none_f65e3bf8b537d64a
12/2/2020 - 17:47:4.137Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-datacontrol_31bf3856ad364e35_11.2.9600.16428_none_f65e3bf8b537d64a
12/2/2020 - 17:47:4.231Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:4.372Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_11.2.9600.18349_none_7a2a1fa196a86eb9
12/2/2020 - 17:47:4.372Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_11.2.9600.18349_none_7a2a1fa196a86eb9
12/2/2020 - 17:47:4.372Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-eula.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_240120e039af66d2
12/2/2020 - 17:47:4.372Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-eula.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_240120e039af66d2
12/2/2020 - 17:47:4.372Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-f12-provider_31bf3856ad364e35_11.2.9600.17691_none_bd863b4a7e96dd03
12/2/2020 - 17:47:4.372Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-f12-provider_31bf3856ad364e35_11.2.9600.17691_none_bd863b4a7e96dd03
12/2/2020 - 17:47:4.372Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-f12-provider_31bf3856ad364e35_11.2.9600.18349_none_bda0f5427e83d4ac
12/2/2020 - 17:47:4.372Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-f12-provider_31bf3856ad364e35_11.2.9600.18349_none_bda0f5427e83d4ac
12/2/2020 - 17:47:4.372Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:4.512Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:4.559Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:4.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-f12resources_31bf3856ad364e35_11.2.9600.17691_none_64b482b3224e765a
12/2/2020 - 17:47:4.653Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-f12resources_31bf3856ad364e35_11.2.9600.17691_none_64b482b3224e765a
12/2/2020 - 17:47:4.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-f12tools_31bf3856ad364e35_11.2.9600.18349_none_6ba40f5aa6255387
12/2/2020 - 17:47:4.653Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-f12tools_31bf3856ad364e35_11.2.9600.18349_none_6ba40f5aa6255387
12/2/2020 - 17:47:4.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-f12_31bf3856ad364e35_11.2.9600.18349_none_d0180bd0fd673a64
12/2/2020 - 17:47:4.653Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-f12_31bf3856ad364e35_11.2.9600.18349_none_d0180bd0fd673a64
12/2/2020 - 17:47:4.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_11.2.9600.18349_none_424a5ade4f7ac0f0
12/2/2020 - 17:47:4.653Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_11.2.9600.18349_none_424a5ade4f7ac0f0
12/2/2020 - 17:47:4.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.7601.17514_none_d8c6d6f2c817e75c
12/2/2020 - 17:47:4.653Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.7601.17514_none_d8c6d6f2c817e75c
12/2/2020 - 17:47:4.700Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:4.840Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:4.934Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-feedsbs.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_c0c55dfed59d599b
12/2/2020 - 17:47:4.934Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-feedsbs.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_c0c55dfed59d599b
12/2/2020 - 17:47:4.981Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-feedsbs.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_c0c55dfed59d599b
12/2/2020 - 17:47:4.981Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7601.17514_none_752e3bb068638683
12/2/2020 - 17:47:4.981Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7601.17514_none_752e3bb068638683
12/2/2020 - 17:47:5.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7601.17514_none_752e3bb068638683
12/2/2020 - 17:47:5.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_8.0.7600.16385_none_d009281f9a108e04
12/2/2020 - 17:47:5.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_8.0.7600.16385_none_d009281f9a108e04
12/2/2020 - 17:47:5.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_11.2.9600.16428_none_4d6fc2f29c6937c6
12/2/2020 - 17:47:5.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_11.2.9600.16428_none_4d6fc2f29c6937c6
12/2/2020 - 17:47:5.75Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:5.215Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:5.262Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-htmlediting_31bf3856ad364e35_11.2.9600.18349_none_2a8cb9f958692146
12/2/2020 - 17:47:5.262Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-htmlediting_31bf3856ad364e35_11.2.9600.18349_none_2a8cb9f958692146
12/2/2020 - 17:47:5.262Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-htmlediting_31bf3856ad364e35_8.0.7601.17514_none_c109360dd10647b2
12/2/2020 - 17:47:5.262Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-htmlediting_31bf3856ad364e35_8.0.7601.17514_none_c109360dd10647b2
12/2/2020 - 17:47:5.262Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.7601.17514_none_19cfd51cbe8ba697
12/2/2020 - 17:47:5.262Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.7601.17514_none_19cfd51cbe8ba697
12/2/2020 - 17:47:5.356Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:5.497Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-iediag_31bf3856ad364e35_11.2.9600.16428_none_f937400aa65f97cc
12/2/2020 - 17:47:5.497Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-iediag_31bf3856ad364e35_11.2.9600.16428_none_f937400aa65f97cc
12/2/2020 - 17:47:5.497Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:5.637Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:5.684Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:5.778Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-iexpress.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_9bd0f516223a3618
12/2/2020 - 17:47:5.778Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-iexpress.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_9bd0f516223a3618
12/2/2020 - 17:47:5.825Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-iexpress.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_9bd0f516223a3618
12/2/2020 - 17:47:5.825Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.2.9600.17691_none_11ab16a32f15e572
12/2/2020 - 17:47:5.825Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.2.9600.17691_none_11ab16a32f15e572
12/2/2020 - 17:47:5.872Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.2.9600.17691_none_11ab16a32f15e572
12/2/2020 - 17:47:5.872Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.2.9600.18349_none_11c5d09b2f02dd1b
12/2/2020 - 17:47:5.872Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.2.9600.18349_none_11c5d09b2f02dd1b
12/2/2020 - 17:47:5.918Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.2.9600.18349_none_11c5d09b2f02dd1b\ieUnatt.exe
12/2/2020 - 17:47:5.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.2.9600.18349_none_11c5d09b2f02dd1b\ieUnatt.exe
12/2/2020 - 17:47:5.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.2.9600.18349_none_11c5d09b2f02dd1b\ieUnatt.exe
12/2/2020 - 17:47:5.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.2.9600.18349_none_11c5d09b2f02dd1b\ieUnatt.exe
12/2/2020 - 17:47:5.965Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.2.9600.18349_none_11c5d09b2f02dd1b
12/2/2020 - 17:47:6.12Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:6.153Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:6.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-jsprofilerui_31bf3856ad364e35_11.2.9600.17691_none_d5481041e34a5c36
12/2/2020 - 17:47:6.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-jsprofilerui_31bf3856ad364e35_11.2.9600.17691_none_d5481041e34a5c36
12/2/2020 - 17:47:6.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-networkinspection_31bf3856ad364e35_11.2.9600.18349_none_57605afb6904fdff
12/2/2020 - 17:47:6.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-networkinspection_31bf3856ad364e35_11.2.9600.18349_none_57605afb6904fdff
12/2/2020 - 17:47:6.293Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:6.434Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:6.481Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-ratings.resources_31bf3856ad364e35_11.2.9600.16428_en-us_3c143fa39ed4f150
12/2/2020 - 17:47:6.481Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-ratings.resources_31bf3856ad364e35_11.2.9600.16428_en-us_3c143fa39ed4f150
12/2/2020 - 17:47:6.481Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.17691_none_29ecc0f3a19b94ec
12/2/2020 - 17:47:6.481Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.17691_none_29ecc0f3a19b94ec
12/2/2020 - 17:47:6.575Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:6.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7601.17514_none_c083f7001a25b301
12/2/2020 - 17:47:6.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7601.17514_none_c083f7001a25b301
12/2/2020 - 17:47:6.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-setup_31bf3856ad364e35_11.2.9600.16428_none_7b966eb45cd67ee4
12/2/2020 - 17:47:6.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-setup_31bf3856ad364e35_11.2.9600.16428_none_7b966eb45cd67ee4
12/2/2020 - 17:47:6.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-setup_31bf3856ad364e35_11.2.9600.18349_none_7ba32c385ccca990
12/2/2020 - 17:47:6.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-setup_31bf3856ad364e35_11.2.9600.18349_none_7ba32c385ccca990
12/2/2020 - 17:47:6.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.7600.16385_none_924152af4aaf8557
12/2/2020 - 17:47:6.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.7600.16385_none_924152af4aaf8557
12/2/2020 - 17:47:6.715Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:6.856Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:6.950Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-timeline_is_31bf3856ad364e35_11.2.9600.18349_none_5c39d59bde91689d
12/2/2020 - 17:47:6.950Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-timeline_is_31bf3856ad364e35_11.2.9600.18349_none_5c39d59bde91689d
12/2/2020 - 17:47:6.997Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-timeline_is_31bf3856ad364e35_11.2.9600.18349_none_5c39d59bde91689d
12/2/2020 - 17:47:6.997Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-vgx_31bf3856ad364e35_8.0.7600.16385_none_63e64a49796df6a6
12/2/2020 - 17:47:6.997Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-vgx_31bf3856ad364e35_8.0.7600.16385_none_63e64a49796df6a6
12/2/2020 - 17:47:6.997Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ieframe.resources_31bf3856ad364e35_11.2.9600.17691_en-us_720f5ecae2c5bb91
12/2/2020 - 17:47:6.997Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ieframe.resources_31bf3856ad364e35_11.2.9600.17691_en-us_720f5ecae2c5bb91
12/2/2020 - 17:47:7.43Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ieframe.resources_31bf3856ad364e35_11.2.9600.17691_en-us_720f5ecae2c5bb91
12/2/2020 - 17:47:7.43Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ieframe.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_0811b793cb1553ab
12/2/2020 - 17:47:7.43Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ieframe.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_0811b793cb1553ab
12/2/2020 - 17:47:7.90Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ieframe.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_0811b793cb1553ab
12/2/2020 - 17:47:7.137Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:7.200Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:7.340Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:7.434Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ieinstal_31bf3856ad364e35_11.2.9600.17691_none_cae4efb8a6b9c22a
12/2/2020 - 17:47:7.434Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ieinstal_31bf3856ad364e35_11.2.9600.17691_none_cae4efb8a6b9c22a
12/2/2020 - 17:47:7.434Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ieinstal_31bf3856ad364e35_11.2.9600.18349_none_caffa9b0a6a6b9d3
12/2/2020 - 17:47:7.434Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ieinstal_31bf3856ad364e35_11.2.9600.18349_none_caffa9b0a6a6b9d3\ieinstal.exe
12/2/2020 - 17:47:7.481Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ieinstal_31bf3856ad364e35_11.2.9600.18349_none_caffa9b0a6a6b9d3\ieinstal.exe
12/2/2020 - 17:47:7.481Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ieinstal_31bf3856ad364e35_11.2.9600.18349_none_caffa9b0a6a6b9d3\ieinstal.exe
12/2/2020 - 17:47:7.481Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ieinstal_31bf3856ad364e35_11.2.9600.18349_none_caffa9b0a6a6b9d3\ieinstal.exe
12/2/2020 - 17:47:7.481Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ieinstal_31bf3856ad364e35_11.2.9600.18349_none_caffa9b0a6a6b9d3
12/2/2020 - 17:47:7.481Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c85bb56f4d42fde1
12/2/2020 - 17:47:7.481Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c85bb56f4d42fde1
12/2/2020 - 17:47:7.481Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-adminservice_31bf3856ad364e35_6.1.7600.16385_none_b65cdbcf116dd7c5
12/2/2020 - 17:47:7.481Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-adminservice_31bf3856ad364e35_6.1.7600.16385_none_b65cdbcf116dd7c5
12/2/2020 - 17:47:7.528Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:7.668Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:7.809Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:7.950Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_6.1.7601.17514_none_df46d976c8a5880b
12/2/2020 - 17:47:7.950Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_6.1.7601.17514_none_df46d976c8a5880b
12/2/2020 - 17:47:7.997Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_6.1.7601.17514_none_df46d976c8a5880b
12/2/2020 - 17:47:7.997Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-managementconsole_31bf3856ad364e35_6.1.7600.16385_none_e3c88f07d4c88269
12/2/2020 - 17:47:7.997Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-managementconsole_31bf3856ad364e35_6.1.7600.16385_none_e3c88f07d4c88269\InetMgr.exe
12/2/2020 - 17:47:8.43Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-managementconsole_31bf3856ad364e35_6.1.7600.16385_none_e3c88f07d4c88269\InetMgr.exe
12/2/2020 - 17:47:8.43Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-managementconsole_31bf3856ad364e35_6.1.7600.16385_none_e3c88f07d4c88269\InetMgr.exe
12/2/2020 - 17:47:8.43Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-managementconsole_31bf3856ad364e35_6.1.7600.16385_none_e3c88f07d4c88269\InetMgr.exe
12/2/2020 - 17:47:8.43Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-managementconsole_31bf3856ad364e35_6.1.7600.16385_none_e3c88f07d4c88269
12/2/2020 - 17:47:8.43Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-netfxextensibility_31bf3856ad364e35_6.1.7601.17514_none_d815217913e520d9
12/2/2020 - 17:47:8.43Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-netfxextensibility_31bf3856ad364e35_6.1.7601.17514_none_d815217913e520d9
12/2/2020 - 17:47:8.43Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:8.184Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:8.278Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-imapiv2-base.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_36acd787901abd59
12/2/2020 - 17:47:8.278Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-imapiv2-base.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_36acd787901abd59
12/2/2020 - 17:47:8.278Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-imapiv2-legacyshim_31bf3856ad364e35_6.1.7600.16385_none_8ff17f17b42c058e
12/2/2020 - 17:47:8.278Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-imapiv2-legacyshim_31bf3856ad364e35_6.1.7600.16385_none_8ff17f17b42c058e
12/2/2020 - 17:47:8.325Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:8.465Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:8.512Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:8.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ime-korean-migration_31bf3856ad364e35_6.1.7600.16385_none_84651353bdccce78
12/2/2020 - 17:47:8.606Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ime-korean-migration_31bf3856ad364e35_6.1.7600.16385_none_84651353bdccce78
12/2/2020 - 17:47:8.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ime-korean-padresource_31bf3856ad364e35_6.1.7600.16385_none_9ec00f34a33a1929
12/2/2020 - 17:47:8.606Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ime-korean-padresource_31bf3856ad364e35_6.1.7600.16385_none_9ec00f34a33a1929
12/2/2020 - 17:47:8.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ime-korean-tools_31bf3856ad364e35_6.1.7600.16385_none_5ff062dd976eaa5b
12/2/2020 - 17:47:8.606Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ime-korean-tools_31bf3856ad364e35_6.1.7600.16385_none_5ff062dd976eaa5b
12/2/2020 - 17:47:8.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-inetres-adm.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_53912c0eff3e37e5
12/2/2020 - 17:47:8.606Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-inetres-adm.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_53912c0eff3e37e5
12/2/2020 - 17:47:8.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-inetres-adm.resources_31bf3856ad364e35_11.2.9600.18349_pt-br_539de992ff346291
12/2/2020 - 17:47:8.606Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-inetres-adm.resources_31bf3856ad364e35_11.2.9600.18349_pt-br_539de992ff346291
12/2/2020 - 17:47:8.653Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:8.793Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:8.840Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-inetres-adm_31bf3856ad364e35_8.0.7601.17514_none_676fa6ff2574fdfd
12/2/2020 - 17:47:8.840Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-inetres-adm_31bf3856ad364e35_8.0.7601.17514_none_676fa6ff2574fdfd
12/2/2020 - 17:47:8.840Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-installer-engine_31bf3856ad364e35_6.1.7601.18896_none_614bf3b8ca636c8e
12/2/2020 - 17:47:8.840Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-installer-engine_31bf3856ad364e35_6.1.7601.18896_none_614bf3b8ca636c8e
12/2/2020 - 17:47:8.840Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7601.17514_none_a7a77a3b9cb96ce6
12/2/2020 - 17:47:8.840Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7601.17514_none_a7a77a3b9cb96ce6\msiexec.exe
12/2/2020 - 17:47:8.840Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7601.17514_none_a7a77a3b9cb96ce6\msiexec.exe
12/2/2020 - 17:47:8.840Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7601.17514_none_a7a77a3b9cb96ce6\msiexec.exe
12/2/2020 - 17:47:8.840Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7601.17514_none_a7a77a3b9cb96ce6\msiexec.exe
12/2/2020 - 17:47:8.840Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7601.17514_none_a7a77a3b9cb96ce6
12/2/2020 - 17:47:8.934Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:9.75Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-installer-sip_31bf3856ad364e35_6.1.7600.16385_none_8f24baa231f55486
12/2/2020 - 17:47:9.75Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-installer-sip_31bf3856ad364e35_6.1.7600.16385_none_8f24baa231f55486
12/2/2020 - 17:47:9.75Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-international-core_31bf3856ad364e35_6.1.7600.16385_none_459f562ff37206dd
12/2/2020 - 17:47:9.75Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-international-core_31bf3856ad364e35_6.1.7600.16385_none_459f562ff37206dd
12/2/2020 - 17:47:9.75Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:9.215Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:9.309Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-irmon.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_980a727f4d6f2b70
12/2/2020 - 17:47:9.309Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-irmon.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_980a727f4d6f2b70
12/2/2020 - 17:47:9.309Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-irmon_31bf3856ad364e35_6.1.7600.16385_none_b5fdf3dd95cd00ae
12/2/2020 - 17:47:9.309Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-irmon_31bf3856ad364e35_6.1.7600.16385_none_b5fdf3dd95cd00ae
12/2/2020 - 17:47:9.309Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-irprops.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ed723766ec41e45e
12/2/2020 - 17:47:9.309Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-irprops.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ed723766ec41e45e
12/2/2020 - 17:47:9.356Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:9.497Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:9.590Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-itvdata_31bf3856ad364e35_6.1.7601.17514_none_9d713d0f6f511c88
12/2/2020 - 17:47:9.590Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-itvdata_31bf3856ad364e35_6.1.7601.17514_none_9d713d0f6f511c88
12/2/2020 - 17:47:9.590Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-k..er-events-container_31bf3856ad364e35_6.1.7600.16385_none_27f8f387ab3ef424
12/2/2020 - 17:47:9.590Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-k..er-events-container_31bf3856ad364e35_6.1.7600.16385_none_27f8f387ab3ef424
12/2/2020 - 17:47:9.637Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:9.684Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:9.825Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:9.872Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernel32.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9aabeba9aba97ddd
12/2/2020 - 17:47:9.872Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernel32.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9aabeba9aba97ddd
12/2/2020 - 17:47:9.872Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.19135_none_f1cf15fa6cfaa2ce
12/2/2020 - 17:47:9.872Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.19135_none_f1cf15fa6cfaa2ce
12/2/2020 - 17:47:9.965Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:10.106Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23126_none_f2648115860f42d7
12/2/2020 - 17:47:10.106Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23126_none_f2648115860f42d7
12/2/2020 - 17:47:10.106Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernelbase.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d5ade2db3ced32db
12/2/2020 - 17:47:10.106Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernelbase.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d5ade2db3ced32db
12/2/2020 - 17:47:10.106Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.18933_none_8511ce70cb44c7a3
12/2/2020 - 17:47:10.106Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.18933_none_8511ce70cb44c7a3
12/2/2020 - 17:47:10.106Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:10.247Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:10.340Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.23126_none_85a91427e457cac3
12/2/2020 - 17:47:10.340Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.23126_none_85a91427e457cac3
12/2/2020 - 17:47:10.340Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.23136_none_859e443be45fe6b4
12/2/2020 - 17:47:10.340Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.23136_none_859e443be45fe6b4
12/2/2020 - 17:47:10.340Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.23418_none_85b5ea59e44dd8f5
12/2/2020 - 17:47:10.340Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.23418_none_85b5ea59e44dd8f5
12/2/2020 - 17:47:10.387Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:10.528Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:10.622Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..-startere.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_4ba859aa9b312065
12/2/2020 - 17:47:10.622Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..-startere.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_4ba859aa9b312065
12/2/2020 - 17:47:10.668Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:10.762Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:10.809Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:10.856Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:10.997Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:11.137Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:11.184Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..l-starter.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_81c3dfe745527e19
12/2/2020 - 17:47:11.184Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..l-starter.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_81c3dfe745527e19
12/2/2020 - 17:47:11.278Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:11.372Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:11.418Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..mepremium.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_55aa05ef2f3f9a53
12/2/2020 - 17:47:11.418Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..mepremium.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_55aa05ef2f3f9a53
12/2/2020 - 17:47:11.418Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..nterprise.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_76f47f1c3cc1d0c2
12/2/2020 - 17:47:11.418Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..nterprise.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_76f47f1c3cc1d0c2
12/2/2020 - 17:47:11.418Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..omebasice.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0c67a2dda297fdc8
12/2/2020 - 17:47:11.418Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..omebasice.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0c67a2dda297fdc8
12/2/2020 - 17:47:11.418Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..omebasicn.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_72fe95cd28e97a91
12/2/2020 - 17:47:11.418Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..omebasicn.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_72fe95cd28e97a91
12/2/2020 - 17:47:11.512Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:11.653Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:11.793Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:11.840Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:11.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..ultimaten.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5fb6ead07af81ca2
12/2/2020 - 17:47:11.965Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..ultimaten.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5fb6ead07af81ca2
12/2/2020 - 17:47:11.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l2na_31bf3856ad364e35_6.1.7600.16385_none_06b8d26833bdff50
12/2/2020 - 17:47:11.965Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l2na_31bf3856ad364e35_6.1.7600.16385_none_06b8d26833bdff50
12/2/2020 - 17:47:11.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-label.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4458e39c2a9135c7
12/2/2020 - 17:47:11.965Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-label.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4458e39c2a9135c7
12/2/2020 - 17:47:11.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-label_31bf3856ad364e35_6.1.7600.16385_none_b323fd6ee3f98653
12/2/2020 - 17:47:11.965Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-label_31bf3856ad364e35_6.1.7600.16385_none_b323fd6ee3f98653
12/2/2020 - 17:47:12.12Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:12.153Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:12.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lmhsvc_31bf3856ad364e35_6.1.7601.17514_none_b0e6edd606f5c524
12/2/2020 - 17:47:12.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lmhsvc_31bf3856ad364e35_6.1.7601.17514_none_b0e6edd606f5c524
12/2/2020 - 17:47:12.293Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:12.434Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:12.481Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_ar-sa_2eb37ca44d9f6117
12/2/2020 - 17:47:12.481Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_ar-sa_2eb37ca44d9f6117
12/2/2020 - 17:47:12.481Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1a624a2b23c3df32
12/2/2020 - 17:47:12.481Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1a624a2b23c3df32
12/2/2020 - 17:47:12.481Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_65d5f307059af2fe
12/2/2020 - 17:47:12.481Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_65d5f307059af2fe
12/2/2020 - 17:47:12.481Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_he-il_a9f59aa8ec09f3ec
12/2/2020 - 17:47:12.481Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_he-il_a9f59aa8ec09f3ec
12/2/2020 - 17:47:12.528Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:12.668Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:12.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_958d450fc258b16d
12/2/2020 - 17:47:12.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_958d450fc258b16d
12/2/2020 - 17:47:12.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_nl-nl_7c5f11829ba9e6fe
12/2/2020 - 17:47:12.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_nl-nl_7c5f11829ba9e6fe
12/2/2020 - 17:47:12.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_0c7437d863a6e69e
12/2/2020 - 17:47:12.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_0c7437d863a6e69e
12/2/2020 - 17:47:12.809Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:12.856Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:12.997Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.18489_pt-br_e62349951a233dcb
12/2/2020 - 17:47:12.997Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.18489_pt-br_e62349951a233dcb
12/2/2020 - 17:47:12.997Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.18606_pt-br_e676cbe319e50c8c
12/2/2020 - 17:47:12.997Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.18606_pt-br_e676cbe319e50c8c
12/2/2020 - 17:47:12.997Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:13.137Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:13.231Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.22807_pt-br_e7016ade3301c2d4
12/2/2020 - 17:47:13.231Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.22807_pt-br_e7016ade3301c2d4
12/2/2020 - 17:47:13.231Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.23338_pt-br_e6e1db1e331957dc
12/2/2020 - 17:47:13.231Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.23338_pt-br_e6e1db1e331957dc
12/2/2020 - 17:47:13.231Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.23390_pt-br_e698f946335134ca
12/2/2020 - 17:47:13.231Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.23390_pt-br_e698f946335134ca
12/2/2020 - 17:47:13.231Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.23392_pt-br_e69af9da334f6778
12/2/2020 - 17:47:13.231Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.23392_pt-br_e69af9da334f6778
12/2/2020 - 17:47:13.278Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:13.418Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:13.512Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d
12/2/2020 - 17:47:13.512Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d
12/2/2020 - 17:47:13.559Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d
12/2/2020 - 17:47:13.559Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18637_none_045ddc5573785d26
12/2/2020 - 17:47:13.559Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18637_none_045ddc5573785d26
12/2/2020 - 17:47:13.606Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18637_none_045ddc5573785d26
12/2/2020 - 17:47:13.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18717_none_04737e137368226b
12/2/2020 - 17:47:13.606Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18717_none_04737e137368226b
12/2/2020 - 17:47:13.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18717_none_04737e137368226b\lsass.exe
12/2/2020 - 17:47:13.700Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18717_none_04737e137368226b\lsass.exe
12/2/2020 - 17:47:13.700Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18717_none_04737e137368226b\lsass.exe
12/2/2020 - 17:47:13.700Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18717_none_04737e137368226b\lsass.exe
12/2/2020 - 17:47:13.700Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18717_none_04737e137368226b
12/2/2020 - 17:47:13.793Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:13.934Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:13.981Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19135_none_045bbb7b737a5256
12/2/2020 - 17:47:13.981Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19135_none_045bbb7b737a5256
12/2/2020 - 17:47:14.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19135_none_045bbb7b737a5256
12/2/2020 - 17:47:14.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22923_none_04ee4bb08c9175f1
12/2/2020 - 17:47:14.28Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22923_none_04ee4bb08c9175f1
12/2/2020 - 17:47:14.75Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22923_none_04ee4bb08c9175f1
12/2/2020 - 17:47:14.168Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:14.309Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lua-events_31bf3856ad364e35_6.1.7600.16385_none_f972da427061ad7d
12/2/2020 - 17:47:14.309Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lua-events_31bf3856ad364e35_6.1.7600.16385_none_f972da427061ad7d
12/2/2020 - 17:47:14.309Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lua.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4c1bf22df2b4171b
12/2/2020 - 17:47:14.309Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lua.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4c1bf22df2b4171b
12/2/2020 - 17:47:14.356Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lua.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4c1bf22df2b4171b
12/2/2020 - 17:47:14.356Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lua_31bf3856ad364e35_6.1.7601.17514_none_047062a1736af5b9
12/2/2020 - 17:47:14.356Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lua_31bf3856ad364e35_6.1.7601.17514_none_047062a1736af5b9
12/2/2020 - 17:47:14.356Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lz32_31bf3856ad364e35_6.1.7600.16385_none_ee846ee2431a083c
12/2/2020 - 17:47:14.356Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lz32_31bf3856ad364e35_6.1.7600.16385_none_ee846ee2431a083c
12/2/2020 - 17:47:14.356Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:14.403Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:14.543Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:14.637Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-core-dll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8aa55ab8e6af4103
12/2/2020 - 17:47:14.637Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-core-dll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8aa55ab8e6af4103
12/2/2020 - 17:47:14.637Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-driver-thunking-32_31bf3856ad364e35_6.1.7600.16385_none_8043cdd7733b9536
12/2/2020 - 17:47:14.637Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-driver-thunking-32_31bf3856ad364e35_6.1.7600.16385_none_8043cdd7733b9536
12/2/2020 - 17:47:14.637Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-mctadmin-component_31bf3856ad364e35_6.1.7600.16385_none_672f52a8b504cbbe
12/2/2020 - 17:47:14.637Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-mctadmin-component_31bf3856ad364e35_6.1.7600.16385_none_672f52a8b504cbbe
12/2/2020 - 17:47:14.637Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-mdac-rds-shape-rll_31bf3856ad364e35_6.1.7600.16385_none_3239c529d2d1d90c
12/2/2020 - 17:47:14.637Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-mdac-rds-shape-rll_31bf3856ad364e35_6.1.7600.16385_none_3239c529d2d1d90c
12/2/2020 - 17:47:14.637Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-odbc-installer-dll_31bf3856ad364e35_6.1.7601.17514_none_eb5109e36bd44af6
12/2/2020 - 17:47:14.637Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-odbc-installer-dll_31bf3856ad364e35_6.1.7601.17514_none_eb5109e36bd44af6
12/2/2020 - 17:47:14.637Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:14.825Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:14.918Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-r-backcompat-tlb28_31bf3856ad364e35_6.1.7600.21227_none_de6b9abdac0702e7
12/2/2020 - 17:47:14.918Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-r-backcompat-tlb28_31bf3856ad364e35_6.1.7600.21227_none_de6b9abdac0702e7
12/2/2020 - 17:47:14.918Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-wmpshell.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_31b8911205925abd
12/2/2020 - 17:47:14.918Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-wmpshell.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_31b8911205925abd
12/2/2020 - 17:47:14.918Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ac-ado-ddl-security_31bf3856ad364e35_6.1.7601.17514_none_10549c4b57020e7c
12/2/2020 - 17:47:14.918Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ac-ado-ddl-security_31bf3856ad364e35_6.1.7601.17514_none_10549c4b57020e7c
12/2/2020 - 17:47:14.965Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:15.106Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:15.153Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_833dff1964f5738c
12/2/2020 - 17:47:15.153Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_833dff1964f5738c
12/2/2020 - 17:47:15.200Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_833dff1964f5738c
12/2/2020 - 17:47:15.200Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..b-odbc-provider-dll_31bf3856ad364e35_6.1.7601.17514_none_81d548ef27c24238
12/2/2020 - 17:47:15.200Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..b-odbc-provider-dll_31bf3856ad364e35_6.1.7601.17514_none_81d548ef27c24238
12/2/2020 - 17:47:15.247Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:15.387Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:15.434Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:15.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..component.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c2f15fe2e23a2778
12/2/2020 - 17:47:15.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..component.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c2f15fe2e23a2778
12/2/2020 - 17:47:15.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..confg-rll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6279f92d12a366b5
12/2/2020 - 17:47:15.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..confg-rll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6279f92d12a366b5
12/2/2020 - 17:47:15.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..cursor-library-ansi_31bf3856ad364e35_6.1.7601.17632_none_ac58abdeb7665e00
12/2/2020 - 17:47:15.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..cursor-library-ansi_31bf3856ad364e35_6.1.7601.17632_none_ac58abdeb7665e00
12/2/2020 - 17:47:15.575Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:15.715Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:15.762Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..datafactory-handler_31bf3856ad364e35_6.1.7600.16385_none_2cbd478643b4d9f5
12/2/2020 - 17:47:15.762Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..datafactory-handler_31bf3856ad364e35_6.1.7600.16385_none_2cbd478643b4d9f5
12/2/2020 - 17:47:15.762Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b796cc1ee0416b13
12/2/2020 - 17:47:15.762Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b796cc1ee0416b13
12/2/2020 - 17:47:15.809Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b796cc1ee0416b13
12/2/2020 - 17:47:15.809Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.18812_pt-br_b9c5ce3cdd31cd15
12/2/2020 - 17:47:15.809Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.18812_pt-br_b9c5ce3cdd31cd15
12/2/2020 - 17:47:15.856Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.18812_pt-br_b9c5ce3cdd31cd15
12/2/2020 - 17:47:15.903Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:16.43Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:16.90Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.22807_pt-br_ba5f3a7ff642d27a
12/2/2020 - 17:47:16.90Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.22807_pt-br_ba5f3a7ff642d27a
12/2/2020 - 17:47:16.137Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.22807_pt-br_ba5f3a7ff642d27a
12/2/2020 - 17:47:16.137Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.22814_pt-br_ba5169b5f64da266
12/2/2020 - 17:47:16.137Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.22814_pt-br_ba5169b5f64da266
12/2/2020 - 17:47:16.184Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.22814_pt-br_ba5169b5f64da266
12/2/2020 - 17:47:16.184Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.23154_pt-br_ba2605f3f66e3fba
12/2/2020 - 17:47:16.184Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.23154_pt-br_ba2605f3f66e3fba
12/2/2020 - 17:47:16.231Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.23154_pt-br_ba2605f3f66e3fba
12/2/2020 - 17:47:16.325Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:16.465Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:16.559Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:16.606Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:16.747Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..do-backcompat-tlb28_31bf3856ad364e35_6.1.7601.17857_none_48be78e20913e405
12/2/2020 - 17:47:16.747Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..do-backcompat-tlb28_31bf3856ad364e35_6.1.7601.17857_none_48be78e20913e405
12/2/2020 - 17:47:16.747Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..do-backcompat-tlb60_31bf3856ad364e35_6.1.7601.22012_none_4b8ac82520b0fb2e
12/2/2020 - 17:47:16.747Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..do-backcompat-tlb60_31bf3856ad364e35_6.1.7601.22012_none_4b8ac82520b0fb2e
12/2/2020 - 17:47:16.747Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..drivermanager-trace_31bf3856ad364e35_6.1.7601.17514_none_dd9991e85819900a
12/2/2020 - 17:47:16.747Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..drivermanager-trace_31bf3856ad364e35_6.1.7601.17514_none_dd9991e85819900a
12/2/2020 - 17:47:16.747Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:16.934Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:17.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..enter-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3b4bdb443e10f65b
12/2/2020 - 17:47:17.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..enter-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3b4bdb443e10f65b
12/2/2020 - 17:47:17.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ents-mdac-ado15-rll_31bf3856ad364e35_6.1.7600.16385_none_6e5b38b18659f6df
12/2/2020 - 17:47:17.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ents-mdac-ado15-rll_31bf3856ad364e35_6.1.7600.16385_none_6e5b38b18659f6df
12/2/2020 - 17:47:17.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ents-mdac-oledb-dll_31bf3856ad364e35_6.1.7601.17514_none_5050bdaa13d9fbc9
12/2/2020 - 17:47:17.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ents-mdac-oledb-dll_31bf3856ad364e35_6.1.7601.17514_none_5050bdaa13d9fbc9
12/2/2020 - 17:47:17.75Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:17.168Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:17.262Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ents-mdac-rds-isapi_31bf3856ad364e35_6.1.7601.17514_none_ce7c6ea90d6c478a
12/2/2020 - 17:47:17.262Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ents-mdac-rds-isapi_31bf3856ad364e35_6.1.7601.17514_none_ce7c6ea90d6c478a
12/2/2020 - 17:47:17.262Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ents-mdac.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2f567d32a8e97d51
12/2/2020 - 17:47:17.262Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ents-mdac.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2f567d32a8e97d51
12/2/2020 - 17:47:17.309Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ents-mdac.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2f567d32a8e97d51
12/2/2020 - 17:47:17.309Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..factory-handler-dll_31bf3856ad364e35_6.1.7601.17514_none_c9814b04d23ef862
12/2/2020 - 17:47:17.309Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..factory-handler-dll_31bf3856ad364e35_6.1.7601.17514_none_c9814b04d23ef862
12/2/2020 - 17:47:17.309Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..factory-handler-ini_31bf3856ad364e35_6.1.7600.16385_none_c6007594d6271928
12/2/2020 - 17:47:17.309Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..factory-handler-ini_31bf3856ad364e35_6.1.7600.16385_none_c6007594d6271928
12/2/2020 - 17:47:17.309Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..fications.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ba512972b57a6060
12/2/2020 - 17:47:17.309Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..fications.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ba512972b57a6060
12/2/2020 - 17:47:17.356Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:17.497Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:17.543Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ilerepair.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a06faa45e015ccba
12/2/2020 - 17:47:17.543Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ilerepair.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a06faa45e015ccba
12/2/2020 - 17:47:17.543Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..kstvtuner.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4df771b6ece54b7a
12/2/2020 - 17:47:17.543Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..kstvtuner.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4df771b6ece54b7a
12/2/2020 - 17:47:17.590Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..kstvtuner.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4df771b6ece54b7a
12/2/2020 - 17:47:17.590Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.1.7601.17514_none_9d506eac7623b401
12/2/2020 - 17:47:17.590Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.1.7601.17514_none_9d506eac7623b401
12/2/2020 - 17:47:17.684Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:17.731Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:17.825Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:17.918Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..mscli-pro.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b5437f34dd8b1b1c
12/2/2020 - 17:47:17.918Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..mscli-pro.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b5437f34dd8b1b1c
12/2/2020 - 17:47:17.965Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:18.106Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:18.153Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..nts-mdac-rds-ce-jvs_31bf3856ad364e35_6.1.7600.16385_none_bdae6a1e5b988ed0
12/2/2020 - 17:47:18.153Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..nts-mdac-rds-ce-jvs_31bf3856ad364e35_6.1.7600.16385_none_bdae6a1e5b988ed0
12/2/2020 - 17:47:18.153Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..nts-mdac-rds-ce-rll_31bf3856ad364e35_6.1.7600.16385_none_bd4e87525be1bd8b
12/2/2020 - 17:47:18.153Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..nts-mdac-rds-ce-rll_31bf3856ad364e35_6.1.7600.16385_none_bd4e87525be1bd8b
12/2/2020 - 17:47:18.153Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..onents-mdac-ado15-r_31bf3856ad364e35_6.1.7601.17514_none_5302da915475aafb
12/2/2020 - 17:47:18.153Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..onents-mdac-ado15-r_31bf3856ad364e35_6.1.7601.17514_none_5302da915475aafb
12/2/2020 - 17:47:18.247Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:18.340Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..owfilters.kstvtuner_31bf3856ad364e35_6.1.7601.17514_none_8d3b6ca8a0917ca2
12/2/2020 - 17:47:18.340Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..owfilters.kstvtuner_31bf3856ad364e35_6.1.7601.17514_none_8d3b6ca8a0917ca2
12/2/2020 - 17:47:18.340Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ponents-mdac-msdart_31bf3856ad364e35_6.1.7600.16385_none_42074b3f2553d5bd
12/2/2020 - 17:47:18.340Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ponents-mdac-msdart_31bf3856ad364e35_6.1.7600.16385_none_42074b3f2553d5bd
12/2/2020 - 17:47:18.340Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:18.481Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:18.575Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..rds-datacontrol-rll_31bf3856ad364e35_6.1.7600.16385_none_200d6ce74f773a9c
12/2/2020 - 17:47:18.575Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..rds-datacontrol-rll_31bf3856ad364e35_6.1.7600.16385_none_200d6ce74f773a9c
12/2/2020 - 17:47:18.622Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:18.668Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:18.715Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:18.856Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:18.950Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_6.1.7601.17514_none_cb4d60191a09a7b0
12/2/2020 - 17:47:18.950Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_6.1.7601.17514_none_cb4d60191a09a7b0
12/2/2020 - 17:47:18.997Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_6.1.7601.17514_none_cb4d60191a09a7b0
12/2/2020 - 17:47:18.997Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..rsist-rll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b98e44881c067ed1
12/2/2020 - 17:47:18.997Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..rsist-rll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b98e44881c067ed1
12/2/2020 - 17:47:18.997Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..shape-rll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_350d965f9bcd3628
12/2/2020 - 17:47:18.997Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..shape-rll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_350d965f9bcd3628
12/2/2020 - 17:47:18.997Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:19.137Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:19.231Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..sor-library-unicode_31bf3856ad364e35_6.1.7601.21747_none_cf64bd82be6eec44
12/2/2020 - 17:47:19.231Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..sor-library-unicode_31bf3856ad364e35_6.1.7601.21747_none_cf64bd82be6eec44
12/2/2020 - 17:47:19.278Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:19.418Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:19.465Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..uxiliarydisplay-cpl_31bf3856ad364e35_6.1.7601.17514_none_57b024ef8c87f52b
12/2/2020 - 17:47:19.465Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..uxiliarydisplay-cpl_31bf3856ad364e35_6.1.7601.17514_none_57b024ef8c87f52b
12/2/2020 - 17:47:19.512Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..uxiliarydisplay-cpl_31bf3856ad364e35_6.1.7601.17514_none_57b024ef8c87f52b
12/2/2020 - 17:47:19.559Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:19.700Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:19.747Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:19.840Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..yer-wmasf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b883489eba7608ad
12/2/2020 - 17:47:19.840Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..yer-wmasf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b883489eba7608ad
12/2/2020 - 17:47:19.840Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-magnification_31bf3856ad364e35_6.1.7600.16385_none_537dafcd9f940b98
12/2/2020 - 17:47:19.840Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-magnification_31bf3856ad364e35_6.1.7600.16385_none_537dafcd9f940b98
12/2/2020 - 17:47:19.840Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mail-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d23b6921726396bd
12/2/2020 - 17:47:19.840Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mail-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d23b6921726396bd
12/2/2020 - 17:47:19.840Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mail-adm_31bf3856ad364e35_6.1.7600.16385_none_481b38cb6cb9af7b
12/2/2020 - 17:47:19.840Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mail-adm_31bf3856ad364e35_6.1.7600.16385_none_481b38cb6cb9af7b
12/2/2020 - 17:47:19.887Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:20.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-maintenancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_e5e3f53c23550761
12/2/2020 - 17:47:20.28Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-maintenancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_e5e3f53c23550761
12/2/2020 - 17:47:20.75Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-maintenancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_e5e3f53c23550761
12/2/2020 - 17:47:20.122Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-maintenancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_e5e3f53c23550761
12/2/2020 - 17:47:20.122Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:20.262Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:20.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.17514_none_fa8534ab236134c4
12/2/2020 - 17:47:20.403Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.17514_none_fa8534ab236134c4
12/2/2020 - 17:47:20.450Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.17514_none_fa8534ab236134c4
12/2/2020 - 17:47:20.450Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediametadatahandler_31bf3856ad364e35_6.1.7601.17514_none_e946ed110887817a
12/2/2020 - 17:47:20.450Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediametadatahandler_31bf3856ad364e35_6.1.7601.17514_none_e946ed110887817a
12/2/2020 - 17:47:20.450Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_698fc88e65b943d6
12/2/2020 - 17:47:20.450Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_698fc88e65b943d6
12/2/2020 - 17:47:20.497Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_698fc88e65b943d6\wmpconfig.exe
12/2/2020 - 17:47:20.543Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_698fc88e65b943d6\wmpconfig.exewmpconfig.exe
12/2/2020 - 17:47:20.543Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_698fc88e65b943d6\wmpconfig.exe
12/2/2020 - 17:47:20.543Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_698fc88e65b943d6\wmpconfig.exe
12/2/2020 - 17:47:20.543Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_698fc88e65b943d6\wmpconfig.exe
12/2/2020 - 17:47:20.543Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_698fc88e65b943d6
12/2/2020 - 17:47:20.543Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:20.684Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:20.778Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.23348_none_69fcc37b7eebd89c
12/2/2020 - 17:47:20.778Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.23348_none_69fcc37b7eebd89c
12/2/2020 - 17:47:20.825Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.23348_none_69fcc37b7eebd89c
12/2/2020 - 17:47:20.825Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_6.1.7600.16385_none_47357ddedbb9dec6
12/2/2020 - 17:47:20.825Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_6.1.7600.16385_none_47357ddedbb9dec6
12/2/2020 - 17:47:20.825Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-wmasf_31bf3856ad364e35_6.1.7600.16385_none_03aae2475a1913f3
12/2/2020 - 17:47:20.825Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-wmasf_31bf3856ad364e35_6.1.7600.16385_none_03aae2475a1913f3
12/2/2020 - 17:47:20.825Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-wmerror_31bf3856ad364e35_6.1.7600.16385_none_9349e494d0a77439
12/2/2020 - 17:47:20.825Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-wmerror_31bf3856ad364e35_6.1.7600.16385_none_9349e494d0a77439
12/2/2020 - 17:47:20.872Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:21.12Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:21.106Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mfc42x.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2032e1101569d693
12/2/2020 - 17:47:21.106Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mfc42x.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2032e1101569d693
12/2/2020 - 17:47:21.153Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mfc42x.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2032e1101569d693
12/2/2020 - 17:47:21.200Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:21.247Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:21.387Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:21.434Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mfgrl_31bf3856ad364e35_6.1.7600.16385_none_b557b2a5fc14c4c1
12/2/2020 - 17:47:21.434Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mfgrl_31bf3856ad364e35_6.1.7600.16385_none_b557b2a5fc14c4c1
12/2/2020 - 17:47:21.434Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mfplat_31bf3856ad364e35_6.1.7601.18741_none_54ad1a7e6a2ff720
12/2/2020 - 17:47:21.434Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mfplat_31bf3856ad364e35_6.1.7601.18741_none_54ad1a7e6a2ff720
12/2/2020 - 17:47:21.434Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mfplat_31bf3856ad364e35_6.1.7601.22948_none_553dbb3583474572
12/2/2020 - 17:47:21.434Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mfplat_31bf3856ad364e35_6.1.7601.22948_none_553dbb3583474572
12/2/2020 - 17:47:21.434Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mfvdsp_31bf3856ad364e35_6.1.7600.16385_none_55b1951c6b1ef505
12/2/2020 - 17:47:21.434Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mfvdsp_31bf3856ad364e35_6.1.7600.16385_none_55b1951c6b1ef505
12/2/2020 - 17:47:21.528Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:21.668Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d
12/2/2020 - 17:47:21.668Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d
12/2/2020 - 17:47:21.715Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d
12/2/2020 - 17:47:21.762Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d
12/2/2020 - 17:47:21.762Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_69239340abbb38d0
12/2/2020 - 17:47:21.762Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_69239340abbb38d0
12/2/2020 - 17:47:21.809Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_69239340abbb38d0
12/2/2020 - 17:47:21.856Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_69239340abbb38d0
12/2/2020 - 17:47:21.856Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:22.28Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:22.122Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e237947b2c7fb685
12/2/2020 - 17:47:22.122Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e237947b2c7fb685
12/2/2020 - 17:47:22.122Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e202f15f2ca6a82a
12/2/2020 - 17:47:22.122Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e202f15f2ca6a82a
12/2/2020 - 17:47:22.168Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:22.309Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:22.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_lv-lv_590a53ebcddc8988
12/2/2020 - 17:47:22.403Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_lv-lv_590a53ebcddc8988
12/2/2020 - 17:47:22.450Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:22.590Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:22.637Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:22.684Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_2b58ac2f7d84b22c
12/2/2020 - 17:47:22.684Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_2b58ac2f7d84b22c
12/2/2020 - 17:47:22.684Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_c75396a474adbc87
12/2/2020 - 17:47:22.684Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_c75396a474adbc87
12/2/2020 - 17:47:22.778Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:22.918Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:23.59Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:23.153Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mp3dmod_31bf3856ad364e35_6.1.7601.19091_none_4ae77809f08fc04b
12/2/2020 - 17:47:23.153Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mp3dmod_31bf3856ad364e35_6.1.7601.19091_none_4ae77809f08fc04b
12/2/2020 - 17:47:23.200Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:23.340Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:23.481Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:23.622Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:23.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msasn1_31bf3856ad364e35_6.1.7601.17514_none_25801b39bc00ed6c
12/2/2020 - 17:47:23.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msasn1_31bf3856ad364e35_6.1.7601.17514_none_25801b39bc00ed6c
12/2/2020 - 17:47:23.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.18951_none_253a2fff8f3030f9
12/2/2020 - 17:47:23.715Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.18951_none_253a2fff8f3030f9
12/2/2020 - 17:47:23.762Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.18951_none_253a2fff8f3030f9
12/2/2020 - 17:47:23.809Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:23.856Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:23.997Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.22712_none_25f00712a82c82e1
12/2/2020 - 17:47:23.997Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.22712_none_25f00712a82c82e1
12/2/2020 - 17:47:24.43Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.22712_none_25f00712a82c82e1\auditpol.exe
12/2/2020 - 17:47:24.90Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.22712_none_25f00712a82c82e1\auditpol.exe
12/2/2020 - 17:47:24.90Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.22712_none_25f00712a82c82e1\auditpol.exe
12/2/2020 - 17:47:24.90Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.22712_none_25f00712a82c82e1\auditpol.exe
12/2/2020 - 17:47:24.90Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.22712_none_25f00712a82c82e1
12/2/2020 - 17:47:24.90Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.22948_none_25d59cd6a83f690c
12/2/2020 - 17:47:24.90Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.22948_none_25d59cd6a83f690c
12/2/2020 - 17:47:24.137Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.22948_none_25d59cd6a83f690c
12/2/2020 - 17:47:24.137Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.23017_none_25f4e472a8282f24
12/2/2020 - 17:47:24.137Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.23017_none_25f4e472a8282f24
12/2/2020 - 17:47:24.184Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.23017_none_25f4e472a8282f24
12/2/2020 - 17:47:24.184Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.23392_none_25996952a86d876e
12/2/2020 - 17:47:24.184Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.23392_none_25996952a86d876e
12/2/2020 - 17:47:24.231Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.23392_none_25996952a86d876e
12/2/2020 - 17:47:24.231Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:24.372Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:24.512Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.23418_none_25f5ec54a8273d17
12/2/2020 - 17:47:24.512Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.23418_none_25f5ec54a8273d17
12/2/2020 - 17:47:24.559Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.23418_none_25f5ec54a8273d17
12/2/2020 - 17:47:24.559Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msconfig-exe.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d5b1a54bd8ed5a0c
12/2/2020 - 17:47:24.559Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msconfig-exe.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d5b1a54bd8ed5a0c
12/2/2020 - 17:47:24.559Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msfs_31bf3856ad364e35_6.1.7600.16385_none_026531e2369d6d42
12/2/2020 - 17:47:24.559Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msfs_31bf3856ad364e35_6.1.7600.16385_none_026531e2369d6d42
12/2/2020 - 17:47:24.559Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:24.700Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:24.793Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mshidkmdf_31bf3856ad364e35_6.1.7600.16385_none_9c7136038ad9b094
12/2/2020 - 17:47:24.793Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mshidkmdf_31bf3856ad364e35_6.1.7600.16385_none_9c7136038ad9b094
12/2/2020 - 17:47:24.840Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:24.981Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:25.75Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msmpeg2adec_31bf3856ad364e35_6.1.7601.19091_none_efa6a144ce3b1c43
12/2/2020 - 17:47:25.75Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msmpeg2adec_31bf3856ad364e35_6.1.7601.19091_none_efa6a144ce3b1c43
12/2/2020 - 17:47:25.122Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msmpeg2adec_31bf3856ad364e35_6.1.7601.19091_none_efa6a144ce3b1c43
12/2/2020 - 17:47:25.122Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msmpeg2enc_31bf3856ad364e35_6.1.7601.23290_none_679285f0760218d8
12/2/2020 - 17:47:25.122Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msmpeg2enc_31bf3856ad364e35_6.1.7601.23290_none_679285f0760218d8
12/2/2020 - 17:47:25.168Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msmpeg2enc_31bf3856ad364e35_6.1.7601.23290_none_679285f0760218d8
12/2/2020 - 17:47:25.168Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msmpeg2vdec_31bf3856ad364e35_6.1.7600.16385_none_ecec366cd1b30e6c
12/2/2020 - 17:47:25.168Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msmpeg2vdec_31bf3856ad364e35_6.1.7600.16385_none_ecec366cd1b30e6c
12/2/2020 - 17:47:25.215Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msmpeg2vdec_31bf3856ad364e35_6.1.7600.16385_none_ecec366cd1b30e6c
12/2/2020 - 17:47:25.262Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:25.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msmpeg2vdec_31bf3856ad364e35_7.1.7601.19091_none_e0340f2e59cc0fd7
12/2/2020 - 17:47:25.403Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msmpeg2vdec_31bf3856ad364e35_7.1.7601.19091_none_e0340f2e59cc0fd7
12/2/2020 - 17:47:25.450Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msmpeg2vdec_31bf3856ad364e35_7.1.7601.19091_none_e0340f2e59cc0fd7
12/2/2020 - 17:47:25.450Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msmq-http-files_31bf3856ad364e35_6.1.7601.17514_none_4f25c70bfbee87b2
12/2/2020 - 17:47:25.450Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msmq-http-files_31bf3856ad364e35_6.1.7601.17514_none_4f25c70bfbee87b2
12/2/2020 - 17:47:25.450Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msmq.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c43891d8a58390db
12/2/2020 - 17:47:25.450Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msmq.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c43891d8a58390db
12/2/2020 - 17:47:25.450Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:25.497Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:25.637Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:25.778Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msswch_31bf3856ad364e35_6.1.7600.16385_none_2b0f60d7ba2095ee
12/2/2020 - 17:47:25.778Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msswch_31bf3856ad364e35_6.1.7600.16385_none_2b0f60d7ba2095ee
12/2/2020 - 17:47:25.778Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.17744_none_2f5acf97b59df60f
12/2/2020 - 17:47:25.778Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.17744_none_2f5acf97b59df60f
12/2/2020 - 17:47:25.778Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7601.17514_none_e6944609ad75ac7d
12/2/2020 - 17:47:25.778Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7601.17514_none_e6944609ad75ac7d
12/2/2020 - 17:47:25.778Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:25.918Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:26.59Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msxml60.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_33247a7a0dbfdec0
12/2/2020 - 17:47:26.59Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msxml60.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_33247a7a0dbfdec0
12/2/2020 - 17:47:26.59Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msxml60_31bf3856ad364e35_6.1.7601.17514_none_e69401b1ad75f960
12/2/2020 - 17:47:26.59Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msxml60_31bf3856ad364e35_6.1.7601.17514_none_e69401b1ad75f960
12/2/2020 - 17:47:26.59Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msxml60_31bf3856ad364e35_6.1.7601.18980_none_e64441e5adb265d8
12/2/2020 - 17:47:26.59Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msxml60_31bf3856ad364e35_6.1.7601.18980_none_e64441e5adb265d8
12/2/2020 - 17:47:26.59Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msxml60_31bf3856ad364e35_6.1.7601.23183_none_e6d0b7b0c6cd84e9
12/2/2020 - 17:47:26.59Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msxml60_31bf3856ad364e35_6.1.7601.23183_none_e6d0b7b0c6cd84e9
12/2/2020 - 17:47:26.59Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:26.200Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:26.293Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..5linqcomp.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_17f7fad318955eb7
12/2/2020 - 17:47:26.293Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..5linqcomp.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_17f7fad318955eb7
12/2/2020 - 17:47:26.340Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..5linqcomp.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_17f7fad318955eb7
12/2/2020 - 17:47:26.387Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..5linqcomp.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_17f7fad318955eb7
12/2/2020 - 17:47:26.434Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:26.575Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:26.622Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..ergrouppolicysnapin_31bf3856ad364e35_6.1.7600.16385_none_5beaaa2baeec35ea
12/2/2020 - 17:47:26.622Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..ergrouppolicysnapin_31bf3856ad364e35_6.1.7600.16385_none_5beaaa2baeec35ea
12/2/2020 - 17:47:26.622Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..e_iassvcs.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4e5b2acf18efa953
12/2/2020 - 17:47:26.622Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..e_iassvcs.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4e5b2acf18efa953
12/2/2020 - 17:47:26.668Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:26.715Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:26.903Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:26.950Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..ingengine.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_82bc5e7a4349ea23
12/2/2020 - 17:47:26.950Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..ingengine.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_82bc5e7a4349ea23
12/2/2020 - 17:47:26.950Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..ion-netsh.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_281191c161ac3c2d
12/2/2020 - 17:47:26.950Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..ion-netsh.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_281191c161ac3c2d
12/2/2020 - 17:47:26.950Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..lientcore.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0b37eee4bfcea5bb
12/2/2020 - 17:47:26.950Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..lientcore.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0b37eee4bfcea5bb
12/2/2020 - 17:47:26.997Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..lientcore.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0b37eee4bfcea5bb
12/2/2020 - 17:47:27.90Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:27.231Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:27.278Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..line-tool.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1899e11f491b2288
12/2/2020 - 17:47:27.278Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..line-tool.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1899e11f491b2288
12/2/2020 - 17:47:27.278Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..meworkapi.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_aec17aa35b51f291
12/2/2020 - 17:47:27.278Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..meworkapi.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_aec17aa35b51f291
12/2/2020 - 17:47:27.278Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..n-clients.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_bf7e3732f3ce5754
12/2/2020 - 17:47:27.278Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..n-clients.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_bf7e3732f3ce5754
12/2/2020 - 17:47:27.325Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..n-clients.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_bf7e3732f3ce5754
12/2/2020 - 17:47:27.325Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..n-shvhost.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_15df1ca9f942daf2
12/2/2020 - 17:47:27.325Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..n-shvhost.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_15df1ca9f942daf2
12/2/2020 - 17:47:27.372Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..n-shvhost.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_15df1ca9f942daf2
12/2/2020 - 17:47:27.372Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..ncmdtools.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d75a807da02ab387
12/2/2020 - 17:47:27.372Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..ncmdtools.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d75a807da02ab387
12/2/2020 - 17:47:27.418Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..ncmdtools.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d75a807da02ab387
12/2/2020 - 17:47:27.418Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.1.7601.17514_none_2f54961b4c9f4194
12/2/2020 - 17:47:27.418Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.1.7601.17514_none_2f54961b4c9f4194
12/2/2020 - 17:47:27.465Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.1.7601.17514_none_2f54961b4c9f4194
12/2/2020 - 17:47:27.512Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:27.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..orkbridge.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3996eafef696a344
12/2/2020 - 17:47:27.653Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..orkbridge.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3996eafef696a344
12/2/2020 - 17:47:27.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..rojection.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_72777cd528d89830
12/2/2020 - 17:47:27.653Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..rojection.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_72777cd528d89830
12/2/2020 - 17:47:27.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..s-package.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_fbebbc1222e292ba
12/2/2020 - 17:47:27.653Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..s-package.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_fbebbc1222e292ba
12/2/2020 - 17:47:27.700Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..s-package.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_fbebbc1222e292ba
12/2/2020 - 17:47:27.700Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:27.840Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:27.934Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..tcmdtools.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3ac16afe45bf74b9
12/2/2020 - 17:47:27.934Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..tcmdtools.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3ac16afe45bf74b9
12/2/2020 - 17:47:27.981Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..tcmdtools.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3ac16afe45bf74b9
12/2/2020 - 17:47:28.28Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:28.75Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:28.215Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:28.309Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_pt-br_63390b4515ad1397
12/2/2020 - 17:47:28.309Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_pt-br_63390b4515ad1397
12/2/2020 - 17:47:28.356Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_pt-br_63390b4515ad1397
12/2/2020 - 17:47:28.403Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_pt-br_63390b4515ad1397
12/2/2020 - 17:47:28.450Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_pt-br_63390b4515ad1397
12/2/2020 - 17:47:28.497Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_pt-br_63390b4515ad1397
12/2/2020 - 17:47:28.543Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_pt-br_63390b4515ad1397
12/2/2020 - 17:47:28.590Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_pt-br_63390b4515ad1397
12/2/2020 - 17:47:28.590Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n.._service_runtimeapi_31bf3856ad364e35_6.1.7600.16385_none_e789f0e67a8cb67d
12/2/2020 - 17:47:28.590Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n.._service_runtimeapi_31bf3856ad364e35_6.1.7600.16385_none_e789f0e67a8cb67d
12/2/2020 - 17:47:28.590Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nativehooks_31bf3856ad364e35_6.1.7600.16385_none_538e882186b9a216
12/2/2020 - 17:47:28.590Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nativehooks_31bf3856ad364e35_6.1.7600.16385_none_538e882186b9a216
12/2/2020 - 17:47:28.637Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:28.778Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:28.825Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.17940_none_bbdff1ad08577bf7
12/2/2020 - 17:47:28.825Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.17940_none_bbdff1ad08577bf7
12/2/2020 - 17:47:28.825Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.18606_none_bc11169f0831c669
12/2/2020 - 17:47:28.825Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.18606_none_bc11169f0831c669
12/2/2020 - 17:47:28.825Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.18933_none_bbedabaf084cc5ac
12/2/2020 - 17:47:28.825Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.18933_none_bbedabaf084cc5ac
12/2/2020 - 17:47:28.825Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.18951_none_bbd60b43085ecae0
12/2/2020 - 17:47:28.825Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.18951_none_bbd60b43085ecae0
12/2/2020 - 17:47:28.918Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:29.59Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:29.106Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.22923_none_bc82168021624c5e
12/2/2020 - 17:47:29.106Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.22923_none_bc82168021624c5e
12/2/2020 - 17:47:29.106Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.23017_none_bc90bfb62156c90b
12/2/2020 - 17:47:29.106Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.23017_none_bc90bfb62156c90b
12/2/2020 - 17:47:29.200Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:29.293Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nddeapi_31bf3856ad364e35_6.1.7600.16385_none_962833d24510a8ae
12/2/2020 - 17:47:29.293Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nddeapi_31bf3856ad364e35_6.1.7600.16385_none_962833d24510a8ae
12/2/2020 - 17:47:29.293Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ndis.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d3abbe597a169a0d
12/2/2020 - 17:47:29.293Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ndis.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d3abbe597a169a0d
12/2/2020 - 17:47:29.293Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ndishelperclass_31bf3856ad364e35_6.1.7600.16385_none_c6f86bb79ad6ad75
12/2/2020 - 17:47:29.293Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ndishelperclass_31bf3856ad364e35_6.1.7600.16385_none_c6f86bb79ad6ad75
12/2/2020 - 17:47:29.340Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:29.481Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:29.528Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:29.575Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:29.668Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ndisuio_31bf3856ad364e35_6.1.7601.17514_none_ca170d32fd7da822
12/2/2020 - 17:47:29.668Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ndisuio_31bf3856ad364e35_6.1.7601.17514_none_ca170d32fd7da822
12/2/2020 - 17:47:29.668Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759
12/2/2020 - 17:47:29.668Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759
12/2/2020 - 17:47:29.668Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a
12/2/2020 - 17:47:29.668Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a
12/2/2020 - 17:47:29.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a
12/2/2020 - 17:47:29.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netapi32_31bf3856ad364e35_6.1.7601.22044_none_ebc32b5d316586c7
12/2/2020 - 17:47:29.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netapi32_31bf3856ad364e35_6.1.7601.22044_none_ebc32b5d316586c7
12/2/2020 - 17:47:29.762Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:29.903Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:29.997Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netcfg.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9584a937a7abb28c
12/2/2020 - 17:47:29.997Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netcfg.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9584a937a7abb28c
12/2/2020 - 17:47:29.997Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netevent_31bf3856ad364e35_6.1.7601.17964_none_b83655ec8156dac5
12/2/2020 - 17:47:29.997Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netevent_31bf3856ad364e35_6.1.7601.17964_none_b83655ec8156dac5
12/2/2020 - 17:47:30.43Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:30.184Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:30.231Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.1.7601.17514_none_b4c17244cbed11a0
12/2/2020 - 17:47:30.231Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.1.7601.17514_none_b4c17244cbed11a0
12/2/2020 - 17:47:30.231Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netjoin_31bf3856ad364e35_6.1.7601.17514_none_b58024bf8366a02a
12/2/2020 - 17:47:30.231Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netjoin_31bf3856ad364e35_6.1.7601.17514_none_b58024bf8366a02a
12/2/2020 - 17:47:30.325Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:30.465Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:30.512Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netvwifi_31bf3856ad364e35_6.1.7600.16385_none_b73ec93c831be461
12/2/2020 - 17:47:30.512Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netvwifi_31bf3856ad364e35_6.1.7600.16385_none_b73ec93c831be461
12/2/2020 - 17:47:30.559Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netvwifi_31bf3856ad364e35_6.1.7600.16385_none_b73ec93c831be461
12/2/2020 - 17:47:30.653Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:30.700Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:30.793Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.1.7601.18283_none_2afda92041642eb6
12/2/2020 - 17:47:30.793Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.1.7601.18283_none_2afda92041642eb6
12/2/2020 - 17:47:30.840Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.1.7601.18283_none_2afda92041642eb6
12/2/2020 - 17:47:30.840Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.1.7601.22479_none_2b9819795a7447c0
12/2/2020 - 17:47:30.840Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.1.7601.22479_none_2b9819795a7447c0
12/2/2020 - 17:47:30.887Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.1.7601.22479_none_2b9819795a7447c0
12/2/2020 - 17:47:30.887Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-networkprojection_31bf3856ad364e35_6.1.7600.16385_none_3fbc74d90a6e33f8
12/2/2020 - 17:47:30.887Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-networkprojection_31bf3856ad364e35_6.1.7600.16385_none_3fbc74d90a6e33f8
12/2/2020 - 17:47:30.934Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-networkprojection_31bf3856ad364e35_6.1.7600.16385_none_3fbc74d90a6e33f8
12/2/2020 - 17:47:30.981Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:31.122Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:31.215Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-newdev.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d09cd6b7a2eecbea
12/2/2020 - 17:47:31.215Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-newdev.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d09cd6b7a2eecbea
12/2/2020 - 17:47:31.262Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-newdev.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d09cd6b7a2eecbea
12/2/2020 - 17:47:31.262Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nfs-adminmmc.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_234d70661267da49
12/2/2020 - 17:47:31.262Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nfs-adminmmc.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_234d70661267da49
12/2/2020 - 17:47:31.262Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_029091888ad28d72
12/2/2020 - 17:47:31.262Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_029091888ad28d72
12/2/2020 - 17:47:31.262Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a
12/2/2020 - 17:47:31.262Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a
12/2/2020 - 17:47:31.309Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:31.450Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:31.497Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nlasvc.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cd056f38d97fd0c2
12/2/2020 - 17:47:31.497Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nlasvc.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cd056f38d97fd0c2
12/2/2020 - 17:47:31.590Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:31.731Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:31.778Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7601.17514_none_b6fce3b112cd3657
12/2/2020 - 17:47:31.778Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7601.17514_none_b6fce3b112cd3657
12/2/2020 - 17:47:31.778Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7601.18933_none_b6e6345f12de631f
12/2/2020 - 17:47:31.778Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7601.18933_none_b6e6345f12de631f
12/2/2020 - 17:47:31.778Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7601.23392_none_b72dcd462c2dbec8
12/2/2020 - 17:47:31.778Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7601.23392_none_b72dcd462c2dbec8
12/2/2020 - 17:47:31.918Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:32.59Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:32.106Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:32.153Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ntfs.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_424364a8e49a445a
12/2/2020 - 17:47:32.153Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ntfs.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_424364a8e49a445a
12/2/2020 - 17:47:32.153Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ntfstransactionapi_31bf3856ad364e35_6.1.7600.16385_none_34cdd9b6daebac6c
12/2/2020 - 17:47:32.153Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ntfstransactionapi_31bf3856ad364e35_6.1.7600.16385_none_34cdd9b6daebac6c
12/2/2020 - 17:47:32.153Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_04d11b5b4ce521d9
12/2/2020 - 17:47:32.153Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_04d11b5b4ce521d9
12/2/2020 - 17:47:32.153Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ntlanman.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9952af7ecec24aec
12/2/2020 - 17:47:32.153Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ntlanman.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9952af7ecec24aec
12/2/2020 - 17:47:32.153Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ntlanman_31bf3856ad364e35_6.1.7601.17514_none_8e371b33f93faa90
12/2/2020 - 17:47:32.153Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ntlanman_31bf3856ad364e35_6.1.7601.17514_none_8e371b33f93faa90
12/2/2020 - 17:47:32.247Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:32.340Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nwifi.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6fa71edc892d0e98
12/2/2020 - 17:47:32.340Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nwifi.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6fa71edc892d0e98
12/2/2020 - 17:47:32.340Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..adisc-style-shatter_31bf3856ad364e35_6.1.7600.16385_none_0cd72f8900478c68
12/2/2020 - 17:47:32.340Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..adisc-style-shatter_31bf3856ad364e35_6.1.7600.16385_none_0cd72f8900478c68
12/2/2020 - 17:47:32.387Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..adisc-style-shatter_31bf3856ad364e35_6.1.7600.16385_none_0cd72f8900478c68
12/2/2020 - 17:47:32.387Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-babygirl_31bf3856ad364e35_6.1.7600.16385_none_b2bd01695c9021fd
12/2/2020 - 17:47:32.387Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-babygirl_31bf3856ad364e35_6.1.7600.16385_none_b2bd01695c9021fd
12/2/2020 - 17:47:32.434Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-babygirl_31bf3856ad364e35_6.1.7600.16385_none_b2bd01695c9021fd
12/2/2020 - 17:47:32.481Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-babygirl_31bf3856ad364e35_6.1.7600.16385_none_b2bd01695c9021fd
12/2/2020 - 17:47:32.481Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-huecycle_31bf3856ad364e35_6.1.7600.16385_none_810df6f57d9f2a73
12/2/2020 - 17:47:32.481Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-huecycle_31bf3856ad364e35_6.1.7600.16385_none_810df6f57d9f2a73
12/2/2020 - 17:47:32.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-huecycle_31bf3856ad364e35_6.1.7600.16385_none_810df6f57d9f2a73
12/2/2020 - 17:47:32.575Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:32.668Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:32.762Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-push_31bf3856ad364e35_6.1.7600.16385_none_cc073ae540855a07
12/2/2020 - 17:47:32.762Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-push_31bf3856ad364e35_6.1.7600.16385_none_cc073ae540855a07
12/2/2020 - 17:47:32.809Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-push_31bf3856ad364e35_6.1.7600.16385_none_cc073ae540855a07
12/2/2020 - 17:47:32.856Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:32.997Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:33.90Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..lfeatures.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9032f7b997c70a5e
12/2/2020 - 17:47:33.90Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..lfeatures.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9032f7b997c70a5e
12/2/2020 - 17:47:33.90Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..mation-asyncfilters_31bf3856ad364e35_6.1.7601.19144_none_d4cecaa8cfd94756
12/2/2020 - 17:47:33.90Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..mation-asyncfilters_31bf3856ad364e35_6.1.7601.19144_none_d4cecaa8cfd94756
12/2/2020 - 17:47:33.90Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..mation-asyncfilters_31bf3856ad364e35_6.1.7601.23344_none_d5586959e8f6e447
12/2/2020 - 17:47:33.90Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..mation-asyncfilters_31bf3856ad364e35_6.1.7601.23344_none_d5586959e8f6e447
12/2/2020 - 17:47:33.90Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..s-service.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b614f068566da293
12/2/2020 - 17:47:33.90Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..s-service.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b614f068566da293
12/2/2020 - 17:47:33.137Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..s-service.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b614f068566da293
12/2/2020 - 17:47:33.137Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..sc-wizard.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_11c64d3b05996d4e
12/2/2020 - 17:47:33.137Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..sc-wizard.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_11c64d3b05996d4e
12/2/2020 - 17:47:33.137Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..tend-apis.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_ffa6668de08337d4
12/2/2020 - 17:47:33.137Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..tend-apis.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_ffa6668de08337d4
12/2/2020 - 17:47:33.184Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..tend-apis.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_ffa6668de08337d4
12/2/2020 - 17:47:33.231Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:33.372Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:33.418Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:33.465Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..yle-specialoccasion_31bf3856ad364e35_6.1.7600.16385_none_01242a21ddccaf3b
12/2/2020 - 17:47:33.465Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..yle-specialoccasion_31bf3856ad364e35_6.1.7600.16385_none_01242a21ddccaf3b
12/2/2020 - 17:47:33.512Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..yle-specialoccasion_31bf3856ad364e35_6.1.7600.16385_none_01242a21ddccaf3b
12/2/2020 - 17:47:33.559Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..yle-specialoccasion_31bf3856ad364e35_6.1.7600.16385_none_01242a21ddccaf3b
12/2/2020 - 17:47:33.559Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-offlinefiles-shellui_31bf3856ad364e35_6.1.7601.17514_none_0aad8d7ec58cd322
12/2/2020 - 17:47:33.559Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-offlinefiles-shellui_31bf3856ad364e35_6.1.7601.17514_none_0aad8d7ec58cd322
12/2/2020 - 17:47:33.559Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.17676_none_1ae752ef124894e4
12/2/2020 - 17:47:33.559Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.17676_none_1ae752ef124894e4
12/2/2020 - 17:47:33.653Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:33.793Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5de9e9457cef4831
12/2/2020 - 17:47:33.793Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5de9e9457cef4831
12/2/2020 - 17:47:33.793Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-oleacc_31bf3856ad364e35_6.1.7600.16385_none_c679af753c14c22a
12/2/2020 - 17:47:33.793Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-oleacc_31bf3856ad364e35_6.1.7600.16385_none_c679af753c14c22a
12/2/2020 - 17:47:33.793Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-oleacc_31bf3856ad364e35_6.1.7601.17676_none_c86be62f39321d3f
12/2/2020 - 17:47:33.793Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-oleacc_31bf3856ad364e35_6.1.7601.17676_none_c86be62f39321d3f
12/2/2020 - 17:47:33.793Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-onexschema_31bf3856ad364e35_6.1.7600.16385_none_b137228160080e7e
12/2/2020 - 17:47:33.793Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-onexschema_31bf3856ad364e35_6.1.7600.16385_none_b137228160080e7e
12/2/2020 - 17:47:33.793Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:33.934Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:34.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-oobe-machine_31bf3856ad364e35_6.1.7601.17514_none_6ba44fa419d13382
12/2/2020 - 17:47:34.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-oobe-machine_31bf3856ad364e35_6.1.7601.17514_none_6ba44fa419d13382
12/2/2020 - 17:47:34.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-optionalfeatures_31bf3856ad364e35_6.1.7600.16385_none_c25bebf1075ff6aa
12/2/2020 - 17:47:34.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-optionalfeatures_31bf3856ad364e35_6.1.7600.16385_none_c25bebf1075ff6aa
12/2/2020 - 17:47:34.75Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:34.215Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:34.309Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22616_none_cae1eda6e3de88c2
12/2/2020 - 17:47:34.309Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22616_none_cae1eda6e3de88c2
12/2/2020 - 17:47:34.356Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:34.497Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:34.543Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23392_none_ca8750a4e423251a
12/2/2020 - 17:47:34.543Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23392_none_ca8750a4e423251a\ntoskrnl.exe
12/2/2020 - 17:47:34.590Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23392_none_ca8750a4e423251a\ntoskrnl.exe
12/2/2020 - 17:47:34.590Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23392_none_ca8750a4e423251a\ntoskrnl.exe
12/2/2020 - 17:47:34.590Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23392_none_ca8750a4e423251a\ntoskrnl.exe
12/2/2020 - 17:47:34.590Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23392_none_ca8750a4e423251a
12/2/2020 - 17:47:34.590Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-osk.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0e25f000fd9d1964
12/2/2020 - 17:47:34.590Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-osk.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0e25f000fd9d1964
12/2/2020 - 17:47:34.590Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7601.18020_none_87fc392d0509276e
12/2/2020 - 17:47:34.590Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7601.18020_none_87fc392d0509276e
12/2/2020 - 17:47:34.637Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7601.18020_none_87fc392d0509276e
12/2/2020 - 17:47:34.637Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7601.22183_none_8847f74e1e54bae3
12/2/2020 - 17:47:34.637Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7601.22183_none_8847f74e1e54bae3
12/2/2020 - 17:47:34.684Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7601.22183_none_8847f74e1e54bae3
12/2/2020 - 17:47:34.684Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..-localspl.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c518ace520a51bd2
12/2/2020 - 17:47:34.684Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..-localspl.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c518ace520a51bd2
12/2/2020 - 17:47:34.684Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..-policy-definitions_31bf3856ad364e35_6.1.7601.17514_none_0f925206e4fa8c1c
12/2/2020 - 17:47:34.684Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..-policy-definitions_31bf3856ad364e35_6.1.7601.17514_none_0f925206e4fa8c1c
12/2/2020 - 17:47:34.684Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..-wsman-pluginworker_31bf3856ad364e35_6.1.7601.17514_none_be20a62e960b86ef
12/2/2020 - 17:47:34.684Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..-wsman-pluginworker_31bf3856ad364e35_6.1.7601.17514_none_be20a62e960b86ef
12/2/2020 - 17:47:34.778Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:34.825Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:34.918Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:35.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ab-client.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1bb8322be347a4cf
12/2/2020 - 17:47:35.12Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ab-client.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1bb8322be347a4cf
12/2/2020 - 17:47:35.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_da-dk_58a1f0f7e0539925
12/2/2020 - 17:47:35.12Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_da-dk_58a1f0f7e0539925
12/2/2020 - 17:47:35.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_de-de_55cd8633e229edbf
12/2/2020 - 17:47:35.12Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_de-de_55cd8633e229edbf
12/2/2020 - 17:47:35.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_fi-fi_9da4bdbdc648dd53
12/2/2020 - 17:47:35.12Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_fi-fi_9da4bdbdc648dd53
12/2/2020 - 17:47:35.59Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:35.200Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:35.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_pt-pt_013c621d3d2b66ff
12/2/2020 - 17:47:35.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_pt-pt_013c621d3d2b66ff
12/2/2020 - 17:47:35.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_zh-tw_624103f0b59ab006
12/2/2020 - 17:47:35.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_zh-tw_624103f0b59ab006
12/2/2020 - 17:47:35.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863
12/2/2020 - 17:47:35.247Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863
12/2/2020 - 17:47:35.293Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863
12/2/2020 - 17:47:35.387Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:35.481Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..e-spoolss-licensing_31bf3856ad364e35_6.1.7600.16385_none_469e4f51f3a386c2
12/2/2020 - 17:47:35.481Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..e-spoolss-licensing_31bf3856ad364e35_6.1.7600.16385_none_469e4f51f3a386c2
12/2/2020 - 17:47:35.481Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ercpl-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_761c6920684329bd
12/2/2020 - 17:47:35.481Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ercpl-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_761c6920684329bd
12/2/2020 - 17:47:35.481Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:35.622Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:35.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..etoolsgui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b31aba15ca1fc2c1
12/2/2020 - 17:47:35.715Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..etoolsgui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b31aba15ca1fc2c1
12/2/2020 - 17:47:35.762Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..etoolsgui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b31aba15ca1fc2c1
12/2/2020 - 17:47:35.762Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..gssystems.resources_31bf3856ad364e35_6.1.7601.22183_pt-br_bc00947b75a5a45f
12/2/2020 - 17:47:35.762Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..gssystems.resources_31bf3856ad364e35_6.1.7601.22183_pt-br_bc00947b75a5a45f
12/2/2020 - 17:47:35.809Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..gssystems.resources_31bf3856ad364e35_6.1.7601.22183_pt-br_bc00947b75a5a45f
12/2/2020 - 17:47:35.809Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..i-prnfldr.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_89e32a10aafe8822
12/2/2020 - 17:47:35.809Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..i-prnfldr.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_89e32a10aafe8822
12/2/2020 - 17:47:35.856Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:35.903Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:36.43Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:36.137Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_65491ea59a18b0e4
12/2/2020 - 17:47:36.137Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_65491ea59a18b0e4
12/2/2020 - 17:47:36.184Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_65491ea59a18b0e4
12/2/2020 - 17:47:36.184Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.1.7601.17514_none_347a450f0c8bd52d
12/2/2020 - 17:47:36.184Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.1.7601.17514_none_347a450f0c8bd52d
12/2/2020 - 17:47:36.231Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.1.7601.17514_none_347a450f0c8bd52d
12/2/2020 - 17:47:36.231Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:36.372Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:36.465Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..migration.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d7d9da9a941c8f84
12/2/2020 - 17:47:36.465Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..migration.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d7d9da9a941c8f84
12/2/2020 - 17:47:36.465Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..n-cmdline.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_93ffb22f52336ccb
12/2/2020 - 17:47:36.465Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..n-cmdline.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_93ffb22f52336ccb
12/2/2020 - 17:47:36.512Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:36.653Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:36.700Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9
12/2/2020 - 17:47:36.700Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe
12/2/2020 - 17:47:36.747Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exePrintIsolationHost.exe
12/2/2020 - 17:47:36.747Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe
12/2/2020 - 17:47:36.747Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe
12/2/2020 - 17:47:36.747Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe
12/2/2020 - 17:47:36.747Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9
12/2/2020 - 17:47:36.747Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ng-spooler-splwow64_31bf3856ad364e35_6.1.7601.17514_none_25d05769a8973724
12/2/2020 - 17:47:36.747Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ng-spooler-splwow64_31bf3856ad364e35_6.1.7601.17514_none_25d05769a8973724
12/2/2020 - 17:47:36.793Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:36.981Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:37.28Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:37.75Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.1.7601.17514_none_9799402887898e33
12/2/2020 - 17:47:37.75Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.1.7601.17514_none_9799402887898e33
12/2/2020 - 17:47:37.168Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:37.309Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:37.356Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.1.7601.21921_none_981511dba0b1f55e
12/2/2020 - 17:47:37.356Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.1.7601.21921_none_981511dba0b1f55e
12/2/2020 - 17:47:37.356Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.1.7601.22311_none_981fbf9ba0aa0424
12/2/2020 - 17:47:37.356Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.1.7601.22311_none_981fbf9ba0aa0424
12/2/2020 - 17:47:37.403Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:37.543Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.1.7601.17514_none_1202940e4711971e
12/2/2020 - 17:47:37.543Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.1.7601.17514_none_1202940e4711971e
12/2/2020 - 17:47:37.590Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.1.7601.17514_none_1202940e4711971e
12/2/2020 - 17:47:37.637Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.1.7601.17514_none_1202940e4711971e
12/2/2020 - 17:47:37.637Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..rpautoreg.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_dc1d55fe1d6f36d7
12/2/2020 - 17:47:37.637Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..rpautoreg.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_dc1d55fe1d6f36d7
12/2/2020 - 17:47:37.637Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:37.778Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:37.872Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a4b37aaffe0ef7c0
12/2/2020 - 17:47:37.872Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a4b37aaffe0ef7c0
12/2/2020 - 17:47:37.872Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_da4511bc7e9c32f8
12/2/2020 - 17:47:37.872Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_da4511bc7e9c32f8
12/2/2020 - 17:47:37.918Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_da4511bc7e9c32f8
12/2/2020 - 17:47:37.918Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..soundservice-client_31bf3856ad364e35_6.1.7600.16385_none_0dbbf2cf9197b2ab
12/2/2020 - 17:47:37.918Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..soundservice-client_31bf3856ad364e35_6.1.7600.16385_none_0dbbf2cf9197b2ab
12/2/2020 - 17:47:37.918Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ssettings.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a6bd6bf4bb5c0d67
12/2/2020 - 17:47:37.918Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ssettings.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a6bd6bf4bb5c0d67
12/2/2020 - 17:47:37.965Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:38.59Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:38.106Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:38.153Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:38.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ting-separatorpages_31bf3856ad364e35_6.1.7600.16385_none_4dea3646cdc94f6e
12/2/2020 - 17:47:38.247Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ting-separatorpages_31bf3856ad364e35_6.1.7600.16385_none_4dea3646cdc94f6e
12/2/2020 - 17:47:38.293Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ting-separatorpages_31bf3856ad364e35_6.1.7600.16385_none_4dea3646cdc94f6e
12/2/2020 - 17:47:38.293Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ting-spooler-client_31bf3856ad364e35_6.1.7601.17514_none_f153fb8e2f4d5ac7
12/2/2020 - 17:47:38.293Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ting-spooler-client_31bf3856ad364e35_6.1.7601.17514_none_f153fb8e2f4d5ac7
12/2/2020 - 17:47:38.293Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..track-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c2d98f689e8c965a
12/2/2020 - 17:47:38.293Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..track-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c2d98f689e8c965a
12/2/2020 - 17:47:38.340Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:38.481Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:38.575Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-packager.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_42eb83951d2bc343
12/2/2020 - 17:47:38.575Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-packager.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_42eb83951d2bc343
12/2/2020 - 17:47:38.575Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-panmap_31bf3856ad364e35_6.1.7600.16385_none_c55145e338d63048
12/2/2020 - 17:47:38.575Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-panmap_31bf3856ad364e35_6.1.7600.16385_none_c55145e338d63048
12/2/2020 - 17:47:38.622Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:38.762Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:38.809Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pcw.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f25e92c121493830
12/2/2020 - 17:47:38.809Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pcw.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f25e92c121493830
12/2/2020 - 17:47:38.809Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-peauth_31bf3856ad364e35_6.1.7601.22948_none_66b268ecb9781187
12/2/2020 - 17:47:38.809Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-peauth_31bf3856ad364e35_6.1.7601.22948_none_66b268ecb9781187
12/2/2020 - 17:47:38.903Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:39.43Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-peertopeeridmanager_31bf3856ad364e35_6.1.7600.16385_none_37390c23cfd5c2e6
12/2/2020 - 17:47:39.43Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-peertopeeridmanager_31bf3856ad364e35_6.1.7600.16385_none_37390c23cfd5c2e6
12/2/2020 - 17:47:39.43Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:39.184Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:39.278Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-performance.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a44498449e27562b
12/2/2020 - 17:47:39.278Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-performance.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a44498449e27562b
12/2/2020 - 17:47:39.278Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-photo-image-codec_31bf3856ad364e35_6.1.7601.18742_none_fd3d30505c7895ce
12/2/2020 - 17:47:39.278Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-photo-image-codec_31bf3856ad364e35_6.1.7601.18742_none_fd3d30505c7895ce
12/2/2020 - 17:47:39.278Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-photo-image-codec_31bf3856ad364e35_7.1.7601.22949_none_ef3e4d4d00768cef
12/2/2020 - 17:47:39.278Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-photo-image-codec_31bf3856ad364e35_7.1.7601.22949_none_ef3e4d4d00768cef
12/2/2020 - 17:47:39.325Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:39.372Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:39.512Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:39.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-photobase_31bf3856ad364e35_6.1.7600.16385_none_9c7564b9b4af5e86
12/2/2020 - 17:47:39.606Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-photobase_31bf3856ad364e35_6.1.7600.16385_none_9c7564b9b4af5e86
12/2/2020 - 17:47:39.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.1.7600.16385_none_26645307ff353aae
12/2/2020 - 17:47:39.606Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.1.7600.16385_none_26645307ff353aae
12/2/2020 - 17:47:39.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-photominfeature_31bf3856ad364e35_6.1.7600.16385_none_1bb49460b86b3cf5
12/2/2020 - 17:47:39.606Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-photominfeature_31bf3856ad364e35_6.1.7600.16385_none_1bb49460b86b3cf5
12/2/2020 - 17:47:39.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be
12/2/2020 - 17:47:39.606Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be
12/2/2020 - 17:47:39.653Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be
12/2/2020 - 17:47:39.700Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:39.840Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:39.887Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnpplugininstaller_1122334455667788_6.1.7600.16385_none_d122c7135d4aee8d
12/2/2020 - 17:47:39.887Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnpplugininstaller_1122334455667788_6.1.7600.16385_none_d122c7135d4aee8d
12/2/2020 - 17:47:39.887Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnpui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_268d2c91eec4cae7
12/2/2020 - 17:47:39.887Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnpui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_268d2c91eec4cae7
12/2/2020 - 17:47:39.934Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnpui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_268d2c91eec4cae7
12/2/2020 - 17:47:39.934Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnputil.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3a3ed0743c86cf5f
12/2/2020 - 17:47:39.934Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnputil.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3a3ed0743c86cf5f
12/2/2020 - 17:47:39.934Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnrphelperclass_31bf3856ad364e35_6.1.7600.16385_none_4cc31e1e837630ab
12/2/2020 - 17:47:39.934Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnrphelperclass_31bf3856ad364e35_6.1.7600.16385_none_4cc31e1e837630ab
12/2/2020 - 17:47:39.934Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-power-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c69aeebad4f260eb
12/2/2020 - 17:47:39.934Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-power-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c69aeebad4f260eb
12/2/2020 - 17:47:40.28Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:40.168Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-powershell-exe_31bf3856ad364e35_6.1.7600.16385_none_c50af05b1be3aa2b
12/2/2020 - 17:47:40.168Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-powershell-exe_31bf3856ad364e35_6.1.7600.16385_none_c50af05b1be3aa2b
12/2/2020 - 17:47:40.168Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-printing-adm_31bf3856ad364e35_6.1.7600.16385_none_61aaaebb9aec513d
12/2/2020 - 17:47:40.168Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-printing-adm_31bf3856ad364e35_6.1.7600.16385_none_61aaaebb9aec513d
12/2/2020 - 17:47:40.168Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:40.309Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:40.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-printing-localprinting_31bf3856ad364e35_6.1.7600.16385_none_2838be9345011bd1
12/2/2020 - 17:47:40.403Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-printing-localprinting_31bf3856ad364e35_6.1.7600.16385_none_2838be9345011bd1
12/2/2020 - 17:47:40.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-printing-oleprn_31bf3856ad364e35_6.1.7600.16385_none_d71bce0178f3a60d
12/2/2020 - 17:47:40.403Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-printing-oleprn_31bf3856ad364e35_6.1.7600.16385_none_d71bce0178f3a60d
12/2/2020 - 17:47:40.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-printing-printcache_31bf3856ad364e35_6.1.7601.17514_none_0b6beeeb416c2332
12/2/2020 - 17:47:40.403Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-printing-printcache_31bf3856ad364e35_6.1.7601.17514_none_0b6beeeb416c2332
12/2/2020 - 17:47:40.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.21921_none_34ed7a43f150b682
12/2/2020 - 17:47:40.403Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.21921_none_34ed7a43f150b682
12/2/2020 - 17:47:40.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-printing-xpsprint_31bf3856ad364e35_7.1.7601.16492_none_fae139ccb3141872
12/2/2020 - 17:47:40.403Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-printing-xpsprint_31bf3856ad364e35_7.1.7601.16492_none_fae139ccb3141872
12/2/2020 - 17:47:40.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-processmodel.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a14e75ffa54f893a
12/2/2020 - 17:47:40.403Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-processmodel.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a14e75ffa54f893a
12/2/2020 - 17:47:40.450Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:40.590Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:40.637Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:40.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-profsvc_31bf3856ad364e35_6.1.7601.18706_none_59e41a604942c096
12/2/2020 - 17:47:40.731Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-profsvc_31bf3856ad364e35_6.1.7601.18706_none_59e41a604942c096
12/2/2020 - 17:47:40.778Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-profsvc_31bf3856ad364e35_6.1.7601.18706_none_59e41a604942c096
12/2/2020 - 17:47:40.825Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:40.965Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:41.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-qedit_31bf3856ad364e35_6.1.7601.19091_none_b8682ad05e4ab70a
12/2/2020 - 17:47:41.12Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-qedit_31bf3856ad364e35_6.1.7601.19091_none_b8682ad05e4ab70a
12/2/2020 - 17:47:41.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-qedit_31bf3856ad364e35_6.1.7601.23290_none_b8f0c93777693aa4
12/2/2020 - 17:47:41.12Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-qedit_31bf3856ad364e35_6.1.7601.23290_none_b8f0c93777693aa4
12/2/2020 - 17:47:41.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-qedwipes_31bf3856ad364e35_6.1.7600.16385_none_b3744a56c3fc09e3
12/2/2020 - 17:47:41.12Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-qedwipes_31bf3856ad364e35_6.1.7600.16385_none_b3744a56c3fc09e3
12/2/2020 - 17:47:41.106Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:41.247Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:41.293Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..-rasmobilitymanager_31bf3856ad364e35_6.1.7600.16385_none_8819a134fb8a8d41
12/2/2020 - 17:47:41.293Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..-rasmobilitymanager_31bf3856ad364e35_6.1.7600.16385_none_8819a134fb8a8d41
12/2/2020 - 17:47:41.293Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..ance-diag.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0c4478551c7c53cd
12/2/2020 - 17:47:41.293Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..ance-diag.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0c4478551c7c53cd
12/2/2020 - 17:47:41.293Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..component.resources_31bf3856ad364e35_7.2.7601.16415_pt-br_059269ee2c44c1a5
12/2/2020 - 17:47:41.293Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..component.resources_31bf3856ad364e35_7.2.7601.16415_pt-br_059269ee2c44c1a5
12/2/2020 - 17:47:41.340Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..component.resources_31bf3856ad364e35_7.2.7601.16415_pt-br_059269ee2c44c1a5
12/2/2020 - 17:47:41.387Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:41.528Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:41.668Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:41.715Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:41.809Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..onmanager.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8bae0c9a898b3312
12/2/2020 - 17:47:41.809Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..onmanager.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8bae0c9a898b3312
12/2/2020 - 17:47:41.856Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..onmanager.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8bae0c9a898b3312
12/2/2020 - 17:47:41.856Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..plistener.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_38fd48d83ed2a6a6
12/2/2020 - 17:47:41.856Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..plistener.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_38fd48d83ed2a6a6
12/2/2020 - 17:47:41.903Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:42.28Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:42.122Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..rvice-mui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7c475c04380e9570
12/2/2020 - 17:47:42.122Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..rvice-mui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7c475c04380e9570
12/2/2020 - 17:47:42.122Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..ry-editor.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_58626527892444ee
12/2/2020 - 17:47:42.122Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..ry-editor.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_58626527892444ee
12/2/2020 - 17:47:42.168Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..ry-editor.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_58626527892444ee
12/2/2020 - 17:47:42.168Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.17514_none_58b4153116c17b41
12/2/2020 - 17:47:42.168Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.17514_none_58b4153116c17b41
12/2/2020 - 17:47:42.168Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.18540_none_8d8fa85f1e8abeea
12/2/2020 - 17:47:42.168Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.18540_none_8d8fa85f1e8abeea
12/2/2020 - 17:47:42.215Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.18540_none_8d8fa85f1e8abeea
12/2/2020 - 17:47:42.215Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_7.1.7601.19107_none_7f3247faa94ace5b
12/2/2020 - 17:47:42.215Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_7.1.7601.19107_none_7f3247faa94ace5b
12/2/2020 - 17:47:42.262Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_7.1.7601.19107_none_7f3247faa94ace5b
12/2/2020 - 17:47:42.309Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:42.450Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:42.543Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-radar-adm_31bf3856ad364e35_6.1.7600.16385_none_4506fd9c7c9a9b0a
12/2/2020 - 17:47:42.543Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-radar-adm_31bf3856ad364e35_6.1.7600.16385_none_4506fd9c7c9a9b0a
12/2/2020 - 17:47:42.543Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasapi_31bf3856ad364e35_6.1.7601.17514_none_cb5d84d96624bcbd
12/2/2020 - 17:47:42.543Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasapi_31bf3856ad364e35_6.1.7601.17514_none_cb5d84d96624bcbd
12/2/2020 - 17:47:42.590Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:42.731Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:42.778Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasbase-agilevpn_31bf3856ad364e35_6.1.7601.17514_none_0d986093aec115a9
12/2/2020 - 17:47:42.778Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasbase-agilevpn_31bf3856ad364e35_6.1.7601.17514_none_0d986093aec115a9
12/2/2020 - 17:47:42.825Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasbase-agilevpn_31bf3856ad364e35_6.1.7601.17514_none_0d986093aec115a9
12/2/2020 - 17:47:42.825Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasbase-ndiswan_31bf3856ad364e35_6.1.7601.17514_none_515e96306dea528f
12/2/2020 - 17:47:42.825Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasbase-ndiswan_31bf3856ad364e35_6.1.7601.17514_none_515e96306dea528f
12/2/2020 - 17:47:42.825Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasbase-rasl2tp_31bf3856ad364e35_6.1.7601.17514_none_f802520bfe8dd487
12/2/2020 - 17:47:42.825Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasbase-rasl2tp_31bf3856ad364e35_6.1.7601.17514_none_f802520bfe8dd487
12/2/2020 - 17:47:42.825Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-raschap_31bf3856ad364e35_6.1.7601.17514_none_70e508748dec0127
12/2/2020 - 17:47:42.825Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-raschap_31bf3856ad364e35_6.1.7601.17514_none_70e508748dec0127
12/2/2020 - 17:47:42.918Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:42.965Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:43.106Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:43.153Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rascmdial.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2eaa07a86ea7f80b
12/2/2020 - 17:47:43.153Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rascmdial.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2eaa07a86ea7f80b
12/2/2020 - 17:47:43.153Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasdlg_31bf3856ad364e35_6.1.7600.16385_none_c9082db56951f458
12/2/2020 - 17:47:43.153Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasdlg_31bf3856ad364e35_6.1.7600.16385_none_c9082db56951f458
12/2/2020 - 17:47:43.153Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasman_31bf3856ad364e35_6.1.7600.16385_none_c89b3bc369a58c7b
12/2/2020 - 17:47:43.153Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasman_31bf3856ad364e35_6.1.7600.16385_none_c89b3bc369a58c7b
12/2/2020 - 17:47:43.247Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:43.340Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasmprddm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_92bec8fb6ae09f7b
12/2/2020 - 17:47:43.340Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasmprddm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_92bec8fb6ae09f7b
12/2/2020 - 17:47:43.340Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasplap-mui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_edf2096d698a77e4
12/2/2020 - 17:47:43.340Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasplap-mui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_edf2096d698a77e4
12/2/2020 - 17:47:43.340Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasrtutils_31bf3856ad364e35_6.1.7601.17514_none_6b3b9980011a19de
12/2/2020 - 17:47:43.340Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasrtutils_31bf3856ad364e35_6.1.7601.17514_none_6b3b9980011a19de
12/2/2020 - 17:47:43.387Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:43.528Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:43.622Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rdbss_31bf3856ad364e35_6.1.7601.17514_none_b7fadd3b7808f9d5
12/2/2020 - 17:47:43.622Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rdbss_31bf3856ad364e35_6.1.7601.17514_none_b7fadd3b7808f9d5
12/2/2020 - 17:47:43.622Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-readyboostdriver_31bf3856ad364e35_6.1.7601.17514_none_72cb0bf60b9c95a5
12/2/2020 - 17:47:43.622Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-readyboostdriver_31bf3856ad364e35_6.1.7601.17514_none_72cb0bf60b9c95a5
12/2/2020 - 17:47:43.668Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:43.809Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:43.856Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-registryidle-agent_31bf3856ad364e35_6.1.7600.16385_none_7b622d76028dc002
12/2/2020 - 17:47:43.856Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-registryidle-agent_31bf3856ad364e35_6.1.7600.16385_none_7b622d76028dc002
12/2/2020 - 17:47:43.856Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-regsvr32_31bf3856ad364e35_6.1.7600.16385_none_d44c0ef849349ed9
12/2/2020 - 17:47:43.856Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-regsvr32_31bf3856ad364e35_6.1.7600.16385_none_d44c0ef849349ed9
12/2/2020 - 17:47:43.856Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-resampledmo_31bf3856ad364e35_6.1.7601.19091_none_fd3843d3ef544c1a
12/2/2020 - 17:47:43.856Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-resampledmo_31bf3856ad364e35_6.1.7601.19091_none_fd3843d3ef544c1a
12/2/2020 - 17:47:43.950Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:44.90Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:44.137Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:44.184Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rmcast_31bf3856ad364e35_6.1.7601.17514_none_b2a3d1a09e8a89b1
12/2/2020 - 17:47:44.184Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rmcast_31bf3856ad364e35_6.1.7601.17514_none_b2a3d1a09e8a89b1
12/2/2020 - 17:47:44.278Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:44.372Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-http_31bf3856ad364e35_6.1.7601.23126_none_fe9f88c46f17a3d7
12/2/2020 - 17:47:44.372Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-http_31bf3856ad364e35_6.1.7601.23126_none_fe9f88c46f17a3d7
12/2/2020 - 17:47:44.372Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-http_31bf3856ad364e35_6.1.7601.23154_none_fe7d186c6f31c4fc
12/2/2020 - 17:47:44.372Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-http_31bf3856ad364e35_6.1.7601.23154_none_fe7d186c6f31c4fc
12/2/2020 - 17:47:44.418Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:44.559Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:44.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-http_31bf3856ad364e35_6.1.7601.23452_none_fe7b1d8a6f3389c3
12/2/2020 - 17:47:44.653Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-http_31bf3856ad364e35_6.1.7601.23452_none_fe7b1d8a6f3389c3
12/2/2020 - 17:47:44.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-local_31bf3856ad364e35_6.1.7601.23126_none_12a13aeb74d80988
12/2/2020 - 17:47:44.653Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-local_31bf3856ad364e35_6.1.7601.23126_none_12a13aeb74d80988
12/2/2020 - 17:47:44.700Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:44.840Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:44.887Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-local_31bf3856ad364e35_6.1.7601.23390_none_124f8d8775162f63
12/2/2020 - 17:47:44.887Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-local_31bf3856ad364e35_6.1.7601.23390_none_124f8d8775162f63
12/2/2020 - 17:47:44.887Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-netsh.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4e9b81d071563df5
12/2/2020 - 17:47:44.887Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-netsh.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4e9b81d071563df5
12/2/2020 - 17:47:44.887Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-ping.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0ade79af959804df
12/2/2020 - 17:47:44.887Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-ping.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0ade79af959804df
12/2/2020 - 17:47:44.981Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:45.122Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:45.168Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-component-issuance_31bf3856ad364e35_6.1.7600.16385_none_9dbd9c6261eb657b
12/2/2020 - 17:47:45.168Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-component-issuance_31bf3856ad364e35_6.1.7600.16385_none_9dbd9c6261eb657b
12/2/2020 - 17:47:45.215Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-component-issuance_31bf3856ad364e35_6.1.7600.16385_none_9dbd9c6261eb657b
12/2/2020 - 17:47:45.215Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-downlevel.binaries_31bf3856ad364e35_6.3.9600.16428_none_5faf8886ff3d65d0
12/2/2020 - 17:47:45.215Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-downlevel.binaries_31bf3856ad364e35_6.3.9600.16428_none_5faf8886ff3d65d0\MsSpellCheckingFacility.exe
12/2/2020 - 17:47:45.262Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-downlevel.binaries_31bf3856ad364e35_6.3.9600.16428_none_5faf8886ff3d65d0\MsSpellCheckingFacility.exeMsSpellCheckingFacility.exe
12/2/2020 - 17:47:45.262Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-downlevel.binaries_31bf3856ad364e35_6.3.9600.16428_none_5faf8886ff3d65d0\MsSpellCheckingFacility.exe
12/2/2020 - 17:47:45.262Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-downlevel.binaries_31bf3856ad364e35_6.3.9600.16428_none_5faf8886ff3d65d0\MsSpellCheckingFacility.exe
12/2/2020 - 17:47:45.262Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-downlevel.binaries_31bf3856ad364e35_6.3.9600.16428_none_5faf8886ff3d65d0\MsSpellCheckingFacility.exe
12/2/2020 - 17:47:45.262Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-downlevel.binaries_31bf3856ad364e35_6.3.9600.16428_none_5faf8886ff3d65d0
12/2/2020 - 17:47:45.356Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:45.403Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:45.497Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-freecell.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7654b962934b325e
12/2/2020 - 17:47:45.497Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-freecell.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7654b962934b325e
12/2/2020 - 17:47:45.497Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-jscript9.resources_31bf3856ad364e35_11.2.9600.18349_en-us_c41efe4d8d14eccd
12/2/2020 - 17:47:45.497Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-jscript9.resources_31bf3856ad364e35_11.2.9600.18349_en-us_c41efe4d8d14eccd
12/2/2020 - 17:47:45.497Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-spp-plugin-windows_31bf3856ad364e35_6.1.7601.17514_none_6fe02fb8134de429
12/2/2020 - 17:47:45.497Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-spp-plugin-windows_31bf3856ad364e35_6.1.7601.17514_none_6fe02fb8134de429
12/2/2020 - 17:47:45.543Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-spp-plugin-windows_31bf3856ad364e35_6.1.7601.17514_none_6fe02fb8134de429
12/2/2020 - 17:47:45.543Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:45.684Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:45.778Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-taskhost.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_59bdc4e781b91a1f
12/2/2020 - 17:47:45.778Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-taskhost.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_59bdc4e781b91a1f
12/2/2020 - 17:47:45.778Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-tool-exe.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1ac2da52d7b350d1
12/2/2020 - 17:47:45.778Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-tool-exe.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1ac2da52d7b350d1
12/2/2020 - 17:47:45.778Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-vbscript.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_f3cf341ef1d88e4f
12/2/2020 - 17:47:45.778Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-vbscript.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_f3cf341ef1d88e4f
12/2/2020 - 17:47:45.778Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ackgammon.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c3fdbd9a5702d32e
12/2/2020 - 17:47:45.778Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ackgammon.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c3fdbd9a5702d32e
12/2/2020 - 17:47:45.825Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ackgammon.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c3fdbd9a5702d32e
12/2/2020 - 17:47:45.825Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..agnosticsengine-adm_31bf3856ad364e35_6.1.7600.16385_none_af31be1d191f101a
12/2/2020 - 17:47:45.825Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..agnosticsengine-adm_31bf3856ad364e35_6.1.7600.16385_none_af31be1d191f101a
12/2/2020 - 17:47:45.825Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..allpaper-characters_31bf3856ad364e35_6.1.7600.16385_none_bde0eaed84920a21
12/2/2020 - 17:47:45.825Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..allpaper-characters_31bf3856ad364e35_6.1.7600.16385_none_bde0eaed84920a21
12/2/2020 - 17:47:45.872Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..allpaper-characters_31bf3856ad364e35_6.1.7600.16385_none_bde0eaed84920a21
12/2/2020 - 17:47:45.872Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..artup-cpl.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2f439121b4b410fb
12/2/2020 - 17:47:45.872Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..artup-cpl.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2f439121b4b410fb
12/2/2020 - 17:47:45.918Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..artup-cpl.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2f439121b4b410fb
12/2/2020 - 17:47:45.965Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:46.106Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:46.200Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.1.7601.22530_none_53acb8152e3ff950
12/2/2020 - 17:47:46.200Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.1.7601.22530_none_53acb8152e3ff950
12/2/2020 - 17:47:46.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.1.7601.22530_none_53acb8152e3ff950
12/2/2020 - 17:47:46.247Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:46.387Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:46.481Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ceservice.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_039e0e975df24c9c
12/2/2020 - 17:47:46.481Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ceservice.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_039e0e975df24c9c
12/2/2020 - 17:47:46.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ceservice.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_039e0e975df24c9c
12/2/2020 - 17:47:46.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..cingstack.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ea4ae2ed1b282a9f
12/2/2020 - 17:47:46.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..cingstack.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ea4ae2ed1b282a9f
12/2/2020 - 17:47:46.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..configurationengine_31bf3856ad364e35_6.1.7601.22894_none_177df391b898c7d3
12/2/2020 - 17:47:46.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..configurationengine_31bf3856ad364e35_6.1.7601.22894_none_177df391b898c7d3
12/2/2020 - 17:47:46.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..cy-engine.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_235bbd2bbbc43dc1
12/2/2020 - 17:47:46.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..cy-engine.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_235bbd2bbbc43dc1
12/2/2020 - 17:47:46.575Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:46.622Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:46.762Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:46.809Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..dlinetool.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_638e7b66fcb2f38f
12/2/2020 - 17:47:46.809Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..dlinetool.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_638e7b66fcb2f38f
12/2/2020 - 17:47:46.809Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..downlevel.resources_31bf3856ad364e35_6.3.9600.16428_en-us_add432fbdc488eca
12/2/2020 - 17:47:46.809Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..downlevel.resources_31bf3856ad364e35_6.3.9600.16428_en-us_add432fbdc488eca
12/2/2020 - 17:47:46.809Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..duled-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_61255933aeb88b0f
12/2/2020 - 17:47:46.809Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..duled-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_61255933aeb88b0f
12/2/2020 - 17:47:46.903Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:47.43Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:47.90Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ent-accountidentity_31bf3856ad364e35_6.1.7600.16385_none_44d0906fc7b835f3
12/2/2020 - 17:47:47.90Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ent-accountidentity_31bf3856ad364e35_6.1.7600.16385_none_44d0906fc7b835f3
12/2/2020 - 17:47:47.137Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ent-accountidentity_31bf3856ad364e35_6.1.7600.16385_none_44d0906fc7b835f3
12/2/2020 - 17:47:47.137Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ertificates-utility_31bf3856ad364e35_6.1.7600.16385_none_e4f29dd9445ae225
12/2/2020 - 17:47:47.137Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ertificates-utility_31bf3856ad364e35_6.1.7600.16385_none_e4f29dd9445ae225
12/2/2020 - 17:47:47.231Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:47.372Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:47.418Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..es-spades.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b554c7d639a4eb44
12/2/2020 - 17:47:47.418Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..es-spades.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b554c7d639a4eb44
12/2/2020 - 17:47:47.465Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..es-spades.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b554c7d639a4eb44
12/2/2020 - 17:47:47.465Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..g-jscript.resources_31bf3856ad364e35_11.2.9600.16428_en-us_364d9e699b7893bc
12/2/2020 - 17:47:47.465Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..g-jscript.resources_31bf3856ad364e35_11.2.9600.16428_en-us_364d9e699b7893bc
12/2/2020 - 17:47:47.512Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:47.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_e222ff0c3a19e92e
12/2/2020 - 17:47:47.653Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_e222ff0c3a19e92e
12/2/2020 - 17:47:47.700Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_e222ff0c3a19e92e
12/2/2020 - 17:47:47.700Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ian-portuguese-main_31bf3856ad364e35_6.3.9412.0_none_0fa879f9d1425a99
12/2/2020 - 17:47:47.700Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ian-portuguese-main_31bf3856ad364e35_6.3.9412.0_none_0fa879f9d1425a99
12/2/2020 - 17:47:47.700Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:47.747Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:47.793Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:47.934Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:48.75Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:48.168Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:48.262Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..iuminboxgames-chess_31bf3856ad364e35_6.1.7600.16385_none_d0c99374981840d5
12/2/2020 - 17:47:48.262Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..iuminboxgames-chess_31bf3856ad364e35_6.1.7600.16385_none_d0c99374981840d5
12/2/2020 - 17:47:48.309Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..iuminboxgames-chess_31bf3856ad364e35_6.1.7600.16385_none_d0c99374981840d5\Chess.exe
12/2/2020 - 17:47:48.356Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..iuminboxgames-chess_31bf3856ad364e35_6.1.7600.16385_none_d0c99374981840d5\Chess.exe
12/2/2020 - 17:47:48.356Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..iuminboxgames-chess_31bf3856ad364e35_6.1.7600.16385_none_d0c99374981840d5\Chess.exe
12/2/2020 - 17:47:48.356Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..iuminboxgames-chess_31bf3856ad364e35_6.1.7600.16385_none_d0c99374981840d5\Chess.exe
12/2/2020 - 17:47:48.356Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..iuminboxgames-chess_31bf3856ad364e35_6.1.7600.16385_none_d0c99374981840d5\Chess.exe
12/2/2020 - 17:47:48.356Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..iuminboxgames-chess_31bf3856ad364e35_6.1.7600.16385_none_d0c99374981840d5\Chess.exe
12/2/2020 - 17:47:48.356Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..iuminboxgames-chess_31bf3856ad364e35_6.1.7600.16385_none_d0c99374981840d5\Chess.exe
12/2/2020 - 17:47:48.403Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..iuminboxgames-chess_31bf3856ad364e35_6.1.7600.16385_none_d0c99374981840d5\Chess.exe
12/2/2020 - 17:47:48.403Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..iuminboxgames-chess_31bf3856ad364e35_6.1.7600.16385_none_d0c99374981840d5\Chess.exe
12/2/2020 - 17:47:48.403Write2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..iuminboxgames-chess_31bf3856ad364e35_6.1.7600.16385_none_d0c99374981840d5\Chess.exe
12/2/2020 - 17:47:48.403Write2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..iuminboxgames-chess_31bf3856ad364e35_6.1.7600.16385_none_d0c99374981840d5\Chess.exe
12/2/2020 - 17:47:48.403Write2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..iuminboxgames-chess_31bf3856ad364e35_6.1.7600.16385_none_d0c99374981840d5\Chess.exe
12/2/2020 - 17:47:48.403Write2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..iuminboxgames-chess_31bf3856ad364e35_6.1.7600.16385_none_d0c99374981840d5\Chess.exe
12/2/2020 - 17:47:48.403Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..iuminboxgames-chess_31bf3856ad364e35_6.1.7600.16385_none_d0c99374981840d5\Chess.exe
12/2/2020 - 17:47:48.450Open2308C:\malware.exeC:\Monitor\PE
12/2/2020 - 17:47:48.450Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..iuminboxgames-chess_31bf3856ad364e35_6.1.7600.16385_none_d0c99374981840d5
12/2/2020 - 17:47:48.450Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:48.450Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:48.450Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..lpaper-architecture_31bf3856ad364e35_6.1.7600.16385_none_d99106b927aa7782
12/2/2020 - 17:47:48.450Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..lpaper-architecture_31bf3856ad364e35_6.1.7600.16385_none_d99106b927aa7782
12/2/2020 - 17:47:48.497Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..lpaper-architecture_31bf3856ad364e35_6.1.7600.16385_none_d99106b927aa7782
12/2/2020 - 17:47:48.497Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ls-setspn.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_af512baed46f8b01
12/2/2020 - 17:47:48.497Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ls-setspn.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_af512baed46f8b01
12/2/2020 - 17:47:48.497Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..madvanced.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0cd688ee12658ad3
12/2/2020 - 17:47:48.497Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..madvanced.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0cd688ee12658ad3
12/2/2020 - 17:47:48.497Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mcomputer.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b8b833cfb8ca2ae8
12/2/2020 - 17:47:48.497Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mcomputer.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b8b833cfb8ca2ae8
12/2/2020 - 17:47:48.497Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:48.497Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:48.497Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:48.497Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mpropertieshardware_31bf3856ad364e35_6.1.7600.16385_none_9cef76e6ecab612f
12/2/2020 - 17:47:48.497Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mpropertieshardware_31bf3856ad364e35_6.1.7600.16385_none_9cef76e6ecab612f
12/2/2020 - 17:47:48.497Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:48.497Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:48.497Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..n-portuguese-update_31bf3856ad364e35_6.3.9412.0_none_c23fe131371702f9
12/2/2020 - 17:47:48.497Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..n-portuguese-update_31bf3856ad364e35_6.3.9412.0_none_c23fe131371702f9
12/2/2020 - 17:47:48.497Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.1.7601.17514_none_4777e36e0649406c
12/2/2020 - 17:47:48.497Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.1.7601.17514_none_4777e36e0649406c
12/2/2020 - 17:47:48.497Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.1.7601.17514_none_4777e36e0649406c
12/2/2020 - 17:47:48.497Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..nboxgames-cardgames_31bf3856ad364e35_6.1.7600.16385_none_9888c15ccd6f74c7
12/2/2020 - 17:47:48.497Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..nboxgames-cardgames_31bf3856ad364e35_6.1.7600.16385_none_9888c15ccd6f74c7
12/2/2020 - 17:47:48.497Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..nboxgames-solitaire_31bf3856ad364e35_6.1.7600.16385_none_d1124c00155dfd14
12/2/2020 - 17:47:48.497Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..nboxgames-solitaire_31bf3856ad364e35_6.1.7600.16385_none_d1124c00155dfd14
12/2/2020 - 17:47:48.543Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..nboxgames-solitaire_31bf3856ad364e35_6.1.7600.16385_none_d1124c00155dfd14
12/2/2020 - 17:47:48.543Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..nter-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d6059beeea22fd3c
12/2/2020 - 17:47:48.543Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..nter-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d6059beeea22fd3c
12/2/2020 - 17:47:48.543Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:48.543Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:48.543Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c78e6f42ac5a3207
12/2/2020 - 17:47:48.543Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c78e6f42ac5a3207
12/2/2020 - 17:47:48.637Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:48.778Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..oxgames-purbleplace_31bf3856ad364e35_6.1.7600.16385_none_622070221822eb39
12/2/2020 - 17:47:48.778Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..oxgames-purbleplace_31bf3856ad364e35_6.1.7600.16385_none_622070221822eb39
12/2/2020 - 17:47:48.825Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..oxgames-purbleplace_31bf3856ad364e35_6.1.7600.16385_none_622070221822eb39
12/2/2020 - 17:47:48.825Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:48.965Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:49.12Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:49.106Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:49.247Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:49.340Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..revention.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3cfce0a67d65759b
12/2/2020 - 17:47:49.340Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..revention.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3cfce0a67d65759b
12/2/2020 - 17:47:49.340Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.23033_none_2df8898bfd178df8
12/2/2020 - 17:47:49.340Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.23033_none_2df8898bfd178df8
12/2/2020 - 17:47:49.387Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.23033_none_2df8898bfd178df8
12/2/2020 - 17:47:49.434Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:49.575Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:49.622Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..solitaire.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_91ae112397105b7a
12/2/2020 - 17:47:49.622Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..solitaire.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_91ae112397105b7a
12/2/2020 - 17:47:49.668Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:49.809Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:49.903Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..subsystem.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5156fa66a4d091c5
12/2/2020 - 17:47:49.903Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..subsystem.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5156fa66a4d091c5
12/2/2020 - 17:47:49.950Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..subsystem.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5156fa66a4d091c5
12/2/2020 - 17:47:49.997Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:50.43Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:50.184Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:50.231Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4decf63779e29aaa
12/2/2020 - 17:47:50.231Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4decf63779e29aaa
12/2/2020 - 17:47:50.231Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_79e9e96da879e072
12/2/2020 - 17:47:50.231Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_79e9e96da879e072
12/2/2020 - 17:47:50.231Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ty-cng-keyisolation_31bf3856ad364e35_6.1.7600.16385_none_20318e130fcade6a
12/2/2020 - 17:47:50.231Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ty-cng-keyisolation_31bf3856ad364e35_6.1.7600.16385_none_20318e130fcade6a
12/2/2020 - 17:47:50.231Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-afternoon_31bf3856ad364e35_6.1.7600.16385_none_2a05e57d5ab3659e
12/2/2020 - 17:47:50.231Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-afternoon_31bf3856ad364e35_6.1.7600.16385_none_2a05e57d5ab3659e
12/2/2020 - 17:47:50.278Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-afternoon_31bf3856ad364e35_6.1.7600.16385_none_2a05e57d5ab3659e
12/2/2020 - 17:47:50.325Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-afternoon_31bf3856ad364e35_6.1.7600.16385_none_2a05e57d5ab3659e
12/2/2020 - 17:47:50.372Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:50.512Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:50.653Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:50.793Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-scheduleui_31bf3856ad364e35_6.1.7600.16385_none_d0b7a7aa2b6c0a20
12/2/2020 - 17:47:50.793Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-scheduleui_31bf3856ad364e35_6.1.7600.16385_none_d0b7a7aa2b6c0a20
12/2/2020 - 17:47:50.793Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:50.934Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:51.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-scripting-jscript_31bf3856ad364e35_11.2.9600.16428_none_6536fba50c3288b3
12/2/2020 - 17:47:51.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-scripting-jscript_31bf3856ad364e35_11.2.9600.16428_none_6536fba50c3288b3
12/2/2020 - 17:47:51.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-scripting-vbscript_31bf3856ad364e35_11.2.9600.17691_none_2aa319e942fe67f2
12/2/2020 - 17:47:51.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-scripting-vbscript_31bf3856ad364e35_11.2.9600.17691_none_2aa319e942fe67f2
12/2/2020 - 17:47:51.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-scripting-vbscript_31bf3856ad364e35_11.2.9600.18349_none_2abdd3e142eb5f9b
12/2/2020 - 17:47:51.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-scripting-vbscript_31bf3856ad364e35_11.2.9600.18349_none_2abdd3e142eb5f9b
12/2/2020 - 17:47:51.75Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:51.215Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:51.262Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:51.356Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sctasks_31bf3856ad364e35_6.1.7601.17514_none_e8657d02cbf5e4c1
12/2/2020 - 17:47:51.356Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sctasks_31bf3856ad364e35_6.1.7601.17514_none_e8657d02cbf5e4c1
12/2/2020 - 17:47:51.356Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-search-profilenotify_31bf3856ad364e35_7.0.7600.16385_none_6c2fc3a30824c67e
12/2/2020 - 17:47:51.356Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-search-profilenotify_31bf3856ad364e35_7.0.7600.16385_none_6c2fc3a30824c67e
12/2/2020 - 17:47:51.356Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sechost_31bf3856ad364e35_6.1.7600.16385_none_e3b7ce84e6a73d66
12/2/2020 - 17:47:51.356Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sechost_31bf3856ad364e35_6.1.7600.16385_none_e3b7ce84e6a73d66
12/2/2020 - 17:47:51.403Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:51.543Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:51.590Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-secondarylogonservice_31bf3856ad364e35_6.1.7601.23348_none_4af75f87cb68e5d3
12/2/2020 - 17:47:51.590Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-secondarylogonservice_31bf3856ad364e35_6.1.7601.23348_none_4af75f87cb68e5d3
12/2/2020 - 17:47:51.590Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-securestartup-cpl_31bf3856ad364e35_6.1.7601.17514_none_b5ac5cc3a1b7e9ef
12/2/2020 - 17:47:51.590Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-securestartup-cpl_31bf3856ad364e35_6.1.7601.17514_none_b5ac5cc3a1b7e9ef
12/2/2020 - 17:47:51.637Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-securestartup-cpl_31bf3856ad364e35_6.1.7601.17514_none_b5ac5cc3a1b7e9ef
12/2/2020 - 17:47:51.637Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-securestartup-wmi_31bf3856ad364e35_6.1.7600.16385_none_bc7747799f002109
12/2/2020 - 17:47:51.637Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-securestartup-wmi_31bf3856ad364e35_6.1.7600.16385_none_bc7747799f002109
12/2/2020 - 17:47:51.684Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-securestartup-wmi_31bf3856ad364e35_6.1.7600.16385_none_bc7747799f002109
12/2/2020 - 17:47:51.778Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:51.950Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.19135_none_21c96228b83f1ef1
12/2/2020 - 17:47:51.950Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.19135_none_21c96228b83f1ef1
12/2/2020 - 17:47:51.950Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:52.90Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:52.184Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.23126_none_225ecd43d153befa
12/2/2020 - 17:47:52.184Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.23126_none_225ecd43d153befa
12/2/2020 - 17:47:52.184Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.23390_none_220d1fdfd191e4d5
12/2/2020 - 17:47:52.184Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.23390_none_220d1fdfd191e4d5
12/2/2020 - 17:47:52.184Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.23452_none_223a6209d16fa4e6
12/2/2020 - 17:47:52.184Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.23452_none_223a6209d16fa4e6
12/2/2020 - 17:47:52.184Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18489_none_98ac89d69388fcce
12/2/2020 - 17:47:52.184Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18489_none_98ac89d69388fcce
12/2/2020 - 17:47:52.231Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:52.372Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:52.465Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18812_none_98f13edc93567c72
12/2/2020 - 17:47:52.465Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18812_none_98f13edc93567c72
12/2/2020 - 17:47:52.512Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:52.559Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:52.700Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:52.747Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.23338_none_996b1b5fac7f16df
12/2/2020 - 17:47:52.747Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.23338_none_996b1b5fac7f16df
12/2/2020 - 17:47:52.840Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:52.981Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.18526_none_44f3fc7ac7738279
12/2/2020 - 17:47:52.981Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.18526_none_44f3fc7ac7738279
12/2/2020 - 17:47:52.981Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.18933_none_44e63348c77e4701
12/2/2020 - 17:47:52.981Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.18933_none_44e63348c77e4701
12/2/2020 - 17:47:52.981Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.22712_none_458469efe08c9e1d
12/2/2020 - 17:47:52.981Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.22712_none_458469efe08c9e1d
12/2/2020 - 17:47:52.981Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.22807_none_45943d33e07ffe06
12/2/2020 - 17:47:52.981Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.22807_none_45943d33e07ffe06
12/2/2020 - 17:47:52.981Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.22843_none_4564fc5be0a4086e
12/2/2020 - 17:47:52.981Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.22843_none_4564fc5be0a4086e
12/2/2020 - 17:47:52.981Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:53.122Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:53.215Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.22865_none_45515d17e0b272fe
12/2/2020 - 17:47:53.215Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.22865_none_45515d17e0b272fe
12/2/2020 - 17:47:53.262Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:53.403Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:53.497Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.1.7601.18489_none_da922b92795eac1d
12/2/2020 - 17:47:53.497Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.1.7601.18489_none_da922b92795eac1d
12/2/2020 - 17:47:53.497Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.1.7601.18933_none_dac242f0793b7a21
12/2/2020 - 17:47:53.497Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.1.7601.18933_none_dac242f0793b7a21
12/2/2020 - 17:47:53.497Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.1.7601.22616_none_db6478d992463972
12/2/2020 - 17:47:53.497Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.1.7601.22616_none_db6478d992463972
12/2/2020 - 17:47:53.543Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:53.684Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:53.731Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:53.778Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.1.7601.23338_none_db50bd1b9254c62e
12/2/2020 - 17:47:53.778Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.1.7601.23338_none_db50bd1b9254c62e
12/2/2020 - 17:47:53.778Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.1.7601.23392_none_db09dbd7928ad5ca
12/2/2020 - 17:47:53.778Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.1.7601.23392_none_db09dbd7928ad5ca
12/2/2020 - 17:47:53.872Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:54.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.17725_none_803284a76be99098
12/2/2020 - 17:47:54.12Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.17725_none_803284a76be99098
12/2/2020 - 17:47:54.12Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:54.153Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:54.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.21861_none_808ce09a852b3aca
12/2/2020 - 17:47:54.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.21861_none_808ce09a852b3aca
12/2/2020 - 17:47:54.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22616_none_80c7d71484fe4d1b
12/2/2020 - 17:47:54.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22616_none_80c7d71484fe4d1b
12/2/2020 - 17:47:54.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22807_none_80d3ab1684f544cf
12/2/2020 - 17:47:54.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22807_none_80d3ab1684f544cf
12/2/2020 - 17:47:54.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22923_none_80ba0bfc8509147c
12/2/2020 - 17:47:54.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22923_none_80ba0bfc8509147c
12/2/2020 - 17:47:54.293Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:54.434Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:54.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.23154_none_809a768a8520b20f
12/2/2020 - 17:47:54.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.23154_none_809a768a8520b20f
12/2/2020 - 17:47:54.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.23392_none_806d3a128542e973
12/2/2020 - 17:47:54.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.23392_none_806d3a128542e973
12/2/2020 - 17:47:54.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-secedit_31bf3856ad364e35_6.1.7600.16385_none_0adc1fc1cb6f944b
12/2/2020 - 17:47:54.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-secedit_31bf3856ad364e35_6.1.7600.16385_none_0adc1fc1cb6f944b
12/2/2020 - 17:47:54.575Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:54.715Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:54.762Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-syskey_31bf3856ad364e35_6.1.7600.16385_none_74578a893f33207c
12/2/2020 - 17:47:54.762Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-syskey_31bf3856ad364e35_6.1.7600.16385_none_74578a893f33207c
12/2/2020 - 17:47:54.856Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:54.903Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:55.43Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sens-service_31bf3856ad364e35_6.1.7600.16385_none_17ae1ea8d8a86ab0
12/2/2020 - 17:47:55.43Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sens-service_31bf3856ad364e35_6.1.7600.16385_none_17ae1ea8d8a86ab0
12/2/2020 - 17:47:55.43Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:55.184Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:55.278Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f
12/2/2020 - 17:47:55.278Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f
12/2/2020 - 17:47:55.325Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f
12/2/2020 - 17:47:55.372Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f
12/2/2020 - 17:47:55.372Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sethc_31bf3856ad364e35_6.1.7601.17514_none_c0e644688bbad892
12/2/2020 - 17:47:55.372Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sethc_31bf3856ad364e35_6.1.7601.17514_none_c0e644688bbad892
12/2/2020 - 17:47:55.372Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-setup-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c9c4e5d78ffc0187
12/2/2020 - 17:47:55.372Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-setup-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c9c4e5d78ffc0187
12/2/2020 - 17:47:55.418Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:55.559Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:55.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-setup-events.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d00bd524311a1ad8
12/2/2020 - 17:47:55.653Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-setup-events.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d00bd524311a1ad8
12/2/2020 - 17:47:55.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-setupcl.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f7e0097d6d5ce8b7
12/2/2020 - 17:47:55.653Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-setupcl.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f7e0097d6d5ce8b7
12/2/2020 - 17:47:55.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_032ab4f375e2ac1f
12/2/2020 - 17:47:55.653Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_032ab4f375e2ac1f
12/2/2020 - 17:47:55.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0c95c59ca21b6aba
12/2/2020 - 17:47:55.653Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0c95c59ca21b6aba
12/2/2020 - 17:47:55.700Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:55.840Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:55.887Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc
12/2/2020 - 17:47:55.887Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc
12/2/2020 - 17:47:55.887Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985
12/2/2020 - 17:47:55.887Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985
12/2/2020 - 17:47:55.887Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-acccursors_31bf3856ad364e35_6.1.7600.16385_none_406675269603c3b4
12/2/2020 - 17:47:55.887Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-acccursors_31bf3856ad364e35_6.1.7600.16385_none_406675269603c3b4
12/2/2020 - 17:47:55.934Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-acccursors_31bf3856ad364e35_6.1.7600.16385_none_406675269603c3b4
12/2/2020 - 17:47:55.981Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-acccursors_31bf3856ad364e35_6.1.7600.16385_none_406675269603c3b4
12/2/2020 - 17:47:56.28Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-acccursors_31bf3856ad364e35_6.1.7600.16385_none_406675269603c3b4
12/2/2020 - 17:47:56.75Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-acccursors_31bf3856ad364e35_6.1.7600.16385_none_406675269603c3b4
12/2/2020 - 17:47:56.122Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-acccursors_31bf3856ad364e35_6.1.7600.16385_none_406675269603c3b4
12/2/2020 - 17:47:56.168Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-acccursors_31bf3856ad364e35_6.1.7600.16385_none_406675269603c3b4
12/2/2020 - 17:47:56.168Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_97c2246fee970dbb
12/2/2020 - 17:47:56.168Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_97c2246fee970dbb
12/2/2020 - 17:47:56.168Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.18837_none_97af745feea4a2b8
12/2/2020 - 17:47:56.168Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.18837_none_97af745feea4a2b8
12/2/2020 - 17:47:56.262Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:56.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-homegroup_31bf3856ad364e35_6.1.7601.17514_none_d9a9e2f0cbbf1804
12/2/2020 - 17:47:56.403Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-homegroup_31bf3856ad364e35_6.1.7601.17514_none_d9a9e2f0cbbf1804
12/2/2020 - 17:47:56.403Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:56.450Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:56.497Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:56.637Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:56.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7601.23155_none_caae56a441d8e264
12/2/2020 - 17:47:56.731Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7601.23155_none_caae56a441d8e264
12/2/2020 - 17:47:56.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shlwapi_31bf3856ad364e35_6.1.7601.17514_none_57ffb773bb4e758b
12/2/2020 - 17:47:56.731Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shlwapi_31bf3856ad364e35_6.1.7601.17514_none_57ffb773bb4e758b
12/2/2020 - 17:47:56.778Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:56.965Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:57.59Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7601.17514_none_2b566299338d2123
12/2/2020 - 17:47:57.59Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7601.17514_none_2b566299338d2123
12/2/2020 - 17:47:57.59Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7601.17514_none_2d02b12c3d47a517
12/2/2020 - 17:47:57.59Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7601.17514_none_2d02b12c3d47a517
12/2/2020 - 17:47:57.106Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7601.17514_none_2d02b12c3d47a517\sidebar.exe
12/2/2020 - 17:47:57.106Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7601.17514_none_2d02b12c3d47a517\sidebar.exe
12/2/2020 - 17:47:57.106Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7601.17514_none_2d02b12c3d47a517\sidebar.exe
12/2/2020 - 17:47:57.106Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7601.17514_none_2d02b12c3d47a517\sidebar.exe
12/2/2020 - 17:47:57.106Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7601.17514_none_2d02b12c3d47a517
12/2/2020 - 17:47:57.153Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:57.293Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:57.340Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-slc-component-sku-ocur_31bf3856ad364e35_6.1.7601.17514_none_76739fec84fbcaeb
12/2/2020 - 17:47:57.340Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-slc-component-sku-ocur_31bf3856ad364e35_6.1.7601.17514_none_76739fec84fbcaeb
12/2/2020 - 17:47:57.387Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-slc-component-sku-ocur_31bf3856ad364e35_6.1.7601.17514_none_76739fec84fbcaeb
12/2/2020 - 17:47:57.387Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smartcardplugins_31bf3856ad364e35_6.1.7601.17514_none_7992975835f65c9e
12/2/2020 - 17:47:57.387Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smartcardplugins_31bf3856ad364e35_6.1.7601.17514_none_7992975835f65c9e
12/2/2020 - 17:47:57.387Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smartcardsubsystem_31bf3856ad364e35_6.1.7601.17514_none_76234513809272a3
12/2/2020 - 17:47:57.387Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smartcardsubsystem_31bf3856ad364e35_6.1.7601.17514_none_76234513809272a3
12/2/2020 - 17:47:57.434Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smartcardsubsystem_31bf3856ad364e35_6.1.7601.17514_none_76234513809272a3
12/2/2020 - 17:47:57.528Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:57.668Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23154_none_e728b7057b4c88d3
12/2/2020 - 17:47:57.668Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23154_none_e728b7057b4c88d3
12/2/2020 - 17:47:57.668Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23452_none_e726bc237b4e4d9a
12/2/2020 - 17:47:57.668Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23452_none_e726bc237b4e4d9a
12/2/2020 - 17:47:57.668Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:57.809Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:57.856Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:57.997Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:58.137Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:58.231Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.18933_none_dda0c35267ce262c
12/2/2020 - 17:47:58.231Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.18933_none_dda0c35267ce262c
12/2/2020 - 17:47:58.231Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.19135_none_dda29dee67cc8943
12/2/2020 - 17:47:58.231Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.19135_none_dda29dee67cc8943
12/2/2020 - 17:47:58.231Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23338_none_de2f3d7d80e77239
12/2/2020 - 17:47:58.231Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23338_none_de2f3d7d80e77239
12/2/2020 - 17:47:58.231Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7601.17514_none_61fc33a326c6a0f8
12/2/2020 - 17:47:58.231Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7601.17514_none_61fc33a326c6a0f8
12/2/2020 - 17:47:58.278Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:58.418Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:58.559Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:58.700Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbserver_31bf3856ad364e35_6.1.7601.17514_none_571aee68017b07d2
12/2/2020 - 17:47:58.700Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbserver_31bf3856ad364e35_6.1.7601.17514_none_571aee68017b07d2
12/2/2020 - 17:47:58.747Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbserver_31bf3856ad364e35_6.1.7601.17514_none_571aee68017b07d2
12/2/2020 - 17:47:58.747Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18933_none_0a49fe1a2fe256c3
12/2/2020 - 17:47:58.747Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18933_none_0a49fe1a2fe256c3\smss.exe
12/2/2020 - 17:47:58.747Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18933_none_0a49fe1a2fe256c3\smss.exe
12/2/2020 - 17:47:58.747Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18933_none_0a49fe1a2fe256c3\smss.exe
12/2/2020 - 17:47:58.747Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18933_none_0a49fe1a2fe256c3\smss.exe
12/2/2020 - 17:47:58.747Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18933_none_0a49fe1a2fe256c3
12/2/2020 - 17:47:58.747Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:58.887Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:59.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23392_none_0a9197014931b26c
12/2/2020 - 17:47:59.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23392_none_0a9197014931b26c
12/2/2020 - 17:47:59.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-snippingtool-licensing_31bf3856ad364e35_6.1.7600.16385_none_82f270a89c8ecb04
12/2/2020 - 17:47:59.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-snippingtool-licensing_31bf3856ad364e35_6.1.7600.16385_none_82f270a89c8ecb04
12/2/2020 - 17:47:59.28Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:59.75Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:59.215Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:59.309Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-directshowtap_31bf3856ad364e35_6.1.7601.17514_none_039bc6666639d183
12/2/2020 - 17:47:59.309Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-directshowtap_31bf3856ad364e35_6.1.7601.17514_none_039bc6666639d183
12/2/2020 - 17:47:59.356Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:59.497Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:59.590Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-sonicxml_31bf3856ad364e35_6.1.7600.16385_none_473b7f0d0af85d51
12/2/2020 - 17:47:59.590Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-sonicxml_31bf3856ad364e35_6.1.7600.16385_none_473b7f0d0af85d51
12/2/2020 - 17:47:59.590Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-tables-1th2_31bf3856ad364e35_6.1.7600.16385_none_cbb1494a79625b79
12/2/2020 - 17:47:59.590Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-tables-1th2_31bf3856ad364e35_6.1.7600.16385_none_cbb1494a79625b79
12/2/2020 - 17:47:59.637Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:59.778Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-tables-absthr_1_31bf3856ad364e35_6.1.7600.16385_none_ebc48b8910d957ec
12/2/2020 - 17:47:59.778Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-tables-absthr_1_31bf3856ad364e35_6.1.7600.16385_none_ebc48b8910d957ec
12/2/2020 - 17:47:59.778Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-tables-absthr_2_31bf3856ad364e35_6.1.7600.16385_none_ebc58bd310d87143
12/2/2020 - 17:47:59.778Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-tables-absthr_2_31bf3856ad364e35_6.1.7600.16385_none_ebc58bd310d87143
12/2/2020 - 17:47:59.778Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:47:59.918Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:0.59Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-spp-main.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1e4662ace02c26fa
12/2/2020 - 17:48:0.59Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-spp-main.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1e4662ace02c26fa
12/2/2020 - 17:48:0.106Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-spp-main.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1e4662ace02c26fa
12/2/2020 - 17:48:0.106Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sqm-consolidator-base_31bf3856ad364e35_6.1.7601.17514_none_326571587836a400
12/2/2020 - 17:48:0.106Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sqm-consolidator-base_31bf3856ad364e35_6.1.7601.17514_none_326571587836a400
12/2/2020 - 17:48:0.106Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:0.247Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:0.293Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:0.387Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-stickynotes-licensing_31bf3856ad364e35_6.1.7600.16385_none_1087c6224049e89e
12/2/2020 - 17:48:0.387Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-stickynotes-licensing_31bf3856ad364e35_6.1.7600.16385_none_1087c6224049e89e
12/2/2020 - 17:48:0.387Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-stobject_31bf3856ad364e35_6.1.7601.17514_none_a848fb386c1b8ee7
12/2/2020 - 17:48:0.387Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-stobject_31bf3856ad364e35_6.1.7601.17514_none_a848fb386c1b8ee7
12/2/2020 - 17:48:0.434Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:0.575Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:0.668Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-storport_31bf3856ad364e35_6.1.7601.22589_none_85e52a3360206ea2
12/2/2020 - 17:48:0.668Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-storport_31bf3856ad364e35_6.1.7601.22589_none_85e52a3360206ea2
12/2/2020 - 17:48:0.668Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-storprop.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2633fc5782eee42e
12/2/2020 - 17:48:0.668Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-storprop.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2633fc5782eee42e
12/2/2020 - 17:48:0.668Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-streambufferengine_31bf3856ad364e35_6.1.7601.17514_none_90b1bea0c80c2a3b
12/2/2020 - 17:48:0.668Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-streambufferengine_31bf3856ad364e35_6.1.7601.17514_none_90b1bea0c80c2a3b
12/2/2020 - 17:48:0.668Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-streamclass_31bf3856ad364e35_6.1.7601.18828_none_bc83bb464e46cc20
12/2/2020 - 17:48:0.668Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-streamclass_31bf3856ad364e35_6.1.7601.18828_none_bc83bb464e46cc20
12/2/2020 - 17:48:0.668Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sud_31bf3856ad364e35_6.1.7601.17514_none_05cbfa317289b4af
12/2/2020 - 17:48:0.668Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sud_31bf3856ad364e35_6.1.7601.17514_none_05cbfa317289b4af
12/2/2020 - 17:48:0.668Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec
12/2/2020 - 17:48:0.668Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec
12/2/2020 - 17:48:0.715Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:0.856Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sxs-store_31bf3856ad364e35_6.1.7600.16385_none_c7ab05686ce4035d
12/2/2020 - 17:48:0.856Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sxs-store_31bf3856ad364e35_6.1.7600.16385_none_c7ab05686ce4035d
12/2/2020 - 17:48:0.856Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:0.997Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:1.137Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-syssetup_31bf3856ad364e35_6.1.7601.17514_none_cef6913cae56559b
12/2/2020 - 17:48:1.137Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-syssetup_31bf3856ad364e35_6.1.7601.17514_none_cef6913cae56559b
12/2/2020 - 17:48:1.137Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:1.278Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:1.372Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-systemcpl_31bf3856ad364e35_6.1.7601.17514_none_3efb79f374ae4d85
12/2/2020 - 17:48:1.372Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-systemcpl_31bf3856ad364e35_6.1.7601.17514_none_3efb79f374ae4d85
12/2/2020 - 17:48:1.372Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.17514_none_a505d556c9de886a
12/2/2020 - 17:48:1.372Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.17514_none_a505d556c9de886a
12/2/2020 - 17:48:1.418Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:1.465Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:1.606Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:1.700Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-systray_31bf3856ad364e35_6.1.7600.16385_none_4f466e7a0fbb1a04
12/2/2020 - 17:48:1.700Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-systray_31bf3856ad364e35_6.1.7600.16385_none_4f466e7a0fbb1a04\systray.exe
12/2/2020 - 17:48:1.747Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-systray_31bf3856ad364e35_6.1.7600.16385_none_4f466e7a0fbb1a04\systray.exe
12/2/2020 - 17:48:1.747Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-systray_31bf3856ad364e35_6.1.7600.16385_none_4f466e7a0fbb1a04\systray.exe
12/2/2020 - 17:48:1.747Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-systray_31bf3856ad364e35_6.1.7600.16385_none_4f466e7a0fbb1a04\systray.exe
12/2/2020 - 17:48:1.747Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-systray_31bf3856ad364e35_6.1.7600.16385_none_4f466e7a0fbb1a04
12/2/2020 - 17:48:1.747Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..-inputdll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_dbdb063d8c5e8bd9
12/2/2020 - 17:48:1.747Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..-inputdll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_dbdb063d8c5e8bd9
12/2/2020 - 17:48:1.747Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..-platform-libraries_31bf3856ad364e35_6.1.7601.17514_none_4896f054b1edb553
12/2/2020 - 17:48:1.747Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..-platform-libraries_31bf3856ad364e35_6.1.7601.17514_none_4896f054b1edb553
12/2/2020 - 17:48:1.793Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:1.965Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:2.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..aceruntimeproxystub_31bf3856ad364e35_7.2.7601.16415_none_30fd24f99ea578b8
12/2/2020 - 17:48:2.12Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..aceruntimeproxystub_31bf3856ad364e35_7.2.7601.16415_none_30fd24f99ea578b8
12/2/2020 - 17:48:2.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..alservices-webproxy_31bf3856ad364e35_6.1.7600.16385_none_8d6c9c807200865a
12/2/2020 - 17:48:2.12Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..alservices-webproxy_31bf3856ad364e35_6.1.7600.16385_none_8d6c9c807200865a
12/2/2020 - 17:48:2.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..alservices-webproxy_31bf3856ad364e35_7.2.7601.22907_none_49d45651b1b3ecd8
12/2/2020 - 17:48:2.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..alservices-webproxy_31bf3856ad364e35_7.2.7601.22907_none_49d45651b1b3ecd8\TSWbPrxy.exe
12/2/2020 - 17:48:2.59Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..alservices-webproxy_31bf3856ad364e35_7.2.7601.22907_none_49d45651b1b3ecd8\TSWbPrxy.exe
12/2/2020 - 17:48:2.59Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..alservices-webproxy_31bf3856ad364e35_7.2.7601.22907_none_49d45651b1b3ecd8\TSWbPrxy.exe
12/2/2020 - 17:48:2.59Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..alservices-webproxy_31bf3856ad364e35_7.2.7601.22907_none_49d45651b1b3ecd8\TSWbPrxy.exe
12/2/2020 - 17:48:2.59Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..alservices-webproxy_31bf3856ad364e35_7.2.7601.22907_none_49d45651b1b3ecd8
12/2/2020 - 17:48:2.106Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:2.247Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:2.293Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..c-journal.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e721b44b10a09996
12/2/2020 - 17:48:2.293Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..c-journal.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e721b44b10a09996
12/2/2020 - 17:48:2.340Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..c-journal.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e721b44b10a09996
12/2/2020 - 17:48:2.340Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7600.16385_none_9e59e11166b683d3
12/2/2020 - 17:48:2.340Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7600.16385_none_9e59e11166b683d3
12/2/2020 - 17:48:2.387Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7600.16385_none_9e59e11166b683d3
12/2/2020 - 17:48:2.387Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7601.19112_none_a088bf1d63a71365
12/2/2020 - 17:48:2.387Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7601.19112_none_a088bf1d63a71365
12/2/2020 - 17:48:2.434Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7601.19112_none_a088bf1d63a71365
12/2/2020 - 17:48:2.434Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7601.23316_none_a1165ef67cc115b2
12/2/2020 - 17:48:2.434Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7601.23316_none_a1165ef67cc115b2
12/2/2020 - 17:48:2.481Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7601.23316_none_a1165ef67cc115b2\PDIALOG.exe
12/2/2020 - 17:48:2.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7601.23316_none_a1165ef67cc115b2\PDIALOG.exe
12/2/2020 - 17:48:2.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7601.23316_none_a1165ef67cc115b2\PDIALOG.exe
12/2/2020 - 17:48:2.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7601.23316_none_a1165ef67cc115b2\PDIALOG.exe
12/2/2020 - 17:48:2.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7601.23316_none_a1165ef67cc115b2
12/2/2020 - 17:48:2.622Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:2.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ceruntime.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3b64f896350b1851
12/2/2020 - 17:48:2.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ceruntime.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3b64f896350b1851
12/2/2020 - 17:48:2.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ceruntime.resources_31bf3856ad364e35_7.1.7601.16398_pt-br_2eb41d67bd1d75af
12/2/2020 - 17:48:2.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ceruntime.resources_31bf3856ad364e35_7.1.7601.16398_pt-br_2eb41d67bd1d75af
12/2/2020 - 17:48:2.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ces-theme.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2df1d63c5b9f964e
12/2/2020 - 17:48:2.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ces-theme.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2df1d63c5b9f964e
12/2/2020 - 17:48:2.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..cesclient.resources_31bf3856ad364e35_6.1.7601.18540_pt-br_d43b68f6f18dee27
12/2/2020 - 17:48:2.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..cesclient.resources_31bf3856ad364e35_6.1.7601.18540_pt-br_d43b68f6f18dee27
12/2/2020 - 17:48:2.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..cesclient.resources_31bf3856ad364e35_7.2.7601.16415_pt-br_8e004f611b22ea8e
12/2/2020 - 17:48:2.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..cesclient.resources_31bf3856ad364e35_7.2.7601.16415_pt-br_8e004f611b22ea8e
12/2/2020 - 17:48:2.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-msctfp_31bf3856ad364e35_6.1.7600.16385_none_26d2511408a24b3e
12/2/2020 - 17:48:2.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-msctfp_31bf3856ad364e35_6.1.7600.16385_none_26d2511408a24b3e
12/2/2020 - 17:48:2.762Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:2.809Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:2.903Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:3.43Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..clientsku.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_eaff2a5da8e2d166
12/2/2020 - 17:48:3.43Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..clientsku.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_eaff2a5da8e2d166
12/2/2020 - 17:48:3.90Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..clientsku.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_eaff2a5da8e2d166
12/2/2020 - 17:48:3.90Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..cognition-licensing_31bf3856ad364e35_6.1.7600.16385_none_01682c82ede5dbb4
12/2/2020 - 17:48:3.90Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..cognition-licensing_31bf3856ad364e35_6.1.7600.16385_none_01682c82ede5dbb4
12/2/2020 - 17:48:3.90Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..diafoundationplugin_31bf3856ad364e35_6.1.7601.17514_none_d68a24fbca3cda42
12/2/2020 - 17:48:3.90Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..diafoundationplugin_31bf3856ad364e35_6.1.7601.17514_none_d68a24fbca3cda42
12/2/2020 - 17:48:3.137Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..diafoundationplugin_31bf3856ad364e35_6.1.7601.17514_none_d68a24fbca3cda42
12/2/2020 - 17:48:3.137Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:3.278Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:3.372Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..direction.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d4b4b03ebe16f842
12/2/2020 - 17:48:3.372Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..direction.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d4b4b03ebe16f842
12/2/2020 - 17:48:3.372Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..duler-compatibility_31bf3856ad364e35_6.1.7601.17514_none_c6bb0139f2db3d90
12/2/2020 - 17:48:3.372Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..duler-compatibility_31bf3856ad364e35_6.1.7601.17514_none_c6bb0139f2db3d90
12/2/2020 - 17:48:3.372Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..edirection-licenses_31bf3856ad364e35_6.1.7600.16385_none_a73503c5cc87655b
12/2/2020 - 17:48:3.372Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..edirection-licenses_31bf3856ad364e35_6.1.7600.16385_none_a73503c5cc87655b
12/2/2020 - 17:48:3.418Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:3.512Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:3.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ervices-wmiprovider_31bf3856ad364e35_6.1.7601.17514_none_4957978495a0d0c0
12/2/2020 - 17:48:3.606Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ervices-wmiprovider_31bf3856ad364e35_6.1.7601.17514_none_4957978495a0d0c0
12/2/2020 - 17:48:3.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..es-workspaceruntime_31bf3856ad364e35_6.1.7601.22252_none_84e77e530d21c596
12/2/2020 - 17:48:3.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..es-workspaceruntime_31bf3856ad364e35_6.1.7601.22252_none_84e77e530d21c596\wksprt.exe
12/2/2020 - 17:48:3.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..es-workspaceruntime_31bf3856ad364e35_6.1.7601.22252_none_84e77e530d21c596\wksprt.exe
12/2/2020 - 17:48:3.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..es-workspaceruntime_31bf3856ad364e35_6.1.7601.22252_none_84e77e530d21c596\wksprt.exe
12/2/2020 - 17:48:3.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..es-workspaceruntime_31bf3856ad364e35_6.1.7601.22252_none_84e77e530d21c596\wksprt.exe
12/2/2020 - 17:48:3.606Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..es-workspaceruntime_31bf3856ad364e35_6.1.7601.22252_none_84e77e530d21c596
12/2/2020 - 17:48:3.653Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:3.793Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:3.840Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:3.887Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..es-workspaceruntime_31bf3856ad364e35_7.2.7601.16415_none_3e2b9ee21d92c830
12/2/2020 - 17:48:3.887Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..es-workspaceruntime_31bf3856ad364e35_7.2.7601.16415_none_3e2b9ee21d92c830
12/2/2020 - 17:48:3.887Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..etoolsmqq.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7d8baf5e615aa64b
12/2/2020 - 17:48:3.887Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..etoolsmqq.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7d8baf5e615aa64b
12/2/2020 - 17:48:3.934Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..etoolsmqq.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7d8baf5e615aa64b
12/2/2020 - 17:48:4.28Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:4.122Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:4.215Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..fcounters.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8201949662709c2c
12/2/2020 - 17:48:4.215Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..fcounters.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8201949662709c2c
12/2/2020 - 17:48:4.215Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ices-msrdpwebaccess_31bf3856ad364e35_6.1.7600.16385_none_e37f55fa65409972
12/2/2020 - 17:48:4.215Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ices-msrdpwebaccess_31bf3856ad364e35_6.1.7600.16385_none_e37f55fa65409972
12/2/2020 - 17:48:4.215Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ices-msrdpwebaccess_31bf3856ad364e35_7.2.7601.18361_none_9f16883e8c0c7dff
12/2/2020 - 17:48:4.215Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ices-msrdpwebaccess_31bf3856ad364e35_7.2.7601.18361_none_9f16883e8c0c7dff
12/2/2020 - 17:48:4.215Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ices-rdpsounddriver_31bf3856ad364e35_6.1.7601.17514_none_98ef52ae10a4943d
12/2/2020 - 17:48:4.215Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ices-rdpsounddriver_31bf3856ad364e35_6.1.7601.17514_none_98ef52ae10a4943d
12/2/2020 - 17:48:4.262Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:4.403Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:4.450Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..installer.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c4bbbf24491099ba
12/2/2020 - 17:48:4.450Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..installer.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c4bbbf24491099ba
12/2/2020 - 17:48:4.543Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:4.637Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..iprovider.resources_31bf3856ad364e35_6.1.7601.17514_en-us_1a5dc897f38ca68b
12/2/2020 - 17:48:4.637Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..iprovider.resources_31bf3856ad364e35_6.1.7601.17514_en-us_1a5dc897f38ca68b
12/2/2020 - 17:48:4.637Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..k-msctfui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_16ec4991fe479102
12/2/2020 - 17:48:4.637Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..k-msctfui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_16ec4991fe479102
12/2/2020 - 17:48:4.637Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:4.778Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:4.825Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:4.918Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_es-es_10ce6d510f840ec1
12/2/2020 - 17:48:4.918Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_es-es_10ce6d510f840ec1
12/2/2020 - 17:48:4.918Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_et-ee_0a8e38e11389eb50
12/2/2020 - 17:48:4.918Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_et-ee_0a8e38e11389eb50
12/2/2020 - 17:48:4.918Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_fi-fi_afe971fe049e00eb
12/2/2020 - 17:48:4.918Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_fi-fi_afe971fe049e00eb
12/2/2020 - 17:48:4.918Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_it-it_9dadd996d9880aa1
12/2/2020 - 17:48:4.918Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_it-it_9dadd996d9880aa1
12/2/2020 - 17:48:4.965Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:5.106Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:5.200Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_nb-no_cbcfb68d97390f4e
12/2/2020 - 17:48:5.200Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_nb-no_cbcfb68d97390f4e
12/2/2020 - 17:48:5.200Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:5.340Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:5.434Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..libraries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d869760728e52d38
12/2/2020 - 17:48:5.434Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..libraries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d869760728e52d38
12/2/2020 - 17:48:5.481Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:5.622Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:5.668Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_6.1.7601.17514_none_036ad230212a39ce
12/2/2020 - 17:48:5.668Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_6.1.7601.17514_none_036ad230212a39ce
12/2/2020 - 17:48:5.715Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:5.762Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:5.809Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:5.950Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:5.997Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_7.2.7601.16415_none_65a2b1ba61681ebe
12/2/2020 - 17:48:5.997Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_7.2.7601.16415_none_65a2b1ba61681ebe
12/2/2020 - 17:48:5.997Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..nalservices-drivers_31bf3856ad364e35_6.1.7601.17514_none_af761db50d19d44f
12/2/2020 - 17:48:5.997Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..nalservices-drivers_31bf3856ad364e35_6.1.7601.17514_none_af761db50d19d44f
12/2/2020 - 17:48:5.997Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..nalservices-drivers_31bf3856ad364e35_6.1.7601.18540_none_af5196010d35dc67
12/2/2020 - 17:48:5.997Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..nalservices-drivers_31bf3856ad364e35_6.1.7601.18540_none_af5196010d35dc67
12/2/2020 - 17:48:6.90Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:6.231Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:6.278Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..nputpanel.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5aa6218f23461563
12/2/2020 - 17:48:6.278Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..nputpanel.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5aa6218f23461563
12/2/2020 - 17:48:6.325Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..nputpanel.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5aa6218f23461563
12/2/2020 - 17:48:6.325Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..nputpanel.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5e5f85df5997ef0d
12/2/2020 - 17:48:6.325Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..nputpanel.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5e5f85df5997ef0d
12/2/2020 - 17:48:6.372Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:6.512Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ork-msutb.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_438767741d85255c
12/2/2020 - 17:48:6.512Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ork-msutb.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_438767741d85255c
12/2/2020 - 17:48:6.512Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7601.23415_none_ac48ab39ae614afc
12/2/2020 - 17:48:6.512Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7601.23415_none_ac48ab39ae614afc
12/2/2020 - 17:48:6.559Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7601.23415_none_ac48ab39ae614afc
12/2/2020 - 17:48:6.559Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:6.700Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:6.793Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..platform-input-core_31bf3856ad364e35_6.1.7601.17514_none_2f3651e7f36d703f
12/2/2020 - 17:48:6.793Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..platform-input-core_31bf3856ad364e35_6.1.7601.17514_none_2f3651e7f36d703f
12/2/2020 - 17:48:6.840Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..platform-input-core_31bf3856ad364e35_6.1.7601.17514_none_2f3651e7f36d703f
12/2/2020 - 17:48:6.887Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:6.934Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:7.43Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:7.137Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..rvices-rdp-direct3d_31bf3856ad364e35_6.1.7601.17514_none_ce0cf746a97a2699
12/2/2020 - 17:48:7.137Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..rvices-rdp-direct3d_31bf3856ad364e35_6.1.7601.17514_none_ce0cf746a97a2699
12/2/2020 - 17:48:7.137Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.1.7601.18951_none_8de5bd6ddc6af2ba
12/2/2020 - 17:48:7.137Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.1.7601.18951_none_8de5bd6ddc6af2ba
12/2/2020 - 17:48:7.184Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.1.7601.18951_none_8de5bd6ddc6af2ba
12/2/2020 - 17:48:7.184Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.1.7601.22750_none_8e6e543cf58981b8
12/2/2020 - 17:48:7.184Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.1.7601.22750_none_8e6e543cf58981b8
12/2/2020 - 17:48:7.231Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.1.7601.22750_none_8e6e543cf58981b8
12/2/2020 - 17:48:7.278Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:7.418Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:7.606Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_7.2.7601.22562_none_4804caa31f41d7f9
12/2/2020 - 17:48:7.606Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_7.2.7601.22562_none_4804caa31f41d7f9
12/2/2020 - 17:48:7.700Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_7.2.7601.22562_none_4804caa31f41d7f9
12/2/2020 - 17:48:7.700Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..services-remotepage_31bf3856ad364e35_6.1.7601.17514_none_631c9722c4191077
12/2/2020 - 17:48:7.700Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..services-remotepage_31bf3856ad364e35_6.1.7601.17514_none_631c9722c4191077
12/2/2020 - 17:48:7.793Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:7.981Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:8.168Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..t-package.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_790ea7b0dfb73e1a
12/2/2020 - 17:48:8.168Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..t-package.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_790ea7b0dfb73e1a
12/2/2020 - 17:48:8.168Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..tfmonitor.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6cdd9e020b264849
12/2/2020 - 17:48:8.168Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..tfmonitor.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6cdd9e020b264849
12/2/2020 - 17:48:8.168Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..tion-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8605dea4baf03643
12/2/2020 - 17:48:8.168Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..tion-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8605dea4baf03643
12/2/2020 - 17:48:8.262Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:8.403Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:8.450Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:8.590Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:8.684Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:8.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2f43c61d93e2fa58
12/2/2020 - 17:48:8.731Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2f43c61d93e2fa58
12/2/2020 - 17:48:8.778Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2f43c61d93e2fa58
12/2/2020 - 17:48:8.778Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..unddriver.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cb9a7378186629d7
12/2/2020 - 17:48:8.778Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..unddriver.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cb9a7378186629d7
12/2/2020 - 17:48:8.872Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:9.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..vices-usbredirector_31bf3856ad364e35_6.1.7601.17514_none_64f9b5f966ec17cd
12/2/2020 - 17:48:9.12Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..vices-usbredirector_31bf3856ad364e35_6.1.7601.17514_none_64f9b5f966ec17cd
12/2/2020 - 17:48:9.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..xtensions.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_fae81ac15fa3a0e5
12/2/2020 - 17:48:9.12Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..xtensions.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_fae81ac15fa3a0e5
12/2/2020 - 17:48:9.12Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:9.153Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:9.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.18512_none_6fb303d98e23be52
12/2/2020 - 17:48:9.247Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.18512_none_6fb303d98e23be52
12/2/2020 - 17:48:9.293Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.18512_none_6fb303d98e23be52
12/2/2020 - 17:48:9.293Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.23187_none_6ff5d25ca775c844
12/2/2020 - 17:48:9.293Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.23187_none_6ff5d25ca775c844
12/2/2020 - 17:48:9.340Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.23187_none_6ff5d25ca775c844
12/2/2020 - 17:48:9.340Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-ipsplugin_31bf3856ad364e35_6.1.7600.16385_none_183763f35905b40c
12/2/2020 - 17:48:9.340Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-ipsplugin_31bf3856ad364e35_6.1.7600.16385_none_183763f35905b40c
12/2/2020 - 17:48:9.340Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.17514_none_75d78dc0bb37c026
12/2/2020 - 17:48:9.340Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.17514_none_75d78dc0bb37c026
12/2/2020 - 17:48:9.387Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.17514_none_75d78dc0bb37c026
12/2/2020 - 17:48:9.434Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.17514_none_75d78dc0bb37c026
12/2/2020 - 17:48:9.434Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-uihub_31bf3856ad364e35_6.1.7600.16385_none_6f7e04cab5e74750
12/2/2020 - 17:48:9.434Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-uihub_31bf3856ad364e35_6.1.7600.16385_none_6f7e04cab5e74750
12/2/2020 - 17:48:9.481Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:9.622Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:9.668Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:9.762Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-takeown.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_13c9755077528c7c
12/2/2020 - 17:48:9.762Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-takeown.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_13c9755077528c7c
12/2/2020 - 17:48:9.762Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tapi3.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1b6e009725d89124
12/2/2020 - 17:48:9.762Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tapi3.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1b6e009725d89124
12/2/2020 - 17:48:9.809Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tapi3.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1b6e009725d89124
12/2/2020 - 17:48:9.809Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tapicore.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_57794b5de26d5460
12/2/2020 - 17:48:9.809Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tapicore.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_57794b5de26d5460
12/2/2020 - 17:48:9.856Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tapicore.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_57794b5de26d5460
12/2/2020 - 17:48:9.856Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7601.17514_none_4162de4afb9222c0
12/2/2020 - 17:48:9.856Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7601.17514_none_4162de4afb9222c0
12/2/2020 - 17:48:9.856Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tapisetup_31bf3856ad364e35_6.1.7600.16385_none_c5e81c6ab4db0c88
12/2/2020 - 17:48:9.856Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tapisetup_31bf3856ad364e35_6.1.7600.16385_none_c5e81c6ab4db0c88
12/2/2020 - 17:48:9.903Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tapisetup_31bf3856ad364e35_6.1.7600.16385_none_c5e81c6ab4db0c88\TapiUnattend.exe
12/2/2020 - 17:48:9.950Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tapisetup_31bf3856ad364e35_6.1.7600.16385_none_c5e81c6ab4db0c88\TapiUnattend.exeTapiUnattend.exe
12/2/2020 - 17:48:9.950Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tapisetup_31bf3856ad364e35_6.1.7600.16385_none_c5e81c6ab4db0c88\TapiUnattend.exe
12/2/2020 - 17:48:9.950Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tapisetup_31bf3856ad364e35_6.1.7600.16385_none_c5e81c6ab4db0c88\TapiUnattend.exe
12/2/2020 - 17:48:9.950Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tapisetup_31bf3856ad364e35_6.1.7600.16385_none_c5e81c6ab4db0c88\TapiUnattend.exe
12/2/2020 - 17:48:9.950Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tapisetup_31bf3856ad364e35_6.1.7600.16385_none_c5e81c6ab4db0c88
12/2/2020 - 17:48:9.997Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:10.137Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:10.184Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-taskmgr.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_346d3a7de57828c0
12/2/2020 - 17:48:10.184Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-taskmgr.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_346d3a7de57828c0
12/2/2020 - 17:48:10.184Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-client_31bf3856ad364e35_6.1.7601.17514_none_a2204d83b4ef6bd1
12/2/2020 - 17:48:10.184Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-client_31bf3856ad364e35_6.1.7601.17514_none_a2204d83b4ef6bd1
12/2/2020 - 17:48:10.184Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_43d2529dd579f798
12/2/2020 - 17:48:10.184Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_43d2529dd579f798
12/2/2020 - 17:48:10.278Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:10.418Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tcpip-adm_31bf3856ad364e35_6.1.7601.22124_none_91ae30e0b7c1437b
12/2/2020 - 17:48:10.418Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tcpip-adm_31bf3856ad364e35_6.1.7601.22124_none_91ae30e0b7c1437b
12/2/2020 - 17:48:10.418Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:10.559Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:10.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tcpip-mof_31bf3856ad364e35_6.1.7600.16385_none_93d2d57d9ea09496
12/2/2020 - 17:48:10.653Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tcpip-mof_31bf3856ad364e35_6.1.7600.16385_none_93d2d57d9ea09496
12/2/2020 - 17:48:10.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tcpip.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_29d3a184538902e3
12/2/2020 - 17:48:10.653Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tcpip.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_29d3a184538902e3
12/2/2020 - 17:48:10.700Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tcpip.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_29d3a184538902e3
12/2/2020 - 17:48:10.700Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.23237_none_48da96640be0954f
12/2/2020 - 17:48:10.700Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.23237_none_48da96640be0954f
12/2/2020 - 17:48:10.747Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:10.887Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:10.981Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-telnet-server-tlntsvr_31bf3856ad364e35_6.1.7600.16385_none_1ab997fb0a83afdd
12/2/2020 - 17:48:10.981Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-telnet-server-tlntsvr_31bf3856ad364e35_6.1.7600.16385_none_1ab997fb0a83afdd
12/2/2020 - 17:48:10.981Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-terminalserver-adm_31bf3856ad364e35_6.1.7601.17514_none_e09a4d44afffdbed
12/2/2020 - 17:48:10.981Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-terminalserver-adm_31bf3856ad364e35_6.1.7601.17514_none_e09a4d44afffdbed
12/2/2020 - 17:48:10.981Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-terminalservices-theme_31bf3856ad364e35_6.1.7600.16385_none_31db018394805d6b
12/2/2020 - 17:48:10.981Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-terminalservices-theme_31bf3856ad364e35_6.1.7600.16385_none_31db018394805d6b
12/2/2020 - 17:48:10.981Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-themeui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_fb854d16f4140b20
12/2/2020 - 17:48:10.981Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-themeui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_fb854d16f4140b20
12/2/2020 - 17:48:11.28Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:11.75Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:11.215Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:11.262Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-time-tool_31bf3856ad364e35_6.1.7600.16385_none_48fe0cfd559f80ad
12/2/2020 - 17:48:11.262Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-time-tool_31bf3856ad364e35_6.1.7600.16385_none_48fe0cfd559f80ad
12/2/2020 - 17:48:11.262Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-timedate.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8155abe0a872cf4a
12/2/2020 - 17:48:11.262Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-timedate.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8155abe0a872cf4a
12/2/2020 - 17:48:11.262Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-timedate_31bf3856ad364e35_6.1.7601.21888_none_ee14242ff3bc3f4b
12/2/2020 - 17:48:11.262Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-timedate_31bf3856ad364e35_6.1.7601.21888_none_ee14242ff3bc3f4b
12/2/2020 - 17:48:11.262Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-touchinput-adm_31bf3856ad364e35_6.1.7600.16385_none_3976cddbeea7650b
12/2/2020 - 17:48:11.262Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-touchinput-adm_31bf3856ad364e35_6.1.7600.16385_none_3976cddbeea7650b
12/2/2020 - 17:48:11.356Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:11.497Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-trustedinstaller_31bf3856ad364e35_6.1.7601.17514_none_ef3338f363c6403c
12/2/2020 - 17:48:11.497Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-trustedinstaller_31bf3856ad364e35_6.1.7601.17514_none_ef3338f363c6403c
12/2/2020 - 17:48:11.497Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:11.637Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:11.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tvencdec_31bf3856ad364e35_6.1.7601.17514_none_3e9e1bdfa5062b13
12/2/2020 - 17:48:11.731Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tvencdec_31bf3856ad364e35_6.1.7601.17514_none_3e9e1bdfa5062b13
12/2/2020 - 17:48:11.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tvencdec_31bf3856ad364e35_6.1.7601.21626_none_3f1ee952be2a197c
12/2/2020 - 17:48:11.731Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tvencdec_31bf3856ad364e35_6.1.7601.21626_none_3f1ee952be2a197c
12/2/2020 - 17:48:11.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tzutil.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d5462844100b92d1
12/2/2020 - 17:48:11.731Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tzutil.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d5462844100b92d1
12/2/2020 - 17:48:11.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..ackup-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5b0686eb74382acb
12/2/2020 - 17:48:11.731Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..ackup-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5b0686eb74382acb
12/2/2020 - 17:48:11.778Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:11.918Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:11.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..dem-voice.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4b89c9d13b150580
12/2/2020 - 17:48:11.965Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..dem-voice.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4b89c9d13b150580
12/2/2020 - 17:48:12.59Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:12.106Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:12.247Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:12.293Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..roundprocessmanager_31bf3856ad364e35_6.1.7601.18741_none_c45292cc0822d17a
12/2/2020 - 17:48:12.293Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..roundprocessmanager_31bf3856ad364e35_6.1.7601.18741_none_c45292cc0822d17a
12/2/2020 - 17:48:12.293Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..rvice-mof.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_52aaa401928f8abe
12/2/2020 - 17:48:12.293Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..rvice-mof.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_52aaa401928f8abe
12/2/2020 - 17:48:12.340Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..rvice-mof.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_52aaa401928f8abe
12/2/2020 - 17:48:12.340Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-uianimation.resources_31bf3856ad364e35_7.1.7601.16492_es-es_2691a3277d21c7e0
12/2/2020 - 17:48:12.340Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-uianimation.resources_31bf3856ad364e35_7.1.7601.16492_es-es_2691a3277d21c7e0
12/2/2020 - 17:48:12.434Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:12.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-uianimation_31bf3856ad364e35_6.1.7600.16385_none_e771fb51894d14a5
12/2/2020 - 17:48:12.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-uianimation_31bf3856ad364e35_6.1.7600.16385_none_e771fb51894d14a5
12/2/2020 - 17:48:12.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-uiautomationcore_31bf3856ad364e35_6.1.7600.16385_none_0c0d85465bcceb37
12/2/2020 - 17:48:12.528Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-uiautomationcore_31bf3856ad364e35_6.1.7600.16385_none_0c0d85465bcceb37
12/2/2020 - 17:48:12.575Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-uiautomationcore_31bf3856ad364e35_6.1.7600.16385_none_0c0d85465bcceb37
12/2/2020 - 17:48:12.575Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-unattendedjoin_31bf3856ad364e35_6.1.7601.17514_none_113aea0e8374286d
12/2/2020 - 17:48:12.575Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-unattendedjoin_31bf3856ad364e35_6.1.7601.17514_none_113aea0e8374286d
12/2/2020 - 17:48:12.622Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:12.762Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:12.856Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-unimodem-core-tsp_31bf3856ad364e35_6.1.7601.21818_none_0c8d9958ff508c4d
12/2/2020 - 17:48:12.856Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-unimodem-core-tsp_31bf3856ad364e35_6.1.7601.21818_none_0c8d9958ff508c4d
12/2/2020 - 17:48:12.856Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-unimodem-core_31bf3856ad364e35_6.1.7600.16385_none_f08d2472ee3ef611
12/2/2020 - 17:48:12.856Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-unimodem-core_31bf3856ad364e35_6.1.7600.16385_none_f08d2472ee3ef611
12/2/2020 - 17:48:12.856Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-upnpcontrolpoint_31bf3856ad364e35_6.1.7601.17514_none_90f573b34760bc53
12/2/2020 - 17:48:12.856Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-upnpcontrolpoint_31bf3856ad364e35_6.1.7601.17514_none_90f573b34760bc53
12/2/2020 - 17:48:12.856Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-usbperf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_374bbcbba70fa4fa
12/2/2020 - 17:48:12.856Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-usbperf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_374bbcbba70fa4fa
12/2/2020 - 17:48:12.903Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:13.43Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:13.90Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_9dc033bdae70c1ed
12/2/2020 - 17:48:13.90Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_9dc033bdae70c1ed
12/2/2020 - 17:48:13.90Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-userdatabackup-adm_31bf3856ad364e35_6.1.7600.16385_none_2dc05a8484480773
12/2/2020 - 17:48:13.90Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-userdatabackup-adm_31bf3856ad364e35_6.1.7600.16385_none_2dc05a8484480773
12/2/2020 - 17:48:13.90Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-userenv.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_21836c0ca9d6f79d
12/2/2020 - 17:48:13.90Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-userenv.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_21836c0ca9d6f79d
12/2/2020 - 17:48:13.184Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:13.325Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:13.372Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:13.418Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-usermodepowerservice_31bf3856ad364e35_6.1.7600.16385_none_b9ff78b166245993
12/2/2020 - 17:48:13.418Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-usermodepowerservice_31bf3856ad364e35_6.1.7600.16385_none_b9ff78b166245993
12/2/2020 - 17:48:13.418Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_ff0e900816896618
12/2/2020 - 17:48:13.418Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_ff0e900816896618
12/2/2020 - 17:48:13.418Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-usertiles_31bf3856ad364e35_6.1.7600.16385_none_f385bacaa98d1e8b
12/2/2020 - 17:48:13.418Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-usertiles_31bf3856ad364e35_6.1.7600.16385_none_f385bacaa98d1e8b
12/2/2020 - 17:48:13.465Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-usertiles_31bf3856ad364e35_6.1.7600.16385_none_f385bacaa98d1e8b
12/2/2020 - 17:48:13.512Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-usertiles_31bf3856ad364e35_6.1.7600.16385_none_f385bacaa98d1e8b
12/2/2020 - 17:48:13.606Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:13.700Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:13.747Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-uxtheme.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_73b12791cd0ae5b9
12/2/2020 - 17:48:13.747Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-uxtheme.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_73b12791cd0ae5b9
12/2/2020 - 17:48:13.747Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_01d98c7b2040a1b9
12/2/2020 - 17:48:13.747Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_01d98c7b2040a1b9
12/2/2020 - 17:48:13.747Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..driver-tvdigital-ks_31bf3856ad364e35_6.1.7600.16385_none_1eb3558ba4abcf2e
12/2/2020 - 17:48:13.747Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..driver-tvdigital-ks_31bf3856ad364e35_6.1.7600.16385_none_1eb3558ba4abcf2e
12/2/2020 - 17:48:13.747Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..ice-dynamicprovider_31bf3856ad364e35_6.1.7600.16385_none_b9ee1de1ca498be1
12/2/2020 - 17:48:13.747Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..ice-dynamicprovider_31bf3856ad364e35_6.1.7600.16385_none_b9ee1de1ca498be1
12/2/2020 - 17:48:13.840Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:13.981Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..rvice-basicprovider_31bf3856ad364e35_6.1.7601.17514_none_7b6bbebb8a8d5350
12/2/2020 - 17:48:13.981Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..rvice-basicprovider_31bf3856ad364e35_6.1.7601.17514_none_7b6bbebb8a8d5350
12/2/2020 - 17:48:13.981Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..skservice.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ffa2049e72e3bb50
12/2/2020 - 17:48:13.981Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..skservice.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ffa2049e72e3bb50
12/2/2020 - 17:48:14.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..skservice.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ffa2049e72e3bb50
12/2/2020 - 17:48:14.28Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:14.168Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:14.262Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-virtualdiskapilibrary_31bf3856ad364e35_6.1.7600.16385_none_495791f12222ea12
12/2/2020 - 17:48:14.262Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-virtualdiskapilibrary_31bf3856ad364e35_6.1.7600.16385_none_495791f12222ea12
12/2/2020 - 17:48:14.262Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-virtualxp-licensing_31bf3856ad364e35_6.1.7600.16385_none_000817e8ef268b79
12/2/2020 - 17:48:14.262Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-virtualxp-licensing_31bf3856ad364e35_6.1.7600.16385_none_000817e8ef268b79
12/2/2020 - 17:48:14.262Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-volumeencryption-adm_31bf3856ad364e35_6.1.7600.16385_none_02760d9722bab7e7
12/2/2020 - 17:48:14.262Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-volumeencryption-adm_31bf3856ad364e35_6.1.7600.16385_none_02760d9722bab7e7
12/2/2020 - 17:48:14.262Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-vssadmin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0f533c32c453c088
12/2/2020 - 17:48:14.262Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-vssadmin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0f533c32c453c088
12/2/2020 - 17:48:14.262Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-vssapi_31bf3856ad364e35_6.1.7601.17514_none_330ce3bf9861358f
12/2/2020 - 17:48:14.262Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-vssapi_31bf3856ad364e35_6.1.7601.17514_none_330ce3bf9861358f
12/2/2020 - 17:48:14.309Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-vssapi_31bf3856ad364e35_6.1.7601.17514_none_330ce3bf9861358f
12/2/2020 - 17:48:14.356Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:14.497Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:14.590Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185
12/2/2020 - 17:48:14.590Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185
12/2/2020 - 17:48:14.590Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf
12/2/2020 - 17:48:14.590Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf
12/2/2020 - 17:48:14.590Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_16e26ee85d215bbf
12/2/2020 - 17:48:14.590Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_16e26ee85d215bbf
12/2/2020 - 17:48:14.590Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-installer-provider_31bf3856ad364e35_6.1.7601.17514_none_88af1cb8f0d0a95d
12/2/2020 - 17:48:14.590Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-installer-provider_31bf3856ad364e35_6.1.7601.17514_none_88af1cb8f0d0a95d
12/2/2020 - 17:48:14.590Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3bface4fab5785a1
12/2/2020 - 17:48:14.590Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3bface4fab5785a1
12/2/2020 - 17:48:14.637Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:14.684Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:14.778Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:14.872Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5eda1b8ca39ab0f9
12/2/2020 - 17:48:14.872Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5eda1b8ca39ab0f9
12/2/2020 - 17:48:14.872Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a287511e7714f947
12/2/2020 - 17:48:14.872Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a287511e7714f947
12/2/2020 - 17:48:14.872Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..breakerstemmer-thai_31bf3856ad364e35_7.0.7600.16385_none_67c71546419fa0f9
12/2/2020 - 17:48:14.872Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..breakerstemmer-thai_31bf3856ad364e35_7.0.7600.16385_none_67c71546419fa0f9
12/2/2020 - 17:48:14.918Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:15.59Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:15.106Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ccore-api.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5e7311fc944e9fe5
12/2/2020 - 17:48:15.106Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ccore-api.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5e7311fc944e9fe5
12/2/2020 - 17:48:15.106Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..client-ui.resources_31bf3856ad364e35_7.6.7601.18804_pt-br_4fd64ae0940c03f2
12/2/2020 - 17:48:15.106Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..client-ui.resources_31bf3856ad364e35_7.6.7601.18804_pt-br_4fd64ae0940c03f2
12/2/2020 - 17:48:15.200Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:15.293Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:15.387Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..cture-bsp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2b7264b0ea1ac2f3
12/2/2020 - 17:48:15.387Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..cture-bsp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2b7264b0ea1ac2f3
12/2/2020 - 17:48:15.387Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..eakerstemmer-korean_31bf3856ad364e35_7.0.7600.16385_none_a7ca197ff4659c3d
12/2/2020 - 17:48:15.387Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..eakerstemmer-korean_31bf3856ad364e35_7.0.7600.16385_none_a7ca197ff4659c3d
12/2/2020 - 17:48:15.434Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:15.575Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:15.622Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:15.668Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:15.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..enger-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ee3dbc74a7fc85e2
12/2/2020 - 17:48:15.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..enger-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ee3dbc74a7fc85e2
12/2/2020 - 17:48:15.715Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ent-internalupgrade_31bf3856ad364e35_7.6.7601.19046_none_2b7d5e9a8880c9aa
12/2/2020 - 17:48:15.715Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ent-internalupgrade_31bf3856ad364e35_7.6.7601.19046_none_2b7d5e9a8880c9aa
12/2/2020 - 17:48:15.809Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:15.903Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..erclasses.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0a20510ccc979fa8
12/2/2020 - 17:48:15.903Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..erclasses.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0a20510ccc979fa8
12/2/2020 - 17:48:15.903Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..eservices.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_36e8bc8a408b1292
12/2/2020 - 17:48:15.903Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..eservices.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_36e8bc8a408b1292
12/2/2020 - 17:48:15.950Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..eservices.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_36e8bc8a408b1292
12/2/2020 - 17:48:15.950Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..etwork-setup-wizard_31bf3856ad364e35_6.1.7600.16385_none_f0d21d0b5e184994
12/2/2020 - 17:48:15.950Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..etwork-setup-wizard_31bf3856ad364e35_6.1.7600.16385_none_f0d21d0b5e184994
12/2/2020 - 17:48:15.997Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..etwork-setup-wizard_31bf3856ad364e35_6.1.7600.16385_none_f0d21d0b5e184994
12/2/2020 - 17:48:15.997Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..extension.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9c0599c70696251d
12/2/2020 - 17:48:15.997Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..extension.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9c0599c70696251d
12/2/2020 - 17:48:15.997Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:16.137Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:16.231Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.17514_none_288b7acec3a75696
12/2/2020 - 17:48:16.231Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.17514_none_288b7acec3a75696
12/2/2020 - 17:48:16.278Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.17514_none_288b7acec3a75696
12/2/2020 - 17:48:16.278Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.22826_none_290c3545dccb58ee
12/2/2020 - 17:48:16.278Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.22826_none_290c3545dccb58ee
12/2/2020 - 17:48:16.325Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.22826_none_290c3545dccb58ee
12/2/2020 - 17:48:16.325Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_e1c363a5d8fde9aa
12/2/2020 - 17:48:16.325Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_e1c363a5d8fde9aa
12/2/2020 - 17:48:16.372Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_e1c363a5d8fde9aa
12/2/2020 - 17:48:16.418Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:16.559Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:16.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.6.7600.320_pt-br_2d06f13bf2dd7d66
12/2/2020 - 17:48:16.653Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.6.7600.320_pt-br_2d06f13bf2dd7d66
12/2/2020 - 17:48:16.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.6.7601.18937_pt-br_3e60d6d60673a970
12/2/2020 - 17:48:16.653Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.6.7601.18937_pt-br_3e60d6d60673a970
12/2/2020 - 17:48:16.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ig-registrar-wizard_31bf3856ad364e35_6.1.7600.16385_none_9927a9a419132532
12/2/2020 - 17:48:16.653Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ig-registrar-wizard_31bf3856ad364e35_6.1.7600.16385_none_9927a9a419132532
12/2/2020 - 17:48:16.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..installer.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_76fb5b3052edf8e5
12/2/2020 - 17:48:16.653Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..installer.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_76fb5b3052edf8e5
12/2/2020 - 17:48:16.653Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:16.793Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:16.840Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:16.934Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..leshooter.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0b05a66fb75dd952
12/2/2020 - 17:48:16.934Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..leshooter.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0b05a66fb75dd952
12/2/2020 - 17:48:16.934Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..lient-aux.resources_31bf3856ad364e35_7.6.7600.320_pt-br_d73450ea6d85366b
12/2/2020 - 17:48:16.934Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..lient-aux.resources_31bf3856ad364e35_7.6.7600.320_pt-br_d73450ea6d85366b
12/2/2020 - 17:48:16.981Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:17.122Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:17.168Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_83a61ecf5d7486de
12/2/2020 - 17:48:17.168Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_83a61ecf5d7486de
12/2/2020 - 17:48:17.215Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_83a61ecf5d7486de
12/2/2020 - 17:48:17.215Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..lorer-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_212eb036292a4c44
12/2/2020 - 17:48:17.215Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..lorer-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_212eb036292a4c44
12/2/2020 - 17:48:17.215Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ment-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_21ce315183a3a86c
12/2/2020 - 17:48:17.215Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ment-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_21ce315183a3a86c
12/2/2020 - 17:48:17.262Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ment-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_21ce315183a3a86c
12/2/2020 - 17:48:17.262Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.23451_none_5138e112fe368c82
12/2/2020 - 17:48:17.262Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.23451_none_5138e112fe368c82
12/2/2020 - 17:48:17.309Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:17.450Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:17.497Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ompositeclassdriver_31bf3856ad364e35_6.1.7600.16385_none_5d5d32a7d4c7eb92
12/2/2020 - 17:48:17.497Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ompositeclassdriver_31bf3856ad364e35_6.1.7600.16385_none_5d5d32a7d4c7eb92
12/2/2020 - 17:48:17.497Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.5.7601.17514_none_05454dfbda0d69c8
12/2/2020 - 17:48:17.497Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.5.7601.17514_none_05454dfbda0d69c8
12/2/2020 - 17:48:17.590Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:17.731Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:17.778Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.6.7601.19077_none_cd3605887906f813
12/2/2020 - 17:48:17.778Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.6.7601.19077_none_cd3605887906f813
12/2/2020 - 17:48:17.825Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:17.872Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:18.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.6.7601.19046_none_776035431ea6bce5
12/2/2020 - 17:48:18.12Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.6.7601.19046_none_776035431ea6bce5
12/2/2020 - 17:48:18.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..publicapi.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d367475799b5464d
12/2/2020 - 17:48:18.12Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..publicapi.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d367475799b5464d
12/2/2020 - 17:48:18.12Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:18.153Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:18.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..sh-helper.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1e82910ec0d8f861
12/2/2020 - 17:48:18.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..sh-helper.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1e82910ec0d8f861
12/2/2020 - 17:48:18.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..sition-uicomponents_31bf3856ad364e35_6.1.7601.17514_none_2d1a84c49beb2055
12/2/2020 - 17:48:18.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..sition-uicomponents_31bf3856ad364e35_6.1.7601.17514_none_2d1a84c49beb2055
12/2/2020 - 17:48:18.293Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:18.387Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:18.481Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_1f3413afc64d10c5
12/2/2020 - 17:48:18.481Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_1f3413afc64d10c5\wuauclt.exe
12/2/2020 - 17:48:18.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_1f3413afc64d10c5\wuauclt.exe
12/2/2020 - 17:48:18.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_1f3413afc64d10c5\wuauclt.exe
12/2/2020 - 17:48:18.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_1f3413afc64d10c5\wuauclt.exe
12/2/2020 - 17:48:18.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_1f3413afc64d10c5
12/2/2020 - 17:48:18.575Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:18.715Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:18.809Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7601.18937_none_e75032ca6525fc0a
12/2/2020 - 17:48:18.809Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7601.18937_none_e75032ca6525fc0a
12/2/2020 - 17:48:18.809Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ywmdmcesp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9fab7661da8a0640
12/2/2020 - 17:48:18.809Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ywmdmcesp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9fab7661da8a0640
12/2/2020 - 17:48:18.809Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wab-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0de937911df144e5
12/2/2020 - 17:48:18.809Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wab-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0de937911df144e5
12/2/2020 - 17:48:18.856Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:18.903Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:19.43Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:19.90Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-waitfor_31bf3856ad364e35_6.1.7600.16385_none_125aa78894e49f8f
12/2/2020 - 17:48:19.90Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-waitfor_31bf3856ad364e35_6.1.7600.16385_none_125aa78894e49f8f
12/2/2020 - 17:48:19.90Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wbiosrvc_31bf3856ad364e35_6.1.7600.16385_none_c79503ead5aed6b0
12/2/2020 - 17:48:19.90Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wbiosrvc_31bf3856ad364e35_6.1.7600.16385_none_c79503ead5aed6b0
12/2/2020 - 17:48:19.90Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_008c99e0bcccbd99
12/2/2020 - 17:48:19.90Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_008c99e0bcccbd99
12/2/2020 - 17:48:19.137Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_008c99e0bcccbd99
12/2/2020 - 17:48:19.137Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wcn-netsh-helper_31bf3856ad364e35_6.1.7600.16385_none_3e0ef24b0d1162d7
12/2/2020 - 17:48:19.137Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wcn-netsh-helper_31bf3856ad364e35_6.1.7600.16385_none_3e0ef24b0d1162d7
12/2/2020 - 17:48:19.231Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:19.372Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7601.18198_none_d426811134c90d14
12/2/2020 - 17:48:19.372Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7601.18198_none_d426811134c90d14
12/2/2020 - 17:48:19.418Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7601.18198_none_d426811134c90d14
12/2/2020 - 17:48:19.418Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7601.22374_none_d4c1be724dda0cc7
12/2/2020 - 17:48:19.418Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7601.22374_none_d4c1be724dda0cc7
12/2/2020 - 17:48:19.465Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7601.22374_none_d4c1be724dda0cc7
12/2/2020 - 17:48:19.465Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-webdavredir-davclient_31bf3856ad364e35_6.1.7601.23115_none_f27dd4b581fbbf65
12/2/2020 - 17:48:19.465Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-webdavredir-davclient_31bf3856ad364e35_6.1.7601.23115_none_f27dd4b581fbbf65
12/2/2020 - 17:48:19.465Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-webdavredir-mrxdav_31bf3856ad364e35_6.1.7601.17514_none_72d0eaa6dc5b2edb
12/2/2020 - 17:48:19.465Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-webdavredir-mrxdav_31bf3856ad364e35_6.1.7601.17514_none_72d0eaa6dc5b2edb
12/2/2020 - 17:48:19.465Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-webdavredir-webclient_31bf3856ad364e35_6.1.7601.17514_none_b34bcf2bca512dc2
12/2/2020 - 17:48:19.465Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-webdavredir-webclient_31bf3856ad364e35_6.1.7601.17514_none_b34bcf2bca512dc2
12/2/2020 - 17:48:19.465Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:19.559Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:19.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wfpipsechelperclasses_31bf3856ad364e35_6.1.7601.17514_none_d0c392d2129a680a
12/2/2020 - 17:48:19.653Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wfpipsechelperclasses_31bf3856ad364e35_6.1.7601.17514_none_d0c392d2129a680a
12/2/2020 - 17:48:19.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-whea-troubleshooter_31bf3856ad364e35_6.1.7600.16385_none_124dff546524b2a8
12/2/2020 - 17:48:19.653Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-whea-troubleshooter_31bf3856ad364e35_6.1.7600.16385_none_124dff546524b2a8
12/2/2020 - 17:48:19.700Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:19.840Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:19.934Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-whhelper.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9fd32fff0bf98376
12/2/2020 - 17:48:19.934Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-whhelper.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9fd32fff0bf98376
12/2/2020 - 17:48:19.934Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-whoami.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ccc4fef3958a5c66
12/2/2020 - 17:48:19.934Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-whoami.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ccc4fef3958a5c66
12/2/2020 - 17:48:19.934Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18512_none_171767cdb1283af4
12/2/2020 - 17:48:19.934Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18512_none_171767cdb1283af4
12/2/2020 - 17:48:19.981Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:20.122Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:20.168Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:20.262Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22739_none_179268acca4fc128
12/2/2020 - 17:48:20.262Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22739_none_179268acca4fc128
12/2/2020 - 17:48:20.262Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.23149_none_17877694ca5807d0
12/2/2020 - 17:48:20.262Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.23149_none_17877694ca5807d0
12/2/2020 - 17:48:20.262Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wincal-adm_31bf3856ad364e35_6.1.7600.16385_none_793f2aa0e2c738e8
12/2/2020 - 17:48:20.262Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wincal-adm_31bf3856ad364e35_6.1.7600.16385_none_793f2aa0e2c738e8
12/2/2020 - 17:48:20.309Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:20.450Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:20.497Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-windowscodec_31bf3856ad364e35_7.1.7601.23418_none_e6a5a5c65bbe8f25
12/2/2020 - 17:48:20.497Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-windowscodec_31bf3856ad364e35_7.1.7601.23418_none_e6a5a5c65bbe8f25
12/2/2020 - 17:48:20.497Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-windowsmediadrm-adm_31bf3856ad364e35_6.1.7600.16385_none_0b447ce583a5f8fe
12/2/2020 - 17:48:20.497Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-windowsmediadrm-adm_31bf3856ad364e35_6.1.7600.16385_none_0b447ce583a5f8fe
12/2/2020 - 17:48:20.497Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-windowsmessenger-adm_31bf3856ad364e35_6.1.7600.16385_none_dd951832e07a56ec
12/2/2020 - 17:48:20.497Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-windowsmessenger-adm_31bf3856ad364e35_6.1.7600.16385_none_dd951832e07a56ec
12/2/2020 - 17:48:20.497Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-windowsupdate-adm_31bf3856ad364e35_7.6.7601.18937_none_a3e1e9afce4b2a72
12/2/2020 - 17:48:20.497Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-windowsupdate-adm_31bf3856ad364e35_7.6.7601.18937_none_a3e1e9afce4b2a72
12/2/2020 - 17:48:20.590Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:20.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-windowsupdate-adm_31bf3856ad364e35_7.6.7601.19161_none_a3bb5237ce6916a4
12/2/2020 - 17:48:20.731Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-windowsupdate-adm_31bf3856ad364e35_7.6.7601.19161_none_a3bb5237ce6916a4
12/2/2020 - 17:48:20.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.6.7601.18937_none_64fd5675052a3ebb
12/2/2020 - 17:48:20.731Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.6.7601.18937_none_64fd5675052a3ebb
12/2/2020 - 17:48:20.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.6.7601.19077_none_64d1eee7054ae1c1
12/2/2020 - 17:48:20.731Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.6.7601.19077_none_64d1eee7054ae1c1
12/2/2020 - 17:48:20.731Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:20.872Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:20.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wininit-mof.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c5b96d62d974570a
12/2/2020 - 17:48:20.965Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wininit-mof.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c5b96d62d974570a
12/2/2020 - 17:48:20.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f29539b36346fe0f
12/2/2020 - 17:48:20.965Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f29539b36346fe0f
12/2/2020 - 17:48:20.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_864c0b81a5b3d015
12/2/2020 - 17:48:20.965Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_864c0b81a5b3d015
12/2/2020 - 17:48:21.12Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:21.153Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:21.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572
12/2/2020 - 17:48:21.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572
12/2/2020 - 17:48:21.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winocr-ocrengines_31bf3856ad364e35_6.1.7600.16385_none_ff3a08834cc21b39
12/2/2020 - 17:48:21.247Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winocr-ocrengines_31bf3856ad364e35_6.1.7600.16385_none_ff3a08834cc21b39
12/2/2020 - 17:48:21.293Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winocr-ocrengines_31bf3856ad364e35_6.1.7600.16385_none_ff3a08834cc21b39
12/2/2020 - 17:48:21.340Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winocr-ocrengines_31bf3856ad364e35_6.1.7600.16385_none_ff3a08834cc21b39
12/2/2020 - 17:48:21.387Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winocr-ocrengines_31bf3856ad364e35_6.1.7600.16385_none_ff3a08834cc21b39
12/2/2020 - 17:48:21.434Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:21.481Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:21.622Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:21.668Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsock-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a979e88704cb9f2d
12/2/2020 - 17:48:21.668Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsock-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a979e88704cb9f2d
12/2/2020 - 17:48:21.668Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991
12/2/2020 - 17:48:21.668Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991
12/2/2020 - 17:48:21.762Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:21.903Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.23237_none_368510aa8e380be8
12/2/2020 - 17:48:21.903Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.23237_none_368510aa8e380be8
12/2/2020 - 17:48:21.903Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsock-legacy-afd_31bf3856ad364e35_6.1.7600.16385_none_477be503cda35f27
12/2/2020 - 17:48:21.903Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsock-legacy-afd_31bf3856ad364e35_6.1.7600.16385_none_477be503cda35f27
12/2/2020 - 17:48:21.903Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsrv.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9b5a67ec8ad0fcf2
12/2/2020 - 17:48:21.903Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsrv.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9b5a67ec8ad0fcf2
12/2/2020 - 17:48:21.903Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18933_none_148decbfb305ecb4
12/2/2020 - 17:48:21.903Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18933_none_148decbfb305ecb4
12/2/2020 - 17:48:21.903Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:22.43Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:22.137Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.19135_none_148fc75bb3044fcb
12/2/2020 - 17:48:22.137Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.19135_none_148fc75bb3044fcb
12/2/2020 - 17:48:22.137Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22177_none_14f039eccc407b3f
12/2/2020 - 17:48:22.137Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22177_none_14f039eccc407b3f
12/2/2020 - 17:48:22.137Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22653_none_1501e21acc33cfc4
12/2/2020 - 17:48:22.137Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22653_none_1501e21acc33cfc4
12/2/2020 - 17:48:22.137Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23136_none_151a628acc210bc5
12/2/2020 - 17:48:22.137Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23136_none_151a628acc210bc5
12/2/2020 - 17:48:22.137Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.1.7601.17514_none_4dd43f34b0b06f44
12/2/2020 - 17:48:22.137Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.1.7601.17514_none_4dd43f34b0b06f44
12/2/2020 - 17:48:22.137Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wirelesslanhelperclass_31bf3856ad364e35_6.1.7600.16385_none_f6a5ba29c98b1358
12/2/2020 - 17:48:22.137Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wirelesslanhelperclass_31bf3856ad364e35_6.1.7600.16385_none_f6a5ba29c98b1358
12/2/2020 - 17:48:22.184Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:22.325Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:22.418Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlan-dialog_31bf3856ad364e35_6.1.7600.16385_none_6ba366bd0755f2bc
12/2/2020 - 17:48:22.418Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlan-dialog_31bf3856ad364e35_6.1.7600.16385_none_6ba366bd0755f2bc
12/2/2020 - 17:48:22.418Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlanconnectionflow_31bf3856ad364e35_6.1.7600.16385_none_e629c73a8182aca5
12/2/2020 - 17:48:22.418Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlanconnectionflow_31bf3856ad364e35_6.1.7600.16385_none_e629c73a8182aca5
12/2/2020 - 17:48:22.465Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlanconnectionflow_31bf3856ad364e35_6.1.7600.16385_none_e629c73a8182aca5
12/2/2020 - 17:48:22.465Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlangpui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7754dc483f1227a0
12/2/2020 - 17:48:22.465Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlangpui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7754dc483f1227a0
12/2/2020 - 17:48:22.465Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlanschemas_31bf3856ad364e35_6.1.7600.16385_none_09f70e22d614643b
12/2/2020 - 17:48:22.465Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlanschemas_31bf3856ad364e35_6.1.7600.16385_none_09f70e22d614643b
12/2/2020 - 17:48:22.512Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlanschemas_31bf3856ad364e35_6.1.7600.16385_none_09f70e22d614643b
12/2/2020 - 17:48:22.559Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:22.700Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:22.747Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:22.840Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlansvc.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9b56b2261c7fe6f7
12/2/2020 - 17:48:22.840Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlansvc.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9b56b2261c7fe6f7
12/2/2020 - 17:48:22.887Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlansvc.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9b56b2261c7fe6f7
12/2/2020 - 17:48:22.887Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlanutil.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c18c8d673738049f
12/2/2020 - 17:48:22.887Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlanutil.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c18c8d673738049f
12/2/2020 - 17:48:22.887Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmadmoe_31bf3856ad364e35_6.1.7600.16385_none_e2b5641237601cb1
12/2/2020 - 17:48:22.887Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmadmoe_31bf3856ad364e35_6.1.7600.16385_none_e2b5641237601cb1
12/2/2020 - 17:48:22.934Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:23.75Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:23.122Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7601.17514_none_6e88c3faa2049408
12/2/2020 - 17:48:23.122Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7601.17514_none_6e88c3faa2049408\WmiPrvSE.exe
12/2/2020 - 17:48:23.122Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7601.17514_none_6e88c3faa2049408\WmiPrvSE.exe
12/2/2020 - 17:48:23.122Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7601.17514_none_6e88c3faa2049408\WmiPrvSE.exe
12/2/2020 - 17:48:23.122Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7601.17514_none_6e88c3faa2049408\WmiPrvSE.exe
12/2/2020 - 17:48:23.122Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7601.17514_none_6e88c3faa2049408
12/2/2020 - 17:48:23.122Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_fed8c13f0d90a8cf
12/2/2020 - 17:48:23.122Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_fed8c13f0d90a8cf
12/2/2020 - 17:48:23.122Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-core-wbemcore-dll_31bf3856ad364e35_6.1.7601.17514_none_3fe5b852ed7138b6
12/2/2020 - 17:48:23.122Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-core-wbemcore-dll_31bf3856ad364e35_6.1.7601.17514_none_3fe5b852ed7138b6
12/2/2020 - 17:48:23.122Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-core-wbemess-dll_31bf3856ad364e35_6.1.7600.16385_none_bfca40cb4951ede6
12/2/2020 - 17:48:23.122Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-core-wbemess-dll_31bf3856ad364e35_6.1.7600.16385_none_bfca40cb4951ede6
12/2/2020 - 17:48:23.122Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_6.1.7600.16385_en-us_30bc7fe1e159c5d3
12/2/2020 - 17:48:23.122Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_6.1.7600.16385_en-us_30bc7fe1e159c5d3
12/2/2020 - 17:48:23.168Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_6.1.7600.16385_en-us_30bc7fe1e159c5d3
12/2/2020 - 17:48:23.168Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-events_31bf3856ad364e35_6.1.7600.16385_none_0c4ed7b1a5ec567a
12/2/2020 - 17:48:23.168Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-events_31bf3856ad364e35_6.1.7600.16385_none_0c4ed7b1a5ec567a
12/2/2020 - 17:48:23.262Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:23.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-iproute-provider_31bf3856ad364e35_6.1.7600.16385_none_a917cbad413907b3
12/2/2020 - 17:48:23.403Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-iproute-provider_31bf3856ad364e35_6.1.7600.16385_none_a917cbad413907b3
12/2/2020 - 17:48:23.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-krnlprov-provider_31bf3856ad364e35_6.1.7600.16385_none_3fa5b5a70ec7f461
12/2/2020 - 17:48:23.403Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-krnlprov-provider_31bf3856ad364e35_6.1.7600.16385_none_3fa5b5a70ec7f461
12/2/2020 - 17:48:23.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_6.1.7601.17514_none_08e183f8dd5f48b7
12/2/2020 - 17:48:23.403Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_6.1.7601.17514_none_08e183f8dd5f48b7
12/2/2020 - 17:48:23.450Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_6.1.7601.17514_none_08e183f8dd5f48b7
12/2/2020 - 17:48:23.450Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-stdprov-provider_31bf3856ad364e35_6.1.7600.16385_none_9a8350c7e0405c47
12/2/2020 - 17:48:23.450Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-stdprov-provider_31bf3856ad364e35_6.1.7600.16385_none_9a8350c7e0405c47
12/2/2020 - 17:48:23.450Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:23.590Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:23.684Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-text-encoding_31bf3856ad364e35_6.1.7600.16385_none_157658b455c19edc
12/2/2020 - 17:48:23.684Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-text-encoding_31bf3856ad364e35_6.1.7600.16385_none_157658b455c19edc
12/2/2020 - 17:48:23.731Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:23.872Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:23.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmpnssui_31bf3856ad364e35_6.1.7600.16385_none_1475e2507460e085
12/2/2020 - 17:48:23.965Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmpnssui_31bf3856ad364e35_6.1.7600.16385_none_1475e2507460e085
12/2/2020 - 17:48:24.12Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:24.59Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:24.200Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:24.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmvencod_31bf3856ad364e35_6.1.7600.16385_none_4bf34d8717e8ed72
12/2/2020 - 17:48:24.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmvencod_31bf3856ad364e35_6.1.7600.16385_none_4bf34d8717e8ed72
12/2/2020 - 17:48:24.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmviddsp_31bf3856ad364e35_6.1.7600.16385_none_02d8e5538eeeec51
12/2/2020 - 17:48:24.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmviddsp_31bf3856ad364e35_6.1.7600.16385_none_02d8e5538eeeec51
12/2/2020 - 17:48:24.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmviddsp_31bf3856ad364e35_6.1.7601.19091_none_04b041cf8c2144ed
12/2/2020 - 17:48:24.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmviddsp_31bf3856ad364e35_6.1.7601.19091_none_04b041cf8c2144ed
12/2/2020 - 17:48:24.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmvsdecd_31bf3856ad364e35_6.1.7601.17514_none_c49f800cbb6ab4e6
12/2/2020 - 17:48:24.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmvsdecd_31bf3856ad364e35_6.1.7601.17514_none_c49f800cbb6ab4e6
12/2/2020 - 17:48:24.340Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:24.481Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:24.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmvxencd_31bf3856ad364e35_6.1.7600.16385_none_a584c84b542b92d7
12/2/2020 - 17:48:24.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmvxencd_31bf3856ad364e35_6.1.7600.16385_none_a584c84b542b92d7
12/2/2020 - 17:48:24.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wordpad_31bf3856ad364e35_6.1.7601.17514_none_8be07ea283850f02
12/2/2020 - 17:48:24.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wordpad_31bf3856ad364e35_6.1.7601.17514_none_8be07ea283850f02
12/2/2020 - 17:48:24.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.17514_none_c64bcd78edeebc0a
12/2/2020 - 17:48:24.528Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.17514_none_c64bcd78edeebc0a
12/2/2020 - 17:48:24.575Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.17514_none_c64bcd78edeebc0a
12/2/2020 - 17:48:24.668Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:24.809Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.22653_none_c6a91382072dcbe2
12/2/2020 - 17:48:24.809Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.22653_none_c6a91382072dcbe2
12/2/2020 - 17:48:24.856Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.22653_none_c6a91382072dcbe2
12/2/2020 - 17:48:24.856Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.23126_none_c6cc63de0712ebf2
12/2/2020 - 17:48:24.856Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.23126_none_c6cc63de0712ebf2
12/2/2020 - 17:48:24.903Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.23126_none_c6cc63de0712ebf2
12/2/2020 - 17:48:24.903Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.23392_none_c67cb70e074f447b
12/2/2020 - 17:48:24.903Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.23392_none_c67cb70e074f447b
12/2/2020 - 17:48:24.950Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.23392_none_c67cb70e074f447b
12/2/2020 - 17:48:24.950Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:25.90Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:25.184Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpd-portabledevicesqm_31bf3856ad364e35_6.1.7601.17514_none_b11b7e2cfd8c4d39
12/2/2020 - 17:48:25.184Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpd-portabledevicesqm_31bf3856ad364e35_6.1.7601.17514_none_b11b7e2cfd8c4d39
12/2/2020 - 17:48:25.184Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpd-status.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_66093a3a47f65089
12/2/2020 - 17:48:25.184Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpd-status.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_66093a3a47f65089
12/2/2020 - 17:48:25.184Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpd-status_31bf3856ad364e35_6.1.7601.17514_none_6a89387bf013b2bb
12/2/2020 - 17:48:25.184Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpd-status_31bf3856ad364e35_6.1.7601.17514_none_6a89387bf013b2bb
12/2/2020 - 17:48:25.184Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_11d6340413a3bc04
12/2/2020 - 17:48:25.184Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_11d6340413a3bc04
12/2/2020 - 17:48:25.231Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_11d6340413a3bc04
12/2/2020 - 17:48:25.231Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpfcorecomp.resources_31bf3856ad364e35_6.1.7601.22733_pt-br_12491bcb2cd29121
12/2/2020 - 17:48:25.231Read2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpfcorecomp.resources_31bf3856ad364e35_6.1.7601.22733_pt-br_12491bcb2cd29121
12/2/2020 - 17:48:25.278Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpfcorecomp.resources_31bf3856ad364e35_6.1.7601.22733_pt-br_12491bcb2cd29121
12/2/2020 - 17:48:25.278Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-write_31bf3856ad364e35_6.1.7600.16385_none_bb77c3d6f6c8e3f6
12/2/2020 - 17:48:25.278Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-write_31bf3856ad364e35_6.1.7600.16385_none_bb77c3d6f6c8e3f6
12/2/2020 - 17:48:25.325Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:25.465Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:25.559Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wwan-netsh-helper_31bf3856ad364e35_6.1.7600.16385_none_28ac626c2ed8e07a
12/2/2020 - 17:48:25.559Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wwan-netsh-helper_31bf3856ad364e35_6.1.7600.16385_none_28ac626c2ed8e07a
12/2/2020 - 17:48:25.606Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:25.747Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:25.793Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-x..lugin-mui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9376b9812669f1ad
12/2/2020 - 17:48:25.793Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-x..lugin-mui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9376b9812669f1ad
12/2/2020 - 17:48:25.793Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-x..ocess-mui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_af9f9f1007b4ff9f
12/2/2020 - 17:48:25.793Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-x..ocess-mui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_af9f9f1007b4ff9f
12/2/2020 - 17:48:25.793Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-xmllite_31bf3856ad364e35_6.1.7600.16385_none_e5307039bcff94de
12/2/2020 - 17:48:25.793Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-xmllite_31bf3856ad364e35_6.1.7600.16385_none_e5307039bcff94de
12/2/2020 - 17:48:25.793Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-xmllite_31bf3856ad364e35_6.1.7601.21748_none_e7ceb416d3206e98
12/2/2020 - 17:48:25.793Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-xmllite_31bf3856ad364e35_6.1.7601.21748_none_e7ceb416d3206e98
12/2/2020 - 17:48:25.887Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:26.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-xwizards-registration_31bf3856ad364e35_6.1.7600.16385_none_750dbfac02518b59
12/2/2020 - 17:48:26.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-xwizards-registration_31bf3856ad364e35_6.1.7600.16385_none_750dbfac02518b59
12/2/2020 - 17:48:26.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-zipfldr.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7108e1a204b15740
12/2/2020 - 17:48:26.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-zipfldr.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7108e1a204b15740
12/2/2020 - 17:48:26.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-zipfldr_31bf3856ad364e35_6.1.7601.17514_none_d62c4fab4be810dc
12/2/2020 - 17:48:26.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-zipfldr_31bf3856ad364e35_6.1.7601.17514_none_d62c4fab4be810dc
12/2/2020 - 17:48:26.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.grouppoli..mpleditor.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ea648607bc686441
12/2/2020 - 17:48:26.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.grouppoli..mpleditor.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ea648607bc686441
12/2/2020 - 17:48:26.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47
12/2/2020 - 17:48:26.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47
12/2/2020 - 17:48:26.28Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:26.215Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:26.356Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:26.450Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.transactions.bridge.dtc_b03f5f7f11d50a3a_6.1.7601.22733_none_65085bdd54b4a629
12/2/2020 - 17:48:26.450Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.transactions.bridge.dtc_b03f5f7f11d50a3a_6.1.7601.22733_none_65085bdd54b4a629
12/2/2020 - 17:48:26.450Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.web.administration-nonmsil_31bf3856ad364e35_6.1.7601.17514_none_2696d890a7769151
12/2/2020 - 17:48:26.450Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.web.administration-nonmsil_31bf3856ad364e35_6.1.7601.17514_none_2696d890a7769151
12/2/2020 - 17:48:26.450Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_de-de_11656bd895c187f7
12/2/2020 - 17:48:26.450Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_de-de_11656bd895c187f7
12/2/2020 - 17:48:26.497Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:26.637Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:26.684Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_it-it_47010afb4eca8141
12/2/2020 - 17:48:26.684Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_it-it_47010afb4eca8141
12/2/2020 - 17:48:26.684Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_ja-jp_e9268a0841e5931c
12/2/2020 - 17:48:26.684Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_ja-jp_e9268a0841e5931c
12/2/2020 - 17:48:26.684Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_lv-lv_3129014225fc66bf
12/2/2020 - 17:48:26.684Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_lv-lv_3129014225fc66bf
12/2/2020 - 17:48:26.731Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:26.872Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:26.918Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_sk-sk_a2925e32cabe818d
12/2/2020 - 17:48:26.918Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_sk-sk_a2925e32cabe818d
12/2/2020 - 17:48:27.12Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:27.106Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_bg-bg_220fd9f16f277c5a
12/2/2020 - 17:48:27.106Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_bg-bg_220fd9f16f277c5a
12/2/2020 - 17:48:27.106Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_es-es_103af8cc43d0a688
12/2/2020 - 17:48:27.106Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_es-es_103af8cc43d0a688
12/2/2020 - 17:48:27.153Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:27.293Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_fr-fr_b2f26ecb36a2bcea
12/2/2020 - 17:48:27.293Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_fr-fr_b2f26ecb36a2bcea
12/2/2020 - 17:48:27.293Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_ja-jp_3f3fe41f00efb443
12/2/2020 - 17:48:27.293Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_ja-jp_3f3fe41f00efb443
12/2/2020 - 17:48:27.293Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:27.434Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:27.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_120bd26cb05db282
12/2/2020 - 17:48:27.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_120bd26cb05db282
12/2/2020 - 17:48:27.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-pt_12eda1d8afcd225e
12/2/2020 - 17:48:27.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-pt_12eda1d8afcd225e
12/2/2020 - 17:48:27.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_ro-ro_572868109633edba
12/2/2020 - 17:48:27.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_ro-ro_572868109633edba
12/2/2020 - 17:48:27.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_sk-sk_f8abb84989c8a2b4
12/2/2020 - 17:48:27.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_sk-sk_f8abb84989c8a2b4
12/2/2020 - 17:48:27.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_zh-hk_6ea0fee42ba70185
12/2/2020 - 17:48:27.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_zh-hk_6ea0fee42ba70185
12/2/2020 - 17:48:27.575Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:27.622Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.7601.19061_none_3bd82ed1d8e2945c
12/2/2020 - 17:48:27.622Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.7601.19061_none_3bd82ed1d8e2945c
12/2/2020 - 17:48:27.762Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:27.809Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.7601.23149_none_2507d13df28c8ebc
12/2/2020 - 17:48:27.809Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.7601.23149_none_2507d13df28c8ebc
12/2/2020 - 17:48:27.809Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.7601.23407_none_2503fd39f28ff711
12/2/2020 - 17:48:27.809Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.7601.23407_none_2503fd39f28ff711
12/2/2020 - 17:48:27.809Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23265_none_145b9bb28b9034de
12/2/2020 - 17:48:27.809Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23265_none_145b9bb28b9034de
12/2/2020 - 17:48:27.856Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:27.997Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:28.43Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:28.90Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a52d26ce1992a02d
12/2/2020 - 17:48:28.90Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a52d26ce1992a02d
12/2/2020 - 17:48:28.90Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d7f2001de4617cc8
12/2/2020 - 17:48:28.90Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d7f2001de4617cc8
12/2/2020 - 17:48:28.90Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.h..ocessor-driverclass_31bf3856ad364e35_6.1.7600.16385_none_559906a314d4f487
12/2/2020 - 17:48:28.90Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.h..ocessor-driverclass_31bf3856ad364e35_6.1.7600.16385_none_559906a314d4f487
12/2/2020 - 17:48:28.184Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:28.325Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.i..utomation.proxystub_6595b64144ccf1df_1.0.7600.16385_none_556753b6a456f932
12/2/2020 - 17:48:28.325Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.i..utomation.proxystub_6595b64144ccf1df_1.0.7600.16385_none_556753b6a456f932
12/2/2020 - 17:48:28.325Open2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.winhttp_31bf3856ad364e35_5.1.7601.17514_none_bac5319939f7951a
12/2/2020 - 17:48:28.325Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.winhttp_31bf3856ad364e35_5.1.7601.17514_none_bac5319939f7951a
12/2/2020 - 17:48:28.325Open2308C:\malware.exeC:\Windows\winsxs\amd64_modemcsa.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8499789be2620806
12/2/2020 - 17:48:28.325Read2308C:\malware.exeC:\Windows\winsxs\amd64_modemcsa.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8499789be2620806
12/2/2020 - 17:48:28.372Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_modemcsa.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8499789be2620806
12/2/2020 - 17:48:28.372Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:28.559Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:28.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_mpio.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_32f1daa9762505c8
12/2/2020 - 17:48:28.653Read2308C:\malware.exeC:\Windows\winsxs\amd64_mpio.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_32f1daa9762505c8
12/2/2020 - 17:48:28.700Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mpio.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_32f1daa9762505c8
12/2/2020 - 17:48:28.747Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:28.887Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:28.981Open2308C:\malware.exeC:\Windows\winsxs\amd64_msdsm.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_477254882128e699
12/2/2020 - 17:48:28.981Read2308C:\malware.exeC:\Windows\winsxs\amd64_msdsm.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_477254882128e699
12/2/2020 - 17:48:29.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_msdsm.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_477254882128e699
12/2/2020 - 17:48:29.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_msdv.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b372d529255f39b1
12/2/2020 - 17:48:29.28Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_msdv.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b372d529255f39b1
12/2/2020 - 17:48:29.28Open2308C:\malware.exeC:\Windows\winsxs\amd64_msmouse.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2f00dd0f1c7cbaae
12/2/2020 - 17:48:29.28Read2308C:\malware.exeC:\Windows\winsxs\amd64_msmouse.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2f00dd0f1c7cbaae
12/2/2020 - 17:48:29.75Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_msmouse.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2f00dd0f1c7cbaae
12/2/2020 - 17:48:29.75Open2308C:\malware.exeC:\Windows\winsxs\amd64_mtconfig.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d84ab8714b43efce
12/2/2020 - 17:48:29.75Read2308C:\malware.exeC:\Windows\winsxs\amd64_mtconfig.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d84ab8714b43efce
12/2/2020 - 17:48:29.122Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_mtconfig.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d84ab8714b43efce
12/2/2020 - 17:48:29.168Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:29.356Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:29.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_multiprt.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_33bb3ddcaa110050
12/2/2020 - 17:48:29.403Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_multiprt.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_33bb3ddcaa110050
12/2/2020 - 17:48:29.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_napcrypt_31bf3856ad364e35_6.1.7601.17514_none_99fb87a0aad31261
12/2/2020 - 17:48:29.403Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_napcrypt_31bf3856ad364e35_6.1.7601.17514_none_99fb87a0aad31261
12/2/2020 - 17:48:29.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_naphlpr_31bf3856ad364e35_6.1.7601.17514_none_6939c46ac0899363
12/2/2020 - 17:48:29.403Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_naphlpr_31bf3856ad364e35_6.1.7601.17514_none_6939c46ac0899363
12/2/2020 - 17:48:29.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_narrator.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_ad76241ba6a2d181
12/2/2020 - 17:48:29.403Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_narrator.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_ad76241ba6a2d181
12/2/2020 - 17:48:29.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_net44amd.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ae7e2c1c6d21978e
12/2/2020 - 17:48:29.403Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_net44amd.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ae7e2c1c6d21978e
12/2/2020 - 17:48:29.403Open2308C:\malware.exeC:\Windows\winsxs\amd64_net44amd.inf_31bf3856ad364e35_6.1.7600.16385_none_0579b36b41e62541
12/2/2020 - 17:48:29.403Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_net44amd.inf_31bf3856ad364e35_6.1.7600.16385_none_0579b36b41e62541
12/2/2020 - 17:48:29.497Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:29.637Open2308C:\malware.exeC:\Windows\winsxs\amd64_net8185.inf_31bf3856ad364e35_6.1.7600.16385_none_cba7660201f05131
12/2/2020 - 17:48:29.637Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_net8185.inf_31bf3856ad364e35_6.1.7600.16385_none_cba7660201f05131
12/2/2020 - 17:48:29.637Open2308C:\malware.exeC:\Windows\winsxs\amd64_net8187bv64.inf_31bf3856ad364e35_6.1.7600.16385_none_1b33cf68c32072a3
12/2/2020 - 17:48:29.637Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_net8187bv64.inf_31bf3856ad364e35_6.1.7600.16385_none_1b33cf68c32072a3
12/2/2020 - 17:48:29.637Open2308C:\malware.exeC:\Windows\winsxs\amd64_net8187se64.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_28794390d67d99be
12/2/2020 - 17:48:29.637Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_net8187se64.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_28794390d67d99be
12/2/2020 - 17:48:29.637Open2308C:\malware.exeC:\Windows\winsxs\amd64_nete1e3e.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6e38fd4a262b5691
12/2/2020 - 17:48:29.637Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_nete1e3e.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6e38fd4a262b5691
12/2/2020 - 17:48:29.637Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:29.684Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:29.825Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:29.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_nete1g3e.inf_31bf3856ad364e35_6.1.7600.16385_none_04871f8f4b13ca44
12/2/2020 - 17:48:29.965Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_nete1g3e.inf_31bf3856ad364e35_6.1.7600.16385_none_04871f8f4b13ca44
12/2/2020 - 17:48:29.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_netevbda.inf_31bf3856ad364e35_6.1.7600.16385_none_960cfc4d7aab525d
12/2/2020 - 17:48:29.965Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netevbda.inf_31bf3856ad364e35_6.1.7600.16385_none_960cfc4d7aab525d
12/2/2020 - 17:48:29.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-accessibility_b03f5f7f11d50a3a_6.1.7601.22733_none_a079af8fec10f97e
12/2/2020 - 17:48:29.965Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-accessibility_b03f5f7f11d50a3a_6.1.7601.22733_none_a079af8fec10f97e
12/2/2020 - 17:48:29.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-applaunch_exe_b03f5f7f11d50a3a_6.1.7601.18523_none_51e6fcfa1319f927
12/2/2020 - 17:48:29.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-applaunch_exe_b03f5f7f11d50a3a_6.1.7601.18523_none_51e6fcfa1319f927\AppLaunch.exe
12/2/2020 - 17:48:30.12Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-applaunch_exe_b03f5f7f11d50a3a_6.1.7601.18523_none_51e6fcfa1319f927\AppLaunch.exeAppLaunch.exe
12/2/2020 - 17:48:30.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-applaunch_exe_b03f5f7f11d50a3a_6.1.7601.18523_none_51e6fcfa1319f927\AppLaunch.exe
12/2/2020 - 17:48:30.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-applaunch_exe_b03f5f7f11d50a3a_6.1.7601.18523_none_51e6fcfa1319f927\AppLaunch.exe
12/2/2020 - 17:48:30.12Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-applaunch_exe_b03f5f7f11d50a3a_6.1.7601.18523_none_51e6fcfa1319f927\AppLaunch.exe
12/2/2020 - 17:48:30.12Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-applaunch_exe_b03f5f7f11d50a3a_6.1.7601.18523_none_51e6fcfa1319f927
12/2/2020 - 17:48:30.59Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:30.200Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:30.293Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnetmmcext_b03f5f7f11d50a3a_6.1.7600.16385_none_bfba567785514114
12/2/2020 - 17:48:30.293Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnetmmcext_b03f5f7f11d50a3a_6.1.7600.16385_none_bfba567785514114
12/2/2020 - 17:48:30.293Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnetmmcext_b03f5f7f11d50a3a_6.1.7601.18410_none_bf8fc12585a81e1c
12/2/2020 - 17:48:30.293Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnetmmcext_b03f5f7f11d50a3a_6.1.7601.18410_none_bf8fc12585a81e1c
12/2/2020 - 17:48:30.293Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnetmmcext_b03f5f7f11d50a3a_6.1.7601.22617_none_a8c17ac99f5031da
12/2/2020 - 17:48:30.293Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnetmmcext_b03f5f7f11d50a3a_6.1.7601.22617_none_a8c17ac99f5031da
12/2/2020 - 17:48:30.293Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.1.7600.16385_none_27e5cecd389a11b4
12/2/2020 - 17:48:30.293Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.1.7600.16385_none_27e5cecd389a11b4
12/2/2020 - 17:48:30.293Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.1.7600.16385_none_c56d3c38f38b0256
12/2/2020 - 17:48:30.293Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.1.7600.16385_none_c56d3c38f38b0256
12/2/2020 - 17:48:30.340Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:30.481Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:30.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_mmc_asp_ext_dll_b03f5f7f11d50a3a_6.1.7601.22617_none_06a3d98794f2d81c
12/2/2020 - 17:48:30.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_mmc_asp_ext_dll_b03f5f7f11d50a3a_6.1.7601.22617_none_06a3d98794f2d81c
12/2/2020 - 17:48:30.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_perf_dll_b03f5f7f11d50a3a_6.1.7601.17514_none_6a596cc4a4e01cf1
12/2/2020 - 17:48:30.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_perf_dll_b03f5f7f11d50a3a_6.1.7601.17514_none_6a596cc4a4e01cf1
12/2/2020 - 17:48:30.622Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:30.762Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:30.809Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.1.7600.16385_none_454c741475b5380e
12/2/2020 - 17:48:30.809Read2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.1.7600.16385_none_454c741475b5380e
12/2/2020 - 17:48:30.856Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.1.7600.16385_none_454c741475b5380e
12/2/2020 - 17:48:30.856Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_rc_dll_res_b03f5f7f11d50a3a_6.1.7600.16385_none_bcf3f593a5955958
12/2/2020 - 17:48:30.856Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_rc_dll_res_b03f5f7f11d50a3a_6.1.7600.16385_none_bcf3f593a5955958
12/2/2020 - 17:48:30.856Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.1.7600.16385_none_091962c20a8805bc
12/2/2020 - 17:48:30.856Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.1.7600.16385_none_091962c20a8805bc
12/2/2020 - 17:48:30.856Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_state_exe_b03f5f7f11d50a3a_6.1.7600.16385_none_0df703f36aac2f13
12/2/2020 - 17:48:30.856Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_state_exe_b03f5f7f11d50a3a_6.1.7600.16385_none_0df703f36aac2f13
12/2/2020 - 17:48:30.950Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:30.997Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:31.137Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:31.184Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_3b995fcfc0e586ab
12/2/2020 - 17:48:31.184Read2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_3b995fcfc0e586ab
12/2/2020 - 17:48:31.231Read2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_3b995fcfc0e586ab
12/2/2020 - 17:48:31.278Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_3b995fcfc0e586ab
12/2/2020 - 17:48:31.372Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:31.465Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.1.7600.16385_none_21be611582619ce3
12/2/2020 - 17:48:31.465Read2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.1.7600.16385_none_21be611582619ce3
12/2/2020 - 17:48:31.512Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.1.7600.16385_none_21be611582619ce3
12/2/2020 - 17:48:31.512Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.1.7600.16385_none_ef661ab3b4bc29bf
12/2/2020 - 17:48:31.512Read2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.1.7600.16385_none_ef661ab3b4bc29bf
12/2/2020 - 17:48:31.512Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.1.7600.16385_none_ef661ab3b4bc29bf
12/2/2020 - 17:48:31.512Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.1.7600.16385_none_5053116fe7b53060
12/2/2020 - 17:48:31.512Read2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.1.7600.16385_none_5053116fe7b53060
12/2/2020 - 17:48:31.559Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.1.7600.16385_none_5053116fe7b53060
12/2/2020 - 17:48:31.606Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:31.747Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:31.840Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webmintrust_cfg_dflt_b03f5f7f11d50a3a_6.1.7600.16385_none_b3ff7f6b81a93d65
12/2/2020 - 17:48:31.840Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webmintrust_cfg_dflt_b03f5f7f11d50a3a_6.1.7600.16385_none_b3ff7f6b81a93d65
12/2/2020 - 17:48:31.840Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.1.7601.22965_none_3acf41564e135bd7
12/2/2020 - 17:48:31.840Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.1.7601.22965_none_3acf41564e135bd7
12/2/2020 - 17:48:31.887Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:32.28Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:32.122Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-corperfmonsymbols_b03f5f7f11d50a3a_6.1.7600.16385_none_5b4a172573c72f57
12/2/2020 - 17:48:32.122Read2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-corperfmonsymbols_b03f5f7f11d50a3a_6.1.7600.16385_none_5b4a172573c72f57
12/2/2020 - 17:48:32.168Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-corperfmonsymbols_b03f5f7f11d50a3a_6.1.7600.16385_none_5b4a172573c72f57
12/2/2020 - 17:48:32.168Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-cscompmgd_b03f5f7f11d50a3a_6.1.7601.18523_none_22830d228039860d
12/2/2020 - 17:48:32.168Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-cscompmgd_b03f5f7f11d50a3a_6.1.7601.18523_none_22830d228039860d
12/2/2020 - 17:48:32.168Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-csc_exe_config_b03f5f7f11d50a3a_6.1.7600.16385_none_144e2b6640e0a3b0
12/2/2020 - 17:48:32.168Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-csc_exe_config_b03f5f7f11d50a3a_6.1.7600.16385_none_144e2b6640e0a3b0
12/2/2020 - 17:48:32.215Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:32.403Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:32.450Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:32.497Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-csharp_compiler_cscomp_b03f5f7f11d50a3a_6.1.7601.18523_none_b61d605b7a08cb89
12/2/2020 - 17:48:32.497Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-csharp_compiler_cscomp_b03f5f7f11d50a3a_6.1.7601.18523_none_b61d605b7a08cb89
12/2/2020 - 17:48:32.497Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-csharp_compiler_csc_b03f5f7f11d50a3a_6.1.7601.18523_none_8b28e17fd540a0c9
12/2/2020 - 17:48:32.497Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-csharp_compiler_csc_b03f5f7f11d50a3a_6.1.7601.18523_none_8b28e17fd540a0c9
12/2/2020 - 17:48:32.497Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-csharp_compiler_csc_b03f5f7f11d50a3a_6.1.7601.22733_none_745c3ae5eee71a77
12/2/2020 - 17:48:32.497Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-csharp_compiler_csc_b03f5f7f11d50a3a_6.1.7601.22733_none_745c3ae5eee71a77\csc.exe
12/2/2020 - 17:48:32.543Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-csharp_compiler_csc_b03f5f7f11d50a3a_6.1.7601.22733_none_745c3ae5eee71a77\csc.exe
12/2/2020 - 17:48:32.543Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-csharp_compiler_csc_b03f5f7f11d50a3a_6.1.7601.22733_none_745c3ae5eee71a77\csc.exe
12/2/2020 - 17:48:32.543Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-csharp_compiler_csc_b03f5f7f11d50a3a_6.1.7601.22733_none_745c3ae5eee71a77\csc.exe
12/2/2020 - 17:48:32.543Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-csharp_compiler_csc_b03f5f7f11d50a3a_6.1.7601.22733_none_745c3ae5eee71a77
12/2/2020 - 17:48:32.543Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-culture_dll_b03f5f7f11d50a3a_6.1.7601.22733_none_50916b1212094897
12/2/2020 - 17:48:32.543Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-culture_dll_b03f5f7f11d50a3a_6.1.7601.22733_none_50916b1212094897
12/2/2020 - 17:48:32.543Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-cvtresui_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_5e47f501c0994f8a
12/2/2020 - 17:48:32.543Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-cvtresui_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_5e47f501c0994f8a
12/2/2020 - 17:48:32.637Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:32.778Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-data_perf_ini_b03f5f7f11d50a3a_6.1.7600.16385_none_4ec86b7dcdcbb974
12/2/2020 - 17:48:32.778Read2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-data_perf_ini_b03f5f7f11d50a3a_6.1.7600.16385_none_4ec86b7dcdcbb974
12/2/2020 - 17:48:32.825Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-data_perf_ini_b03f5f7f11d50a3a_6.1.7600.16385_none_4ec86b7dcdcbb974
12/2/2020 - 17:48:32.825Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-dfdll_dll_b03f5f7f11d50a3a_6.1.7601.19025_none_15005063fcb4875d
12/2/2020 - 17:48:32.825Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-dfdll_dll_b03f5f7f11d50a3a_6.1.7601.19025_none_15005063fcb4875d
12/2/2020 - 17:48:32.825Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-dfdll_dll_b03f5f7f11d50a3a_6.1.7601.22733_none_fe33d4c0165ad237
12/2/2020 - 17:48:32.825Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-dfdll_dll_b03f5f7f11d50a3a_6.1.7601.22733_none_fe33d4c0165ad237
12/2/2020 - 17:48:32.825Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:32.965Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:33.106Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-dfsvc_b03f5f7f11d50a3a_6.1.7601.18523_none_96b1dfd5bad2be0c
12/2/2020 - 17:48:33.106Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-dfsvc_b03f5f7f11d50a3a_6.1.7601.18523_none_96b1dfd5bad2be0c\dfsvc.exe
12/2/2020 - 17:48:33.153Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-dfsvc_b03f5f7f11d50a3a_6.1.7601.18523_none_96b1dfd5bad2be0c\dfsvc.exe
12/2/2020 - 17:48:33.153Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-dfsvc_b03f5f7f11d50a3a_6.1.7601.18523_none_96b1dfd5bad2be0c\dfsvc.exe
12/2/2020 - 17:48:33.153Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-dfsvc_b03f5f7f11d50a3a_6.1.7601.18523_none_96b1dfd5bad2be0c\dfsvc.exe
12/2/2020 - 17:48:33.153Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-dfsvc_b03f5f7f11d50a3a_6.1.7601.18523_none_96b1dfd5bad2be0c
12/2/2020 - 17:48:33.153Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.1.7600.16385_none_8150ce75bdfeffdc
12/2/2020 - 17:48:33.153Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.1.7600.16385_none_8150ce75bdfeffdc
12/2/2020 - 17:48:33.153Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-fusion_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_8f81a1ecb2c07a23
12/2/2020 - 17:48:33.153Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-fusion_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_8f81a1ecb2c07a23
12/2/2020 - 17:48:33.153Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-fusion_dll_b03f5f7f11d50a3a_6.1.7601.22733_none_78b4fb52cc66f3d1
12/2/2020 - 17:48:33.153Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-fusion_dll_b03f5f7f11d50a3a_6.1.7601.22733_none_78b4fb52cc66f3d1
12/2/2020 - 17:48:33.200Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:33.340Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:33.434Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-ieexec_b03f5f7f11d50a3a_6.1.7601.22733_none_670614d94f791413
12/2/2020 - 17:48:33.434Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-ieexec_b03f5f7f11d50a3a_6.1.7601.22733_none_670614d94f791413
12/2/2020 - 17:48:33.434Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-iiehost_b03f5f7f11d50a3a_6.1.7601.18523_none_fd1b302b10ab92b1
12/2/2020 - 17:48:33.434Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-iiehost_b03f5f7f11d50a3a_6.1.7601.18523_none_fd1b302b10ab92b1
12/2/2020 - 17:48:33.434Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-installutillib_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_4366a5f780a87ddf
12/2/2020 - 17:48:33.434Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-installutillib_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_4366a5f780a87ddf
12/2/2020 - 17:48:33.434Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-installutillib_dll_b03f5f7f11d50a3a_6.1.7601.22733_none_2c99ff5d9a4ef78d
12/2/2020 - 17:48:33.434Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-installutillib_dll_b03f5f7f11d50a3a_6.1.7601.22733_none_2c99ff5d9a4ef78d
12/2/2020 - 17:48:33.481Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:33.622Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:33.668Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-jsc_b03f5f7f11d50a3a_6.1.7601.18523_none_14bd1056b78c8bb0
12/2/2020 - 17:48:33.668Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-jsc_b03f5f7f11d50a3a_6.1.7601.18523_none_14bd1056b78c8bb0
12/2/2020 - 17:48:33.668Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-microsoft.build.engine_b03f5f7f11d50a3a_6.1.7601.18523_none_023149a9590a3020
12/2/2020 - 17:48:33.668Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-microsoft.build.engine_b03f5f7f11d50a3a_6.1.7601.18523_none_023149a9590a3020
12/2/2020 - 17:48:33.668Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-microsoft.build.engine_b03f5f7f11d50a3a_6.1.7601.22733_none_eb64a30f72b0a9ce
12/2/2020 - 17:48:33.668Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-microsoft.build.engine_b03f5f7f11d50a3a_6.1.7601.22733_none_eb64a30f72b0a9ce
12/2/2020 - 17:48:33.668Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-microsoft.build.framework_b03f5f7f11d50a3a_6.1.7601.17514_none_4c9eab58e2f91183
12/2/2020 - 17:48:33.668Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-microsoft.build.framework_b03f5f7f11d50a3a_6.1.7601.17514_none_4c9eab58e2f91183
12/2/2020 - 17:48:33.762Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:33.809Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:33.950Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-microsoft.build.utilities_b03f5f7f11d50a3a_6.1.7601.22733_none_04285c5081af3f3c
12/2/2020 - 17:48:33.950Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-microsoft.build.utilities_b03f5f7f11d50a3a_6.1.7601.22733_none_04285c5081af3f3c
12/2/2020 - 17:48:33.950Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-microsoft.visualbasic_b03f5f7f11d50a3a_6.1.7601.17514_none_cfb7b554c5a31455
12/2/2020 - 17:48:33.950Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-microsoft.visualbasic_b03f5f7f11d50a3a_6.1.7601.17514_none_cfb7b554c5a31455
12/2/2020 - 17:48:33.950Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:34.90Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:34.231Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.1.7600.16385_none_fd35538396749f00
12/2/2020 - 17:48:34.231Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.1.7600.16385_none_fd35538396749f00
12/2/2020 - 17:48:34.231Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.1.7600.16385_none_1a0b96112526b20a
12/2/2020 - 17:48:34.231Read2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.1.7600.16385_none_1a0b96112526b20a
12/2/2020 - 17:48:34.278Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.1.7600.16385_none_1a0b96112526b20a
12/2/2020 - 17:48:34.325Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:34.465Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:34.559Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscordbi_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_fcd67f4804941518
12/2/2020 - 17:48:34.559Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscordbi_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_fcd67f4804941518
12/2/2020 - 17:48:34.559Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorees_dll_31bf3856ad364e35_6.2.7601.17514_none_3fae5cf540985313
12/2/2020 - 17:48:34.559Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorees_dll_31bf3856ad364e35_6.2.7601.17514_none_3fae5cf540985313
12/2/2020 - 17:48:34.559Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscories_dll_31bf3856ad364e35_6.1.7601.22724_none_1cc7dace219006f1
12/2/2020 - 17:48:34.559Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscories_dll_31bf3856ad364e35_6.1.7601.22724_none_1cc7dace219006f1
12/2/2020 - 17:48:34.606Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:34.747Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:34.840Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorld_dll_b03f5f7f11d50a3a_6.1.7601.17514_none_4f8e3902f1d60540
12/2/2020 - 17:48:34.840Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorld_dll_b03f5f7f11d50a3a_6.1.7601.17514_none_4f8e3902f1d60540
12/2/2020 - 17:48:34.840Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorlib_tlb2_b03f5f7f11d50a3a_6.1.7601.22733_none_743561b53bc14988
12/2/2020 - 17:48:34.840Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorlib_tlb2_b03f5f7f11d50a3a_6.1.7601.22733_none_743561b53bc14988
12/2/2020 - 17:48:34.934Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:35.75Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:35.122Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:35.168Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:35.215Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorrc_res_dll_b03f5f7f11d50a3a_6.1.7601.22733_none_660ac24d5e1630bf
12/2/2020 - 17:48:35.215Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorrc_res_dll_b03f5f7f11d50a3a_6.1.7601.22733_none_660ac24d5e1630bf
12/2/2020 - 17:48:35.215Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorsecr_dll_b03f5f7f11d50a3a_6.1.7601.22733_none_1b79113fb0531ad6
12/2/2020 - 17:48:35.215Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorsecr_dll_b03f5f7f11d50a3a_6.1.7601.22733_none_1b79113fb0531ad6
12/2/2020 - 17:48:35.215Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorsn_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_2308e8ba093fdd62
12/2/2020 - 17:48:35.215Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorsn_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_2308e8ba093fdd62
12/2/2020 - 17:48:35.309Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:35.450Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.1.7601.18523_none_aca66417909f010b
12/2/2020 - 17:48:35.450Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.1.7601.18523_none_aca66417909f010b
12/2/2020 - 17:48:35.450Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscortim_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_5b4e14690d00f275
12/2/2020 - 17:48:35.450Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscortim_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_5b4e14690d00f275
12/2/2020 - 17:48:35.450Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.1.7601.21890_none_a8472fcdf0a9cb53
12/2/2020 - 17:48:35.450Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.1.7601.21890_none_a8472fcdf0a9cb53
12/2/2020 - 17:48:35.450Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.1.7601.22733_none_a840ebc3f0af7d02
12/2/2020 - 17:48:35.450Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.1.7601.22733_none_a840ebc3f0af7d02
12/2/2020 - 17:48:35.450Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:35.637Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:35.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-peverify_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_2946b69ff1fd271f
12/2/2020 - 17:48:35.731Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-peverify_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_2946b69ff1fd271f
12/2/2020 - 17:48:35.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-peverify_dll_b03f5f7f11d50a3a_6.1.7601.22126_none_1278cc3c0ba4d273
12/2/2020 - 17:48:35.731Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-peverify_dll_b03f5f7f11d50a3a_6.1.7601.22126_none_1278cc3c0ba4d273
12/2/2020 - 17:48:35.731Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-redist_config_files_b03f5f7f11d50a3a_6.1.7600.16385_none_0802cd2b76f0255f
12/2/2020 - 17:48:35.731Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-redist_config_files_b03f5f7f11d50a3a_6.1.7600.16385_none_0802cd2b76f0255f
12/2/2020 - 17:48:35.778Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:35.918Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:35.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-sbscmp10_dll_31bf3856ad364e35_6.1.7601.22724_none_d3aabe0e34c149f9
12/2/2020 - 17:48:35.965Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-sbscmp10_dll_31bf3856ad364e35_6.1.7601.22724_none_d3aabe0e34c149f9
12/2/2020 - 17:48:35.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7601.22724_none_de5334e17617372b
12/2/2020 - 17:48:35.965Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7601.22724_none_de5334e17617372b
12/2/2020 - 17:48:35.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7601.18514_none_ab76dfc4fdb79e7d
12/2/2020 - 17:48:35.965Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7601.18514_none_ab76dfc4fdb79e7d
12/2/2020 - 17:48:36.59Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:36.200Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:36.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-shfusion_res_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_32c0e06f745739b1
12/2/2020 - 17:48:36.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-shfusion_res_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_32c0e06f745739b1
12/2/2020 - 17:48:36.340Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:36.387Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:36.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.data.sqlxml_b03f5f7f11d50a3a_6.1.7601.17514_none_141b1b1223b1ada7
12/2/2020 - 17:48:36.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.data.sqlxml_b03f5f7f11d50a3a_6.1.7601.17514_none_141b1b1223b1ada7
12/2/2020 - 17:48:36.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.data.sqlxml_b03f5f7f11d50a3a_6.1.7601.18529_none_141bab5a23b1444a
12/2/2020 - 17:48:36.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.data.sqlxml_b03f5f7f11d50a3a_6.1.7601.18529_none_141bab5a23b1444a
12/2/2020 - 17:48:36.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.deployment_b03f5f7f11d50a3a_6.1.7601.19025_none_7714d3b853f8ec5c
12/2/2020 - 17:48:36.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.deployment_b03f5f7f11d50a3a_6.1.7601.19025_none_7714d3b853f8ec5c
12/2/2020 - 17:48:36.528Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:36.715Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:36.809Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.deployment_b03f5f7f11d50a3a_6.1.7601.23230_none_60489f066d9ee5e5
12/2/2020 - 17:48:36.809Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.deployment_b03f5f7f11d50a3a_6.1.7601.23230_none_60489f066d9ee5e5
12/2/2020 - 17:48:36.809Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.design_b03f5f7f11d50a3a_6.1.7601.22970_none_73f2df0e2f383742
12/2/2020 - 17:48:36.809Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.design_b03f5f7f11d50a3a_6.1.7601.22970_none_73f2df0e2f383742
12/2/2020 - 17:48:36.856Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:36.997Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:37.90Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.directoryservices_b03f5f7f11d50a3a_6.1.7601.17966_none_16bb9be7a08fd446
12/2/2020 - 17:48:37.90Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.directoryservices_b03f5f7f11d50a3a_6.1.7601.17966_none_16bb9be7a08fd446
12/2/2020 - 17:48:37.90Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.drawing_b03f5f7f11d50a3a_6.1.7601.18523_none_04f84400ee9f78f9
12/2/2020 - 17:48:37.90Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.drawing_b03f5f7f11d50a3a_6.1.7601.18523_none_04f84400ee9f78f9
12/2/2020 - 17:48:37.137Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:37.278Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:37.325Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.drawing_b03f5f7f11d50a3a_6.1.7601.23310_none_ee29e3a108476ef9
12/2/2020 - 17:48:37.325Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.drawing_b03f5f7f11d50a3a_6.1.7601.23310_none_ee29e3a108476ef9
12/2/2020 - 17:48:37.325Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.management_b03f5f7f11d50a3a_6.1.7601.18523_none_f63a943b8cd4e148
12/2/2020 - 17:48:37.325Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.management_b03f5f7f11d50a3a_6.1.7601.18523_none_f63a943b8cd4e148
12/2/2020 - 17:48:37.325Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.messaging_b03f5f7f11d50a3a_6.1.7601.18523_none_b72f3f8be84a0077
12/2/2020 - 17:48:37.325Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.messaging_b03f5f7f11d50a3a_6.1.7601.18523_none_b72f3f8be84a0077
12/2/2020 - 17:48:37.325Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7601.22733_none_92db3ec72f23fc97
12/2/2020 - 17:48:37.325Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7601.22733_none_92db3ec72f23fc97
12/2/2020 - 17:48:37.418Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:37.559Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:37.606Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:37.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.security_b03f5f7f11d50a3a_6.1.7601.17514_none_31853bdb99fcc1ee
12/2/2020 - 17:48:37.653Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.security_b03f5f7f11d50a3a_6.1.7601.17514_none_31853bdb99fcc1ee
12/2/2020 - 17:48:37.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.security_b03f5f7f11d50a3a_6.1.7601.18523_none_318654d399fbbecb
12/2/2020 - 17:48:37.653Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.security_b03f5f7f11d50a3a_6.1.7601.18523_none_318654d399fbbecb
12/2/2020 - 17:48:37.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.security_b03f5f7f11d50a3a_6.1.7601.22733_none_1ab9ae39b3a23879
12/2/2020 - 17:48:37.653Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.security_b03f5f7f11d50a3a_6.1.7601.22733_none_1ab9ae39b3a23879
12/2/2020 - 17:48:37.653Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.serviceprocess_b03f5f7f11d50a3a_6.1.7601.18523_none_4b6c0545aeebd22b
12/2/2020 - 17:48:37.653Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.serviceprocess_b03f5f7f11d50a3a_6.1.7601.18523_none_4b6c0545aeebd22b
12/2/2020 - 17:48:37.747Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:37.887Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.web.mobile_b03f5f7f11d50a3a_6.1.7601.17514_none_1a50b93af7500512
12/2/2020 - 17:48:37.887Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.web.mobile_b03f5f7f11d50a3a_6.1.7601.17514_none_1a50b93af7500512
12/2/2020 - 17:48:37.887Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.web.mobile_b03f5f7f11d50a3a_6.1.7601.18758_none_1a5460e0f74ccebb
12/2/2020 - 17:48:37.887Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.web.mobile_b03f5f7f11d50a3a_6.1.7601.18758_none_1a5460e0f74ccebb
12/2/2020 - 17:48:37.887Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.web.mobile_b03f5f7f11d50a3a_6.1.7601.22500_none_03826f5b10f7e213
12/2/2020 - 17:48:37.887Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.web.mobile_b03f5f7f11d50a3a_6.1.7601.22500_none_03826f5b10f7e213
12/2/2020 - 17:48:37.887Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.web.regularexpressions_b03f5f7f11d50a3a_6.1.7601.22617_none_674dbfad79a1f361
12/2/2020 - 17:48:37.887Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.web.regularexpressions_b03f5f7f11d50a3a_6.1.7601.22617_none_674dbfad79a1f361
12/2/2020 - 17:48:37.887Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:38.28Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:38.122Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.web.services_b03f5f7f11d50a3a_6.1.7601.22617_none_e1be45a2fea07268
12/2/2020 - 17:48:38.122Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.web.services_b03f5f7f11d50a3a_6.1.7601.22617_none_e1be45a2fea07268
12/2/2020 - 17:48:38.122Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.windows.forms_b03f5f7f11d50a3a_6.1.7601.17755_none_837583be7b5d7da5
12/2/2020 - 17:48:38.122Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.windows.forms_b03f5f7f11d50a3a_6.1.7601.17755_none_837583be7b5d7da5
12/2/2020 - 17:48:38.122Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.windows.forms_b03f5f7f11d50a3a_6.1.7601.17966_none_83766cf87b5cb13f
12/2/2020 - 17:48:38.122Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.windows.forms_b03f5f7f11d50a3a_6.1.7601.17966_none_83766cf87b5cb13f
12/2/2020 - 17:48:38.122Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.windows.forms_b03f5f7f11d50a3a_6.1.7601.21890_none_6cac500e9500c2e2
12/2/2020 - 17:48:38.122Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.windows.forms_b03f5f7f11d50a3a_6.1.7601.21890_none_6cac500e9500c2e2
12/2/2020 - 17:48:38.215Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:38.356Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:38.497Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:38.637Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:38.684Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system_tlb_b03f5f7f11d50a3a_6.1.7601.22740_none_4871ba84575f992c
12/2/2020 - 17:48:38.684Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-system_tlb_b03f5f7f11d50a3a_6.1.7601.22740_none_4871ba84575f992c
12/2/2020 - 17:48:38.684Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-sys_enterpriseservices_tlb_b03f5f7f11d50a3a_6.1.7601.22733_none_91ad833b23de0b40
12/2/2020 - 17:48:38.684Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-sys_enterpriseservices_tlb_b03f5f7f11d50a3a_6.1.7601.22733_none_91ad833b23de0b40
12/2/2020 - 17:48:38.684Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-tlbref_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_edc1c8aafc117686
12/2/2020 - 17:48:38.684Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-tlbref_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_edc1c8aafc117686
12/2/2020 - 17:48:38.778Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:38.825Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:38.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-web_engine_dll_b03f5f7f11d50a3a_6.1.7601.18410_none_c34ec396e012823b
12/2/2020 - 17:48:38.965Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-web_engine_dll_b03f5f7f11d50a3a_6.1.7601.18410_none_c34ec396e012823b
12/2/2020 - 17:48:38.965Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:39.106Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:39.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-web_engine_dll_b03f5f7f11d50a3a_6.1.7601.22500_none_ac801c8cf9bac8ea
12/2/2020 - 17:48:39.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-web_engine_dll_b03f5f7f11d50a3a_6.1.7601.22500_none_ac801c8cf9bac8ea
12/2/2020 - 17:48:39.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-web_engine_dll_b03f5f7f11d50a3a_6.1.7601.22965_none_ac85abd0f9b5e25d
12/2/2020 - 17:48:39.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-web_engine_dll_b03f5f7f11d50a3a_6.1.7601.22965_none_ac85abd0f9b5e25d
12/2/2020 - 17:48:39.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-wminet_utils_dll_b03f5f7f11d50a3a_6.1.7601.22733_none_e915910b3c3a4b69
12/2/2020 - 17:48:39.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-wminet_utils_dll_b03f5f7f11d50a3a_6.1.7601.22733_none_e915910b3c3a4b69
12/2/2020 - 17:48:39.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-_vc_assembly_linker_messages_b03f5f7f11d50a3a_6.1.7601.22733_none_db146d0866d123da
12/2/2020 - 17:48:39.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx-_vc_assembly_linker_messages_b03f5f7f11d50a3a_6.1.7601.22733_none_db146d0866d123da
12/2/2020 - 17:48:39.247Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:39.434Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:39.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35cdf-system.servicemodel.web_31bf3856ad364e35_6.1.7601.17514_none_dabfceba3910f47e
12/2/2020 - 17:48:39.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35cdf-system.servicemodel.web_31bf3856ad364e35_6.1.7601.17514_none_dabfceba3910f47e
12/2/2020 - 17:48:39.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35cdf-system.servicemodel.web_31bf3856ad364e35_6.1.7601.18208_none_dace835439056015
12/2/2020 - 17:48:39.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35cdf-system.servicemodel.web_31bf3856ad364e35_6.1.7601.18208_none_dace835439056015
12/2/2020 - 17:48:39.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-addinprocess_31bf3856ad364e35_6.1.7601.17514_none_8ebd3037635a8b2f
12/2/2020 - 17:48:39.528Read2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-addinprocess_31bf3856ad364e35_6.1.7601.17514_none_8ebd3037635a8b2f
12/2/2020 - 17:48:39.575Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-addinprocess_31bf3856ad364e35_6.1.7601.17514_none_8ebd3037635a8b2f\AddInProcess.exe
12/2/2020 - 17:48:39.622Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-addinprocess_31bf3856ad364e35_6.1.7601.17514_none_8ebd3037635a8b2f\AddInProcess.exeAddInProcess.exe
12/2/2020 - 17:48:39.622Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-addinprocess_31bf3856ad364e35_6.1.7601.17514_none_8ebd3037635a8b2f\AddInProcess.exe
12/2/2020 - 17:48:39.622Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-addinprocess_31bf3856ad364e35_6.1.7601.17514_none_8ebd3037635a8b2f\AddInProcess.exe
12/2/2020 - 17:48:39.622Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-addinprocess_31bf3856ad364e35_6.1.7601.17514_none_8ebd3037635a8b2f\AddInProcess.exe
12/2/2020 - 17:48:39.622Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-addinprocess_31bf3856ad364e35_6.1.7601.17514_none_8ebd3037635a8b2f
12/2/2020 - 17:48:39.622Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-csharp_31bf3856ad364e35_6.1.7601.17514_none_7551b4792ac9630d
12/2/2020 - 17:48:39.622Read2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-csharp_31bf3856ad364e35_6.1.7601.17514_none_7551b4792ac9630d
12/2/2020 - 17:48:39.668Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-csharp_31bf3856ad364e35_6.1.7601.17514_none_7551b4792ac9630d
12/2/2020 - 17:48:39.668Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-datasvcutil_31bf3856ad364e35_6.1.7601.17933_none_ed664b11b3a6d807
12/2/2020 - 17:48:39.668Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-datasvcutil_31bf3856ad364e35_6.1.7601.17933_none_ed664b11b3a6d807
12/2/2020 - 17:48:39.715Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:39.856Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:39.950Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-microso...entity.build.tasks_31bf3856ad364e35_6.1.7600.16385_none_3250e53a62eb6f11
12/2/2020 - 17:48:39.950Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-microso...entity.build.tasks_31bf3856ad364e35_6.1.7600.16385_none_3250e53a62eb6f11
12/2/2020 - 17:48:39.950Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-microsoft.visualc.stlclr.ref_31bf3856ad364e35_6.1.7600.16385_none_5bf06295324feb0e
12/2/2020 - 17:48:39.950Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-microsoft.visualc.stlclr.ref_31bf3856ad364e35_6.1.7600.16385_none_5bf06295324feb0e
12/2/2020 - 17:48:39.950Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-msbuild_core_schema__v35_31bf3856ad364e35_6.1.7600.16385_none_7a4294a74548ee4c
12/2/2020 - 17:48:39.950Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-msbuild_core_schema__v35_31bf3856ad364e35_6.1.7600.16385_none_7a4294a74548ee4c
12/2/2020 - 17:48:39.997Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:40.137Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:40.184Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:40.231Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-msbuild_schema_v35_31bf3856ad364e35_6.1.7600.16385_none_a45890c6256df783
12/2/2020 - 17:48:40.231Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-msbuild_schema_v35_31bf3856ad364e35_6.1.7600.16385_none_a45890c6256df783
12/2/2020 - 17:48:40.231Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-system.addin_31bf3856ad364e35_6.1.7601.17514_none_97288e952e73747d
12/2/2020 - 17:48:40.231Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-system.addin_31bf3856ad364e35_6.1.7601.17514_none_97288e952e73747d
12/2/2020 - 17:48:40.325Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:40.465Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-system.web.abstractions_31bf3856ad364e35_6.1.7601.17514_none_27f8b403a1eca9ee
12/2/2020 - 17:48:40.465Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-system.web.abstractions_31bf3856ad364e35_6.1.7601.17514_none_27f8b403a1eca9ee
12/2/2020 - 17:48:40.465Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:40.606Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:40.700Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-system.web.extensions_31bf3856ad364e35_6.1.7601.17514_none_2c9faef901c9edd1
12/2/2020 - 17:48:40.700Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-system.web.extensions_31bf3856ad364e35_6.1.7601.17514_none_2c9faef901c9edd1
12/2/2020 - 17:48:40.700Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-vbc_exe_config_orcas_31bf3856ad364e35_6.1.7600.16385_none_64f9016fb645370e
12/2/2020 - 17:48:40.700Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-vbc_exe_config_orcas_31bf3856ad364e35_6.1.7600.16385_none_64f9016fb645370e
12/2/2020 - 17:48:40.700Open2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35wpf-system.windows.presentation_31bf3856ad364e35_6.1.7600.16385_none_e160e36921a9e7a1
12/2/2020 - 17:48:40.700Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netfx35wpf-system.windows.presentation_31bf3856ad364e35_6.1.7600.16385_none_e160e36921a9e7a1
12/2/2020 - 17:48:40.747Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:40.918Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:40.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_netk57a.inf_31bf3856ad364e35_6.1.7600.16385_none_b67bb5081937ae73
12/2/2020 - 17:48:40.965Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netk57a.inf_31bf3856ad364e35_6.1.7600.16385_none_b67bb5081937ae73
12/2/2020 - 17:48:40.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_netl1e64.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_55da5bbc68c6edc6
12/2/2020 - 17:48:40.965Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netl1e64.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_55da5bbc68c6edc6
12/2/2020 - 17:48:40.965Open2308C:\malware.exeC:\Windows\winsxs\amd64_netl260a.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_39718d10d95f3759
12/2/2020 - 17:48:40.965Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netl260a.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_39718d10d95f3759
12/2/2020 - 17:48:41.59Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:41.200Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:41.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_netloop.inf_31bf3856ad364e35_6.1.7600.16385_none_5cf0a715673cddbb
12/2/2020 - 17:48:41.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netloop.inf_31bf3856ad364e35_6.1.7600.16385_none_5cf0a715673cddbb
12/2/2020 - 17:48:41.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_netmyk00.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_aa70db76d6aaef11
12/2/2020 - 17:48:41.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netmyk00.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_aa70db76d6aaef11
12/2/2020 - 17:48:41.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_netr28ux.inf_31bf3856ad364e35_6.1.7600.16385_none_9e04f5ea3d7bf9e0
12/2/2020 - 17:48:41.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netr28ux.inf_31bf3856ad364e35_6.1.7600.16385_none_9e04f5ea3d7bf9e0
12/2/2020 - 17:48:41.247Open2308C:\malware.exeC:\Windows\winsxs\amd64_netr28x.inf_31bf3856ad364e35_6.1.7600.16385_none_f6bd180f0177aea7
12/2/2020 - 17:48:41.247Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netr28x.inf_31bf3856ad364e35_6.1.7600.16385_none_f6bd180f0177aea7
12/2/2020 - 17:48:41.340Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:41.387Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:41.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_netvg62a.inf_31bf3856ad364e35_6.1.7600.16385_none_b8f94f7ef3dea179
12/2/2020 - 17:48:41.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netvg62a.inf_31bf3856ad364e35_6.1.7600.16385_none_b8f94f7ef3dea179
12/2/2020 - 17:48:41.528Open2308C:\malware.exeC:\Windows\winsxs\amd64_netvwifibus.inf_31bf3856ad364e35_6.1.7600.16385_none_9c38dbd6bea6f0fc
12/2/2020 - 17:48:41.528Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netvwifibus.inf_31bf3856ad364e35_6.1.7600.16385_none_9c38dbd6bea6f0fc
12/2/2020 - 17:48:41.575Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:41.715Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:41.809Open2308C:\malware.exeC:\Windows\winsxs\amd64_netw5v64.inf_31bf3856ad364e35_6.1.7600.16385_none_4c931a8573840e89
12/2/2020 - 17:48:41.809Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_netw5v64.inf_31bf3856ad364e35_6.1.7600.16385_none_4c931a8573840e89
12/2/2020 - 17:48:41.809Open2308C:\malware.exeC:\Windows\winsxs\amd64_networking-mpssvc_31bf3856ad364e35_6.1.7601.17514_none_689f8c48cfca2cbb
12/2/2020 - 17:48:41.809Read2308C:\malware.exeC:\Windows\winsxs\amd64_networking-mpssvc_31bf3856ad364e35_6.1.7601.17514_none_689f8c48cfca2cbb
12/2/2020 - 17:48:41.856Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_networking-mpssvc_31bf3856ad364e35_6.1.7601.17514_none_689f8c48cfca2cbb
12/2/2020 - 17:48:41.903Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:42.43Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:42.137Open2308C:\malware.exeC:\Windows\winsxs\amd64_nulhpopr.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9bbc515b6b831d6c
12/2/2020 - 17:48:42.137Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_nulhpopr.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9bbc515b6b831d6c
12/2/2020 - 17:48:42.137Open2308C:\malware.exeC:\Windows\winsxs\amd64_nv_lh.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7660132216684a41
12/2/2020 - 17:48:42.137Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_nv_lh.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7660132216684a41
12/2/2020 - 17:48:42.137Open2308C:\malware.exeC:\Windows\winsxs\amd64_ph3xibc1.inf_31bf3856ad364e35_6.1.7600.16385_none_9c58b99c7d660146
12/2/2020 - 17:48:42.137Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_ph3xibc1.inf_31bf3856ad364e35_6.1.7600.16385_none_9c58b99c7d660146
12/2/2020 - 17:48:42.231Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:42.372Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:42.418Open2308C:\malware.exeC:\Windows\winsxs\amd64_pnpxassocprx.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a2c70f91d864b0e9
12/2/2020 - 17:48:42.418Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_pnpxassocprx.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a2c70f91d864b0e9
12/2/2020 - 17:48:42.418Open2308C:\malware.exeC:\Windows\winsxs\amd64_pnpxassocprx_31bf3856ad364e35_6.1.7600.16385_none_c37ad7577b52fa15
12/2/2020 - 17:48:42.418Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_pnpxassocprx_31bf3856ad364e35_6.1.7600.16385_none_c37ad7577b52fa15
12/2/2020 - 17:48:42.418Open2308C:\malware.exeC:\Windows\winsxs\amd64_pnpxassoc_31bf3856ad364e35_6.1.7600.16385_none_8e78d5da89263d51
12/2/2020 - 17:48:42.418Read2308C:\malware.exeC:\Windows\winsxs\amd64_pnpxassoc_31bf3856ad364e35_6.1.7600.16385_none_8e78d5da89263d51
12/2/2020 - 17:48:42.465Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_pnpxassoc_31bf3856ad364e35_6.1.7600.16385_none_8e78d5da89263d51
12/2/2020 - 17:48:42.559Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:42.747Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:42.793Open2308C:\malware.exeC:\Windows\winsxs\amd64_presentationcore_31bf3856ad364e35_6.1.7601.18946_none_0a38994ea6aa687b
12/2/2020 - 17:48:42.793Read2308C:\malware.exeC:\Windows\winsxs\amd64_presentationcore_31bf3856ad364e35_6.1.7601.18946_none_0a38994ea6aa687b
12/2/2020 - 17:48:42.840Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_presentationcore_31bf3856ad364e35_6.1.7601.18946_none_0a38994ea6aa687b
12/2/2020 - 17:48:42.840Open2308C:\malware.exeC:\Windows\winsxs\amd64_presentationcore_31bf3856ad364e35_6.1.7601.21890_none_0a8637bdbff5e801
12/2/2020 - 17:48:42.840Read2308C:\malware.exeC:\Windows\winsxs\amd64_presentationcore_31bf3856ad364e35_6.1.7601.21890_none_0a8637bdbff5e801
12/2/2020 - 17:48:42.887Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_presentationcore_31bf3856ad364e35_6.1.7601.21890_none_0a8637bdbff5e801
12/2/2020 - 17:48:42.934Open2308C:\malware.exeC:\Windows\winsxs\amd64_presentationcore_31bf3856ad364e35_6.1.7601.23149_none_0ac50f19bfc5878c
12/2/2020 - 17:48:42.934Read2308C:\malware.exeC:\Windows\winsxs\amd64_presentationcore_31bf3856ad364e35_6.1.7601.23149_none_0ac50f19bfc5878c
12/2/2020 - 17:48:42.981Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_presentationcore_31bf3856ad364e35_6.1.7601.23149_none_0ac50f19bfc5878c
12/2/2020 - 17:48:43.122Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:43.168Read2308C:\malware.exeC:\Windows\winsxs
12/2/2020 - 17:48:43.356Open2308C:\malware.exeC:\Windows\winsxs\amd64_prnbr005.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_fd517cd6407a8c3a
12/2/2020 - 17:48:43.356Read2308C:\malware.exeC:\Windows\winsxs\amd64_prnbr005.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_fd517cd6407a8c3a
12/2/2020 - 17:48:43.403Unknown2308C:\malware.exeC:\Windows\winsxs\amd64_prnbr005.inf.reso