Report #6154 check_circle

  • Creation Date: Feb. 14, 2020, 11:58 a.m.
  • Last Update: Feb. 14, 2020, 1:39 p.m.
  • File: b2e.exe
  • Results:
Binary
DLL
False cancel
Size
11.00KB
trid
58.9% Win64 Executable
14.0% Win32 Dynamic Link Library
9.6% Win32 Executable
4.4% Win16/32 Executable Delphi generic
4.3% OS/2 Executable
type
PE
wordsize
0
Subsystem
unknown
Hashes
md5
8bd9f3cc662a1b646c0de1b8fa780edd
sha1
ea9e037e1d3eac583eea6da6fcddccf3a327247c
crc32
0x3b80e499
sha224
f4b90f726f1b107b0af5d5a4270d72caded5e03e87103270d6315817
sha256
44046e778fb18f17679069170bd9e350c365e024b0c2d7ba7dd706c464dc6a2b
sha384
b20bae662b0aaf47d9416324fd31be5f686f055529e4254d505ac7262e26e8171beaf55d990565a6530ecab053cc7b92
sha512
d3f9d2c763c5541b0f0d264767be19f6e01f51514ac113db10870c778baa9b10ccbca1ce3688030c5a53faf5e687ff0c000ba3e1bb2a2487ab58c0a029027171
ssdeep
192:2i5Fhp8cdwpHR3AkPLiM79mLU2Pc2KqZ2xMMNNOX:r5FZdgAkTiM79mgL2Z69G
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
maldoc_getEIP_method_1, domain, contentis_base64, win_files_operation, IsPE32, IsWindowsGUI

Suspicious
True check_circle

Strings
List
batfile.bat move Windows.exe %appdata%
cd %appdata%
move Windows.exe Windows
batchfile.bat
CRTDLL.dll
move Windows.exe "Start Menu"
move Windows.exe Microsoft
move Windows.exe Startup
move Windows.exe Programs
-= XOR 2009 Valhalla =- Assembled 1997 .. Activated 07.2002 - devoted for peace and harmony in universe against war, racism, terrorism and cruel brutality .. remember .. life is the most important thing - not money .. it's time for a revolution NOW ....
ExitProcess
ShellExecuteA
ShellExecuteExA
GetModuleFileNameA
WriteFile
CreateFileA
HeapCreate
GetModuleHandleA
ReadFile
Sleep
|GetTickCount
|GlobalAlloc
|GlobalLock
|GlobalFree
|FindClose
|FindNextFileA
|GetFileAttributesA
|SetFileAttributesA
|FindFirstFileA
|GetSystemDirectoryA
pause>nul|
|_lclose
|_llseek
|_lwrite
|_lread
|_lopen
Sht4@
cd "Start Menu"
`.data
cd Microsoft
selfdel
echo.
echo.
.code
.flat
Shp4@
_rmdir
_chdir
_mkdir
cd Programs
cd Windows
cd Startup
rmdir
.bat
open
del
!This program cannot be run in DOS mode.
|GetWindowsDirectoryA
SHELL32.dll
InitializeCriticalSection
GetTempFileNameA
GetTempPathA
PathQuoteSpacesA
GetExitCodeProcess
GetCommandLineA
PathAddBackslashA
HeapDestroy
HeapReAlloc
HeapAlloc
GetFileSize
CloseHandle
PathFileExistsA
HeapFree
lstrlenA
malloc
remove
memset
strlen
memcpy
strncpy
free
_ltoa
5\4@
5\4@
5\4@
5\4@
5\4@
5\4@
%`1@
%\1@
%|1@
_^[]
KERNEL32.dll
SHLWAPI.dll
PathRemoveFileSpecA
PathRemoveBlanksA
`.text
f89FPs
;XOR
%d1@

Foremost
Matches
0.exe, 11 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: SHLWAPI.dll, SHELL32.dll, KERNEL32.dll, CRTDLL.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 1536
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .code, .text, .data, .flat, xor
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 2.50
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 20480
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: shlwapi.dll, shell32.dll, kernel32.dll, crtdll.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2008-02-05 00:39:42
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
nopsequence
.text: 9

pushpopmath
.data: 1
.flat: 1

AVclass
xorala
1
VirusTotal
md5
8bd9f3cc662a1b646c0de1b8fa780edd
sha1
ea9e037e1d3eac583eea6da6fcddccf3a327247c
SCANS (DETECTION RATE = 91.18%)
AVG
result: Win32:Valla
update: 20180216
version: 18.1.3800.0
detected: True check_circle

CMC
result: Virus.Win32!O
update: 20180216
version: 1.1.0.977
detected: True check_circle

MAX
result: malware (ai score=85)
update: 20180216
version: 2017.11.15.1
detected: True check_circle

Bkav
result: W32.Valla
update: 20180212
version: 1.3.0.9466
detected: True check_circle

K7GW
result: Virus ( 0008d6e31 )
update: 20180216
version: 10.40.26234
detected: True check_circle

ALYac
result: Win32.Valhalla.2048
update: 20180216
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Valla
update: 20180216
version: 18.1.3800.0
detected: True check_circle

Avira
result: W32/Xorala.b
update: 20180216
version: 8.3.3.6
detected: True check_circle

Baidu
result: Win32.Virus.Xorala.a
update: 20180208
version: 1.0.0.2
detected: True check_circle

Cyren
result: W32/Harmony.A
update: 20180216
version: 5.4.30.7
detected: True check_circle

DrWeb
result: Win32.Valhala.2048
update: 20180216
version: 7.0.28.2020
detected: True check_circle

GData
result: Win32.Virus.Xorala.A
update: 20180216
version: A:25.16051B:25.11598
detected: True check_circle

Panda
result: W32/Valla.2048
update: 20180216
version: 4.6.4.2
detected: True check_circle

VBA32
result: Win32.Xoralda.2048
update: 20180216
version: 3.12.28.0
detected: True check_circle

VIPRE
result: Virus.Win32.Valla.a (v)
update: 20180216
version: 64642
detected: True check_circle

Zoner
result: Win32.Xorala.A
update: 20180216
version: 1.0
detected: True check_circle

AVware
result: Virus.Win32.Valla.a (v)
update: 20180216
version: 1.5.0.42
detected: True check_circle

ClamAV
result: Win.Trojan.Xorala-1
update: 20180216
version: 0.99.2.0
detected: True check_circle

Comodo
result: Virus.Win32.Xorala.b0
update: 20180216
version: 28535
detected: True check_circle

F-Prot
result: W32/Harmony.A
update: 20180216
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Win32.Xorala
update: 20180216
version: 0.1.5.2
detected: True check_circle

McAfee
result: W32/Valla.a
update: 20180216
version: 6.0.6.653
detected: True check_circle

Rising
result: Trojan.Win32.Delf.zdb (CLASSIC)
update: 20180216
version: 25.0.0.1
detected: True check_circle

Sophos
result: W32/Rox-A
update: 20180216
version: 4.98.0
detected: True check_circle

Yandex
result: Win32.Xorala
update: 20180216
version: 5.5.1.3
detected: True check_circle

Zillya
result: Virus.Xorala.Win32.1
update: 20180216
version: 2.0.0.3493
detected: True check_circle

Arcabit
result: Win32.Valhalla.2048
update: 20180216
version: 1.0.0.830
detected: True check_circle

Cylance
result: Unsafe
update: 20180216
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180216
version: 1.2.1
detected: True check_circle

Tencent
result: Virus.Win32.Valla.a
update: 20180216
version: 1.0.0.1
detected: True check_circle

ViRobot
result: Win32.Valla.2048
update: 20180216
version: 2014.3.20.0
detected: True check_circle

Webroot
update: 20180216
version: 1.0.0.207
detected: False cancel

eGambit
update: 20180216
version: v4.3.4
detected: False cancel

Ad-Aware
result: Win32.Valhalla.2048
update: 20180216
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: W32.W.Runouce.l4QL
update: 20180216
version: 4.2
detected: True check_circle

Emsisoft
result: Win32.Valhalla.2048 (B)
update: 20180216
version: 4.0.2.899
detected: True check_circle

F-Secure
result: Win32.Valhalla.2048
update: 20180216
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: W32/Valla.2048
update: 20180216
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20180121
version: 6.3.4.26036
detected: True check_circle

Jiangmin
result: Hacktool/VB.ASPX.a
update: 20180216
version: 16.0.100
detected: True check_circle

Kingsoft
result: Win32.Xorala.2048
update: 20180216
version: 2013.8.14.323
detected: True check_circle

Paloalto
result: generic.ml
update: 20180216
version: 1.0
detected: True check_circle

Symantec
result: W32.Valla.2048
update: 20180216
version: 1.5.0.0
detected: True check_circle

nProtect
result: Virus/W32.Valla
update: 20180216
version: 2018-02-16.02
detected: True check_circle

AhnLab-V3
result: Win32/Valla.2048
update: 20180216
version: 3.11.3.19504
detected: True check_circle

Antiy-AVL
result: Virus/Win32.Xorala.b
update: 20180216
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Virus.Win32.Xorala
update: 20180216
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Virus:Win32/Valla.2048
update: 20180216
version: 1.1.14500.5
detected: True check_circle

Qihoo-360
result: Virus.Win32.Agent.A
update: 20180216
version: 1.0.0.1120
detected: True check_circle

TheHacker
result: W32/Valla.a
update: 20180216
version: 6.8.0.5.2415
detected: True check_circle

ZoneAlarm
result: Virus.Win32.Xorala
update: 20180216
version: 1.0
detected: True check_circle

Cybereason
result: malicious.c662a1
update: 20180205
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: Win32/Xorala.A
update: 20180216
version: 16915
detected: True check_circle

TrendMicro
result: PE_VALLA.A
update: 20180216
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20180205
detected: False cancel

BitDefender
result: Win32.Valhalla.2048
update: 20180216
version: 7.2
detected: True check_circle

CrowdStrike
update: 20170201
version: 1.0
detected: False cancel

K7AntiVirus
result: Virus ( 0008d6e31 )
update: 20180216
version: 10.40.26238
detected: True check_circle

SentinelOne
result: static engine - malicious
update: 20180115
version: 1.0.12.202
detected: True check_circle

Avast-Mobile
update: 20180216
version: 180216-04
detected: False cancel

Malwarebytes
result: Virus.Valhalla
update: 20180216
version: 2.1.1.1115
detected: True check_circle

TotalDefense
result: Win32/Valla.2048
update: 20180216
version: 37.1.62.1
detected: True check_circle

CAT-QuickHeal
result: W32.Xorala
update: 20180216
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Virus.Win32.Xorala.cbehdj
update: 20180216
version: 1.0.100.21498
detected: True check_circle

MicroWorld-eScan
result: Win32.Valhalla.2048
update: 20180216
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180216
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Generic.lm
update: 20180216
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: PE_VALLA.A
update: 20180216
version: 9.950.0.1006
detected: True check_circle

total
68
sha256
44046e778fb18f17679069170bd9e350c365e024b0c2d7ba7dd706c464dc6a2b
scan_id
44046e778fb18f17679069170bd9e350c365e024b0c2d7ba7dd706c464dc6a2b-1518800565
resource
8bd9f3cc662a1b646c0de1b8fa780edd
positives
62
scan_date
2018-02-16 17:02:45
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
14/2/2020 - 12:45:42.700Unknown1480C:\malware.exeC:\Windows\Fonts
14/2/2020 - 12:45:42.700Open1480C:\malware.exeC:\Windows\fveupdate.exe
14/2/2020 - 12:45:42.747Unknown1480C:\malware.exeC:\Windows\fveupdate.exefveupdate.exe
14/2/2020 - 12:45:42.747Open1480C:\malware.exeC:\Windows\fveupdate.exe
14/2/2020 - 12:45:42.747Open1480C:\malware.exeC:\Windows\fveupdate.exe
14/2/2020 - 12:45:42.747Open1480C:\malware.exeC:\Windows\fveupdate.exe
14/2/2020 - 12:45:42.747Open1480C:\malware.exeC:\Windows\rescache
14/2/2020 - 12:45:42.747Unknown1480C:\malware.exeC:\Windows\rescache
14/2/2020 - 12:45:42.747Open1480C:\malware.exeC:\Windows\ServiceProfiles
14/2/2020 - 12:45:42.747Unknown1480C:\malware.exeC:\Windows\ServiceProfiles
14/2/2020 - 12:45:42.747Open1480C:\malware.exeC:\Windows\Tasks
14/2/2020 - 12:45:42.747Unknown1480C:\malware.exeC:\Windows\Tasks
14/2/2020 - 12:45:42.747Open1480C:\malware.exeC:\Windows\tracing
14/2/2020 - 12:45:42.747Unknown1480C:\malware.exeC:\Windows\tracing
14/2/2020 - 12:45:42.747Open1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:42.747Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:42.793Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:42.840Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:42.887Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:42.934Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:42.981Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:43.28Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:43.75Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:43.122Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:43.168Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:43.215Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:43.262Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:43.309Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:43.356Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:43.403Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:43.450Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:43.497Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:43.543Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:43.590Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:43.637Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:43.684Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:43.731Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:43.778Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:43.825Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:43.872Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:43.918Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:43.965Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:44.12Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:44.59Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:44.106Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:44.153Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:44.200Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:44.247Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:44.293Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:44.340Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:44.387Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:44.434Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:44.481Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:44.528Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:44.575Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:44.622Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:44.668Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:44.715Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:44.762Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:44.809Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:44.856Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:44.903Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:44.950Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:44.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:45.43Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:45.90Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:45.137Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:45.184Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:45.231Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:45.278Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:45.325Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:45.372Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:45.418Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:45.465Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:45.512Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:45.559Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:45.606Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:45.653Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:45.700Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:45.747Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:45.793Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:45.840Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:45.887Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:45.934Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:45.981Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:46.28Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:46.75Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:46.122Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:46.168Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:46.215Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:46.262Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:46.309Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:46.356Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:46.403Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:46.450Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:46.497Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:46.543Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:46.590Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:46.637Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:46.684Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:46.731Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:46.778Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:46.825Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:46.872Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:46.918Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:46.965Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:47.12Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:47.59Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:47.106Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:47.153Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:47.200Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:47.247Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:47.293Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:47.340Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:47.387Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:47.434Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:47.481Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:47.528Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:47.575Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:47.622Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:47.668Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:47.715Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:47.762Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:47.809Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:47.856Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:47.903Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:47.950Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:47.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:48.43Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:48.90Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:48.137Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:48.184Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:48.231Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:48.278Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:48.325Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:48.372Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:48.418Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:48.465Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:48.512Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:48.559Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:48.606Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:48.653Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:48.700Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:48.747Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:48.793Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:48.840Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:48.887Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:48.934Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:48.981Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:49.28Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:49.75Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:49.122Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:49.168Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:49.215Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:49.262Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:49.309Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:49.356Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:49.403Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:49.450Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:49.497Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:49.543Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:49.590Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:49.637Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:49.684Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:49.731Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:49.778Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:49.825Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:49.872Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:49.918Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:49.965Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:50.12Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:50.106Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:50.153Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:50.200Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:50.247Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:50.293Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:50.340Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:50.387Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:50.434Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:50.481Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:50.528Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:50.575Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:50.622Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:50.668Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:50.715Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:50.715Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:50.762Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:50.809Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:50.872Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:50.918Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:50.965Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:51.12Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:51.59Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:51.122Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:51.168Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:51.215Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:51.262Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:51.309Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:51.356Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:51.403Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:51.450Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:51.497Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:51.543Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:51.590Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:51.637Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:51.684Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:51.731Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:51.778Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:51.825Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:51.872Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:51.918Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:51.965Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:52.12Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:52.59Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:52.106Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:52.153Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:52.200Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:52.247Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:52.293Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:52.340Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:52.387Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:52.434Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:52.481Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:52.528Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:52.575Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:52.622Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:52.668Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:52.715Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:52.762Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:52.809Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:52.856Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:52.903Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:52.950Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:52.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:53.43Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:53.90Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:53.153Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:53.200Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:53.247Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:53.293Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:53.340Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:53.387Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:53.434Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:53.481Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:53.528Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:53.575Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:53.622Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:53.668Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:53.715Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:53.762Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:53.809Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:53.856Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:53.903Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:53.950Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:53.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:54.43Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:54.90Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:54.137Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:54.184Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:54.231Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:54.278Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:54.325Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:54.372Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:54.418Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:54.465Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:54.512Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:54.559Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:54.606Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:54.653Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:54.700Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:54.747Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:54.793Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:54.840Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:54.887Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:54.934Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:54.981Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:55.28Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:55.75Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:55.122Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:55.168Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:55.215Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:55.262Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:55.309Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:55.356Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:55.403Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:55.450Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:55.497Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:55.543Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:55.590Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:55.637Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:55.684Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:55.731Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:55.778Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:55.825Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:55.872Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:55.918Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:56.59Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:56.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_adp94xx.inf_31bf3856ad364e35_6.1.7600.16385_none_5de621becad4e4ec
14/2/2020 - 12:45:56.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_adp94xx.inf_31bf3856ad364e35_6.1.7600.16385_none_5de621becad4e4ec
14/2/2020 - 12:45:56.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_adpu320.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6be1d6ded7b00818
14/2/2020 - 12:45:56.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_adpu320.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6be1d6ded7b00818
14/2/2020 - 12:45:56.200Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:56.340Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:56.481Open1480C:\malware.exeC:\Windows\winsxs\amd64_amdsata.inf_31bf3856ad364e35_6.1.7601.21680_none_aaccc8deb1e48f1e
14/2/2020 - 12:45:56.481Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_amdsata.inf_31bf3856ad364e35_6.1.7601.21680_none_aaccc8deb1e48f1e
14/2/2020 - 12:45:56.528Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:56.668Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:56.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_aspnet_compiler_b03f5f7f11d50a3a_6.1.7601.18410_none_a5769fe600b79680
14/2/2020 - 12:45:56.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_aspnet_compiler_b03f5f7f11d50a3a_6.1.7601.18410_none_a5769fe600b79680
14/2/2020 - 12:45:56.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_aspnet_regbrowsers_b03f5f7f11d50a3a_6.1.7600.16385_none_96421d40c0e2903e
14/2/2020 - 12:45:56.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_aspnet_regbrowsers_b03f5f7f11d50a3a_6.1.7600.16385_none_96421d40c0e2903e
14/2/2020 - 12:45:56.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_atiilhag.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a9e76cf4844eb38a
14/2/2020 - 12:45:56.762Read1480C:\malware.exeC:\Windows\winsxs\amd64_atiilhag.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a9e76cf4844eb38a
14/2/2020 - 12:45:56.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_atiilhag.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a9e76cf4844eb38a
14/2/2020 - 12:45:56.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_avc.inf_31bf3856ad364e35_6.1.7600.16385_none_084e3f0eabcf1e24
14/2/2020 - 12:45:56.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_avc.inf_31bf3856ad364e35_6.1.7600.16385_none_084e3f0eabcf1e24
14/2/2020 - 12:45:56.856Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:56.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:57.43Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:57.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_avmx64c.inf_31bf3856ad364e35_6.1.7600.16385_none_1b289ccdd9a4634d
14/2/2020 - 12:45:57.137Read1480C:\malware.exeC:\Windows\winsxs\amd64_avmx64c.inf_31bf3856ad364e35_6.1.7600.16385_none_1b289ccdd9a4634d
14/2/2020 - 12:45:57.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_avmx64c.inf_31bf3856ad364e35_6.1.7600.16385_none_1b289ccdd9a4634d
14/2/2020 - 12:45:57.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_brmfcmdm.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_642774421c9f3f13
14/2/2020 - 12:45:57.184Read1480C:\malware.exeC:\Windows\winsxs\amd64_brmfcmdm.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_642774421c9f3f13
14/2/2020 - 12:45:57.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_brmfcmdm.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_642774421c9f3f13
14/2/2020 - 12:45:57.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_brmfcmdm.inf_31bf3856ad364e35_6.1.7600.16385_none_d5714398a0c68fde
14/2/2020 - 12:45:57.231Read1480C:\malware.exeC:\Windows\winsxs\amd64_brmfcmdm.inf_31bf3856ad364e35_6.1.7600.16385_none_d5714398a0c68fde
14/2/2020 - 12:45:57.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_brmfcmdm.inf_31bf3856ad364e35_6.1.7600.16385_none_d5714398a0c68fde
14/2/2020 - 12:45:57.372Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:57.512Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:57.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.22046_none_d0d5d519eb6512d8
14/2/2020 - 12:45:57.559Read1480C:\malware.exeC:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.22046_none_d0d5d519eb6512d8
14/2/2020 - 12:45:57.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.22046_none_d0d5d519eb6512d8
14/2/2020 - 12:45:57.700Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:57.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_caspol_b03f5f7f11d50a3a_6.1.7601.17514_none_f885d1129806720d
14/2/2020 - 12:45:57.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_caspol_b03f5f7f11d50a3a_6.1.7601.17514_none_f885d1129806720d
14/2/2020 - 12:45:57.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_caspol_b03f5f7f11d50a3a_6.1.7601.18523_none_f886ea0a98056eea
14/2/2020 - 12:45:57.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_caspol_b03f5f7f11d50a3a_6.1.7601.18523_none_f886ea0a98056eea
14/2/2020 - 12:45:57.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b
14/2/2020 - 12:45:57.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b
14/2/2020 - 12:45:57.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_compositebus.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f88ef3ba5c88e666
14/2/2020 - 12:45:57.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_compositebus.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f88ef3ba5c88e666
14/2/2020 - 12:45:57.840Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:57.981Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:58.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_crcdisk.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b29dfc3452825bd8
14/2/2020 - 12:45:58.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_crcdisk.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b29dfc3452825bd8
14/2/2020 - 12:45:58.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_custommarshalers_b03f5f7f11d50a3a_6.1.7601.17514_none_feee409b39e33eea
14/2/2020 - 12:45:58.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_custommarshalers_b03f5f7f11d50a3a_6.1.7601.17514_none_feee409b39e33eea
14/2/2020 - 12:45:58.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_cxfalpal_ibv64.inf_31bf3856ad364e35_6.1.7600.16385_none_db4796019d20adcb
14/2/2020 - 12:45:58.153Read1480C:\malware.exeC:\Windows\winsxs\amd64_cxfalpal_ibv64.inf_31bf3856ad364e35_6.1.7600.16385_none_db4796019d20adcb
14/2/2020 - 12:45:58.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_cxfalpal_ibv64.inf_31bf3856ad364e35_6.1.7600.16385_none_db4796019d20adcb
14/2/2020 - 12:45:58.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_dc21x4vm.inf_31bf3856ad364e35_6.1.7600.16385_none_8a8756a57a292631
14/2/2020 - 12:45:58.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_dc21x4vm.inf_31bf3856ad364e35_6.1.7600.16385_none_8a8756a57a292631
14/2/2020 - 12:45:58.200Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:58.387Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:58.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_desktop_shell-search-srchadmin.resources_31bf3856ad364e35_7.0.7600.16385_pt-br_81f6d04c2f998574
14/2/2020 - 12:45:58.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_desktop_shell-search-srchadmin.resources_31bf3856ad364e35_7.0.7600.16385_pt-br_81f6d04c2f998574
14/2/2020 - 12:45:58.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_digitalmediadevice.inf_31bf3856ad364e35_6.1.7600.16385_none_e15a2bcac4c4abc6
14/2/2020 - 12:45:58.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_digitalmediadevice.inf_31bf3856ad364e35_6.1.7600.16385_none_e15a2bcac4c4abc6
14/2/2020 - 12:45:58.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01
14/2/2020 - 12:45:58.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01
14/2/2020 - 12:45:58.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_display.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8d55448dc354284f
14/2/2020 - 12:45:58.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_display.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8d55448dc354284f
14/2/2020 - 12:45:58.528Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:58.575Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:58.715Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:58.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_eaphost.inf_31bf3856ad364e35_6.1.7600.16385_none_8a6d7605895cd38e
14/2/2020 - 12:45:58.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_eaphost.inf_31bf3856ad364e35_6.1.7600.16385_none_8a6d7605895cd38e
14/2/2020 - 12:45:58.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_ehstorcertdrv.inf_31bf3856ad364e35_6.1.7600.16385_none_36454688d51936c3
14/2/2020 - 12:45:58.762Read1480C:\malware.exeC:\Windows\winsxs\amd64_ehstorcertdrv.inf_31bf3856ad364e35_6.1.7600.16385_none_36454688d51936c3
14/2/2020 - 12:45:58.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_ehstorcertdrv.inf_31bf3856ad364e35_6.1.7600.16385_none_36454688d51936c3
14/2/2020 - 12:45:58.903Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:59.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_faxcn001.inf_31bf3856ad364e35_6.1.7600.16385_none_a46fb88aa3f10979
14/2/2020 - 12:45:59.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_faxcn001.inf_31bf3856ad364e35_6.1.7600.16385_none_a46fb88aa3f10979
14/2/2020 - 12:45:59.90Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:59.231Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:59.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_flpydisk.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_719568c988232f75
14/2/2020 - 12:45:59.325Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_flpydisk.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_719568c988232f75
14/2/2020 - 12:45:59.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_hdaudio.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3f30304bb27d5f13
14/2/2020 - 12:45:59.325Read1480C:\malware.exeC:\Windows\winsxs\amd64_hdaudio.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3f30304bb27d5f13
14/2/2020 - 12:45:59.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_hdaudio.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3f30304bb27d5f13
14/2/2020 - 12:45:59.450Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:59.590Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:45:59.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_hidbth.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2a4d3ec4f9a2a96a
14/2/2020 - 12:45:59.700Read1480C:\malware.exeC:\Windows\winsxs\amd64_hidbth.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2a4d3ec4f9a2a96a
14/2/2020 - 12:45:59.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_hidbth.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2a4d3ec4f9a2a96a
14/2/2020 - 12:45:59.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_hiddigi.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_947ddd7d5cd7c4bb
14/2/2020 - 12:45:59.747Read1480C:\malware.exeC:\Windows\winsxs\amd64_hiddigi.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_947ddd7d5cd7c4bb
14/2/2020 - 12:45:59.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_hiddigi.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_947ddd7d5cd7c4bb
14/2/2020 - 12:45:59.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_hiddigi.inf_31bf3856ad364e35_6.1.7600.16385_none_f15136385f8cfd0e
14/2/2020 - 12:45:59.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_hiddigi.inf_31bf3856ad364e35_6.1.7600.16385_none_f15136385f8cfd0e
14/2/2020 - 12:45:59.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_hpoa1sd.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0ab355d533e6032b
14/2/2020 - 12:45:59.793Read1480C:\malware.exeC:\Windows\winsxs\amd64_hpoa1sd.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0ab355d533e6032b
14/2/2020 - 12:45:59.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_hpoa1sd.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0ab355d533e6032b
14/2/2020 - 12:45:59.934Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:0.75Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:0.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5
14/2/2020 - 12:46:0.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5
14/2/2020 - 12:46:0.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_igdlh.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a7d79cca5c6a7467
14/2/2020 - 12:46:0.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_igdlh.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a7d79cca5c6a7467
14/2/2020 - 12:46:0.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_iirsp.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a3f505c6b82bbbfa
14/2/2020 - 12:46:0.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_iirsp.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a3f505c6b82bbbfa
14/2/2020 - 12:46:0.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_iirsp2.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f0a63413643b939e
14/2/2020 - 12:46:0.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_iirsp2.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f0a63413643b939e
14/2/2020 - 12:46:0.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_iirsp2.inf_31bf3856ad364e35_6.1.7600.16385_none_e6442b2968a82527
14/2/2020 - 12:46:0.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_iirsp2.inf_31bf3856ad364e35_6.1.7600.16385_none_e6442b2968a82527
14/2/2020 - 12:46:0.215Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:0.262Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:0.403Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:0.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_infocard_b77a5c561934e089_6.1.7601.22733_none_416efebeda587c2c
14/2/2020 - 12:46:0.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_infocard_b77a5c561934e089_6.1.7601.22733_none_416efebeda587c2c\infocard.exe
14/2/2020 - 12:46:0.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_infocard_b77a5c561934e089_6.1.7601.22733_none_416efebeda587c2c\infocard.exe
14/2/2020 - 12:46:0.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_infocard_b77a5c561934e089_6.1.7601.22733_none_416efebeda587c2c\infocard.exe
14/2/2020 - 12:46:0.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_infocard_b77a5c561934e089_6.1.7601.22733_none_416efebeda587c2c\infocard.exe
14/2/2020 - 12:46:0.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_infocard_b77a5c561934e089_6.1.7601.22733_none_416efebeda587c2c
14/2/2020 - 12:46:0.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_installutil_b03f5f7f11d50a3a_6.1.7601.22733_none_f15b30cae2ed947f
14/2/2020 - 12:46:0.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_installutil_b03f5f7f11d50a3a_6.1.7601.22733_none_f15b30cae2ed947f
14/2/2020 - 12:46:0.590Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:0.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf
14/2/2020 - 12:46:0.684Read1480C:\malware.exeC:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf
14/2/2020 - 12:46:0.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf
14/2/2020 - 12:46:0.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_ks.inf_31bf3856ad364e35_6.1.7600.16385_none_1193334906748c44
14/2/2020 - 12:46:0.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_ks.inf_31bf3856ad364e35_6.1.7600.16385_none_1193334906748c44
14/2/2020 - 12:46:0.778Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:0.918Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:1.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_ksfilter.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d83d5a4c4b325f07
14/2/2020 - 12:46:1.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_ksfilter.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d83d5a4c4b325f07
14/2/2020 - 12:46:1.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_machine.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a29e39a0746aaabc
14/2/2020 - 12:46:1.12Read1480C:\malware.exeC:\Windows\winsxs\amd64_machine.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a29e39a0746aaabc
14/2/2020 - 12:46:1.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_machine.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a29e39a0746aaabc
14/2/2020 - 12:46:1.106Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:1.293Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:1.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdm5674a.inf_31bf3856ad364e35_6.1.7600.16385_none_42fd2975a010a30b
14/2/2020 - 12:46:1.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdm5674a.inf_31bf3856ad364e35_6.1.7600.16385_none_42fd2975a010a30b
14/2/2020 - 12:46:1.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmags64.inf_31bf3856ad364e35_6.1.7600.16385_none_8abdabbbcd196853
14/2/2020 - 12:46:1.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmags64.inf_31bf3856ad364e35_6.1.7600.16385_none_8abdabbbcd196853
14/2/2020 - 12:46:1.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmaiwa4.inf_31bf3856ad364e35_6.1.7600.16385_none_0a4c2d2390747c7a
14/2/2020 - 12:46:1.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmaiwa4.inf_31bf3856ad364e35_6.1.7600.16385_none_0a4c2d2390747c7a
14/2/2020 - 12:46:1.434Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:1.575Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:1.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmarn.inf_31bf3856ad364e35_6.1.7600.16385_none_36c04b56b6587575
14/2/2020 - 12:46:1.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmarn.inf_31bf3856ad364e35_6.1.7600.16385_none_36c04b56b6587575
14/2/2020 - 12:46:1.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmatm2k.inf_31bf3856ad364e35_6.1.7600.16385_none_35b788d12f1fd743
14/2/2020 - 12:46:1.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmatm2k.inf_31bf3856ad364e35_6.1.7600.16385_none_35b788d12f1fd743
14/2/2020 - 12:46:1.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmbr006.inf_31bf3856ad364e35_6.1.7600.16385_none_c218b25e6c778a2c
14/2/2020 - 12:46:1.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmbr006.inf_31bf3856ad364e35_6.1.7600.16385_none_c218b25e6c778a2c
14/2/2020 - 12:46:1.715Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:1.762Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:1.950Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:1.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmbr008.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5dbf905d6cba3fe9
14/2/2020 - 12:46:1.997Read1480C:\malware.exeC:\Windows\winsxs\amd64_mdmbr008.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5dbf905d6cba3fe9
14/2/2020 - 12:46:2.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmbr008.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5dbf905d6cba3fe9
14/2/2020 - 12:46:2.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmbr008.inf_31bf3856ad364e35_6.1.7600.16385_none_c32ad6c89eb402fe
14/2/2020 - 12:46:2.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmbr008.inf_31bf3856ad364e35_6.1.7600.16385_none_c32ad6c89eb402fe
14/2/2020 - 12:46:2.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmbr00a.inf_31bf3856ad364e35_6.1.7600.16385_none_d91ec149a48bafcf
14/2/2020 - 12:46:2.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmbr00a.inf_31bf3856ad364e35_6.1.7600.16385_none_d91ec149a48bafcf
14/2/2020 - 12:46:2.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmbtmdm.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0e3107b8562ff2df
14/2/2020 - 12:46:2.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmbtmdm.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0e3107b8562ff2df
14/2/2020 - 12:46:2.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmcm28.inf_31bf3856ad364e35_6.1.7600.16385_none_d130a4ccfd6ae450
14/2/2020 - 12:46:2.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmcm28.inf_31bf3856ad364e35_6.1.7600.16385_none_d130a4ccfd6ae450
14/2/2020 - 12:46:2.137Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:2.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmcrtix.inf_31bf3856ad364e35_6.1.7600.16385_none_8a345ba26a11afd0
14/2/2020 - 12:46:2.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmcrtix.inf_31bf3856ad364e35_6.1.7600.16385_none_8a345ba26a11afd0
14/2/2020 - 12:46:2.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmcxhv6.inf_31bf3856ad364e35_6.1.7600.16385_none_064a4eb4ec0af80f
14/2/2020 - 12:46:2.278Read1480C:\malware.exeC:\Windows\winsxs\amd64_mdmcxhv6.inf_31bf3856ad364e35_6.1.7600.16385_none_064a4eb4ec0af80f
14/2/2020 - 12:46:2.325Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmcxhv6.inf_31bf3856ad364e35_6.1.7600.16385_none_064a4eb4ec0af80f
14/2/2020 - 12:46:2.325Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:2.465Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:2.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmeiger.inf_31bf3856ad364e35_6.1.7600.16385_none_7f0b94a29fdc42f0
14/2/2020 - 12:46:2.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmeiger.inf_31bf3856ad364e35_6.1.7600.16385_none_7f0b94a29fdc42f0
14/2/2020 - 12:46:2.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmeric2.inf_31bf3856ad364e35_6.1.7600.16385_none_b9ce6cb341a5637b
14/2/2020 - 12:46:2.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmeric2.inf_31bf3856ad364e35_6.1.7600.16385_none_b9ce6cb341a5637b
14/2/2020 - 12:46:2.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmfj2.inf_31bf3856ad364e35_6.1.7600.16385_none_b5c7033b92bd022e
14/2/2020 - 12:46:2.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmfj2.inf_31bf3856ad364e35_6.1.7600.16385_none_b5c7033b92bd022e
14/2/2020 - 12:46:2.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmgen.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_64c1888bee02e91d
14/2/2020 - 12:46:2.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmgen.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_64c1888bee02e91d
14/2/2020 - 12:46:2.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmgl001.inf_31bf3856ad364e35_6.1.7600.16385_none_ccb7b8c62fbddb58
14/2/2020 - 12:46:2.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmgl001.inf_31bf3856ad364e35_6.1.7600.16385_none_ccb7b8c62fbddb58
14/2/2020 - 12:46:2.653Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:2.793Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:2.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmgl003.inf_31bf3856ad364e35_6.1.7600.16385_none_cdc9dd3061fa542a
14/2/2020 - 12:46:2.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmgl003.inf_31bf3856ad364e35_6.1.7600.16385_none_cdc9dd3061fa542a
14/2/2020 - 12:46:2.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmgl009.inf_31bf3856ad364e35_6.1.7600.16385_none_d1004a6ef8afbea0
14/2/2020 - 12:46:2.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmgl009.inf_31bf3856ad364e35_6.1.7600.16385_none_d1004a6ef8afbea0
14/2/2020 - 12:46:2.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmgl010.inf_31bf3856ad364e35_6.1.7600.16385_none_f9997b85348f7f3e
14/2/2020 - 12:46:2.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmgl010.inf_31bf3856ad364e35_6.1.7600.16385_none_f9997b85348f7f3e
14/2/2020 - 12:46:2.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmhaeu.inf_31bf3856ad364e35_6.1.7600.16385_none_38844238454bab97
14/2/2020 - 12:46:2.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmhaeu.inf_31bf3856ad364e35_6.1.7600.16385_none_38844238454bab97
14/2/2020 - 12:46:2.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmhay2.inf_31bf3856ad364e35_6.1.7600.16385_none_13ebd70762da3f5e
14/2/2020 - 12:46:2.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmhay2.inf_31bf3856ad364e35_6.1.7600.16385_none_13ebd70762da3f5e
14/2/2020 - 12:46:2.934Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:3.75Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:3.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmmc288.inf_31bf3856ad364e35_6.1.7600.16385_none_4812c1d1f5383134
14/2/2020 - 12:46:3.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmmc288.inf_31bf3856ad364e35_6.1.7600.16385_none_4812c1d1f5383134
14/2/2020 - 12:46:3.262Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:3.309Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:3.450Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:3.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmmts.inf_31bf3856ad364e35_6.1.7600.16385_none_bee826439264ce7c
14/2/2020 - 12:46:3.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmmts.inf_31bf3856ad364e35_6.1.7600.16385_none_bee826439264ce7c
14/2/2020 - 12:46:3.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmnis2u.inf_31bf3856ad364e35_6.1.7600.16385_none_ed46e0a714e373a9
14/2/2020 - 12:46:3.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmnis2u.inf_31bf3856ad364e35_6.1.7600.16385_none_ed46e0a714e373a9
14/2/2020 - 12:46:3.590Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:3.731Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:3.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmnttte.inf_31bf3856ad364e35_6.1.7600.16385_none_01231bbe5f4a51a5
14/2/2020 - 12:46:3.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmnttte.inf_31bf3856ad364e35_6.1.7600.16385_none_01231bbe5f4a51a5
14/2/2020 - 12:46:3.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmolic.inf_31bf3856ad364e35_6.1.7600.16385_none_5afe0c15d667b4c1
14/2/2020 - 12:46:3.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmolic.inf_31bf3856ad364e35_6.1.7600.16385_none_5afe0c15d667b4c1
14/2/2020 - 12:46:3.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmomrn3.inf_31bf3856ad364e35_6.1.7600.16385_none_a414a782fb3117b5
14/2/2020 - 12:46:3.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmomrn3.inf_31bf3856ad364e35_6.1.7600.16385_none_a414a782fb3117b5
14/2/2020 - 12:46:3.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmpenr.inf_31bf3856ad364e35_6.1.7600.16385_none_14e411db1f1fd8ef
14/2/2020 - 12:46:3.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmpenr.inf_31bf3856ad364e35_6.1.7600.16385_none_14e411db1f1fd8ef
14/2/2020 - 12:46:3.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmpn1.inf_31bf3856ad364e35_6.1.7600.16385_none_bc4acdcb7ef2250b
14/2/2020 - 12:46:3.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmpn1.inf_31bf3856ad364e35_6.1.7600.16385_none_bc4acdcb7ef2250b
14/2/2020 - 12:46:3.918Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:4.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmpp.inf_31bf3856ad364e35_6.1.7600.16385_none_a9d2002feb81fa56
14/2/2020 - 12:46:4.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmpp.inf_31bf3856ad364e35_6.1.7600.16385_none_a9d2002feb81fa56
14/2/2020 - 12:46:4.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmsier.inf_31bf3856ad364e35_6.1.7600.16385_none_feb63cafc6f86b25
14/2/2020 - 12:46:4.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmsier.inf_31bf3856ad364e35_6.1.7600.16385_none_feb63cafc6f86b25
14/2/2020 - 12:46:4.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmsupra.inf_31bf3856ad364e35_6.1.7600.16385_none_4479553983d478b1
14/2/2020 - 12:46:4.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmsupra.inf_31bf3856ad364e35_6.1.7600.16385_none_4479553983d478b1
14/2/2020 - 12:46:4.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmtdk.inf_31bf3856ad364e35_6.1.7600.16385_none_189823581f4ffba3
14/2/2020 - 12:46:4.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmtdk.inf_31bf3856ad364e35_6.1.7600.16385_none_189823581f4ffba3
14/2/2020 - 12:46:4.59Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:4.200Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:4.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmtdkj4.inf_31bf3856ad364e35_6.1.7600.16385_none_0b3568b5d0c39a8f
14/2/2020 - 12:46:4.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmtdkj4.inf_31bf3856ad364e35_6.1.7600.16385_none_0b3568b5d0c39a8f
14/2/2020 - 12:46:4.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmtdkj5.inf_31bf3856ad364e35_6.1.7600.16385_none_0bbe7aeae9e1d6f8
14/2/2020 - 12:46:4.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmtdkj5.inf_31bf3856ad364e35_6.1.7600.16385_none_0bbe7aeae9e1d6f8
14/2/2020 - 12:46:4.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmusrg.inf_31bf3856ad364e35_6.1.7600.16385_none_ef6d0c5fba40766d
14/2/2020 - 12:46:4.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmusrg.inf_31bf3856ad364e35_6.1.7600.16385_none_ef6d0c5fba40766d
14/2/2020 - 12:46:4.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmusrsp.inf_31bf3856ad364e35_6.1.7600.16385_none_d5e80cc9e393e749
14/2/2020 - 12:46:4.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmusrsp.inf_31bf3856ad364e35_6.1.7600.16385_none_d5e80cc9e393e749
14/2/2020 - 12:46:4.340Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:4.528Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:4.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmvv.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f0d70fbe6acb8b5b
14/2/2020 - 12:46:4.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmvv.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f0d70fbe6acb8b5b
14/2/2020 - 12:46:4.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_memory.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1252c59e56402cc2
14/2/2020 - 12:46:4.622Read1480C:\malware.exeC:\Windows\winsxs\amd64_memory.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1252c59e56402cc2
14/2/2020 - 12:46:4.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_memory.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1252c59e56402cc2
14/2/2020 - 12:46:4.715Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:4.762Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:4.950Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:4.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-jsintl.resources_31bf3856ad364e35_6.3.9600.16428_pt-br_8aa8724ed59c5499
14/2/2020 - 12:46:4.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-jsintl.resources_31bf3856ad364e35_6.3.9600.16428_pt-br_8aa8724ed59c5499
14/2/2020 - 12:46:5.90Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:5.184Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:5.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..dcredentialprovider_31bf3856ad364e35_6.1.7601.17514_none_a030aa28d92cdba3
14/2/2020 - 12:46:5.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..dcredentialprovider_31bf3856ad364e35_6.1.7601.17514_none_a030aa28d92cdba3
14/2/2020 - 12:46:5.325Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:5.465Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:5.606Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:5.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ercomtool.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a925c78e20ba1082
14/2/2020 - 12:46:5.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ercomtool.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a925c78e20ba1082
14/2/2020 - 12:46:5.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..figurator.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1e5f34beeb8f2487
14/2/2020 - 12:46:5.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..figurator.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1e5f34beeb8f2487
14/2/2020 - 12:46:5.700Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:5.747Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:5.887Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:5.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..iles-help.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ec0b349bd61d1d1e
14/2/2020 - 12:46:5.981Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..iles-help.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ec0b349bd61d1d1e
14/2/2020 - 12:46:6.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..iles-help.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ec0b349bd61d1d1e
14/2/2020 - 12:46:6.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..in-native.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7c61b6c7823466a2
14/2/2020 - 12:46:6.28Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..in-native.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7c61b6c7823466a2
14/2/2020 - 12:46:6.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..in-native.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7c61b6c7823466a2
14/2/2020 - 12:46:6.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..istant-ui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9359617b5a5a8f04
14/2/2020 - 12:46:6.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..istant-ui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9359617b5a5a8f04
14/2/2020 - 12:46:6.122Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:6.262Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:6.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ltimateed.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_072ff2c0b1ac9217
14/2/2020 - 12:46:6.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ltimateed.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_072ff2c0b1ac9217
14/2/2020 - 12:46:6.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..managerui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a1f8876c9b8b4377
14/2/2020 - 12:46:6.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..managerui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a1f8876c9b8b4377
14/2/2020 - 12:46:6.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..o-mmecore-wdm-audio_31bf3856ad364e35_6.1.7601.17514_none_a8745195fc51aa48
14/2/2020 - 12:46:6.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..o-mmecore-wdm-audio_31bf3856ad364e35_6.1.7601.17514_none_a8745195fc51aa48
14/2/2020 - 12:46:6.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..oldertool.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_70e17e9120c2bc39
14/2/2020 - 12:46:6.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..oldertool.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_70e17e9120c2bc39
14/2/2020 - 12:46:6.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ompat-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_190cf030d118f70d
14/2/2020 - 12:46:6.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ompat-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_190cf030d118f70d
14/2/2020 - 12:46:6.356Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:6.497Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:6.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..on-authui.resources_31bf3856ad364e35_6.1.7601.22472_pt-br_eb85757d39ad36e3
14/2/2020 - 12:46:6.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..on-authui.resources_31bf3856ad364e35_6.1.7601.22472_pt-br_eb85757d39ad36e3
14/2/2020 - 12:46:6.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..rface-ldap-provider_31bf3856ad364e35_6.1.7600.16385_none_78226e0a149a912a
14/2/2020 - 12:46:6.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..rface-ldap-provider_31bf3856ad364e35_6.1.7600.16385_none_78226e0a149a912a
14/2/2020 - 12:46:6.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..rvice-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_69dcbcc760cfa3a1
14/2/2020 - 12:46:6.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..rvice-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_69dcbcc760cfa3a1
14/2/2020 - 12:46:6.637Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:6.778Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:6.825Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:6.872Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:6.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-acledit_31bf3856ad364e35_6.1.7600.16385_none_c3d671ef7642fced
14/2/2020 - 12:46:6.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-acledit_31bf3856ad364e35_6.1.7600.16385_none_c3d671ef7642fced
14/2/2020 - 12:46:6.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-acluifilefoldertool_31bf3856ad364e35_6.1.7600.16385_none_49b88f2dc8d56917
14/2/2020 - 12:46:6.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-acluifilefoldertool_31bf3856ad364e35_6.1.7600.16385_none_49b88f2dc8d56917
14/2/2020 - 12:46:7.12Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:7.153Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:7.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-acproxy.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d513cafc72333d6d
14/2/2020 - 12:46:7.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-acproxy.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d513cafc72333d6d
14/2/2020 - 12:46:7.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-adaptertroubleshooter_31bf3856ad364e35_6.1.7600.16385_none_2df6395b9cf7e9a5
14/2/2020 - 12:46:7.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-adaptertroubleshooter_31bf3856ad364e35_6.1.7600.16385_none_2df6395b9cf7e9a5
14/2/2020 - 12:46:7.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7600.16385_none_3f3d4351a032bf57
14/2/2020 - 12:46:7.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7600.16385_none_3f3d4351a032bf57
14/2/2020 - 12:46:7.293Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:7.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-aero_ss.resources_31bf3856ad364e35_6.1.7600.16385_en-us_99c539cdc67b85ca
14/2/2020 - 12:46:7.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-aero_ss.resources_31bf3856ad364e35_6.1.7600.16385_en-us_99c539cdc67b85ca
14/2/2020 - 12:46:7.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-alttab.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_401b36bf6a550d49
14/2/2020 - 12:46:7.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-alttab.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_401b36bf6a550d49
14/2/2020 - 12:46:7.434Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:7.575Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:7.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.17514_none_b57215bac8c6d647
14/2/2020 - 12:46:7.668Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.17514_none_b57215bac8c6d647
14/2/2020 - 12:46:7.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.17514_none_b57215bac8c6d647
14/2/2020 - 12:46:7.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22923_none_b5efd139e1ed89c1
14/2/2020 - 12:46:7.715Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22923_none_b5efd139e1ed89c1
14/2/2020 - 12:46:7.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22923_none_b5efd139e1ed89c1
14/2/2020 - 12:46:7.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23126_none_b5f2ac1fe1eb062f
14/2/2020 - 12:46:7.762Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23126_none_b5f2ac1fe1eb062f
14/2/2020 - 12:46:7.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23126_none_b5f2ac1fe1eb062f
14/2/2020 - 12:46:7.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-atbroker.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c32dfb5248079480
14/2/2020 - 12:46:7.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-atbroker.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c32dfb5248079480
14/2/2020 - 12:46:7.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-atbroker_31bf3856ad364e35_6.1.7600.16385_none_2b95a17838063e9b
14/2/2020 - 12:46:7.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-atbroker_31bf3856ad364e35_6.1.7600.16385_none_2b95a17838063e9b
14/2/2020 - 12:46:7.856Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:7.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:8.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-atl_31bf3856ad364e35_6.1.7600.16385_none_0715316d7363738e
14/2/2020 - 12:46:8.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-atl_31bf3856ad364e35_6.1.7600.16385_none_0715316d7363738e
14/2/2020 - 12:46:8.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.1.7601.17514_none_d4c5c995fb3f4a1b
14/2/2020 - 12:46:8.90Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.1.7601.17514_none_d4c5c995fb3f4a1b
14/2/2020 - 12:46:8.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.1.7601.17514_none_d4c5c995fb3f4a1b
14/2/2020 - 12:46:8.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-audio-mci.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1c2735ff755a7fa3
14/2/2020 - 12:46:8.137Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-audio-mci.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1c2735ff755a7fa3
14/2/2020 - 12:46:8.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-audio-mci.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1c2735ff755a7fa3
14/2/2020 - 12:46:8.231Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:8.278Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:8.418Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:8.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-authorizationmanagerui_31bf3856ad364e35_6.1.7601.17514_none_7ffffc0c16450377
14/2/2020 - 12:46:8.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-authorizationmanagerui_31bf3856ad364e35_6.1.7601.17514_none_7ffffc0c16450377
14/2/2020 - 12:46:8.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-autochk.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a71f2fca77f3b9ee
14/2/2020 - 12:46:8.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-autochk.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a71f2fca77f3b9ee
14/2/2020 - 12:46:8.559Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:8.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-autofmt.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e5cf35a6b53a8657
14/2/2020 - 12:46:8.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-autofmt.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e5cf35a6b53a8657
14/2/2020 - 12:46:8.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-axinstallservice_31bf3856ad364e35_6.1.7601.17514_none_352b5454878cd498
14/2/2020 - 12:46:8.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-axinstallservice_31bf3856ad364e35_6.1.7601.17514_none_352b5454878cd498
14/2/2020 - 12:46:8.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..bitsadmin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d556eee2ec9e11e7
14/2/2020 - 12:46:8.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..bitsadmin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d556eee2ec9e11e7
14/2/2020 - 12:46:8.700Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:8.840Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:8.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..core-fonts-chs-boot_31bf3856ad364e35_6.1.7600.16385_none_30d8afa629263809
14/2/2020 - 12:46:8.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..core-fonts-chs-boot_31bf3856ad364e35_6.1.7600.16385_none_30d8afa629263809
14/2/2020 - 12:46:8.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..ents-main.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9f766d480f7c6d6d
14/2/2020 - 12:46:8.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..ents-main.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9f766d480f7c6d6d
14/2/2020 - 12:46:8.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.17514_none_c75e9c99a36a285a
14/2/2020 - 12:46:8.934Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.17514_none_c75e9c99a36a285a
14/2/2020 - 12:46:8.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.17514_none_c75e9c99a36a285a
14/2/2020 - 12:46:9.28Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:9.122Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:9.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.23418_none_c7ec0930bc846674
14/2/2020 - 12:46:9.215Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.23418_none_c7ec0930bc846674
14/2/2020 - 12:46:9.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.23418_none_c7ec0930bc846674\winresume.exe
14/2/2020 - 12:46:9.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.23418_none_c7ec0930bc846674\winresume.exewinresume.exe
14/2/2020 - 12:46:9.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.23418_none_c7ec0930bc846674\winresume.exe
14/2/2020 - 12:46:9.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.23418_none_c7ec0930bc846674\winresume.exe
14/2/2020 - 12:46:9.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.23418_none_c7ec0930bc846674\winresume.exe
14/2/2020 - 12:46:9.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.23418_none_c7ec0930bc846674
14/2/2020 - 12:46:9.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..erservice.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5314ee53d26ea12a
14/2/2020 - 12:46:9.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..erservice.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5314ee53d26ea12a
14/2/2020 - 12:46:9.403Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:9.450Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:9.590Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:9.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_147a7f8c11711a9b
14/2/2020 - 12:46:9.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_147a7f8c11711a9b
14/2/2020 - 12:46:9.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_el-gr_da723e1e02d551df
14/2/2020 - 12:46:9.637Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_el-gr_da723e1e02d551df
14/2/2020 - 12:46:9.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_el-gr_da723e1e02d551df
14/2/2020 - 12:46:9.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dacce684029df516
14/2/2020 - 12:46:9.684Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dacce684029df516
14/2/2020 - 12:46:9.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dacce684029df516
14/2/2020 - 12:46:9.825Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:9.965Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:10.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_hu-hu_c4c039aed9f6cc39
14/2/2020 - 12:46:10.59Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_hu-hu_c4c039aed9f6cc39
14/2/2020 - 12:46:10.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_hu-hu_c4c039aed9f6cc39
14/2/2020 - 12:46:10.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6777afadccc8e29b
14/2/2020 - 12:46:10.106Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6777afadccc8e29b
14/2/2020 - 12:46:10.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6777afadccc8e29b
14/2/2020 - 12:46:10.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_ad070b6fb254bb8c
14/2/2020 - 12:46:10.153Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_ad070b6fb254bb8c
14/2/2020 - 12:46:10.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_ad070b6fb254bb8c
14/2/2020 - 12:46:10.247Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:10.387Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:10.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_tr-tr_68f632f43987fd09
14/2/2020 - 12:46:10.434Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_tr-tr_68f632f43987fd09
14/2/2020 - 12:46:10.481Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_tr-tr_68f632f43987fd09
14/2/2020 - 12:46:10.575Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:10.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23136_pt-br_d6d0bc728083aa2c
14/2/2020 - 12:46:10.668Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23136_pt-br_d6d0bc728083aa2c
14/2/2020 - 12:46:10.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23136_pt-br_d6d0bc728083aa2c
14/2/2020 - 12:46:10.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23338_pt-br_d6d2c0d28081d728
14/2/2020 - 12:46:10.715Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23338_pt-br_d6d2c0d28081d728
14/2/2020 - 12:46:10.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23338_pt-br_d6d2c0d28081d728
14/2/2020 - 12:46:10.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.18741_none_3637d03b1b5800bc
14/2/2020 - 12:46:10.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.18741_none_3637d03b1b5800bc
14/2/2020 - 12:46:10.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.22948_none_36c870f2346f4f0e
14/2/2020 - 12:46:10.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.22948_none_36c870f2346f4f0e
14/2/2020 - 12:46:10.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..servicing.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c9bfb4339c917a51
14/2/2020 - 12:46:10.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..servicing.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c9bfb4339c917a51
14/2/2020 - 12:46:10.762Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:10.809Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:10.950Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:11.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..t-strings.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7b662da249241d35
14/2/2020 - 12:46:11.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..t-strings.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7b662da249241d35
14/2/2020 - 12:46:11.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..t-windows.resources_31bf3856ad364e35_6.1.7601.18741_pt-br_7c1bb109b397edf3
14/2/2020 - 12:46:11.43Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..t-windows.resources_31bf3856ad364e35_6.1.7601.18741_pt-br_7c1bb109b397edf3
14/2/2020 - 12:46:11.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..t-windows.resources_31bf3856ad364e35_6.1.7601.18741_pt-br_7c1bb109b397edf3
14/2/2020 - 12:46:11.137Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:11.278Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:11.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89
14/2/2020 - 12:46:11.372Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89
14/2/2020 - 12:46:11.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89
14/2/2020 - 12:46:11.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23338_none_b9c48a7a9c70e35e
14/2/2020 - 12:46:11.418Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23338_none_b9c48a7a9c70e35e
14/2/2020 - 12:46:11.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23338_none_b9c48a7a9c70e35e
14/2/2020 - 12:46:11.465Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:11.606Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:11.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-baseapinamespace_31bf3856ad364e35_6.1.7601.17514_none_a4272f399040a523
14/2/2020 - 12:46:11.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-baseapinamespace_31bf3856ad364e35_6.1.7601.17514_none_a4272f399040a523
14/2/2020 - 12:46:11.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-batmeter.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cfbd2456f828a707
14/2/2020 - 12:46:11.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-batmeter.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cfbd2456f828a707
14/2/2020 - 12:46:11.747Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:11.887Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:11.934Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:12.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bcdboot-cmdlinetool_31bf3856ad364e35_6.1.7601.17514_none_bf7bea0454c3f0cf
14/2/2020 - 12:46:12.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bcdboot-cmdlinetool_31bf3856ad364e35_6.1.7601.17514_none_bf7bea0454c3f0cf
14/2/2020 - 12:46:12.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.1.7600.16385_none_4a8185140916af36
14/2/2020 - 12:46:12.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.1.7600.16385_none_4a8185140916af36
14/2/2020 - 12:46:12.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bcrypt-primitives-dll_31bf3856ad364e35_6.1.7601.17514_none_70577ed42da9d71d
14/2/2020 - 12:46:12.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bcrypt-primitives-dll_31bf3856ad364e35_6.1.7601.17514_none_70577ed42da9d71d
14/2/2020 - 12:46:12.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bcrypt-primitives-dll_31bf3856ad364e35_6.1.7601.23418_none_70e4eb6b46c41537
14/2/2020 - 12:46:12.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bcrypt-primitives-dll_31bf3856ad364e35_6.1.7601.23418_none_70e4eb6b46c41537
14/2/2020 - 12:46:12.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bcrypt-primitives-dll_31bf3856ad364e35_6.1.7601.23452_none_70b3a9ff46e9ecf1
14/2/2020 - 12:46:12.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bcrypt-primitives-dll_31bf3856ad364e35_6.1.7601.23452_none_70b3a9ff46e9ecf1
14/2/2020 - 12:46:12.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02
14/2/2020 - 12:46:12.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02
14/2/2020 - 12:46:12.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-biometrics-adm_31bf3856ad364e35_6.1.7600.16385_none_0d91f148b856f7cf
14/2/2020 - 12:46:12.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-biometrics-adm_31bf3856ad364e35_6.1.7600.16385_none_0d91f148b856f7cf
14/2/2020 - 12:46:12.75Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:12.215Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:12.356Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:12.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-blb-engine-main_31bf3856ad364e35_6.1.7601.17514_none_4207fb67165f731a
14/2/2020 - 12:46:12.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-blb-engine-main_31bf3856ad364e35_6.1.7601.17514_none_4207fb67165f731a
14/2/2020 - 12:46:12.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bootconfig.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_227581a049e46b21
14/2/2020 - 12:46:12.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bootconfig.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_227581a049e46b21
14/2/2020 - 12:46:12.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bootres.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3f5690badd067a2f
14/2/2020 - 12:46:12.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bootres.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3f5690badd067a2f
14/2/2020 - 12:46:12.497Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:12.637Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:12.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17887_none_d6c68344b4d406bf
14/2/2020 - 12:46:12.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17887_none_d6c68344b4d406bf
14/2/2020 - 12:46:12.778Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:12.918Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:13.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bubbles_31bf3856ad364e35_6.1.7601.17514_none_cca44baae0912bbe
14/2/2020 - 12:46:13.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bubbles_31bf3856ad364e35_6.1.7601.17514_none_cca44baae0912bbe
14/2/2020 - 12:46:13.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0
14/2/2020 - 12:46:13.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0
14/2/2020 - 12:46:13.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..complus-runtime-qfe_31bf3856ad364e35_6.1.7600.16385_none_c7582028923fd980
14/2/2020 - 12:46:13.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..complus-runtime-qfe_31bf3856ad364e35_6.1.7600.16385_none_c7582028923fd980
14/2/2020 - 12:46:13.59Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:13.106Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:13.247Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:13.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..ilter-rtf.resources_31bf3856ad364e35_7.0.7600.16385_pt-br_e52972c5d8c1e2f0
14/2/2020 - 12:46:13.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..ilter-rtf.resources_31bf3856ad364e35_7.0.7600.16385_pt-br_e52972c5d8c1e2f0
14/2/2020 - 12:46:13.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..integrity.resources_31bf3856ad364e35_6.1.7600.16385_en-us_55297248670b8d54
14/2/2020 - 12:46:13.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..integrity.resources_31bf3856ad364e35_6.1.7600.16385_en-us_55297248670b8d54
14/2/2020 - 12:46:13.340Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:13.512Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:13.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..ityclient.resources_31bf3856ad364e35_6.1.7601.22712_pt-br_c5091a333c47c4f7
14/2/2020 - 12:46:13.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..ityclient.resources_31bf3856ad364e35_6.1.7601.22712_pt-br_c5091a333c47c4f7
14/2/2020 - 12:46:13.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..ityclient.resources_31bf3856ad364e35_6.1.7601.22807_pt-br_c518ed773c3b24e0
14/2/2020 - 12:46:13.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..ityclient.resources_31bf3856ad364e35_6.1.7601.22807_pt-br_c518ed773c3b24e0
14/2/2020 - 12:46:13.653Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:13.793Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:13.887Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:14.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..ltdel-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9d154f1b5c392d91
14/2/2020 - 12:46:14.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..ltdel-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9d154f1b5c392d91
14/2/2020 - 12:46:14.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..lter-mime.resources_31bf3856ad364e35_7.0.7600.16385_pt-br_8dd967f07be4d7fc
14/2/2020 - 12:46:14.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..lter-mime.resources_31bf3856ad364e35_7.0.7600.16385_pt-br_8dd967f07be4d7fc
14/2/2020 - 12:46:14.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..mplus-runtime-mtxdm_31bf3856ad364e35_6.1.7600.16385_none_73e50987ed1d92d4
14/2/2020 - 12:46:14.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..mplus-runtime-mtxdm_31bf3856ad364e35_6.1.7600.16385_none_73e50987ed1d92d4
14/2/2020 - 12:46:14.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..nt-xpsrasterservice_31bf3856ad364e35_6.1.7601.17514_none_78c3627042a0892a
14/2/2020 - 12:46:14.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..nt-xpsrasterservice_31bf3856ad364e35_6.1.7601.17514_none_78c3627042a0892a
14/2/2020 - 12:46:14.28Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:14.75Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:14.215Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:14.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..omplus-ui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f64c6250dd169f1b
14/2/2020 - 12:46:14.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..omplus-ui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f64c6250dd169f1b
14/2/2020 - 12:46:14.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..perftrack.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a2875f85298d2992
14/2/2020 - 12:46:14.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..perftrack.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a2875f85298d2992
14/2/2020 - 12:46:14.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..plus-runtime-txflog_31bf3856ad364e35_6.1.7600.16385_none_3b0b3a581d24859c
14/2/2020 - 12:46:14.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..plus-runtime-txflog_31bf3856ad364e35_6.1.7600.16385_none_3b0b3a581d24859c
14/2/2020 - 12:46:14.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..rdefaults.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0eb6431fe1caa606
14/2/2020 - 12:46:14.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..rdefaults.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0eb6431fe1caa606
14/2/2020 - 12:46:14.356Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:14.450Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:14.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..snapindll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_59be962a2ad7b09a
14/2/2020 - 12:46:14.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..snapindll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_59be962a2ad7b09a
14/2/2020 - 12:46:14.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..splay-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f9f432e1944d7b4d
14/2/2020 - 12:46:14.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..splay-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f9f432e1944d7b4d
14/2/2020 - 12:46:14.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..tionauthorityclient_31bf3856ad364e35_6.1.7601.18833_none_358d09b353584208
14/2/2020 - 12:46:14.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..tionauthorityclient_31bf3856ad364e35_6.1.7601.18833_none_358d09b353584208
14/2/2020 - 12:46:14.590Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:14.731Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:14.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..tionauthorityclient_31bf3856ad364e35_6.1.7601.22923_none_3621766a6c6dc5e1
14/2/2020 - 12:46:14.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..tionauthorityclient_31bf3856ad364e35_6.1.7601.22923_none_3621766a6c6dc5e1
14/2/2020 - 12:46:14.918Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:15.59Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:15.106Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:15.153Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:15.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..vider-dll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_087c0024bd8a4305
14/2/2020 - 12:46:15.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..vider-dll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_087c0024bd8a4305
14/2/2020 - 12:46:15.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cabview_31bf3856ad364e35_6.1.7601.17514_none_96285ba7f81e38a6
14/2/2020 - 12:46:15.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cabview_31bf3856ad364e35_6.1.7601.17514_none_96285ba7f81e38a6
14/2/2020 - 12:46:15.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-calc_31bf3856ad364e35_6.1.7600.16385_none_05b2f2e2346cfea4
14/2/2020 - 12:46:15.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-calc_31bf3856ad364e35_6.1.7600.16385_none_05b2f2e2346cfea4\calc.exe
14/2/2020 - 12:46:15.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-calc_31bf3856ad364e35_6.1.7600.16385_none_05b2f2e2346cfea4\calc.exe
14/2/2020 - 12:46:15.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-calc_31bf3856ad364e35_6.1.7600.16385_none_05b2f2e2346cfea4\calc.exe
14/2/2020 - 12:46:15.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-calc_31bf3856ad364e35_6.1.7600.16385_none_05b2f2e2346cfea4\calc.exe
14/2/2020 - 12:46:15.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-calc_31bf3856ad364e35_6.1.7600.16385_none_05b2f2e2346cfea4
14/2/2020 - 12:46:15.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-capisp-dll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6fe68728e0e372d3
14/2/2020 - 12:46:15.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-capisp-dll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6fe68728e0e372d3
14/2/2020 - 12:46:15.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdfs_31bf3856ad364e35_6.1.7600.16385_none_025c84b636a4ef6d
14/2/2020 - 12:46:15.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdfs_31bf3856ad364e35_6.1.7600.16385_none_025c84b636a4ef6d
14/2/2020 - 12:46:15.293Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:15.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_7b1a84fef19536e7
14/2/2020 - 12:46:15.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_7b1a84fef19536e7
14/2/2020 - 12:46:15.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_he-il_a5134adfb1f79c3a
14/2/2020 - 12:46:15.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_he-il_a5134adfb1f79c3a
14/2/2020 - 12:46:15.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_it-it_4b1b9984a2ba80ca
14/2/2020 - 12:46:15.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_it-it_4b1b9984a2ba80ca
14/2/2020 - 12:46:15.434Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:15.575Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:15.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_pt-pt_c0eed64b44b300c0
14/2/2020 - 12:46:15.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_pt-pt_c0eed64b44b300c0
14/2/2020 - 12:46:15.715Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:15.856Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:15.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-certutil.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2db3f507a496df2f
14/2/2020 - 12:46:15.903Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-certutil.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2db3f507a496df2f
14/2/2020 - 12:46:15.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-certutil.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2db3f507a496df2f
14/2/2020 - 12:46:15.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-certutil_31bf3856ad364e35_6.1.7601.22322_none_1427bd2d6323c846
14/2/2020 - 12:46:15.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-certutil_31bf3856ad364e35_6.1.7601.22322_none_1427bd2d6323c846\certutil.exe
14/2/2020 - 12:46:15.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-certutil_31bf3856ad364e35_6.1.7601.22322_none_1427bd2d6323c846\certutil.exe
14/2/2020 - 12:46:15.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-certutil_31bf3856ad364e35_6.1.7601.22322_none_1427bd2d6323c846\certutil.exe
14/2/2020 - 12:46:15.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-certutil_31bf3856ad364e35_6.1.7601.22322_none_1427bd2d6323c846\certutil.exe
14/2/2020 - 12:46:15.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-certutil_31bf3856ad364e35_6.1.7601.22322_none_1427bd2d6323c846
14/2/2020 - 12:46:15.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-charmap_31bf3856ad364e35_6.1.7601.18648_none_50633f4fbb0f8120
14/2/2020 - 12:46:15.997Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-charmap_31bf3856ad364e35_6.1.7601.18648_none_50633f4fbb0f8120
14/2/2020 - 12:46:16.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-charmap_31bf3856ad364e35_6.1.7601.18648_none_50633f4fbb0f8120
14/2/2020 - 12:46:16.137Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:16.278Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:16.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cipher.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_fda40a857820d3b8
14/2/2020 - 12:46:16.325Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cipher.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_fda40a857820d3b8
14/2/2020 - 12:46:16.418Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:16.465Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:16.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cmitrustinfoinstallers_1122334455667788_6.1.7601.18766_none_eff6dbbccdcdcee0
14/2/2020 - 12:46:16.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cmitrustinfoinstallers_1122334455667788_6.1.7601.18766_none_eff6dbbccdcdcee0
14/2/2020 - 12:46:16.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-codeintegrity_31bf3856ad364e35_6.1.7601.22923_none_ff1bb22c34862201
14/2/2020 - 12:46:16.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-codeintegrity_31bf3856ad364e35_6.1.7601.22923_none_ff1bb22c34862201
14/2/2020 - 12:46:16.606Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:16.747Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:16.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-codeintegrity_31bf3856ad364e35_6.1.7601.23126_none_ff1e8d1234839e6f
14/2/2020 - 12:46:16.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-codeintegrity_31bf3856ad364e35_6.1.7601.23126_none_ff1e8d1234839e6f
14/2/2020 - 12:46:16.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-codeintegrity_31bf3856ad364e35_6.1.7601.23338_none_ff15c1863489e75c
14/2/2020 - 12:46:16.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-codeintegrity_31bf3856ad364e35_6.1.7601.23338_none_ff15c1863489e75c
14/2/2020 - 12:46:16.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e57da0cf86aad2b7
14/2/2020 - 12:46:16.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e57da0cf86aad2b7
14/2/2020 - 12:46:16.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-base_31bf3856ad364e35_6.1.7600.16385_none_69e3281e403684ea
14/2/2020 - 12:46:16.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-base_31bf3856ad364e35_6.1.7600.16385_none_69e3281e403684ea
14/2/2020 - 12:46:16.887Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:17.28Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:17.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-complus-runtime_31bf3856ad364e35_6.1.7600.16385_none_b5bfb0b8ee629431
14/2/2020 - 12:46:17.75Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-complus-runtime_31bf3856ad364e35_6.1.7600.16385_none_b5bfb0b8ee629431
14/2/2020 - 12:46:17.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-complus-runtime_31bf3856ad364e35_6.1.7600.16385_none_b5bfb0b8ee629431
14/2/2020 - 12:46:17.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-complus-ui-comuid_31bf3856ad364e35_6.1.7600.16385_none_3f283fa97f098247
14/2/2020 - 12:46:17.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-complus-ui-comuid_31bf3856ad364e35_6.1.7600.16385_none_3f283fa97f098247
14/2/2020 - 12:46:17.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_88a5cc7effe2dfca
14/2/2020 - 12:46:17.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_88a5cc7effe2dfca
14/2/2020 - 12:46:17.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-dtc-management_31bf3856ad364e35_6.1.7600.16385_none_a5c314057d8c6608
14/2/2020 - 12:46:17.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-dtc-management_31bf3856ad364e35_6.1.7600.16385_none_a5c314057d8c6608
14/2/2020 - 12:46:17.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-dtc-runtime-tm_31bf3856ad364e35_6.1.7601.17514_none_f7be9391315f6cc3
14/2/2020 - 12:46:17.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-dtc-runtime-tm_31bf3856ad364e35_6.1.7601.17514_none_f7be9391315f6cc3
14/2/2020 - 12:46:17.215Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:17.309Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:17.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_a018e05d0d33081d
14/2/2020 - 12:46:17.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_a018e05d0d33081d
14/2/2020 - 12:46:17.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_es-es_be8a1256afbafd72
14/2/2020 - 12:46:17.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_es-es_be8a1256afbafd72
14/2/2020 - 12:46:17.450Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:17.590Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:17.637Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:17.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_90f8da5e5f4ad243
14/2/2020 - 12:46:17.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_90f8da5e5f4ad243
14/2/2020 - 12:46:17.778Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:17.872Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:17.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_ro-ro_0577819b021e44a4
14/2/2020 - 12:46:17.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_ro-ro_0577819b021e44a4
14/2/2020 - 12:46:17.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_sl-si_a60cf38bf64d0c81
14/2/2020 - 12:46:17.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_sl-si_a60cf38bf64d0c81
14/2/2020 - 12:46:17.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_tr-tr_4ce801e2e67e13c0
14/2/2020 - 12:46:17.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_tr-tr_4ce801e2e67e13c0
14/2/2020 - 12:46:17.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_uk-ua_e8c7e489ddaf3a0c
14/2/2020 - 12:46:17.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_uk-ua_e8c7e489ddaf3a0c
14/2/2020 - 12:46:17.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_zh-cn_1e451fe096b5e5df
14/2/2020 - 12:46:17.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_zh-cn_1e451fe096b5e5df
14/2/2020 - 12:46:17.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_zh-hk_1cf0186e9791586f
14/2/2020 - 12:46:17.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_zh-hk_1cf0186e9791586f
14/2/2020 - 12:46:18.12Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:18.153Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:18.293Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:18.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_ko-kr_1b56589636443993
14/2/2020 - 12:46:18.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_ko-kr_1b56589636443993
14/2/2020 - 12:46:18.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_nl-nl_022825090f956f24
14/2/2020 - 12:46:18.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_nl-nl_022825090f956f24
14/2/2020 - 12:46:18.434Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:18.575Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:18.622Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:18.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_sv-se_2e3835d3cebb791f
14/2/2020 - 12:46:18.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_sv-se_2e3835d3cebb791f
14/2/2020 - 12:46:18.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_tr-tr_d745801abd777b10
14/2/2020 - 12:46:18.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_tr-tr_d745801abd777b10
14/2/2020 - 12:46:18.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_uk-ua_732562c1b4a8a15c
14/2/2020 - 12:46:18.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_uk-ua_732562c1b4a8a15c
14/2/2020 - 12:46:18.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_zh-hk_a74d96a66e8abfbf
14/2/2020 - 12:46:18.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_zh-hk_a74d96a66e8abfbf
14/2/2020 - 12:46:18.762Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:18.903Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:18.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-component-opcom_31bf3856ad364e35_6.1.7601.17514_none_015d0742c9308ce9
14/2/2020 - 12:46:18.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-component-opcom_31bf3856ad364e35_6.1.7601.17514_none_015d0742c9308ce9
14/2/2020 - 12:46:18.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-computer-name-ui_31bf3856ad364e35_6.1.7601.17514_none_6c2d2cfe0522b8a3
14/2/2020 - 12:46:18.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-computer-name-ui_31bf3856ad364e35_6.1.7601.17514_none_6c2d2cfe0522b8a3
14/2/2020 - 12:46:18.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-console.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_dbb2aa9bc8b4c2ce
14/2/2020 - 12:46:18.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-console.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_dbb2aa9bc8b4c2ce
14/2/2020 - 12:46:19.43Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:19.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.18933_none_d26b1d6e18ca7cbc
14/2/2020 - 12:46:19.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.18933_none_d26b1d6e18ca7cbc\conhost.exe
14/2/2020 - 12:46:19.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.18933_none_d26b1d6e18ca7cbc\conhost.exe
14/2/2020 - 12:46:19.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.18933_none_d26b1d6e18ca7cbc\conhost.exe
14/2/2020 - 12:46:19.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.18933_none_d26b1d6e18ca7cbc\conhost.exe
14/2/2020 - 12:46:19.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.18933_none_d26b1d6e18ca7cbc
14/2/2020 - 12:46:19.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.22177_none_d2cd6a9b32050b47
14/2/2020 - 12:46:19.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.22177_none_d2cd6a9b32050b47
14/2/2020 - 12:46:19.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.23136_none_d2f7933931e59bcd
14/2/2020 - 12:46:19.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.23136_none_d2f7933931e59bcd
14/2/2020 - 12:46:19.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.23418_none_d30f395731d38e0e
14/2/2020 - 12:46:19.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.23418_none_d30f395731d38e0e\conhost.exe
14/2/2020 - 12:46:19.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.23418_none_d30f395731d38e0e\conhost.exe
14/2/2020 - 12:46:19.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.23418_none_d30f395731d38e0e\conhost.exe
14/2/2020 - 12:46:19.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.23418_none_d30f395731d38e0e\conhost.exe
14/2/2020 - 12:46:19.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.23418_none_d30f395731d38e0e
14/2/2020 - 12:46:19.184Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:19.325Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:19.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.17514_none_83784bb654f0d178
14/2/2020 - 12:46:19.418Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.17514_none_83784bb654f0d178
14/2/2020 - 12:46:19.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.17514_none_83784bb654f0d178
14/2/2020 - 12:46:19.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.18288_none_833080f055261c97
14/2/2020 - 12:46:19.465Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.18288_none_833080f055261c97
14/2/2020 - 12:46:19.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.18288_none_833080f055261c97
14/2/2020 - 12:46:19.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-core_tools_31bf3856ad364e35_6.1.7600.16385_none_67ff11cad1424304
14/2/2020 - 12:46:19.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-core_tools_31bf3856ad364e35_6.1.7600.16385_none_67ff11cad1424304
14/2/2020 - 12:46:19.559Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:19.700Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:19.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cpfilters.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e0c5ef8bfeb655c2
14/2/2020 - 12:46:19.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cpfilters.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e0c5ef8bfeb655c2
14/2/2020 - 12:46:19.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-crashdump_31bf3856ad364e35_6.1.7600.16385_none_01824f663087096a
14/2/2020 - 12:46:19.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-crashdump_31bf3856ad364e35_6.1.7600.16385_none_01824f663087096a
14/2/2020 - 12:46:19.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-credssp-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_957b283a27b2332a
14/2/2020 - 12:46:19.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-credssp-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_957b283a27b2332a
14/2/2020 - 12:46:19.840Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:19.934Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:20.75Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:20.215Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:20.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.1.7601.17514_none_b995c74af473511b
14/2/2020 - 12:46:20.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.1.7601.17514_none_b995c74af473511b
14/2/2020 - 12:46:20.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.1.7601.18150_none_b9666812f4978088
14/2/2020 - 12:46:20.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.1.7601.18150_none_b9666812f4978088
14/2/2020 - 12:46:20.356Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:20.497Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:20.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptdlg-dll_31bf3856ad364e35_6.1.7601.22321_none_812a121847de2bbd
14/2/2020 - 12:46:20.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptdlg-dll_31bf3856ad364e35_6.1.7601.22321_none_812a121847de2bbd
14/2/2020 - 12:46:20.637Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:20.778Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:20.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptext-dll_31bf3856ad364e35_6.1.7600.16385_none_5b87b4622f6a278f
14/2/2020 - 12:46:20.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptext-dll_31bf3856ad364e35_6.1.7600.16385_none_5b87b4622f6a278f
14/2/2020 - 12:46:20.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptnet-dll_31bf3856ad364e35_6.1.7601.18741_none_751bc2eb12905f42
14/2/2020 - 12:46:20.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptnet-dll_31bf3856ad364e35_6.1.7601.18741_none_751bc2eb12905f42
14/2/2020 - 12:46:20.918Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:21.59Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:21.106Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:21.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptui-dll.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_63246a2a21acd0da
14/2/2020 - 12:46:21.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptui-dll.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_63246a2a21acd0da
14/2/2020 - 12:46:21.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptui-dll_31bf3856ad364e35_6.1.7601.22948_none_e4817de6c7f54767
14/2/2020 - 12:46:21.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptui-dll_31bf3856ad364e35_6.1.7601.22948_none_e4817de6c7f54767
14/2/2020 - 12:46:21.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptxml.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ca2d41c12a064f08
14/2/2020 - 12:46:21.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptxml.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ca2d41c12a064f08
14/2/2020 - 12:46:21.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7600.16385_none_257c28acbf0ea870
14/2/2020 - 12:46:21.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7600.16385_none_257c28acbf0ea870
14/2/2020 - 12:46:21.293Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:21.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7601.18923_none_27a15d0ebc063ce1
14/2/2020 - 12:46:21.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7601.18923_none_27a15d0ebc063ce1
14/2/2020 - 12:46:21.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7601.22948_none_281a598dd52f9619
14/2/2020 - 12:46:21.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7601.22948_none_281a598dd52f9619
14/2/2020 - 12:46:21.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7601.23392_none_27de2609d55db47b
14/2/2020 - 12:46:21.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7601.23392_none_27de2609d55db47b
14/2/2020 - 12:46:21.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7601.23418_none_283aa90bd5176a24
14/2/2020 - 12:46:21.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7601.23418_none_283aa90bd5176a24
14/2/2020 - 12:46:21.434Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:21.575Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:21.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cttunesvr.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2147347adac5dd8b
14/2/2020 - 12:46:21.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cttunesvr.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2147347adac5dd8b
14/2/2020 - 12:46:21.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..-dvdupgrd.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_8100277a97849c14
14/2/2020 - 12:46:21.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..-dvdupgrd.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_8100277a97849c14
14/2/2020 - 12:46:21.715Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:21.856Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:21.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..-ringtone.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3fd3848f1051883e
14/2/2020 - 12:46:21.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..-ringtone.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3fd3848f1051883e
14/2/2020 - 12:46:21.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..-standarddictionary_31bf3856ad364e35_6.1.7600.16385_none_dc7a0a24f48c1886
14/2/2020 - 12:46:21.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..-standarddictionary_31bf3856ad364e35_6.1.7600.16385_none_dc7a0a24f48c1886
14/2/2020 - 12:46:21.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..-usermode.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2475aec0de1078bb
14/2/2020 - 12:46:21.950Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..-usermode.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2475aec0de1078bb
14/2/2020 - 12:46:21.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..-usermode.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2475aec0de1078bb
14/2/2020 - 12:46:22.43Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:22.137Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:22.184Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:22.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..ctx-directinput-cpl_31bf3856ad364e35_6.1.7600.16385_none_ed74ea7e48da75bc
14/2/2020 - 12:46:22.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..ctx-directinput-cpl_31bf3856ad364e35_6.1.7600.16385_none_ed74ea7e48da75bc
14/2/2020 - 12:46:22.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..e-diagnostic-module_31bf3856ad364e35_6.1.7600.16385_none_501611cee0eb67c8
14/2/2020 - 12:46:22.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..e-diagnostic-module_31bf3856ad364e35_6.1.7600.16385_none_501611cee0eb67c8
14/2/2020 - 12:46:22.325Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:22.465Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:22.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2e6edd0f17a04dc5
14/2/2020 - 12:46:22.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2e6edd0f17a04dc5
14/2/2020 - 12:46:22.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_de-de_772af58d442606dc
14/2/2020 - 12:46:22.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_de-de_772af58d442606dc
14/2/2020 - 12:46:22.606Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:22.700Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:22.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_tr-tr_ae4517f669ee1a94
14/2/2020 - 12:46:22.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_tr-tr_ae4517f669ee1a94
14/2/2020 - 12:46:22.840Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:22.981Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:23.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.1.7601.22004_none_fbcbe08624f8cec3
14/2/2020 - 12:46:23.28Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.1.7601.22004_none_fbcbe08624f8cec3
14/2/2020 - 12:46:23.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.1.7601.22004_none_fbcbe08624f8cec3
14/2/2020 - 12:46:23.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.1.7601.17514_none_1573bf06bb8baa0c
14/2/2020 - 12:46:23.75Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.1.7601.17514_none_1573bf06bb8baa0c
14/2/2020 - 12:46:23.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.1.7601.17514_none_1573bf06bb8baa0c
14/2/2020 - 12:46:23.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.1.7601.18489_none_152cf856bbc008d0
14/2/2020 - 12:46:23.122Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.1.7601.18489_none_152cf856bbc008d0
14/2/2020 - 12:46:23.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.1.7601.18489_none_152cf856bbc008d0
14/2/2020 - 12:46:23.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.1.7601.22706_none_160a176fd49f775b
14/2/2020 - 12:46:23.168Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.1.7601.22706_none_160a176fd49f775b
14/2/2020 - 12:46:23.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.1.7601.22706_none_160a176fd49f775b
14/2/2020 - 12:46:23.309Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:23.356Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:23.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_24bc5fc0da5f863e
14/2/2020 - 12:46:23.450Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_24bc5fc0da5f863e
14/2/2020 - 12:46:23.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_24bc5fc0da5f863e
14/2/2020 - 12:46:23.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05
14/2/2020 - 12:46:23.497Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05
14/2/2020 - 12:46:23.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05
14/2/2020 - 12:46:23.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..ing-management-core_31bf3856ad364e35_6.1.7601.18489_none_891364c441930439
14/2/2020 - 12:46:23.497Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..ing-management-core_31bf3856ad364e35_6.1.7601.18489_none_891364c441930439
14/2/2020 - 12:46:23.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..ing-management-core_31bf3856ad364e35_6.1.7601.18489_none_891364c441930439
14/2/2020 - 12:46:23.543Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:23.731Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:23.872Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:24.12Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:24.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_bf1f1c7f15d23cfd
14/2/2020 - 12:46:24.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_bf1f1c7f15d23cfd
14/2/2020 - 12:46:24.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ee0ff8fcfe258c08
14/2/2020 - 12:46:24.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ee0ff8fcfe258c08
14/2/2020 - 12:46:24.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77
14/2/2020 - 12:46:24.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77
14/2/2020 - 12:46:24.106Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:24.247Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:24.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..onverters.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_45da4d437b4327de
14/2/2020 - 12:46:24.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..onverters.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_45da4d437b4327de
14/2/2020 - 12:46:24.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..opwindowmanager-api_31bf3856ad364e35_6.1.7601.17514_none_3e34e9fc569ce535
14/2/2020 - 12:46:24.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..opwindowmanager-api_31bf3856ad364e35_6.1.7601.17514_none_3e34e9fc569ce535
14/2/2020 - 12:46:24.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..oragecontexthandler_31bf3856ad364e35_6.1.7600.16385_none_2287c75248ecd1a7
14/2/2020 - 12:46:24.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..oragecontexthandler_31bf3856ad364e35_6.1.7600.16385_none_2287c75248ecd1a7
14/2/2020 - 12:46:24.387Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:24.434Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:24.481Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:24.622Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:24.715Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:24.856Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:24.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..rverifier.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c94e8075974912a3
14/2/2020 - 12:46:24.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..rverifier.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c94e8075974912a3
14/2/2020 - 12:46:24.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..s-ime-japanese-help_31bf3856ad364e35_6.1.7600.16385_none_cdfd15e4a5a167d0
14/2/2020 - 12:46:24.903Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..s-ime-japanese-help_31bf3856ad364e35_6.1.7600.16385_none_cdfd15e4a5a167d0
14/2/2020 - 12:46:24.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..s-ime-japanese-help_31bf3856ad364e35_6.1.7600.16385_none_cdfd15e4a5a167d0
14/2/2020 - 12:46:24.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..serverapi.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4f288ade8e3c8e91
14/2/2020 - 12:46:24.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..serverapi.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4f288ade8e3c8e91
14/2/2020 - 12:46:25.43Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:25.184Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:25.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.19091_none_45cdea7fae2fa3d4
14/2/2020 - 12:46:25.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.19091_none_45cdea7fae2fa3d4
14/2/2020 - 12:46:25.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..utoenroll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_18c8b574dffaf72c
14/2/2020 - 12:46:25.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..utoenroll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_18c8b574dffaf72c
14/2/2020 - 12:46:25.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..vices-sam.resources_31bf3856ad364e35_6.1.7601.23390_pt-br_74716363dc2d5490
14/2/2020 - 12:46:25.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..vices-sam.resources_31bf3856ad364e35_6.1.7601.23390_pt-br_74716363dc2d5490
14/2/2020 - 12:46:25.278Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:25.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_el-gr_e65b677cecdab746
14/2/2020 - 12:46:25.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_el-gr_e65b677cecdab746
14/2/2020 - 12:46:25.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_es-es_e6816cc6ecca4c22
14/2/2020 - 12:46:25.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_es-es_e6816cc6ecca4c22
14/2/2020 - 12:46:25.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_fi-fi_859c7173e1e43e4c
14/2/2020 - 12:46:25.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_fi-fi_859c7173e1e43e4c
14/2/2020 - 12:46:25.418Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:25.465Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:25.606Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:25.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_hu-hu_d0a9630dc3fc31a0
14/2/2020 - 12:46:25.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_hu-hu_d0a9630dc3fc31a0
14/2/2020 - 12:46:25.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_tr-tr_74df5c53238d6270
14/2/2020 - 12:46:25.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_tr-tr_74df5c53238d6270
14/2/2020 - 12:46:25.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_zh-cn_463c7a50d3c5348f
14/2/2020 - 12:46:25.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_zh-cn_463c7a50d3c5348f
14/2/2020 - 12:46:25.747Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:25.887Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:25.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d2d_31bf3856ad364e35_7.1.7601.18327_none_f72b7ed6fd7cb38b
14/2/2020 - 12:46:25.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d2d_31bf3856ad364e35_7.1.7601.18327_none_f72b7ed6fd7cb38b
14/2/2020 - 12:46:25.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ddodiag_31bf3856ad364e35_6.1.7600.16385_none_924b83b9b69fb351
14/2/2020 - 12:46:25.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ddodiag_31bf3856ad364e35_6.1.7600.16385_none_924b83b9b69fb351
14/2/2020 - 12:46:26.28Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:26.168Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:26.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-defrag-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d1adf7a8c47127a8
14/2/2020 - 12:46:26.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-defrag-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d1adf7a8c47127a8
14/2/2020 - 12:46:26.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-desk.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b8231646fef7d532
14/2/2020 - 12:46:26.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-desk.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b8231646fef7d532
14/2/2020 - 12:46:26.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-deskmon.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_73399f428293ad08
14/2/2020 - 12:46:26.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-deskmon.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_73399f428293ad08
14/2/2020 - 12:46:26.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-desktop-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c67c807a78afd79a
14/2/2020 - 12:46:26.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-desktop-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c67c807a78afd79a
14/2/2020 - 12:46:26.309Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:26.450Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:26.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-devicecenter.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b7768e1686da6f50
14/2/2020 - 12:46:26.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-devicecenter.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b7768e1686da6f50
14/2/2020 - 12:46:26.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-devicecenterdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_68ab4bc1ef499c45
14/2/2020 - 12:46:26.497Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-devicecenterdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_68ab4bc1ef499c45
14/2/2020 - 12:46:26.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-devicecenterdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_68ab4bc1ef499c45
14/2/2020 - 12:46:26.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-devicemetadataparsers_31bf3856ad364e35_6.1.7600.16385_none_22e80705d605ae66
14/2/2020 - 12:46:26.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-devicemetadataparsers_31bf3856ad364e35_6.1.7600.16385_none_22e80705d605ae66
14/2/2020 - 12:46:26.637Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:26.684Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:26.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-devinst-adm_31bf3856ad364e35_6.1.7600.16385_none_a05b761f6fef20e3
14/2/2020 - 12:46:26.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-devinst-adm_31bf3856ad364e35_6.1.7600.16385_none_a05b761f6fef20e3
14/2/2020 - 12:46:26.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dfs-adm_31bf3856ad364e35_6.1.7600.16385_none_f61ced8db0c66201
14/2/2020 - 12:46:26.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dfs-adm_31bf3856ad364e35_6.1.7600.16385_none_f61ced8db0c66201
14/2/2020 - 12:46:26.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.1.7601.17970_none_353b55f7456390a1
14/2/2020 - 12:46:26.825Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.1.7601.17970_none_353b55f7456390a1
14/2/2020 - 12:46:26.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.1.7601.17970_none_353b55f7456390a1
14/2/2020 - 12:46:26.872Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:27.12Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:27.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-diagcpl_31bf3856ad364e35_6.1.7601.17514_none_38e0b39aee9579c3
14/2/2020 - 12:46:27.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-diagcpl_31bf3856ad364e35_6.1.7601.17514_none_38e0b39aee9579c3
14/2/2020 - 12:46:27.153Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:27.293Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:27.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-core_31bf3856ad364e35_6.1.7601.17713_none_049540d2048696c4
14/2/2020 - 12:46:27.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-core_31bf3856ad364e35_6.1.7601.17713_none_049540d2048696c4
14/2/2020 - 12:46:27.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-devenum_31bf3856ad364e35_6.1.7601.19091_none_b709fa2f56ced09c
14/2/2020 - 12:46:27.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-devenum_31bf3856ad364e35_6.1.7601.19091_none_b709fa2f56ced09c
14/2/2020 - 12:46:27.465Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:27.606Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:27.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-devenum_31bf3856ad364e35_6.1.7601.23290_none_b79298966fed5436
14/2/2020 - 12:46:27.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-devenum_31bf3856ad364e35_6.1.7601.23290_none_b79298966fed5436
14/2/2020 - 12:46:27.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-dvdsupport_31bf3856ad364e35_6.1.7601.17514_none_b2483040ea781d9d
14/2/2020 - 12:46:27.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-dvdsupport_31bf3856ad364e35_6.1.7601.17514_none_b2483040ea781d9d
14/2/2020 - 12:46:27.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-dvdsupport_31bf3856ad364e35_6.1.7601.17713_none_b24733c2ea78fe94
14/2/2020 - 12:46:27.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-dvdsupport_31bf3856ad364e35_6.1.7601.17713_none_b24733c2ea78fe94
14/2/2020 - 12:46:27.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-dvdsupport_31bf3856ad364e35_6.1.7601.18741_none_b224aca2ea93395a
14/2/2020 - 12:46:27.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-dvdsupport_31bf3856ad364e35_6.1.7601.18741_none_b224aca2ea93395a
14/2/2020 - 12:46:27.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-mpeg2_31bf3856ad364e35_6.1.7601.17514_none_1435300cb8e4b445
14/2/2020 - 12:46:27.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-mpeg2_31bf3856ad364e35_6.1.7601.17514_none_1435300cb8e4b445
14/2/2020 - 12:46:27.747Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:27.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-other_31bf3856ad364e35_6.1.7601.17514_none_6b778d68f75a1a54
14/2/2020 - 12:46:27.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-other_31bf3856ad364e35_6.1.7601.17514_none_6b778d68f75a1a54
14/2/2020 - 12:46:27.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite-fontcache_31bf3856ad364e35_6.1.7601.19061_none_6296cc33281a408c
14/2/2020 - 12:46:27.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite-fontcache_31bf3856ad364e35_6.1.7601.19061_none_6296cc33281a408c
14/2/2020 - 12:46:27.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite-fontcache_31bf3856ad364e35_6.1.7601.23265_none_63246c0c413442d9
14/2/2020 - 12:46:27.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite-fontcache_31bf3856ad364e35_6.1.7601.23265_none_63246c0c413442d9
14/2/2020 - 12:46:27.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite-fontcache_31bf3856ad364e35_7.1.7601.18946_none_542211a0b2ebfcea
14/2/2020 - 12:46:27.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite-fontcache_31bf3856ad364e35_7.1.7601.18946_none_542211a0b2ebfcea
14/2/2020 - 12:46:27.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite-fontcache_31bf3856ad364e35_7.1.7601.23149_none_54ae876bcc071bfb
14/2/2020 - 12:46:27.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite-fontcache_31bf3856ad364e35_7.1.7601.23149_none_54ae876bcc071bfb
14/2/2020 - 12:46:27.887Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:27.934Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:28.75Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:28.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_ko-kr_b2fa83331fbc549f
14/2/2020 - 12:46:28.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_ko-kr_b2fa83331fbc549f
14/2/2020 - 12:46:28.215Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:28.356Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:28.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_nl-nl_99cc4fa5f90d8a30
14/2/2020 - 12:46:28.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_nl-nl_99cc4fa5f90d8a30
14/2/2020 - 12:46:28.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_pt-br_e25c94cbdcb98bc8
14/2/2020 - 12:46:28.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_pt-br_e25c94cbdcb98bc8
14/2/2020 - 12:46:28.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_ru-ru_29e175fbc10a89d0
14/2/2020 - 12:46:28.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_ru-ru_29e175fbc10a89d0
14/2/2020 - 12:46:28.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_tr-tr_6ee9aab7a6ef961c
14/2/2020 - 12:46:28.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_tr-tr_6ee9aab7a6ef961c
14/2/2020 - 12:46:28.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7601.18946_none_30a4f63116252eb3
14/2/2020 - 12:46:28.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7601.18946_none_30a4f63116252eb3
14/2/2020 - 12:46:28.497Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:28.637Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:28.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directx-d3d10level9_31bf3856ad364e35_7.1.7601.16492_none_329c8355415b5fc3
14/2/2020 - 12:46:28.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directx-d3d10level9_31bf3856ad364e35_7.1.7601.16492_none_329c8355415b5fc3
14/2/2020 - 12:46:28.778Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:28.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directx-direct3d11_31bf3856ad364e35_6.1.7601.17514_none_4dde5445e44ba1a3
14/2/2020 - 12:46:28.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directx-direct3d11_31bf3856ad364e35_6.1.7601.17514_none_4dde5445e44ba1a3
14/2/2020 - 12:46:28.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directx-direct3d11_31bf3856ad364e35_7.1.7601.22313_none_3fd750928850f311
14/2/2020 - 12:46:28.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directx-direct3d11_31bf3856ad364e35_7.1.7601.22313_none_3fd750928850f311
14/2/2020 - 12:46:28.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_60fa9493d9b24564
14/2/2020 - 12:46:28.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_60fa9493d9b24564
14/2/2020 - 12:46:28.950Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:28.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:29.137Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:29.278Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:29.418Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:29.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-diskdump_31bf3856ad364e35_6.1.7601.22589_none_c5271196c737b9ac
14/2/2020 - 12:46:29.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-diskdump_31bf3856ad364e35_6.1.7601.22589_none_c5271196c737b9ac
14/2/2020 - 12:46:29.559Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:29.700Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:29.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dns-clientextension_31bf3856ad364e35_6.1.7600.16385_none_cc3ad957479ac337
14/2/2020 - 12:46:29.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dns-clientextension_31bf3856ad364e35_6.1.7600.16385_none_cc3ad957479ac337
14/2/2020 - 12:46:29.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-documents-performance_31bf3856ad364e35_6.1.7600.16385_none_3cdadc249cb267a4
14/2/2020 - 12:46:29.747Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-documents-performance_31bf3856ad364e35_6.1.7600.16385_none_3cdadc249cb267a4
14/2/2020 - 12:46:29.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-documents-performance_31bf3856ad364e35_6.1.7600.16385_none_3cdadc249cb267a4
14/2/2020 - 12:46:29.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dot3-netsh-helper_31bf3856ad364e35_6.1.7601.17514_none_38cd19d2dab6f4ad
14/2/2020 - 12:46:29.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dot3-netsh-helper_31bf3856ad364e35_6.1.7601.17514_none_38cd19d2dab6f4ad
14/2/2020 - 12:46:29.887Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:29.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dot3helperclass_31bf3856ad364e35_6.1.7600.16385_none_db105fd0602be063
14/2/2020 - 12:46:29.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dot3helperclass_31bf3856ad364e35_6.1.7600.16385_none_db105fd0602be063
14/2/2020 - 12:46:30.28Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:30.168Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:30.215Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:30.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-driverquery_31bf3856ad364e35_6.1.7600.16385_none_f217bd1caebaa683
14/2/2020 - 12:46:30.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-driverquery_31bf3856ad364e35_6.1.7600.16385_none_f217bd1caebaa683
14/2/2020 - 12:46:30.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-driververifier_31bf3856ad364e35_6.1.7600.16385_none_1660ccbeb66c6cf1
14/2/2020 - 12:46:30.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-driververifier_31bf3856ad364e35_6.1.7600.16385_none_1660ccbeb66c6cf1
14/2/2020 - 12:46:30.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-drvstore_31bf3856ad364e35_6.1.7601.17514_none_4f1a5a9a5a24b7ca
14/2/2020 - 12:46:30.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-drvstore_31bf3856ad364e35_6.1.7601.17514_none_4f1a5a9a5a24b7ca
14/2/2020 - 12:46:30.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dskquota.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5e95dc5fe600adaf
14/2/2020 - 12:46:30.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dskquota.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5e95dc5fe600adaf
14/2/2020 - 12:46:30.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dskquota_31bf3856ad364e35_6.1.7600.16385_none_da0863a5ce0e335f
14/2/2020 - 12:46:30.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dskquota_31bf3856ad364e35_6.1.7600.16385_none_da0863a5ce0e335f
14/2/2020 - 12:46:30.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dskquoui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_93af923017117ca8
14/2/2020 - 12:46:30.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dskquoui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_93af923017117ca8
14/2/2020 - 12:46:30.356Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:30.497Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:30.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dwm-adm_31bf3856ad364e35_6.1.7600.16385_none_9fc006a1b57beb3a
14/2/2020 - 12:46:30.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dwm-adm_31bf3856ad364e35_6.1.7600.16385_none_9fc006a1b57beb3a
14/2/2020 - 12:46:30.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2
14/2/2020 - 12:46:30.543Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2
14/2/2020 - 12:46:30.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2
14/2/2020 - 12:46:30.684Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:30.778Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:30.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..-enforcement-client_31bf3856ad364e35_6.1.7600.16385_none_3efbe964e010a5aa
14/2/2020 - 12:46:30.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..-enforcement-client_31bf3856ad364e35_6.1.7600.16385_none_3efbe964e010a5aa
14/2/2020 - 12:46:30.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..-mcetuningoverrides_31bf3856ad364e35_6.1.7600.16385_none_2b64302bc8dc3b49
14/2/2020 - 12:46:30.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..-mcetuningoverrides_31bf3856ad364e35_6.1.7600.16385_none_2b64302bc8dc3b49
14/2/2020 - 12:46:30.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.1.7601.17514_none_c239909bda09b2ac
14/2/2020 - 12:46:30.872Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.1.7601.17514_none_c239909bda09b2ac
14/2/2020 - 12:46:30.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.1.7601.17514_none_c239909bda09b2ac
14/2/2020 - 12:46:30.965Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:31.106Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:31.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..ardplugin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a20a3159ecc849eb
14/2/2020 - 12:46:31.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..ardplugin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a20a3159ecc849eb
14/2/2020 - 12:46:31.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..e-managed-regmceapp_31bf3856ad364e35_6.1.7600.16385_none_b13a0967547ecab4
14/2/2020 - 12:46:31.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..e-managed-regmceapp_31bf3856ad364e35_6.1.7600.16385_none_b13a0967547ecab4\RegisterMCEApp.exe
14/2/2020 - 12:46:31.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..e-managed-regmceapp_31bf3856ad364e35_6.1.7600.16385_none_b13a0967547ecab4\RegisterMCEApp.exeRegisterMCEApp.exe
14/2/2020 - 12:46:31.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..e-managed-regmceapp_31bf3856ad364e35_6.1.7600.16385_none_b13a0967547ecab4\RegisterMCEApp.exe
14/2/2020 - 12:46:31.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..e-managed-regmceapp_31bf3856ad364e35_6.1.7600.16385_none_b13a0967547ecab4\RegisterMCEApp.exe
14/2/2020 - 12:46:31.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..e-managed-regmceapp_31bf3856ad364e35_6.1.7600.16385_none_b13a0967547ecab4\RegisterMCEApp.exe
14/2/2020 - 12:46:31.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..e-managed-regmceapp_31bf3856ad364e35_6.1.7600.16385_none_b13a0967547ecab4
14/2/2020 - 12:46:31.247Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:31.293Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:31.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..eady_eula.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_976fa155a6c13abd
14/2/2020 - 12:46:31.387Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..eady_eula.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_976fa155a6c13abd
14/2/2020 - 12:46:31.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..eady_eula.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_976fa155a6c13abd
14/2/2020 - 12:46:31.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001
14/2/2020 - 12:46:31.434Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001
14/2/2020 - 12:46:31.481Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001
14/2/2020 - 12:46:31.528Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001
14/2/2020 - 12:46:31.575Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001
14/2/2020 - 12:46:31.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001
14/2/2020 - 12:46:31.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..estorageengine-isam_31bf3856ad364e35_6.1.7601.17514_none_500a4c5042ab494a
14/2/2020 - 12:46:31.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..estorageengine-isam_31bf3856ad364e35_6.1.7601.17514_none_500a4c5042ab494a
14/2/2020 - 12:46:31.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..estorageengine-isam_31bf3856ad364e35_6.1.7601.17577_none_4fcc6da642d93cf5
14/2/2020 - 12:46:31.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..estorageengine-isam_31bf3856ad364e35_6.1.7601.17577_none_4fcc6da642d93cf5
14/2/2020 - 12:46:31.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..estorageengine-isam_31bf3856ad364e35_6.1.7601.21680_none_5044387f5c05474f
14/2/2020 - 12:46:31.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..estorageengine-isam_31bf3856ad364e35_6.1.7601.21680_none_5044387f5c05474f
14/2/2020 - 12:46:31.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..extension.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_155112291a02954b
14/2/2020 - 12:46:31.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..extension.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_155112291a02954b
14/2/2020 - 12:46:31.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..iewer-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a6c7d3b81a2ca152
14/2/2020 - 12:46:31.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..iewer-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a6c7d3b81a2ca152
14/2/2020 - 12:46:31.622Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:31.762Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:31.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..mmandline.resources_31bf3856ad364e35_6.1.7600.16385_en-us_908e3b2110ef94f2
14/2/2020 - 12:46:31.856Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..mmandline.resources_31bf3856ad364e35_6.1.7600.16385_en-us_908e3b2110ef94f2
14/2/2020 - 12:46:31.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..ongestioncontroller_31bf3856ad364e35_6.1.7600.16385_none_2d0d4f8fff2621f0
14/2/2020 - 12:46:31.856Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..ongestioncontroller_31bf3856ad364e35_6.1.7600.16385_none_2d0d4f8fff2621f0
14/2/2020 - 12:46:31.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..onitoring.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ffda558b8a1b0580
14/2/2020 - 12:46:31.856Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..onitoring.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ffda558b8a1b0580
14/2/2020 - 12:46:31.903Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:32.43Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:32.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..rding-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_29c52a1edb83ced7
14/2/2020 - 12:46:32.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..rding-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_29c52a1edb83ced7
14/2/2020 - 12:46:32.184Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:32.325Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:32.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..tvratings.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8358aa274f88ac93
14/2/2020 - 12:46:32.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..tvratings.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8358aa274f88ac93
14/2/2020 - 12:46:32.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-efs-core-library_31bf3856ad364e35_6.1.7601.17514_none_b4c7e8f4ae2a1921
14/2/2020 - 12:46:32.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-efs-core-library_31bf3856ad364e35_6.1.7601.17514_none_b4c7e8f4ae2a1921
14/2/2020 - 12:46:32.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-efs-rekeywiz.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_16e586d4c0c32194
14/2/2020 - 12:46:32.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-efs-rekeywiz.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_16e586d4c0c32194
14/2/2020 - 12:46:32.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-efs-ui_31bf3856ad364e35_6.1.7600.16385_none_5269b9a9a14782a8
14/2/2020 - 12:46:32.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-efs-ui_31bf3856ad364e35_6.1.7600.16385_none_5269b9a9a14782a8\efsui.exe
14/2/2020 - 12:46:32.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-efs-ui_31bf3856ad364e35_6.1.7600.16385_none_5269b9a9a14782a8\efsui.exe
14/2/2020 - 12:46:32.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-efs-ui_31bf3856ad364e35_6.1.7600.16385_none_5269b9a9a14782a8\efsui.exe
14/2/2020 - 12:46:32.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-efs-ui_31bf3856ad364e35_6.1.7600.16385_none_5269b9a9a14782a8\efsui.exe
14/2/2020 - 12:46:32.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-efs-ui_31bf3856ad364e35_6.1.7600.16385_none_5269b9a9a14782a8
14/2/2020 - 12:46:32.512Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:32.559Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:32.700Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:32.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-efsadu_31bf3856ad364e35_6.1.7600.16385_none_5025676fa2fdb461
14/2/2020 - 12:46:32.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-efsadu_31bf3856ad364e35_6.1.7600.16385_none_5025676fa2fdb461
14/2/2020 - 12:46:32.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-bmldatacarousel_31bf3856ad364e35_6.1.7601.17514_none_665e242c66aed12f
14/2/2020 - 12:46:32.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-bmldatacarousel_31bf3856ad364e35_6.1.7601.17514_none_665e242c66aed12f
14/2/2020 - 12:46:32.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-mcx2prov_31bf3856ad364e35_6.1.7600.16385_none_3482237b32c1daff
14/2/2020 - 12:46:32.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-mcx2prov_31bf3856ad364e35_6.1.7600.16385_none_3482237b32c1daff\Mcx2Prov.exe
14/2/2020 - 12:46:32.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-mcx2prov_31bf3856ad364e35_6.1.7600.16385_none_3482237b32c1daff\Mcx2Prov.exe
14/2/2020 - 12:46:32.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-mcx2prov_31bf3856ad364e35_6.1.7600.16385_none_3482237b32c1daff\Mcx2Prov.exe
14/2/2020 - 12:46:32.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-mcx2prov_31bf3856ad364e35_6.1.7600.16385_none_3482237b32c1daff\Mcx2Prov.exe
14/2/2020 - 12:46:32.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-mcx2prov_31bf3856ad364e35_6.1.7600.16385_none_3482237b32c1daff
14/2/2020 - 12:46:32.840Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:32.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.1.7600.16385_none_8bd2a8c89bf31042
14/2/2020 - 12:46:32.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.1.7600.16385_none_8bd2a8c89bf31042
14/2/2020 - 12:46:32.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehkorime_31bf3856ad364e35_6.1.7600.16385_none_4ad84a579cb593ce
14/2/2020 - 12:46:32.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehkorime_31bf3856ad364e35_6.1.7600.16385_none_4ad84a579cb593ce
14/2/2020 - 12:46:32.981Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:33.122Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:33.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehprivjob_31bf3856ad364e35_6.1.7601.17514_none_53393627486ae37b
14/2/2020 - 12:46:33.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehprivjob_31bf3856ad364e35_6.1.7601.17514_none_53393627486ae37b
14/2/2020 - 12:46:33.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.1.7600.16385_none_ae00f59c6a2932c3
14/2/2020 - 12:46:33.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.1.7600.16385_none_ae00f59c6a2932c3
14/2/2020 - 12:46:33.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehskb_31bf3856ad364e35_6.1.7601.17514_none_a8a886f06bf01c83
14/2/2020 - 12:46:33.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehskb_31bf3856ad364e35_6.1.7601.17514_none_a8a886f06bf01c83
14/2/2020 - 12:46:33.262Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:33.403Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:33.543Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:33.684Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:33.731Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:33.778Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:33.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-mcplayer_31bf3856ad364e35_6.1.7601.18523_none_c1af780fce8af29e
14/2/2020 - 12:46:33.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-mcplayer_31bf3856ad364e35_6.1.7601.18523_none_c1af780fce8af29e
14/2/2020 - 12:46:33.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-mcweblauncher_31bf3856ad364e35_6.1.7600.16385_none_5846a8771b202706
14/2/2020 - 12:46:33.825Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-mcweblauncher_31bf3856ad364e35_6.1.7600.16385_none_5846a8771b202706
14/2/2020 - 12:46:33.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-mcweblauncher_31bf3856ad364e35_6.1.7600.16385_none_5846a8771b202706
14/2/2020 - 12:46:34.12Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:34.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-reg-inf_31bf3856ad364e35_6.1.7601.17514_none_535245f3d98ecb9a
14/2/2020 - 12:46:34.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-reg-inf_31bf3856ad364e35_6.1.7601.17514_none_535245f3d98ecb9a
14/2/2020 - 12:46:34.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-samplemedia_31bf3856ad364e35_6.1.7600.16385_none_b6b9b223710b3802
14/2/2020 - 12:46:34.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-samplemedia_31bf3856ad364e35_6.1.7600.16385_none_b6b9b223710b3802
14/2/2020 - 12:46:34.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-services-ehsched_31bf3856ad364e35_6.1.7600.16385_none_0167f08155bf1c81
14/2/2020 - 12:46:34.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-services-ehsched_31bf3856ad364e35_6.1.7600.16385_none_0167f08155bf1c81\ehsched.exe
14/2/2020 - 12:46:34.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-services-ehsched_31bf3856ad364e35_6.1.7600.16385_none_0167f08155bf1c81\ehsched.exe
14/2/2020 - 12:46:34.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-services-ehsched_31bf3856ad364e35_6.1.7600.16385_none_0167f08155bf1c81\ehsched.exe
14/2/2020 - 12:46:34.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-services-ehsched_31bf3856ad364e35_6.1.7600.16385_none_0167f08155bf1c81\ehsched.exe
14/2/2020 - 12:46:34.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-services-ehsched_31bf3856ad364e35_6.1.7600.16385_none_0167f08155bf1c81
14/2/2020 - 12:46:34.153Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:34.293Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:34.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-enhancedvideorenderer_31bf3856ad364e35_6.1.7601.19091_none_ed6ecbcee369de57
14/2/2020 - 12:46:34.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-enhancedvideorenderer_31bf3856ad364e35_6.1.7601.19091_none_ed6ecbcee369de57
14/2/2020 - 12:46:34.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_6.1.7601.18381_none_7e4dec9f1cbf5d0f
14/2/2020 - 12:46:34.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_6.1.7601.18381_none_7e4dec9f1cbf5d0f
14/2/2020 - 12:46:34.434Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:34.575Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:34.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eventcollector_31bf3856ad364e35_6.1.7600.16385_none_5702948e8e63fc30
14/2/2020 - 12:46:34.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eventcollector_31bf3856ad364e35_6.1.7600.16385_none_5702948e8e63fc30
14/2/2020 - 12:46:34.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_6.1.7600.16385_none_1cc9274696810e2f
14/2/2020 - 12:46:34.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_6.1.7600.16385_none_1cc9274696810e2f
14/2/2020 - 12:46:34.715Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:34.856Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:34.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eventlog_31bf3856ad364e35_6.1.7601.17514_none_3aea61892978b9c5
14/2/2020 - 12:46:34.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eventlog_31bf3856ad364e35_6.1.7601.17514_none_3aea61892978b9c5
14/2/2020 - 12:46:34.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eventviewer_31bf3856ad364e35_6.1.7601.23259_none_cc744f6bcbf3e9d6
14/2/2020 - 12:46:34.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eventviewer_31bf3856ad364e35_6.1.7601.23259_none_cc744f6bcbf3e9d6
14/2/2020 - 12:46:34.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:35.43Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:35.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332
14/2/2020 - 12:46:35.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
14/2/2020 - 12:46:35.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
14/2/2020 - 12:46:35.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
14/2/2020 - 12:46:35.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
14/2/2020 - 12:46:35.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332
14/2/2020 - 12:46:35.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-extrac32_31bf3856ad364e35_6.1.7600.16385_none_371e8c461d966a55
14/2/2020 - 12:46:35.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-extrac32_31bf3856ad364e35_6.1.7600.16385_none_371e8c461d966a55
14/2/2020 - 12:46:35.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..-microsoftsansserif_31bf3856ad364e35_6.1.7601.18528_none_873924b85eaecc3e
14/2/2020 - 12:46:35.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..-microsoftsansserif_31bf3856ad364e35_6.1.7601.18528_none_873924b85eaecc3e
14/2/2020 - 12:46:35.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..-microsoftsansserif_31bf3856ad364e35_6.1.7601.22739_none_87b8f3c777d39e77
14/2/2020 - 12:46:35.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..-microsoftsansserif_31bf3856ad364e35_6.1.7601.22739_none_87b8f3c777d39e77
14/2/2020 - 12:46:35.184Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:35.325Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:35.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..acefilter.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_15b8ee0f93c982f4
14/2/2020 - 12:46:35.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..acefilter.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_15b8ee0f93c982f4
14/2/2020 - 12:46:35.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..allconfig-installer_31bf3856ad364e35_6.1.7600.16385_none_731e1fe6187914ea
14/2/2020 - 12:46:35.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..allconfig-installer_31bf3856ad364e35_6.1.7600.16385_none_731e1fe6187914ea
14/2/2020 - 12:46:35.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..e-arabictypesetting_31bf3856ad364e35_6.1.7600.16385_none_ac30f980e1dc3fac
14/2/2020 - 12:46:35.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..e-arabictypesetting_31bf3856ad364e35_6.1.7600.16385_none_ac30f980e1dc3fac
14/2/2020 - 12:46:35.465Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:35.606Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:35.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..e-traditionalarabic_31bf3856ad364e35_6.1.7600.16385_none_6d5a9b4c052c604d
14/2/2020 - 12:46:35.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..e-traditionalarabic_31bf3856ad364e35_6.1.7600.16385_none_6d5a9b4c052c604d
14/2/2020 - 12:46:35.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..emutilityfatlibrary_31bf3856ad364e35_6.1.7600.16385_none_aa56df3c7375ad12
14/2/2020 - 12:46:35.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..emutilityfatlibrary_31bf3856ad364e35_6.1.7600.16385_none_aa56df3c7375ad12
14/2/2020 - 12:46:35.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..etype-timesnewroman_31bf3856ad364e35_6.1.7601.18528_none_3b8ea6daaffb68a5
14/2/2020 - 12:46:35.700Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..etype-timesnewroman_31bf3856ad364e35_6.1.7601.18528_none_3b8ea6daaffb68a5
14/2/2020 - 12:46:35.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..etype-timesnewroman_31bf3856ad364e35_6.1.7601.18528_none_3b8ea6daaffb68a5
14/2/2020 - 12:46:35.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..k-service.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e0893582ecc10b1a
14/2/2020 - 12:46:35.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..k-service.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e0893582ecc10b1a
14/2/2020 - 12:46:35.747Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:35.887Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:35.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..mutilityudfslibrary_31bf3856ad364e35_6.1.7600.16385_none_47b58277763a90ff
14/2/2020 - 12:46:35.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..mutilityudfslibrary_31bf3856ad364e35_6.1.7600.16385_none_47b58277763a90ff
14/2/2020 - 12:46:35.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..opycompareutilities_31bf3856ad364e35_6.1.7600.16385_none_3575d2dc8edf4a22
14/2/2020 - 12:46:35.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..opycompareutilities_31bf3856ad364e35_6.1.7600.16385_none_3575d2dc8edf4a22
14/2/2020 - 12:46:36.28Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:36.75Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:36.215Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:36.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..ruetype-plantagenet_31bf3856ad364e35_6.1.7600.16385_none_47246d9331e672af
14/2/2020 - 12:46:36.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..ruetype-plantagenet_31bf3856ad364e35_6.1.7600.16385_none_47246d9331e672af
14/2/2020 - 12:46:36.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..truetype-angsananew_31bf3856ad364e35_6.1.7600.16385_none_bfea396e1dabb335
14/2/2020 - 12:46:36.262Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..truetype-angsananew_31bf3856ad364e35_6.1.7600.16385_none_bfea396e1dabb335
14/2/2020 - 12:46:36.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..truetype-angsananew_31bf3856ad364e35_6.1.7600.16385_none_bfea396e1dabb335
14/2/2020 - 12:46:36.356Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:36.497Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:36.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..truetype-angsanaupc_31bf3856ad364e35_6.1.7600.16385_none_c5a2a76019e76995
14/2/2020 - 12:46:36.543Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..truetype-angsanaupc_31bf3856ad364e35_6.1.7600.16385_none_c5a2a76019e76995
14/2/2020 - 12:46:36.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..truetype-angsanaupc_31bf3856ad364e35_6.1.7600.16385_none_c5a2a76019e76995
14/2/2020 - 12:46:36.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..truetype-lucidasans_31bf3856ad364e35_6.1.7600.16385_none_d0e8774fa1155a53
14/2/2020 - 12:46:36.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..truetype-lucidasans_31bf3856ad364e35_6.1.7600.16385_none_d0e8774fa1155a53
14/2/2020 - 12:46:36.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..truetype-segoeprint_31bf3856ad364e35_6.1.7600.16385_none_50896942163a554e
14/2/2020 - 12:46:36.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..truetype-segoeprint_31bf3856ad364e35_6.1.7600.16385_none_50896942163a554e
14/2/2020 - 12:46:36.684Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:36.825Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:36.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..uetype-browalliaupc_31bf3856ad364e35_6.1.7600.16385_none_8e8a0e8706e4503f
14/2/2020 - 12:46:36.872Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..uetype-browalliaupc_31bf3856ad364e35_6.1.7600.16385_none_8e8a0e8706e4503f
14/2/2020 - 12:46:36.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..uetype-browalliaupc_31bf3856ad364e35_6.1.7600.16385_none_8e8a0e8706e4503f
14/2/2020 - 12:46:36.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-fax-service.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_387d14bd7c09a9bc
14/2/2020 - 12:46:36.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-fax-service.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_387d14bd7c09a9bc
14/2/2020 - 12:46:37.12Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:37.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-fdddo_31bf3856ad364e35_6.1.7600.16385_none_b0de2afe4ca7a1e2
14/2/2020 - 12:46:37.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-fdddo_31bf3856ad364e35_6.1.7600.16385_none_b0de2afe4ca7a1e2
14/2/2020 - 12:46:37.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-fde.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ec18a3ff7f3181fe
14/2/2020 - 12:46:37.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-fde.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ec18a3ff7f3181fe
14/2/2020 - 12:46:37.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-feedback-service_31bf3856ad364e35_6.1.7600.16385_none_d5c0e508aa96a650
14/2/2020 - 12:46:37.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-feedback-service_31bf3856ad364e35_6.1.7600.16385_none_d5c0e508aa96a650
14/2/2020 - 12:46:37.153Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:37.293Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:37.340Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:37.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-filesys-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5485525c7a60f749
14/2/2020 - 12:46:37.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-filesys-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5485525c7a60f749
14/2/2020 - 12:46:37.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-filtermanager-utils_31bf3856ad364e35_6.1.7600.16385_none_7582a4a93f08b488
14/2/2020 - 12:46:37.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-filtermanager-utils_31bf3856ad364e35_6.1.7600.16385_none_7582a4a93f08b488
14/2/2020 - 12:46:37.481Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:37.622Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:37.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_ar-sa_1ae1925f96e1ea47
14/2/2020 - 12:46:37.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_ar-sa_1ae1925f96e1ea47
14/2/2020 - 12:46:37.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_fi-fi_bfb240270a830f20
14/2/2020 - 12:46:37.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_fi-fi_bfb240270a830f20
14/2/2020 - 12:46:37.762Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:37.903Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:37.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_hr-hr_ecc8398c10d3edd4
14/2/2020 - 12:46:37.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_hr-hr_ecc8398c10d3edd4
14/2/2020 - 12:46:37.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_hu-hu_e06da86617ab812c
14/2/2020 - 12:46:37.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_hu-hu_e06da86617ab812c
14/2/2020 - 12:46:37.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_66ac27447c5e1741
14/2/2020 - 12:46:37.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_66ac27447c5e1741
14/2/2020 - 12:46:37.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_pt-pt_2d228c23dc8c3814
14/2/2020 - 12:46:37.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_pt-pt_2d228c23dc8c3814
14/2/2020 - 12:46:37.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_ro-ro_93df2ae4c2ef11d8
14/2/2020 - 12:46:37.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_ro-ro_93df2ae4c2ef11d8
14/2/2020 - 12:46:38.43Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:38.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_sl-si_d6fbb9262d4a0b13
14/2/2020 - 12:46:38.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_sl-si_d6fbb9262d4a0b13
14/2/2020 - 12:46:38.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_eda9df32202cdb55
14/2/2020 - 12:46:38.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_eda9df32202cdb55
14/2/2020 - 12:46:38.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_th-th_02d82a69a4c2340c
14/2/2020 - 12:46:38.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_th-th_02d82a69a4c2340c
14/2/2020 - 12:46:38.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_zh-tw_b4d76dc2a0a2a6d5
14/2/2020 - 12:46:38.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_zh-tw_b4d76dc2a0a2a6d5
14/2/2020 - 12:46:38.184Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:38.325Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:38.372Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:38.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.1.7601.17514_none_d0a9759ec3fa9e2d
14/2/2020 - 12:46:38.465Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.1.7601.17514_none_d0a9759ec3fa9e2d
14/2/2020 - 12:46:38.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.1.7601.17514_none_d0a9759ec3fa9e2d
14/2/2020 - 12:46:38.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.1.7601.21733_none_d11c742ddd2959a9
14/2/2020 - 12:46:38.512Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.1.7601.21733_none_d11c742ddd2959a9
14/2/2020 - 12:46:38.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.1.7601.21733_none_d11c742ddd2959a9
14/2/2020 - 12:46:38.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-calibri_31bf3856ad364e35_6.1.7601.18528_none_48c54d300668b1aa
14/2/2020 - 12:46:38.559Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-calibri_31bf3856ad364e35_6.1.7601.18528_none_48c54d300668b1aa
14/2/2020 - 12:46:38.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-calibri_31bf3856ad364e35_6.1.7601.18528_none_48c54d300668b1aa
14/2/2020 - 12:46:38.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-calibri_31bf3856ad364e35_6.1.7601.22118_none_4959b0691f7e43c0
14/2/2020 - 12:46:38.606Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-calibri_31bf3856ad364e35_6.1.7601.22118_none_4959b0691f7e43c0
14/2/2020 - 12:46:38.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-calibri_31bf3856ad364e35_6.1.7601.22118_none_4959b0691f7e43c0
14/2/2020 - 12:46:38.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-cambria_31bf3856ad364e35_6.1.7601.17514_none_50c7a4451ab021fd
14/2/2020 - 12:46:38.653Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-cambria_31bf3856ad364e35_6.1.7601.17514_none_50c7a4451ab021fd
14/2/2020 - 12:46:38.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-cambria_31bf3856ad364e35_6.1.7601.17514_none_50c7a4451ab021fd
14/2/2020 - 12:46:38.747Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:38.965Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:39.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-consolas_31bf3856ad364e35_6.1.7600.16385_none_c5e444bbbf030bfa
14/2/2020 - 12:46:39.12Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-consolas_31bf3856ad364e35_6.1.7600.16385_none_c5e444bbbf030bfa
14/2/2020 - 12:46:39.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-consolas_31bf3856ad364e35_6.1.7600.16385_none_c5e444bbbf030bfa
14/2/2020 - 12:46:39.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-david_31bf3856ad364e35_6.1.7600.16385_none_b50b10afa0728978
14/2/2020 - 12:46:39.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-david_31bf3856ad364e35_6.1.7600.16385_none_b50b10afa0728978
14/2/2020 - 12:46:39.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-gautami_31bf3856ad364e35_6.1.7600.16385_none_d7a960cbb5ebb166
14/2/2020 - 12:46:39.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-gautami_31bf3856ad364e35_6.1.7600.16385_none_d7a960cbb5ebb166
14/2/2020 - 12:46:39.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-georgia_31bf3856ad364e35_6.1.7600.16385_none_8ceadd6195267598
14/2/2020 - 12:46:39.59Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-georgia_31bf3856ad364e35_6.1.7600.16385_none_8ceadd6195267598
14/2/2020 - 12:46:39.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-georgia_31bf3856ad364e35_6.1.7600.16385_none_8ceadd6195267598
14/2/2020 - 12:46:39.200Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:39.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-impact_31bf3856ad364e35_6.1.7601.17514_none_a7740a1a89b08d82
14/2/2020 - 12:46:39.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-impact_31bf3856ad364e35_6.1.7601.17514_none_a7740a1a89b08d82
14/2/2020 - 12:46:39.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-kartika_31bf3856ad364e35_6.1.7600.16385_none_66211148328492ad
14/2/2020 - 12:46:39.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-kartika_31bf3856ad364e35_6.1.7600.16385_none_66211148328492ad
14/2/2020 - 12:46:39.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-latha_31bf3856ad364e35_6.1.7600.16385_none_cca6b1a135d8195c
14/2/2020 - 12:46:39.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-latha_31bf3856ad364e35_6.1.7600.16385_none_cca6b1a135d8195c
14/2/2020 - 12:46:39.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-marlett_31bf3856ad364e35_6.1.7600.16385_none_aa49e9141901cae9
14/2/2020 - 12:46:39.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-marlett_31bf3856ad364e35_6.1.7600.16385_none_aa49e9141901cae9
14/2/2020 - 12:46:39.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-mingliub_31bf3856ad364e35_6.1.7600.16385_none_2516994551e62499
14/2/2020 - 12:46:39.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-mingliub_31bf3856ad364e35_6.1.7600.16385_none_2516994551e62499
14/2/2020 - 12:46:39.340Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:39.481Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:39.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-mvboli_31bf3856ad364e35_6.1.7600.16385_none_cee2efd161995b03
14/2/2020 - 12:46:39.528Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-mvboli_31bf3856ad364e35_6.1.7600.16385_none_cee2efd161995b03
14/2/2020 - 12:46:39.622Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:39.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-simhei_31bf3856ad364e35_6.1.7600.16385_none_501ca8058dc5e9fb
14/2/2020 - 12:46:39.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-simhei_31bf3856ad364e35_6.1.7600.16385_none_501ca8058dc5e9fb
14/2/2020 - 12:46:39.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-tahoma_31bf3856ad364e35_6.1.7600.16385_none_8bc15c538e547e20
14/2/2020 - 12:46:39.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-tahoma_31bf3856ad364e35_6.1.7600.16385_none_8bc15c538e547e20
14/2/2020 - 12:46:39.762Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:39.809Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:39.950Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:40.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-tahoma_31bf3856ad364e35_6.1.7601.18528_none_8deb8a8f8b479ca8
14/2/2020 - 12:46:40.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-tahoma_31bf3856ad364e35_6.1.7601.18528_none_8deb8a8f8b479ca8
14/2/2020 - 12:46:40.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-tahoma_31bf3856ad364e35_6.1.7601.22739_none_8e6b599ea46c6ee1
14/2/2020 - 12:46:40.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-tahoma_31bf3856ad364e35_6.1.7601.22739_none_8e6b599ea46c6ee1
14/2/2020 - 12:46:40.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-vani_31bf3856ad364e35_6.1.7601.17514_none_5a885c9b0fafaf30
14/2/2020 - 12:46:40.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-vani_31bf3856ad364e35_6.1.7601.17514_none_5a885c9b0fafaf30
14/2/2020 - 12:46:40.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-verdana_31bf3856ad364e35_6.1.7601.17621_none_1c9159ab15d83b94
14/2/2020 - 12:46:40.43Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-verdana_31bf3856ad364e35_6.1.7601.17621_none_1c9159ab15d83b94
14/2/2020 - 12:46:40.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-verdana_31bf3856ad364e35_6.1.7601.17621_none_1c9159ab15d83b94
14/2/2020 - 12:46:40.137Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:40.278Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:40.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-forfiles.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_363ff22c7096007b
14/2/2020 - 12:46:40.325Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-forfiles.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_363ff22c7096007b
14/2/2020 - 12:46:40.418Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:40.559Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:40.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-fsutil_31bf3856ad364e35_6.1.7601.21680_none_2ac406171fe62477
14/2/2020 - 12:46:40.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-fsutil_31bf3856ad364e35_6.1.7601.21680_none_2ac406171fe62477
14/2/2020 - 12:46:40.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..-admfiles.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_bc6570e3e14da01e
14/2/2020 - 12:46:40.606Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..-admfiles.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_bc6570e3e14da01e
14/2/2020 - 12:46:40.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..-admfiles.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_bc6570e3e14da01e
14/2/2020 - 12:46:40.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..-base-mof.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_fe3b52862a4b709d
14/2/2020 - 12:46:40.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..-base-mof.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_fe3b52862a4b709d
14/2/2020 - 12:46:40.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2f138018ac806c42
14/2/2020 - 12:46:40.653Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2f138018ac806c42
14/2/2020 - 12:46:40.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2f138018ac806c42
14/2/2020 - 12:46:40.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g...scrptadm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_682607ddbf47daac
14/2/2020 - 12:46:40.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g...scrptadm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_682607ddbf47daac
14/2/2020 - 12:46:40.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..acheclean-lithuania_31bf3856ad364e35_6.1.7601.22919_none_32924e9c785abcce
14/2/2020 - 12:46:40.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..acheclean-lithuania_31bf3856ad364e35_6.1.7601.22919_none_32924e9c785abcce
14/2/2020 - 12:46:40.747Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:40.887Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:40.934Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:40.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..decacheclean-canada_31bf3856ad364e35_6.1.7601.18528_none_a6e5cc71387611d5
14/2/2020 - 12:46:40.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..decacheclean-canada_31bf3856ad364e35_6.1.7601.18528_none_a6e5cc71387611d5
14/2/2020 - 12:46:40.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..ewowregisteredowner_31bf3856ad364e35_6.1.7600.21033_none_e2844eb6d747d285
14/2/2020 - 12:46:40.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..ewowregisteredowner_31bf3856ad364e35_6.1.7600.21033_none_e2844eb6d747d285
14/2/2020 - 12:46:41.75Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:41.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..ewowregisteredowner_31bf3856ad364e35_6.1.7601.17671_none_e3b3f68bbb72a87b
14/2/2020 - 12:46:41.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..ewowregisteredowner_31bf3856ad364e35_6.1.7601.17671_none_e3b3f68bbb72a87b
14/2/2020 - 12:46:41.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cb3832f249cfef71
14/2/2020 - 12:46:41.168Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cb3832f249cfef71
14/2/2020 - 12:46:41.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cb3832f249cfef71
14/2/2020 - 12:46:41.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..it-snapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0870d4d156ba0246
14/2/2020 - 12:46:41.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..it-snapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0870d4d156ba0246
14/2/2020 - 12:46:41.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..licy-admin-admfiles_31bf3856ad364e35_6.1.7600.16385_none_beabfc5b1399cd8e
14/2/2020 - 12:46:41.215Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..licy-admin-admfiles_31bf3856ad364e35_6.1.7600.16385_none_beabfc5b1399cd8e
14/2/2020 - 12:46:41.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..licy-admin-admfiles_31bf3856ad364e35_6.1.7600.16385_none_beabfc5b1399cd8e
14/2/2020 - 12:46:41.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..licy-base.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_20f6d78ef439b792
14/2/2020 - 12:46:41.262Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..licy-base.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_20f6d78ef439b792
14/2/2020 - 12:46:41.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..licy-base.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_20f6d78ef439b792
14/2/2020 - 12:46:41.356Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:41.450Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:41.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..lorer-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ab2bc47801efd405
14/2/2020 - 12:46:41.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..lorer-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ab2bc47801efd405
14/2/2020 - 12:46:41.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..maker-mof.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_fdc12e83dcdc52b2
14/2/2020 - 12:46:41.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..maker-mof.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_fdc12e83dcdc52b2
14/2/2020 - 12:46:41.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8
14/2/2020 - 12:46:41.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8
14/2/2020 - 12:46:41.590Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:41.731Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:41.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..shell-exe.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9e56341f7b66514a
14/2/2020 - 12:46:41.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..shell-exe.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9e56341f7b66514a
14/2/2020 - 12:46:41.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..validatefntcache-03_31bf3856ad364e35_6.1.7601.22045_none_a75e29e84a6157b6
14/2/2020 - 12:46:41.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..validatefntcache-03_31bf3856ad364e35_6.1.7601.22045_none_a75e29e84a6157b6
14/2/2020 - 12:46:41.872Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:42.12Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:42.59Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:42.106Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:42.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..validatefntcache-06_31bf3856ad364e35_6.1.7600.21329_none_a57100044d3f6a3e
14/2/2020 - 12:46:42.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..validatefntcache-06_31bf3856ad364e35_6.1.7600.21329_none_a57100044d3f6a3e\invalidateFntcache.exe
14/2/2020 - 12:46:42.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..validatefntcache-06_31bf3856ad364e35_6.1.7600.21329_none_a57100044d3f6a3e\invalidateFntcache.exeinvalidateFntcache.exe
14/2/2020 - 12:46:42.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..validatefntcache-06_31bf3856ad364e35_6.1.7600.21329_none_a57100044d3f6a3e\invalidateFntcache.exe
14/2/2020 - 12:46:42.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..validatefntcache-06_31bf3856ad364e35_6.1.7600.21329_none_a57100044d3f6a3e\invalidateFntcache.exe
14/2/2020 - 12:46:42.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..validatefntcache-06_31bf3856ad364e35_6.1.7600.21329_none_a57100044d3f6a3e\invalidateFntcache.exe
14/2/2020 - 12:46:42.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..validatefntcache-06_31bf3856ad364e35_6.1.7600.21329_none_a57100044d3f6a3e
14/2/2020 - 12:46:42.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f
14/2/2020 - 12:46:42.200Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f
14/2/2020 - 12:46:42.247Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f
14/2/2020 - 12:46:42.293Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f
14/2/2020 - 12:46:42.340Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f
14/2/2020 - 12:46:42.387Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f
14/2/2020 - 12:46:42.434Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f
14/2/2020 - 12:46:42.481Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f
14/2/2020 - 12:46:42.528Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f
14/2/2020 - 12:46:42.622Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:42.762Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:42.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.1.7601.17514_none_a026547dd7dc8bbc
14/2/2020 - 12:46:42.809Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.1.7601.17514_none_a026547dd7dc8bbc
14/2/2020 - 12:46:42.856Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.1.7601.17514_none_a026547dd7dc8bbc
14/2/2020 - 12:46:42.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18946_none_07da9f87713c7c4b
14/2/2020 - 12:46:42.856Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18946_none_07da9f87713c7c4b
14/2/2020 - 12:46:42.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18946_none_07da9f87713c7c4b
14/2/2020 - 12:46:42.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:43.137Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:43.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.23453_none_0856495c8a6516b8
14/2/2020 - 12:46:43.184Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.23453_none_0856495c8a6516b8
14/2/2020 - 12:46:43.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.23453_none_0856495c8a6516b8
14/2/2020 - 12:46:43.325Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:43.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..-bckupbas.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8ad0e4f03158c27a
14/2/2020 - 12:46:43.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..-bckupbas.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8ad0e4f03158c27a
14/2/2020 - 12:46:43.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..-escalate.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8038d8727b0fa1cf
14/2/2020 - 12:46:43.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..-escalate.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8038d8727b0fa1cf
14/2/2020 - 12:46:43.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..-firewall.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_841c445921e16a91
14/2/2020 - 12:46:43.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..-firewall.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_841c445921e16a91
14/2/2020 - 12:46:43.418Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:43.559Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:43.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..-recopack.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8fd8c163dd5bb6d1
14/2/2020 - 12:46:43.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..-recopack.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8fd8c163dd5bb6d1
14/2/2020 - 12:46:43.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..centercpl.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0497bb24700f237f
14/2/2020 - 12:46:43.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..centercpl.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0497bb24700f237f
14/2/2020 - 12:46:43.700Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:43.747Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:43.934Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:44.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..indetails.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5c383208db5a614a
14/2/2020 - 12:46:44.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..indetails.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5c383208db5a614a
14/2/2020 - 12:46:44.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..p-listsvc.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_be3f462496793720
14/2/2020 - 12:46:44.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..p-listsvc.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_be3f462496793720
14/2/2020 - 12:46:44.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..pport-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_caaa861f400da39b
14/2/2020 - 12:46:44.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..pport-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_caaa861f400da39b
14/2/2020 - 12:46:44.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..ragelayer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_fe35fb7998e36ab4
14/2/2020 - 12:46:44.28Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..ragelayer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_fe35fb7998e36ab4
14/2/2020 - 12:46:44.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..ragelayer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_fe35fb7998e36ab4
14/2/2020 - 12:46:44.75Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:44.215Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:44.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0b95f202f201ea4d
14/2/2020 - 12:46:44.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0b95f202f201ea4d
14/2/2020 - 12:46:44.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196
14/2/2020 - 12:46:44.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196
14/2/2020 - 12:46:44.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-hardware-policy_31bf3856ad364e35_6.1.7601.17514_none_604653a7c0745b40
14/2/2020 - 12:46:44.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-hardware-policy_31bf3856ad364e35_6.1.7601.17514_none_604653a7c0745b40
14/2/2020 - 12:46:44.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-hbaapi.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ee2f73d3ea90be30
14/2/2020 - 12:46:44.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-hbaapi.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ee2f73d3ea90be30
14/2/2020 - 12:46:44.356Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:44.497Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:44.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-adm_31bf3856ad364e35_6.1.7600.16385_none_893d90cda53294d1
14/2/2020 - 12:46:44.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-adm_31bf3856ad364e35_6.1.7600.16385_none_893d90cda53294d1
14/2/2020 - 12:46:44.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-articon.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_64c0d782a6d552b3
14/2/2020 - 12:46:44.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-articon.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_64c0d782a6d552b3
14/2/2020 - 12:46:44.637Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:44.778Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:44.825Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:44.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-artui4.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_731d6d543e2ad7d0
14/2/2020 - 12:46:44.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-artui4.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_731d6d543e2ad7d0
14/2/2020 - 12:46:44.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-browser.resources_31bf3856ad364e35_6.1.7601.17514_en-us_290e0dd098f0a1dc
14/2/2020 - 12:46:44.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-browser.resources_31bf3856ad364e35_6.1.7601.17514_en-us_290e0dd098f0a1dc
14/2/2020 - 12:46:44.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-clientproxy_31bf3856ad364e35_6.1.7600.16385_none_213ef63c2d65b1e8
14/2/2020 - 12:46:44.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-clientproxy_31bf3856ad364e35_6.1.7600.16385_none_213ef63c2d65b1e8
14/2/2020 - 12:46:44.965Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:45.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-deskpr.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_37990713b775cee8
14/2/2020 - 12:46:45.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-deskpr.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_37990713b775cee8
14/2/2020 - 12:46:45.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-diskmgt.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_85df7d592225e462
14/2/2020 - 12:46:45.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-diskmgt.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_85df7d592225e462
14/2/2020 - 12:46:45.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-efs.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7cdf1630ae0efc15
14/2/2020 - 12:46:45.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-efs.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7cdf1630ae0efc15
14/2/2020 - 12:46:45.106Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:45.247Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:45.340Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:45.481Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:45.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-medctr.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ebd170fdc0645c26
14/2/2020 - 12:46:45.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-medctr.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ebd170fdc0645c26
14/2/2020 - 12:46:45.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-mobctr.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6b54e3d2026e59aa
14/2/2020 - 12:46:45.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-mobctr.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6b54e3d2026e59aa
14/2/2020 - 12:46:45.622Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:45.762Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:45.809Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:45.950Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:46.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-playing.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d0cfe08cf013dd8b
14/2/2020 - 12:46:46.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-playing.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d0cfe08cf013dd8b
14/2/2020 - 12:46:46.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-privacy.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f289cca038118acb
14/2/2020 - 12:46:46.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-privacy.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f289cca038118acb
14/2/2020 - 12:46:46.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-seccntr.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9df7df9107127d1f
14/2/2020 - 12:46:46.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-seccntr.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9df7df9107127d1f
14/2/2020 - 12:46:46.43Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:46.184Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:46.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-sharing.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c2388b96baa6c0eb
14/2/2020 - 12:46:46.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-sharing.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c2388b96baa6c0eb
14/2/2020 - 12:46:46.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-sync.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_10bac40075512ad4
14/2/2020 - 12:46:46.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-sync.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_10bac40075512ad4
14/2/2020 - 12:46:46.325Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:46.465Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:46.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-vidclip.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_17efcc06696bbeae
14/2/2020 - 12:46:46.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-vidclip.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_17efcc06696bbeae
14/2/2020 - 12:46:46.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-wu.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5140a69d81b9f42f
14/2/2020 - 12:46:46.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-wu.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5140a69d81b9f42f
14/2/2020 - 12:46:46.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-homegroup-provsvc_31bf3856ad364e35_6.1.7601.17514_none_efe3724a04606825
14/2/2020 - 12:46:46.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-homegroup-provsvc_31bf3856ad364e35_6.1.7601.17514_none_efe3724a04606825
14/2/2020 - 12:46:46.606Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:46.747Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:46.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-hotstart.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ccbb3c74f5cb4576
14/2/2020 - 12:46:46.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-hotstart.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ccbb3c74f5cb4576
14/2/2020 - 12:46:46.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-htmlhelp-infotech_31bf3856ad364e35_6.1.7601.17514_none_54c9f2832a59c760
14/2/2020 - 12:46:46.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-htmlhelp-infotech_31bf3856ad364e35_6.1.7601.17514_none_54c9f2832a59c760
14/2/2020 - 12:46:46.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-htmlhelp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_12df6ed3076ce2ef
14/2/2020 - 12:46:46.793Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-htmlhelp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_12df6ed3076ce2ef
14/2/2020 - 12:46:46.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-htmlhelp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_12df6ed3076ce2ef
14/2/2020 - 12:46:46.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-http_31bf3856ad364e35_6.1.7601.17514_none_0ae701b82f7a7759
14/2/2020 - 12:46:46.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-http_31bf3856ad364e35_6.1.7601.17514_none_0ae701b82f7a7759
14/2/2020 - 12:46:46.934Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:46.981Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:47.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..-chinese-tipprofile_31bf3856ad364e35_6.1.7600.16385_none_e5b7521227445d5c
14/2/2020 - 12:46:47.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..-chinese-tipprofile_31bf3856ad364e35_6.1.7600.16385_none_e5b7521227445d5c
14/2/2020 - 12:46:47.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..-platform.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_af88a8721c67c87a
14/2/2020 - 12:46:47.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..-platform.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_af88a8721c67c87a
14/2/2020 - 12:46:47.122Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:47.262Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:47.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_11.2.9600.16428_none_eace14b8d6178cca
14/2/2020 - 12:46:47.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_11.2.9600.16428_none_eace14b8d6178cca
14/2/2020 - 12:46:47.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ansliteration-nowow_31bf3856ad364e35_6.1.7600.16385_none_b021af6864cb7d41
14/2/2020 - 12:46:47.356Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ansliteration-nowow_31bf3856ad364e35_6.1.7600.16385_none_b021af6864cb7d41
14/2/2020 - 12:46:47.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ansliteration-nowow_31bf3856ad364e35_6.1.7600.16385_none_b021af6864cb7d41
14/2/2020 - 12:46:47.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ard-japanese_nec-at_31bf3856ad364e35_6.1.7600.16385_none_a47030bcada37eea
14/2/2020 - 12:46:47.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ard-japanese_nec-at_31bf3856ad364e35_6.1.7600.16385_none_a47030bcada37eea
14/2/2020 - 12:46:47.403Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:47.543Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:47.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..cachingbasebinaries_31bf3856ad364e35_6.1.7601.17514_none_9e27c9e59ecd6328
14/2/2020 - 12:46:47.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..cachingbasebinaries_31bf3856ad364e35_6.1.7601.17514_none_9e27c9e59ecd6328
14/2/2020 - 12:46:47.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..compressionbinaries_31bf3856ad364e35_6.1.7601.17514_none_07f87d50aca10f6e
14/2/2020 - 12:46:47.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..compressionbinaries_31bf3856ad364e35_6.1.7601.17514_none_07f87d50aca10f6e
14/2/2020 - 12:46:47.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ctorybrowsebinaries_31bf3856ad364e35_6.1.7600.16385_none_96b859d89f2ebd3d
14/2/2020 - 12:46:47.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ctorybrowsebinaries_31bf3856ad364e35_6.1.7600.16385_none_96b859d89f2ebd3d
14/2/2020 - 12:46:47.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..cyscripts.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_75be9e5990d40602
14/2/2020 - 12:46:47.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..cyscripts.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_75be9e5990d40602
14/2/2020 - 12:46:47.684Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:47.825Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:47.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..e-trigramdictionary_31bf3856ad364e35_6.1.7600.16385_none_12d6b2e3587e9b12
14/2/2020 - 12:46:47.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..e-trigramdictionary_31bf3856ad364e35_6.1.7600.16385_none_12d6b2e3587e9b12
14/2/2020 - 12:46:47.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.1.7600.16385_none_0c2b375bae4a8d38
14/2/2020 - 12:46:47.872Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.1.7600.16385_none_0c2b375bae4a8d38
14/2/2020 - 12:46:47.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.1.7600.16385_none_0c2b375bae4a8d38
14/2/2020 - 12:46:47.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ed-chinese-csapplet_31bf3856ad364e35_6.1.7600.16385_none_9d765a74fa6fff30
14/2/2020 - 12:46:47.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ed-chinese-csapplet_31bf3856ad364e35_6.1.7600.16385_none_9d765a74fa6fff30
14/2/2020 - 12:46:47.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..eprotocol.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_723e35ad393df8a2
14/2/2020 - 12:46:47.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..eprotocol.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_723e35ad393df8a2
14/2/2020 - 12:46:47.965Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:48.12Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:48.153Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:48.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_et-ee_9ed31df1798cc171
14/2/2020 - 12:46:48.247Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_et-ee_9ed31df1798cc171
14/2/2020 - 12:46:48.293Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:48.434Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:48.481Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_ro-ro_ec00c1a5c7ea2c14
14/2/2020 - 12:46:48.481Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_ro-ro_ec00c1a5c7ea2c14
14/2/2020 - 12:46:48.481Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_ru-ru_ee690d31c664eee4
14/2/2020 - 12:46:48.481Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_ru-ru_ee690d31c664eee4
14/2/2020 - 12:46:48.528Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:48.668Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:48.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_sr-..-cs_2c1fb02935715739
14/2/2020 - 12:46:48.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_sr-..-cs_2c1fb02935715739
14/2/2020 - 12:46:48.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_uk-ua_cf512494a37b217c
14/2/2020 - 12:46:48.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_uk-ua_cf512494a37b217c
14/2/2020 - 12:46:48.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_11.2.9600.18349_none_9746e86debce47a5
14/2/2020 - 12:46:48.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_11.2.9600.18349_none_9746e86debce47a5
14/2/2020 - 12:46:48.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..escriptdetectiondll_31bf3856ad364e35_6.1.7600.16385_none_7ee0a08eb1402461
14/2/2020 - 12:46:48.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..escriptdetectiondll_31bf3856ad364e35_6.1.7600.16385_none_7ee0a08eb1402461
14/2/2020 - 12:46:48.809Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:48.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..eyboard-korean_101b_31bf3856ad364e35_6.1.7600.16385_none_e1bb76fb344e80e9
14/2/2020 - 12:46:48.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..eyboard-korean_101b_31bf3856ad364e35_6.1.7600.16385_none_e1bb76fb344e80e9
14/2/2020 - 12:46:48.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..favorites.resources_31bf3856ad364e35_11.2.9600.18349_en-us_7361104c79a07d20
14/2/2020 - 12:46:48.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..favorites.resources_31bf3856ad364e35_11.2.9600.18349_en-us_7361104c79a07d20
14/2/2020 - 12:46:48.981Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:49.28Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:49.122Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:49.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..gbinaries.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6f1875a8a0293474
14/2/2020 - 12:46:49.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..gbinaries.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6f1875a8a0293474
14/2/2020 - 12:46:49.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..gbinaries.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_911f1b9dc69cb0db
14/2/2020 - 12:46:49.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..gbinaries.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_911f1b9dc69cb0db
14/2/2020 - 12:46:49.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.1.7600.16385_none_af18775c5e06e5e2
14/2/2020 - 12:46:49.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.1.7600.16385_none_af18775c5e06e5e2
14/2/2020 - 12:46:49.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.1.7600.16385_none_c4d1464ab88fbcb4
14/2/2020 - 12:46:49.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.1.7600.16385_none_c4d1464ab88fbcb4
14/2/2020 - 12:46:49.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.1.7601.17514_none_9e29ed08727f054f
14/2/2020 - 12:46:49.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.1.7601.17514_none_9e29ed08727f054f
14/2/2020 - 12:46:49.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.1.7601.17514_none_fdf0304032171a90
14/2/2020 - 12:46:49.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.1.7601.17514_none_fdf0304032171a90
14/2/2020 - 12:46:49.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..hinese-imepadapplet_31bf3856ad364e35_6.1.7600.16385_none_571e064f15300c7b
14/2/2020 - 12:46:49.262Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..hinese-imepadapplet_31bf3856ad364e35_6.1.7600.16385_none_571e064f15300c7b
14/2/2020 - 12:46:49.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..hinese-imepadapplet_31bf3856ad364e35_6.1.7600.16385_none_571e064f15300c7b
14/2/2020 - 12:46:49.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..httploggingbinaries_31bf3856ad364e35_6.1.7600.16385_none_d80e847a4e2f66d3
14/2/2020 - 12:46:49.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..httploggingbinaries_31bf3856ad364e35_6.1.7600.16385_none_d80e847a4e2f66d3
14/2/2020 - 12:46:49.309Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:49.450Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:49.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ingconfig.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c8a3adb16c567736
14/2/2020 - 12:46:49.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ingconfig.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c8a3adb16c567736
14/2/2020 - 12:46:49.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1047_31bf3856ad364e35_6.1.7600.16385_none_80467ab92291d421
14/2/2020 - 12:46:49.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1047_31bf3856ad364e35_6.1.7600.16385_none_80467ab92291d421
14/2/2020 - 12:46:49.590Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:49.684Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:49.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1142_31bf3856ad364e35_6.1.7600.16385_none_7e0fd71d23fdd6d5
14/2/2020 - 12:46:49.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1142_31bf3856ad364e35_6.1.7600.16385_none_7e0fd71d23fdd6d5
14/2/2020 - 12:46:49.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1146_31bf3856ad364e35_6.1.7600.16385_none_7fd5f3d522d9e8f1
14/2/2020 - 12:46:49.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1146_31bf3856ad364e35_6.1.7600.16385_none_7fd5f3d522d9e8f1
14/2/2020 - 12:46:49.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1147_31bf3856ad364e35_6.1.7600.16385_none_80477b032290ed78
14/2/2020 - 12:46:49.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1147_31bf3856ad364e35_6.1.7600.16385_none_80477b032290ed78
14/2/2020 - 12:46:49.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1251_31bf3856ad364e35_6.1.7600.16385_none_7d9f397124460546
14/2/2020 - 12:46:49.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1251_31bf3856ad364e35_6.1.7600.16385_none_7d9f397124460546
14/2/2020 - 12:46:49.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1253_31bf3856ad364e35_6.1.7600.16385_none_7e8247cd23b40e54
14/2/2020 - 12:46:49.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1253_31bf3856ad364e35_6.1.7600.16385_none_7e8247cd23b40e54
14/2/2020 - 12:46:49.825Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:49.965Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:50.12Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:50.59Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:50.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1254_31bf3856ad364e35_6.1.7600.16385_none_7ef3cefb236b12db
14/2/2020 - 12:46:50.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1254_31bf3856ad364e35_6.1.7600.16385_none_7ef3cefb236b12db
14/2/2020 - 12:46:50.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1255_31bf3856ad364e35_6.1.7600.16385_none_7f65562923221762
14/2/2020 - 12:46:50.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1255_31bf3856ad364e35_6.1.7600.16385_none_7f65562923221762
14/2/2020 - 12:46:50.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1258_31bf3856ad364e35_6.1.7600.16385_none_80b9ebb3224724f7
14/2/2020 - 12:46:50.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1258_31bf3856ad364e35_6.1.7600.16385_none_80b9ebb3224724f7
14/2/2020 - 12:46:50.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.1.7601.17514_none_3899b0ad2bb77a86
14/2/2020 - 12:46:50.106Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.1.7601.17514_none_3899b0ad2bb77a86
14/2/2020 - 12:46:50.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.1.7601.17514_none_3899b0ad2bb77a86
14/2/2020 - 12:46:50.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..keyboard-korean_103_31bf3856ad364e35_6.1.7600.16385_none_1339db6bbca0b453
14/2/2020 - 12:46:50.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..keyboard-korean_103_31bf3856ad364e35_6.1.7600.16385_none_1339db6bbca0b453
14/2/2020 - 12:46:50.247Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:50.340Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:50.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000407_31bf3856ad364e35_6.1.7600.16385_none_45e041067c32db5b
14/2/2020 - 12:46:50.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000407_31bf3856ad364e35_6.1.7600.16385_none_45e041067c32db5b
14/2/2020 - 12:46:50.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000040f_31bf3856ad364e35_6.1.7600.16385_none_5ab812786eccb024
14/2/2020 - 12:46:50.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000040f_31bf3856ad364e35_6.1.7600.16385_none_5ab812786eccb024
14/2/2020 - 12:46:50.481Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:50.622Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:50.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000411_31bf3856ad364e35_6.1.7600.16385_none_4336ff2a7de8d9d2
14/2/2020 - 12:46:50.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000411_31bf3856ad364e35_6.1.7600.16385_none_4336ff2a7de8d9d2
14/2/2020 - 12:46:50.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000414_31bf3856ad364e35_6.1.7600.16385_none_448b94b47d0de767
14/2/2020 - 12:46:50.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000414_31bf3856ad364e35_6.1.7600.16385_none_448b94b47d0de767
14/2/2020 - 12:46:50.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000419_31bf3856ad364e35_6.1.7601.22739_none_496d35e591b8eecb
14/2/2020 - 12:46:50.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000419_31bf3856ad364e35_6.1.7601.22739_none_496d35e591b8eecb
14/2/2020 - 12:46:50.762Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:50.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000423_31bf3856ad364e35_6.1.7601.17514_none_464b0a867a45801b
14/2/2020 - 12:46:50.856Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000423_31bf3856ad364e35_6.1.7601.17514_none_464b0a867a45801b
14/2/2020 - 12:46:50.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000427_31bf3856ad364e35_6.1.7600.16385_none_45e013767c330e9d
14/2/2020 - 12:46:50.856Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000427_31bf3856ad364e35_6.1.7600.16385_none_45e013767c330e9d
14/2/2020 - 12:46:50.856Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:50.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:51.43Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:51.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000043f_31bf3856ad364e35_6.1.7600.16385_none_5ab7ce206eccfd07
14/2/2020 - 12:46:51.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000043f_31bf3856ad364e35_6.1.7600.16385_none_5ab7ce206eccfd07
14/2/2020 - 12:46:51.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000444_31bf3856ad364e35_6.1.7600.16385_none_448b505c7d0e344a
14/2/2020 - 12:46:51.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000444_31bf3856ad364e35_6.1.7600.16385_none_448b505c7d0e344a
14/2/2020 - 12:46:51.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000445_31bf3856ad364e35_6.1.7601.17514_none_472deb5279b3bc6b
14/2/2020 - 12:46:51.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000445_31bf3856ad364e35_6.1.7601.17514_none_472deb5279b3bc6b
14/2/2020 - 12:46:51.184Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:51.325Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:51.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000044a_31bf3856ad364e35_6.1.7601.17514_none_5ab1273a6d28839f
14/2/2020 - 12:46:51.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000044a_31bf3856ad364e35_6.1.7601.17514_none_5ab1273a6d28839f
14/2/2020 - 12:46:51.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000044e_31bf3856ad364e35_6.1.7601.17514_none_5c7743f26c0495bb
14/2/2020 - 12:46:51.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000044e_31bf3856ad364e35_6.1.7601.17514_none_5c7743f26c0495bb
14/2/2020 - 12:46:51.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000450_31bf3856ad364e35_6.1.7601.17514_none_44f630a47b20bf69
14/2/2020 - 12:46:51.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000450_31bf3856ad364e35_6.1.7601.17514_none_44f630a47b20bf69
14/2/2020 - 12:46:51.418Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:51.559Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:51.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000045b_31bf3856ad364e35_6.1.7600.16385_none_58f183d86ff11e2d
14/2/2020 - 12:46:51.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000045b_31bf3856ad364e35_6.1.7600.16385_none_58f183d86ff11e2d
14/2/2020 - 12:46:51.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000046a_31bf3856ad364e35_6.1.7600.16385_none_587fe5e2703a3347
14/2/2020 - 12:46:51.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000046a_31bf3856ad364e35_6.1.7600.16385_none_587fe5e2703a3347
14/2/2020 - 12:46:51.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000046d_31bf3856ad364e35_6.1.7601.18528_none_5bfea9a86c525f64
14/2/2020 - 12:46:51.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000046d_31bf3856ad364e35_6.1.7601.18528_none_5bfea9a86c525f64
14/2/2020 - 12:46:51.700Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:51.840Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:51.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000807_31bf3856ad364e35_6.1.7601.17514_none_481555f6791dc451
14/2/2020 - 12:46:51.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000807_31bf3856ad364e35_6.1.7601.17514_none_481555f6791dc451
14/2/2020 - 12:46:51.934Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:51.981Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:52.122Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:52.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000850_31bf3856ad364e35_6.1.7600.16385_none_42c91e047e2ea12b
14/2/2020 - 12:46:52.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000850_31bf3856ad364e35_6.1.7600.16385_none_42c91e047e2ea12b
14/2/2020 - 12:46:52.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000c1a_31bf3856ad364e35_6.1.7600.16385_none_58af6560700f5a1b
14/2/2020 - 12:46:52.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000c1a_31bf3856ad364e35_6.1.7600.16385_none_58af6560700f5a1b
14/2/2020 - 12:46:52.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010409_31bf3856ad364e35_6.1.7600.16385_none_e9e1936b6e3201a2
14/2/2020 - 12:46:52.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010409_31bf3856ad364e35_6.1.7600.16385_none_e9e1936b6e3201a2
14/2/2020 - 12:46:52.262Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:52.403Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:52.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010415_31bf3856ad364e35_6.1.7600.16385_none_e81b5feb6f560927
14/2/2020 - 12:46:52.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010415_31bf3856ad364e35_6.1.7600.16385_none_e81b5feb6f560927
14/2/2020 - 12:46:52.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010419_31bf3856ad364e35_6.1.7600.16385_none_e9e17ca36e321b43
14/2/2020 - 12:46:52.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010419_31bf3856ad364e35_6.1.7600.16385_none_e9e17ca36e321b43
14/2/2020 - 12:46:52.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0001041e_31bf3856ad364e35_6.1.7600.16385_none_fd64b88b61a6e277
14/2/2020 - 12:46:52.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0001041e_31bf3856ad364e35_6.1.7600.16385_none_fd64b88b61a6e277
14/2/2020 - 12:46:52.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0001041f_31bf3856ad364e35_6.1.7601.17514_none_000753815e4c6a98
14/2/2020 - 12:46:52.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0001041f_31bf3856ad364e35_6.1.7601.17514_none_000753815e4c6a98
14/2/2020 - 12:46:52.497Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:52.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0001042e_31bf3856ad364e35_6.1.7600.16385_none_fd64a1c361a6fc18
14/2/2020 - 12:46:52.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0001042e_31bf3856ad364e35_6.1.7600.16385_none_fd64a1c361a6fc18
14/2/2020 - 12:46:52.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010437_31bf3856ad364e35_6.1.7600.16385_none_e8fe40b76ec44577
14/2/2020 - 12:46:52.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010437_31bf3856ad364e35_6.1.7600.16385_none_e8fe40b76ec44577
14/2/2020 - 12:46:52.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0001043c_31bf3856ad364e35_6.1.7600.16385_none_fc817c9f62390cab
14/2/2020 - 12:46:52.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0001043c_31bf3856ad364e35_6.1.7600.16385_none_fc817c9f62390cab
14/2/2020 - 12:46:52.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010445_31bf3856ad364e35_6.1.7600.16385_none_e81b1b936f56560a
14/2/2020 - 12:46:52.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010445_31bf3856ad364e35_6.1.7600.16385_none_e81b1b936f56560a
14/2/2020 - 12:46:52.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0001045a_31bf3856ad364e35_6.1.7600.16385_none_fb9e40b362cb36df
14/2/2020 - 12:46:52.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0001045a_31bf3856ad364e35_6.1.7600.16385_none_fb9e40b362cb36df
14/2/2020 - 12:46:52.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010465_31bf3856ad364e35_6.1.7600.16385_none_e81aee036f56894c
14/2/2020 - 12:46:52.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010465_31bf3856ad364e35_6.1.7600.16385_none_e81aee036f56894c
14/2/2020 - 12:46:52.637Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:52.778Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:52.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00020402_31bf3856ad364e35_6.1.7600.16385_none_89e5253262c1ff2a
14/2/2020 - 12:46:52.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00020402_31bf3856ad364e35_6.1.7600.16385_none_89e5253262c1ff2a
14/2/2020 - 12:46:52.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00020418_31bf3856ad364e35_6.1.7600.16385_none_8c8e397e610c33f5
14/2/2020 - 12:46:52.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00020418_31bf3856ad364e35_6.1.7600.16385_none_8c8e397e610c33f5
14/2/2020 - 12:46:52.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00020427_31bf3856ad364e35_6.1.7600.16385_none_8c1c9b886155490f
14/2/2020 - 12:46:52.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00020427_31bf3856ad364e35_6.1.7600.16385_none_8c1c9b886155490f
14/2/2020 - 12:46:52.918Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:52.965Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:53.59Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:53.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00020445_31bf3856ad364e35_6.1.7600.16385_none_8b395f9c61e77343
14/2/2020 - 12:46:53.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00020445_31bf3856ad364e35_6.1.7600.16385_none_8b395f9c61e77343
14/2/2020 - 12:46:53.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00030402_31bf3856ad364e35_6.1.7601.17514_none_2f347d0352419ffd
14/2/2020 - 12:46:53.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00030402_31bf3856ad364e35_6.1.7601.17514_none_2f347d0352419ffd
14/2/2020 - 12:46:53.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00050409_31bf3856ad364e35_6.1.7600.16385_none_765aa38f38767686
14/2/2020 - 12:46:53.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00050409_31bf3856ad364e35_6.1.7600.16385_none_765aa38f38767686
14/2/2020 - 12:46:53.200Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:53.340Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:53.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_50d1cf4f1b2e14c3
14/2/2020 - 12:46:53.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_50d1cf4f1b2e14c3
14/2/2020 - 12:46:53.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..lprovider.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ee4c30070bef566d
14/2/2020 - 12:46:53.434Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..lprovider.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ee4c30070bef566d
14/2/2020 - 12:46:53.481Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..lprovider.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ee4c30070bef566d
14/2/2020 - 12:46:53.528Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:53.622Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:53.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..nal-core-locale-nls_31bf3856ad364e35_6.1.7601.18355_none_c8b3dc4ec004f480
14/2/2020 - 12:46:53.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..nal-core-locale-nls_31bf3856ad364e35_6.1.7601.18355_none_c8b3dc4ec004f480
14/2/2020 - 12:46:53.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..nal-core-locale-nls_31bf3856ad364e35_6.1.7601.22555_none_c93d7affd9229171
14/2/2020 - 12:46:53.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..nal-core-locale-nls_31bf3856ad364e35_6.1.7601.22555_none_c93d7affd9229171
14/2/2020 - 12:46:53.762Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:53.903Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:53.981Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:54.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..nese_nec98_usb_only_31bf3856ad364e35_6.1.7600.16385_none_37368f7ad397beb3
14/2/2020 - 12:46:54.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..nese_nec98_usb_only_31bf3856ad364e35_6.1.7600.16385_none_37368f7ad397beb3
14/2/2020 - 12:46:54.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ntconsole.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ecfed8f3ac09428f
14/2/2020 - 12:46:54.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ntconsole.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ecfed8f3ac09428f
14/2/2020 - 12:46:54.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17691_none_7182bcaa66eff520
14/2/2020 - 12:46:54.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17691_none_7182bcaa66eff520
14/2/2020 - 12:46:54.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18349_none_719d76a266dcecc9
14/2/2020 - 12:46:54.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18349_none_719d76a266dcecc9
14/2/2020 - 12:46:54.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.7601.17514_none_0819f2b6df7a1335
14/2/2020 - 12:46:54.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.7601.17514_none_0819f2b6df7a1335
14/2/2020 - 12:46:54.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..odbcloggingbinaries_31bf3856ad364e35_6.1.7600.16385_none_774a3fb86d7fe723
14/2/2020 - 12:46:54.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..odbcloggingbinaries_31bf3856ad364e35_6.1.7600.16385_none_774a3fb86d7fe723
14/2/2020 - 12:46:54.122Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:54.215Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:54.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..odepage-iso2022core_31bf3856ad364e35_6.1.7600.16385_none_bc1ef2b789f7bb65
14/2/2020 - 12:46:54.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..odepage-iso2022core_31bf3856ad364e35_6.1.7600.16385_none_bc1ef2b789f7bb65
14/2/2020 - 12:46:54.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..on-server2003compat_31bf3856ad364e35_6.1.7600.16385_none_bf1f242392e2cb73
14/2/2020 - 12:46:54.262Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..on-server2003compat_31bf3856ad364e35_6.1.7600.16385_none_bf1f242392e2cb73
14/2/2020 - 12:46:54.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..on-server2003compat_31bf3856ad364e35_6.1.7600.16385_none_bf1f242392e2cb73
14/2/2020 - 12:46:54.403Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:54.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-10010_31bf3856ad364e35_6.1.7600.16385_none_809f8138e204f251
14/2/2020 - 12:46:54.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-10010_31bf3856ad364e35_6.1.7600.16385_none_809f8138e204f251
14/2/2020 - 12:46:54.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-10021_31bf3856ad364e35_6.1.7600.16385_none_8106387ae1c412c9
14/2/2020 - 12:46:54.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-10021_31bf3856ad364e35_6.1.7600.16385_none_8106387ae1c412c9
14/2/2020 - 12:46:54.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-10029_31bf3856ad364e35_6.1.7600.16385_none_80afb91ae204f251
14/2/2020 - 12:46:54.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-10029_31bf3856ad364e35_6.1.7600.16385_none_80afb91ae204f251
14/2/2020 - 12:46:54.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-10082_31bf3856ad364e35_6.1.7600.16385_none_83a493a2e01649e4
14/2/2020 - 12:46:54.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-10082_31bf3856ad364e35_6.1.7600.16385_none_83a493a2e01649e4
14/2/2020 - 12:46:54.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20002_31bf3856ad364e35_6.1.7600.16385_none_ad832f27004e05fb
14/2/2020 - 12:46:54.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20002_31bf3856ad364e35_6.1.7600.16385_none_ad832f27004e05fb
14/2/2020 - 12:46:54.543Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:54.684Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:54.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20278_31bf3856ad364e35_6.1.7600.16385_none_b05cd450fe800094
14/2/2020 - 12:46:54.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20278_31bf3856ad364e35_6.1.7600.16385_none_b05cd450fe800094
14/2/2020 - 12:46:54.809Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:54.950Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:54.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:55.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20284_31bf3856ad364e35_6.1.7600.16385_none_b0f99b2efe169557
14/2/2020 - 12:46:55.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20284_31bf3856ad364e35_6.1.7600.16385_none_b0f99b2efe169557
14/2/2020 - 12:46:55.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20297_31bf3856ad364e35_6.1.7600.16385_none_b14ab298fde5edb1
14/2/2020 - 12:46:55.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20297_31bf3856ad364e35_6.1.7600.16385_none_b14ab298fde5edb1
14/2/2020 - 12:46:55.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20866_31bf3856ad364e35_6.1.7600.16385_none_b000644afeb95df1
14/2/2020 - 12:46:55.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20866_31bf3856ad364e35_6.1.7600.16385_none_b000644afeb95df1
14/2/2020 - 12:46:55.137Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:55.278Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:55.372Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:55.512Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:55.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-28596_31bf3856ad364e35_6.1.7600.16385_none_b15d407cfdd6e95b
14/2/2020 - 12:46:55.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-28596_31bf3856ad364e35_6.1.7600.16385_none_b15d407cfdd6e95b
14/2/2020 - 12:46:55.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-54936_31bf3856ad364e35_6.1.7600.16385_none_36f037fd59607046
14/2/2020 - 12:46:55.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-54936_31bf3856ad364e35_6.1.7600.16385_none_36f037fd59607046
14/2/2020 - 12:46:55.715Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:55.856Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:55.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..panese_ax2_keyboard_31bf3856ad364e35_6.1.7600.16385_none_189c9fd7e5b2f2f9
14/2/2020 - 12:46:55.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..panese_ax2_keyboard_31bf3856ad364e35_6.1.7600.16385_none_189c9fd7e5b2f2f9
14/2/2020 - 12:46:55.950Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:55.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:56.137Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:56.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..plication.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_cda8dc1d0cf3cda0
14/2/2020 - 12:46:56.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..plication.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_cda8dc1d0cf3cda0
14/2/2020 - 12:46:56.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..rendering.resources_31bf3856ad364e35_11.2.9600.17691_en-us_ef31822118848a9e
14/2/2020 - 12:46:56.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..rendering.resources_31bf3856ad364e35_11.2.9600.17691_en-us_ef31822118848a9e
14/2/2020 - 12:46:56.278Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:56.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..riptedsandboxplugin_31bf3856ad364e35_11.2.9600.17691_none_3e24f4438074eb20
14/2/2020 - 12:46:56.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..riptedsandboxplugin_31bf3856ad364e35_11.2.9600.17691_none_3e24f4438074eb20
14/2/2020 - 12:46:56.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..rityzones.resources_31bf3856ad364e35_11.2.9600.18349_en-us_50e68231f67dc49c
14/2/2020 - 12:46:56.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..rityzones.resources_31bf3856ad364e35_11.2.9600.18349_en-us_50e68231f67dc49c
14/2/2020 - 12:46:56.418Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:56.512Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:56.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7601.23418_none_73fac87c394bd93e
14/2/2020 - 12:46:56.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7601.23418_none_73fac87c394bd93e
14/2/2020 - 12:46:56.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..rvice_mof.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_82c2ca4477ea7593
14/2/2020 - 12:46:56.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..rvice_mof.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_82c2ca4477ea7593
14/2/2020 - 12:46:56.653Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:56.793Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:56.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..siondynamicbinaries_31bf3856ad364e35_6.1.7601.17514_none_e636accc4663c073
14/2/2020 - 12:46:56.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..siondynamicbinaries_31bf3856ad364e35_6.1.7601.17514_none_e636accc4663c073
14/2/2020 - 12:46:56.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tbranding.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_da3202fa89023ed5
14/2/2020 - 12:46:56.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tbranding.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_da3202fa89023ed5
14/2/2020 - 12:46:56.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_11.2.9600.16428_en-us_1fe3862469d3980a
14/2/2020 - 12:46:56.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_11.2.9600.16428_en-us_1fe3862469d3980a
14/2/2020 - 12:46:56.934Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:56.981Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:57.28Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:57.75Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:57.168Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:57.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-737_31bf3856ad364e35_6.1.7600.16385_none_2ae55e46b4dd0be2
14/2/2020 - 12:46:57.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-737_31bf3856ad364e35_6.1.7600.16385_none_2ae55e46b4dd0be2
14/2/2020 - 12:46:57.309Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:57.450Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:57.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-861_31bf3856ad364e35_6.1.7600.16385_none_2ade17e8b4e1da12
14/2/2020 - 12:46:57.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-861_31bf3856ad364e35_6.1.7600.16385_none_2ade17e8b4e1da12
14/2/2020 - 12:46:57.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-864_31bf3856ad364e35_6.1.7600.16385_none_2addd390b4e226f5
14/2/2020 - 12:46:57.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-864_31bf3856ad364e35_6.1.7600.16385_none_2addd390b4e226f5
14/2/2020 - 12:46:57.590Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:57.684Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:57.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tivexpolicyprovider_31bf3856ad364e35_8.0.7600.16385_none_031a328ddc652300
14/2/2020 - 12:46:57.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tivexpolicyprovider_31bf3856ad364e35_8.0.7600.16385_none_031a328ddc652300
14/2/2020 - 12:46:57.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..trolpanel.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_067deeea69ee5253
14/2/2020 - 12:46:57.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..trolpanel.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_067deeea69ee5253
14/2/2020 - 12:46:57.825Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:57.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ultdocumentbinaries_31bf3856ad364e35_6.1.7600.16385_none_d5e2ea19de1df1ac
14/2/2020 - 12:46:57.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ultdocumentbinaries_31bf3856ad364e35_6.1.7600.16385_none_d5e2ea19de1df1ac
14/2/2020 - 12:46:57.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-icacls_31bf3856ad364e35_6.1.7600.16385_none_8ea990b7bfab3802
14/2/2020 - 12:46:57.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-icacls_31bf3856ad364e35_6.1.7600.16385_none_8ea990b7bfab3802
14/2/2020 - 12:46:57.965Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:58.12Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:58.153Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:58.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-icm-adm_31bf3856ad364e35_6.1.7600.16385_none_6a7d82093200f4db
14/2/2020 - 12:46:58.247Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-icm-adm_31bf3856ad364e35_6.1.7600.16385_none_6a7d82093200f4db
14/2/2020 - 12:46:58.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-icm-ui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9a23875228158c7d
14/2/2020 - 12:46:58.247Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-icm-ui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9a23875228158c7d
14/2/2020 - 12:46:58.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-icm-ui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9a23875228158c7d
14/2/2020 - 12:46:58.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-icsigd_31bf3856ad364e35_6.1.7600.16385_none_966086b1babd3204
14/2/2020 - 12:46:58.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-icsigd_31bf3856ad364e35_6.1.7600.16385_none_966086b1babd3204
14/2/2020 - 12:46:58.340Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:58.481Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:58.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-adminkitengine_31bf3856ad364e35_8.0.7600.16385_none_1ac56f0e58e69506
14/2/2020 - 12:46:58.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-adminkitengine_31bf3856ad364e35_8.0.7600.16385_none_1ac56f0e58e69506
14/2/2020 - 12:46:58.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_8.0.7600.16385_none_72414f35fc718b5d
14/2/2020 - 12:46:58.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_8.0.7600.16385_none_72414f35fc718b5d
14/2/2020 - 12:46:58.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-behaviors.resources_31bf3856ad364e35_11.2.9600.16428_en-us_09ce26d2c0c6976f
14/2/2020 - 12:46:58.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-behaviors.resources_31bf3856ad364e35_11.2.9600.16428_en-us_09ce26d2c0c6976f
14/2/2020 - 12:46:58.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-behaviors_31bf3856ad364e35_11.2.9600.16428_none_1f1a97bd071c0bee
14/2/2020 - 12:46:58.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-behaviors_31bf3856ad364e35_11.2.9600.16428_none_1f1a97bd071c0bee
14/2/2020 - 12:46:58.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-controls.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_91dc617839a562f1
14/2/2020 - 12:46:58.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-controls.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_91dc617839a562f1
14/2/2020 - 12:46:58.622Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:58.762Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:58.903Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:59.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.17691_none_f23826d9d65b74b9
14/2/2020 - 12:46:59.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.17691_none_f23826d9d65b74b9
14/2/2020 - 12:46:59.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18349_none_f252e0d1d6486c62
14/2/2020 - 12:46:59.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18349_none_f252e0d1d6486c62
14/2/2020 - 12:46:59.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-eula.resources_31bf3856ad364e35_11.2.9600.16428_en-us_2264ea5bccfb6933
14/2/2020 - 12:46:59.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-eula.resources_31bf3856ad364e35_11.2.9600.16428_en-us_2264ea5bccfb6933
14/2/2020 - 12:46:59.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-f12-provider_31bf3856ad364e35_11.2.9600.18349_none_bda0f5427e83d4ac
14/2/2020 - 12:46:59.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-f12-provider_31bf3856ad364e35_11.2.9600.18349_none_bda0f5427e83d4ac
14/2/2020 - 12:46:59.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-f12.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_54365fc9db50ed8a
14/2/2020 - 12:46:59.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-f12.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_54365fc9db50ed8a
14/2/2020 - 12:46:59.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-f12.resources_31bf3856ad364e35_11.2.9600.18349_pt-br_54431d4ddb471836
14/2/2020 - 12:46:59.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-f12.resources_31bf3856ad364e35_11.2.9600.18349_pt-br_54431d4ddb471836
14/2/2020 - 12:46:59.43Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:59.184Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:59.231Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:59.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-f12resources_31bf3856ad364e35_11.2.9600.18349_none_64cf3cab223b6e03
14/2/2020 - 12:46:59.325Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-f12resources_31bf3856ad364e35_11.2.9600.18349_none_64cf3cab223b6e03
14/2/2020 - 12:46:59.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-f12tools_31bf3856ad364e35_11.2.9600.18349_none_6ba40f5aa6255387
14/2/2020 - 12:46:59.325Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-f12tools_31bf3856ad364e35_11.2.9600.18349_none_6ba40f5aa6255387
14/2/2020 - 12:46:59.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_11.2.9600.18349_none_424a5ade4f7ac0f0
14/2/2020 - 12:46:59.325Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_11.2.9600.18349_none_424a5ade4f7ac0f0
14/2/2020 - 12:46:59.372Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:59.512Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:59.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-feedsbs.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_2c6d382e59f88c1d
14/2/2020 - 12:46:59.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-feedsbs.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_2c6d382e59f88c1d
14/2/2020 - 12:46:59.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_11.2.9600.16428_none_4d6fc2f29c6937c6
14/2/2020 - 12:46:59.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_11.2.9600.16428_none_4d6fc2f29c6937c6
14/2/2020 - 12:46:59.653Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:59.793Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:46:59.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-htmlediting_31bf3856ad364e35_8.0.7601.17514_none_c109360dd10647b2
14/2/2020 - 12:46:59.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-htmlediting_31bf3856ad364e35_8.0.7601.17514_none_c109360dd10647b2
14/2/2020 - 12:46:59.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrenderingmedia_31bf3856ad364e35_11.2.9600.18349_none_a0e47bb86e5062ba
14/2/2020 - 12:46:59.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrenderingmedia_31bf3856ad364e35_11.2.9600.18349_none_a0e47bb86e5062ba
14/2/2020 - 12:46:59.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-iecleanup_31bf3856ad364e35_11.2.9600.16428_none_a03d6846a99c1c87
14/2/2020 - 12:46:59.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-iecleanup_31bf3856ad364e35_11.2.9600.16428_none_a03d6846a99c1c87
14/2/2020 - 12:46:59.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.7601.17514_none_19cfd51cbe8ba697
14/2/2020 - 12:46:59.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.7601.17514_none_19cfd51cbe8ba697
14/2/2020 - 12:46:59.934Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:0.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-ielowutil.resources_31bf3856ad364e35_8.0.7600.16385_en-us_48bafdace8a39fec
14/2/2020 - 12:47:0.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-ielowutil.resources_31bf3856ad364e35_8.0.7600.16385_en-us_48bafdace8a39fec
14/2/2020 - 12:47:0.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-ieshims_31bf3856ad364e35_11.2.9600.18349_none_29f10087af3d5f25
14/2/2020 - 12:47:0.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-ieshims_31bf3856ad364e35_11.2.9600.18349_none_29f10087af3d5f25
14/2/2020 - 12:47:0.75Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:0.215Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:0.262Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:0.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-iexpress.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_0778cf45a695689a
14/2/2020 - 12:47:0.356Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-iexpress.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_0778cf45a695689a
14/2/2020 - 12:47:0.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-iexpress.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_0778cf45a695689a
14/2/2020 - 12:47:0.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.7600.16385_none_a61138e7aab17fed
14/2/2020 - 12:47:0.403Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.7600.16385_none_a61138e7aab17fed
14/2/2020 - 12:47:0.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.7600.16385_none_a61138e7aab17fed
14/2/2020 - 12:47:0.497Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:0.637Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:0.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_11.2.9600.16428_none_9cc361ebe2b36e75
14/2/2020 - 12:47:0.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_11.2.9600.16428_none_9cc361ebe2b36e75
14/2/2020 - 12:47:0.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_8.0.7601.17514_none_334c9b845b46bf8d
14/2/2020 - 12:47:0.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_8.0.7601.17514_none_334c9b845b46bf8d
14/2/2020 - 12:47:0.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-jsprofilercore_31bf3856ad364e35_11.2.9600.16428_none_ecfeaf7d466d6c9c
14/2/2020 - 12:47:0.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-jsprofilercore_31bf3856ad364e35_11.2.9600.16428_none_ecfeaf7d466d6c9c
14/2/2020 - 12:47:0.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_11.2.9600.16428_none_197d7b3a29314757
14/2/2020 - 12:47:0.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_11.2.9600.16428_none_197d7b3a29314757
14/2/2020 - 12:47:0.778Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:0.965Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:1.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.7600.16385_none_add5a10aa4d614d5
14/2/2020 - 12:47:1.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.7600.16385_none_add5a10aa4d614d5
14/2/2020 - 12:47:1.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_11.2.9600.18349_none_438fb38a66bdece7
14/2/2020 - 12:47:1.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_11.2.9600.18349_none_438fb38a66bdece7
14/2/2020 - 12:47:1.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-pdm-configuration_31bf3856ad364e35_11.2.9600.16428_none_32a601ad2b7a554f
14/2/2020 - 12:47:1.12Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-pdm-configuration_31bf3856ad364e35_11.2.9600.16428_none_32a601ad2b7a554f
14/2/2020 - 12:47:1.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-pdm-configuration_31bf3856ad364e35_11.2.9600.16428_none_32a601ad2b7a554f
14/2/2020 - 12:47:1.153Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:1.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7601.17514_none_c083f7001a25b301
14/2/2020 - 12:47:1.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7601.17514_none_c083f7001a25b301
14/2/2020 - 12:47:1.293Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:1.434Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:1.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-timeline_is_31bf3856ad364e35_11.2.9600.18349_none_5c39d59bde91689d
14/2/2020 - 12:47:1.528Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-timeline_is_31bf3856ad364e35_11.2.9600.18349_none_5c39d59bde91689d
14/2/2020 - 12:47:1.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-timeline_is_31bf3856ad364e35_11.2.9600.18349_none_5c39d59bde91689d
14/2/2020 - 12:47:1.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-vgx_31bf3856ad364e35_11.2.9600.17691_none_cf802804fdd25c2b
14/2/2020 - 12:47:1.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-vgx_31bf3856ad364e35_11.2.9600.17691_none_cf802804fdd25c2b
14/2/2020 - 12:47:1.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_8.0.7600.16385_none_66da0a24ee7d5fb4
14/2/2020 - 12:47:1.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_8.0.7600.16385_none_66da0a24ee7d5fb4
14/2/2020 - 12:47:1.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ieframe.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_0811b793cb1553ab
14/2/2020 - 12:47:1.575Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ieframe.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_0811b793cb1553ab
14/2/2020 - 12:47:1.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ieframe.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_0811b793cb1553ab
14/2/2020 - 12:47:1.668Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:1.715Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:1.856Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:1.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_11.2.9600.17691_none_46eb8339c3366df2
14/2/2020 - 12:47:1.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_11.2.9600.17691_none_46eb8339c3366df2
14/2/2020 - 12:47:1.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-igdhelperclass_31bf3856ad364e35_6.1.7600.16385_none_8e1acfa05d457307
14/2/2020 - 12:47:1.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-igdhelperclass_31bf3856ad364e35_6.1.7600.16385_none_8e1acfa05d457307
14/2/2020 - 12:47:1.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:2.137Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:2.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-bpa_31bf3856ad364e35_6.1.7600.16385_none_af0f0fb17ebf927a
14/2/2020 - 12:47:2.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-bpa_31bf3856ad364e35_6.1.7600.16385_none_af0f0fb17ebf927a
14/2/2020 - 12:47:2.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-ftpextensibility_31bf3856ad364e35_6.1.7600.16385_none_3f9fd9d94f9c3588
14/2/2020 - 12:47:2.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-ftpextensibility_31bf3856ad364e35_6.1.7600.16385_none_3f9fd9d94f9c3588
14/2/2020 - 12:47:2.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-ipsecuritybinaries_31bf3856ad364e35_6.1.7600.16385_none_9c7b32377fa4af37
14/2/2020 - 12:47:2.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-ipsecuritybinaries_31bf3856ad364e35_6.1.7600.16385_none_9c7b32377fa4af37
14/2/2020 - 12:47:2.278Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:2.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_6.1.7601.17514_none_df46d976c8a5880b
14/2/2020 - 12:47:2.418Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_6.1.7601.17514_none_df46d976c8a5880b
14/2/2020 - 12:47:2.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_6.1.7601.17514_none_df46d976c8a5880b
14/2/2020 - 12:47:2.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-netfxextensibility_31bf3856ad364e35_6.1.7601.17514_none_d815217913e520d9
14/2/2020 - 12:47:2.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-netfxextensibility_31bf3856ad364e35_6.1.7601.17514_none_d815217913e520d9
14/2/2020 - 12:47:2.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-w3svc.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cdc9cdacad4a7b51
14/2/2020 - 12:47:2.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-w3svc.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cdc9cdacad4a7b51
14/2/2020 - 12:47:2.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-wmicompatibility_31bf3856ad364e35_6.1.7600.16385_none_51f754e7e6dc79fe
14/2/2020 - 12:47:2.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-wmicompatibility_31bf3856ad364e35_6.1.7600.16385_none_51f754e7e6dc79fe
14/2/2020 - 12:47:2.465Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:2.606Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:2.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-imapiv2-base.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_36acd787901abd59
14/2/2020 - 12:47:2.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-imapiv2-base.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_36acd787901abd59
14/2/2020 - 12:47:2.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ime-korean-cacpad_31bf3856ad364e35_6.1.7600.16385_none_cc7696e39c1e5e60
14/2/2020 - 12:47:2.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ime-korean-cacpad_31bf3856ad364e35_6.1.7600.16385_none_cc7696e39c1e5e60
14/2/2020 - 12:47:2.747Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:2.887Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:2.934Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:3.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ime-korean-help_31bf3856ad364e35_6.1.7600.16385_none_ec1bad9f2e82403f
14/2/2020 - 12:47:3.28Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ime-korean-help_31bf3856ad364e35_6.1.7600.16385_none_ec1bad9f2e82403f
14/2/2020 - 12:47:3.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ime-korean-help_31bf3856ad364e35_6.1.7600.16385_none_ec1bad9f2e82403f
14/2/2020 - 12:47:3.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ime-korean-tipprofile_31bf3856ad364e35_6.1.7600.16385_none_edc23e08f7de3276
14/2/2020 - 12:47:3.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ime-korean-tipprofile_31bf3856ad364e35_6.1.7600.16385_none_edc23e08f7de3276
14/2/2020 - 12:47:3.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ime-korean-tools_31bf3856ad364e35_6.1.7600.16385_none_5ff062dd976eaa5b
14/2/2020 - 12:47:3.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ime-korean-tools_31bf3856ad364e35_6.1.7600.16385_none_5ff062dd976eaa5b
14/2/2020 - 12:47:3.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-inetres-adm.resources_31bf3856ad364e35_11.2.9600.18349_en-us_5201b30e928064f2
14/2/2020 - 12:47:3.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-inetres-adm.resources_31bf3856ad364e35_11.2.9600.18349_en-us_5201b30e928064f2
14/2/2020 - 12:47:3.122Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:3.262Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:3.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-inetres-adm_31bf3856ad364e35_11.2.9600.17691_none_d0d870f2aceadfe8
14/2/2020 - 12:47:3.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-inetres-adm_31bf3856ad364e35_11.2.9600.17691_none_d0d870f2aceadfe8
14/2/2020 - 12:47:3.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-infdefaultinstall_31bf3856ad364e35_6.1.7600.16385_none_c8897566b5c070a0
14/2/2020 - 12:47:3.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-infdefaultinstall_31bf3856ad364e35_6.1.7600.16385_none_c8897566b5c070a0
14/2/2020 - 12:47:3.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-installer-handler_31bf3856ad364e35_6.1.7601.23099_none_3d3874747bc95a23
14/2/2020 - 12:47:3.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-installer-handler_31bf3856ad364e35_6.1.7601.23099_none_3d3874747bc95a23
14/2/2020 - 12:47:3.403Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:3.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ipconfig.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_256e5717841df6fa
14/2/2020 - 12:47:3.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ipconfig.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_256e5717841df6fa
14/2/2020 - 12:47:3.543Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:3.684Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:3.825Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:3.965Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:4.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iscsi-adm_31bf3856ad364e35_6.1.7600.16385_none_60a7d355cef1de4d
14/2/2020 - 12:47:4.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iscsi-adm_31bf3856ad364e35_6.1.7600.16385_none_60a7d355cef1de4d
14/2/2020 - 12:47:4.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-js-debuggeride_31bf3856ad364e35_11.2.9600.16428_none_1d4f4a6a13c30915
14/2/2020 - 12:47:4.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-js-debuggeride_31bf3856ad364e35_11.2.9600.16428_none_1d4f4a6a13c30915
14/2/2020 - 12:47:4.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-k..er-events-container_31bf3856ad364e35_6.1.7600.16385_none_27f8f387ab3ef424
14/2/2020 - 12:47:4.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-k..er-events-container_31bf3856ad364e35_6.1.7600.16385_none_27f8f387ab3ef424
14/2/2020 - 12:47:4.106Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:4.153Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:4.293Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:4.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22177_none_f22f888b8636ce42
14/2/2020 - 12:47:4.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22177_none_f22f888b8636ce42
14/2/2020 - 12:47:4.434Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:4.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23136_none_f259b12986175ec8
14/2/2020 - 12:47:4.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23136_none_f259b12986175ec8
14/2/2020 - 12:47:4.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.17514_none_85287dc2cb339adb
14/2/2020 - 12:47:4.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.17514_none_85287dc2cb339adb
14/2/2020 - 12:47:4.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.18015_none_85295dc6cb32dc10
14/2/2020 - 12:47:4.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.18015_none_85295dc6cb32dc10
14/2/2020 - 12:47:4.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.19135_none_8513a90ccb432aba
14/2/2020 - 12:47:4.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.19135_none_8513a90ccb432aba
14/2/2020 - 12:47:4.575Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:4.715Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:4.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.23338_none_85a0489be45e13b0
14/2/2020 - 12:47:4.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.23338_none_85a0489be45e13b0
14/2/2020 - 12:47:4.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.23392_none_85596757e494234c
14/2/2020 - 12:47:4.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.23392_none_85596757e494234c
14/2/2020 - 12:47:4.856Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:4.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:5.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ktmutil.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7ec0a73626736ba3
14/2/2020 - 12:47:5.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ktmutil.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7ec0a73626736ba3
14/2/2020 - 12:47:5.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..-startere.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_4ba859aa9b312065
14/2/2020 - 12:47:5.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..-startere.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_4ba859aa9b312065
14/2/2020 - 12:47:5.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..-ultimate.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_47b26c7914b5c4af
14/2/2020 - 12:47:5.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..-ultimate.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_47b26c7914b5c4af
14/2/2020 - 12:47:5.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..-ultimate.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_ae9de750ea34f1b0
14/2/2020 - 12:47:5.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..-ultimate.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_ae9de750ea34f1b0
14/2/2020 - 12:47:5.137Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:5.231Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:5.278Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:5.325Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:5.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..epremiume.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_1abf1a2cdb193a22
14/2/2020 - 12:47:5.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..epremiume.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_1abf1a2cdb193a22
14/2/2020 - 12:47:5.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..epremiumn.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c041c43c3731a0b0
14/2/2020 - 12:47:5.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..epremiumn.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c041c43c3731a0b0
14/2/2020 - 12:47:5.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..epremiumn.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_c9a928592181f361
14/2/2020 - 12:47:5.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..epremiumn.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_c9a928592181f361
14/2/2020 - 12:47:5.465Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:5.606Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:5.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..fessional.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_ff12700a58e02888
14/2/2020 - 12:47:5.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..fessional.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_ff12700a58e02888
14/2/2020 - 12:47:5.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..mepremium.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_991428081028ca90
14/2/2020 - 12:47:5.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..mepremium.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_991428081028ca90
14/2/2020 - 12:47:5.747Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:5.840Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:5.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..nterprise.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_76f47f1c3cc1d0c2
14/2/2020 - 12:47:5.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..nterprise.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_76f47f1c3cc1d0c2
14/2/2020 - 12:47:5.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..nterprise.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_87b4e8fa0a9363fa
14/2/2020 - 12:47:5.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..nterprise.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_87b4e8fa0a9363fa
14/2/2020 - 12:47:5.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..omebasicn.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_72fe95cd28e97a91
14/2/2020 - 12:47:5.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..omebasicn.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_72fe95cd28e97a91
14/2/2020 - 12:47:6.28Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:6.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..pologydiscovery-adm_31bf3856ad364e35_6.1.7600.16385_none_e774dcd7484c8452
14/2/2020 - 12:47:6.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..pologydiscovery-adm_31bf3856ad364e35_6.1.7600.16385_none_e774dcd7484c8452
14/2/2020 - 12:47:6.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..store-mof.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_e461e9dcc086feb8
14/2/2020 - 12:47:6.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..store-mof.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_e461e9dcc086feb8
14/2/2020 - 12:47:6.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..terprisee.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_37c060eb3d57f867
14/2/2020 - 12:47:6.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..terprisee.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_37c060eb3d57f867
14/2/2020 - 12:47:6.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..terprisee.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_b67e4819ea81af0a
14/2/2020 - 12:47:6.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..terprisee.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_b67e4819ea81af0a
14/2/2020 - 12:47:6.168Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:6.309Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:6.356Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:6.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..ultimaten.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_91c9af9703bcac8b
14/2/2020 - 12:47:6.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..ultimaten.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_91c9af9703bcac8b
14/2/2020 - 12:47:6.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l2na.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_03dc39e65ea68c34
14/2/2020 - 12:47:6.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l2na.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_03dc39e65ea68c34
14/2/2020 - 12:47:6.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lanmanserver-adm_31bf3856ad364e35_6.1.7600.16385_none_596faacb0e799514
14/2/2020 - 12:47:6.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lanmanserver-adm_31bf3856ad364e35_6.1.7600.16385_none_596faacb0e799514
14/2/2020 - 12:47:6.497Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:6.637Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:6.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_945a23c3bf051859
14/2/2020 - 12:47:6.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_945a23c3bf051859
14/2/2020 - 12:47:6.778Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:6.918Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:6.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_6.1.7601.17514_none_7f7f66788318015d
14/2/2020 - 12:47:6.965Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_6.1.7601.17514_none_7f7f66788318015d
14/2/2020 - 12:47:7.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_6.1.7601.17514_none_7f7f66788318015d\lpksetup.exe
14/2/2020 - 12:47:7.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_6.1.7601.17514_none_7f7f66788318015d\lpksetup.exe
14/2/2020 - 12:47:7.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_6.1.7601.17514_none_7f7f66788318015d\lpksetup.exe
14/2/2020 - 12:47:7.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_6.1.7601.17514_none_7f7f66788318015d\lpksetup.exe
14/2/2020 - 12:47:7.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_6.1.7601.17514_none_7f7f66788318015d
14/2/2020 - 12:47:7.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_1d36b4ef21ed8a98
14/2/2020 - 12:47:7.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_1d36b4ef21ed8a98
14/2/2020 - 12:47:7.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1a624a2b23c3df32
14/2/2020 - 12:47:7.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1a624a2b23c3df32
14/2/2020 - 12:47:7.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c353202412a1eaf7
14/2/2020 - 12:47:7.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c353202412a1eaf7
14/2/2020 - 12:47:7.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_65d5f307059af2fe
14/2/2020 - 12:47:7.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_65d5f307059af2fe
14/2/2020 - 12:47:7.59Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:7.200Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:7.340Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:7.387Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:7.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.18409_pt-br_e679c8f519e25e43
14/2/2020 - 12:47:7.528Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.18409_pt-br_e679c8f519e25e43
14/2/2020 - 12:47:7.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.18933_pt-br_e65360f31a000bcf
14/2/2020 - 12:47:7.528Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.18933_pt-br_e65360f31a000bcf
14/2/2020 - 12:47:7.528Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:7.668Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:7.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.22807_pt-br_e7016ade3301c2d4
14/2/2020 - 12:47:7.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.22807_pt-br_e7016ade3301c2d4
14/2/2020 - 12:47:7.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.22843_pt-br_e6d22a063325cd3c
14/2/2020 - 12:47:7.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.22843_pt-br_e6d22a063325cd3c
14/2/2020 - 12:47:7.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.22865_pt-br_e6be8ac2333437cc
14/2/2020 - 12:47:7.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.22865_pt-br_e6be8ac2333437cc
14/2/2020 - 12:47:7.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.22948_pt-br_e6d72d5e33214916
14/2/2020 - 12:47:7.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.22948_pt-br_e6d72d5e33214916
14/2/2020 - 12:47:7.809Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:7.950Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:8.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277
14/2/2020 - 12:47:8.43Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277
14/2/2020 - 12:47:8.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
14/2/2020 - 12:47:8.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
14/2/2020 - 12:47:8.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
14/2/2020 - 12:47:8.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
14/2/2020 - 12:47:8.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277
14/2/2020 - 12:47:8.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d
14/2/2020 - 12:47:8.137Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d
14/2/2020 - 12:47:8.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d
14/2/2020 - 12:47:8.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18496_none_041bf8b773a9f127
14/2/2020 - 12:47:8.184Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18496_none_041bf8b773a9f127
14/2/2020 - 12:47:8.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18496_none_041bf8b773a9f127
14/2/2020 - 12:47:8.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18637_none_045ddc5573785d26
14/2/2020 - 12:47:8.231Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18637_none_045ddc5573785d26
14/2/2020 - 12:47:8.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18637_none_045ddc5573785d26
14/2/2020 - 12:47:8.372Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:8.512Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:8.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f
14/2/2020 - 12:47:8.559Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f
14/2/2020 - 12:47:8.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f
14/2/2020 - 12:47:8.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22807_none_0507eaca8c7da644
14/2/2020 - 12:47:8.606Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22807_none_0507eaca8c7da644
14/2/2020 - 12:47:8.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22807_none_0507eaca8c7da644
14/2/2020 - 12:47:8.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23126_none_04f126968c8ef25f
14/2/2020 - 12:47:8.653Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23126_none_04f126968c8ef25f
14/2/2020 - 12:47:8.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23126_none_04f126968c8ef25f
14/2/2020 - 12:47:8.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23338_none_04e85b0a8c953b4c
14/2/2020 - 12:47:8.700Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23338_none_04e85b0a8c953b4c
14/2/2020 - 12:47:8.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23338_none_04e85b0a8c953b4c
14/2/2020 - 12:47:8.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23390_none_049f79328ccd183a
14/2/2020 - 12:47:8.747Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23390_none_049f79328ccd183a
14/2/2020 - 12:47:8.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23390_none_049f79328ccd183a
14/2/2020 - 12:47:8.887Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:9.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lua_31bf3856ad364e35_6.1.7601.17514_none_047062a1736af5b9
14/2/2020 - 12:47:9.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lua_31bf3856ad364e35_6.1.7601.17514_none_047062a1736af5b9
14/2/2020 - 12:47:9.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lua_31bf3856ad364e35_6.1.7601.18896_none_041bd2bf73aa1905
14/2/2020 - 12:47:9.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lua_31bf3856ad364e35_6.1.7601.18896_none_041bd2bf73aa1905\consent.exe
14/2/2020 - 12:47:9.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lua_31bf3856ad364e35_6.1.7601.18896_none_041bd2bf73aa1905\consent.exe
14/2/2020 - 12:47:9.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lua_31bf3856ad364e35_6.1.7601.18896_none_041bd2bf73aa1905\consent.exe
14/2/2020 - 12:47:9.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lua_31bf3856ad364e35_6.1.7601.18896_none_041bd2bf73aa1905\consent.exe
14/2/2020 - 12:47:9.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lua_31bf3856ad364e35_6.1.7601.18896_none_041bd2bf73aa1905
14/2/2020 - 12:47:9.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lua_31bf3856ad364e35_6.1.7601.23099_none_04a8488a8cc53816
14/2/2020 - 12:47:9.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lua_31bf3856ad364e35_6.1.7601.23099_none_04a8488a8cc53816
14/2/2020 - 12:47:9.28Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:9.75Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:9.215Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:9.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-odbc-installer-dll_31bf3856ad364e35_6.1.7601.17514_none_eb5109e36bd44af6
14/2/2020 - 12:47:9.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-odbc-installer-dll_31bf3856ad364e35_6.1.7601.17514_none_eb5109e36bd44af6
14/2/2020 - 12:47:9.309Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:9.450Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:9.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-r-backcompat-tlb28_31bf3856ad364e35_6.1.7600.21227_none_de6b9abdac0702e7
14/2/2020 - 12:47:9.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-r-backcompat-tlb28_31bf3856ad364e35_6.1.7600.21227_none_de6b9abdac0702e7
14/2/2020 - 12:47:9.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-r-backcompat-tlb28_31bf3856ad364e35_6.1.7601.17857_none_dfa813129027ef9a
14/2/2020 - 12:47:9.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-r-backcompat-tlb28_31bf3856ad364e35_6.1.7601.17857_none_dfa813129027ef9a
14/2/2020 - 12:47:9.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ace-remoting-xactps_31bf3856ad364e35_6.1.7600.16385_none_dd065213280594c0
14/2/2020 - 12:47:9.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ace-remoting-xactps_31bf3856ad364e35_6.1.7600.16385_none_dd065213280594c0
14/2/2020 - 12:47:9.590Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:9.731Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:9.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..al-backcompat-tlb28_31bf3856ad364e35_6.1.7601.17857_none_07dda85567672f43
14/2/2020 - 12:47:9.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..al-backcompat-tlb28_31bf3856ad364e35_6.1.7601.17857_none_07dda85567672f43
14/2/2020 - 12:47:9.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..cconf-exe.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c6d4f2cc3e867c53
14/2/2020 - 12:47:9.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..cconf-exe.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c6d4f2cc3e867c53
14/2/2020 - 12:47:9.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..cess-control-driver_31bf3856ad364e35_6.1.7600.16385_none_22f4887244c226bd
14/2/2020 - 12:47:9.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..cess-control-driver_31bf3856ad364e35_6.1.7600.16385_none_22f4887244c226bd
14/2/2020 - 12:47:9.825Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:9.965Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:10.12Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:10.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..confg-rll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6279f92d12a366b5
14/2/2020 - 12:47:10.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..confg-rll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6279f92d12a366b5
14/2/2020 - 12:47:10.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..console-nodemanager_31bf3856ad364e35_6.1.7601.17514_none_de55c2c637a7dc61
14/2/2020 - 12:47:10.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..console-nodemanager_31bf3856ad364e35_6.1.7601.17514_none_de55c2c637a7dc61
14/2/2020 - 12:47:10.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..dac-rds-persist-rll_31bf3856ad364e35_6.1.7600.16385_none_f0b0216b40fa0809
14/2/2020 - 12:47:10.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..dac-rds-persist-rll_31bf3856ad364e35_6.1.7600.16385_none_f0b0216b40fa0809
14/2/2020 - 12:47:10.153Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:10.293Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:10.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..demanager.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_66e95565f87e2ba7
14/2/2020 - 12:47:10.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..demanager.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_66e95565f87e2ba7
14/2/2020 - 12:47:10.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.18812_pt-br_b9c5ce3cdd31cd15
14/2/2020 - 12:47:10.340Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.18812_pt-br_b9c5ce3cdd31cd15
14/2/2020 - 12:47:10.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.18812_pt-br_b9c5ce3cdd31cd15
14/2/2020 - 12:47:10.434Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:10.575Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:10.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.22843_pt-br_ba2ff9a7f666dce2
14/2/2020 - 12:47:10.622Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.22843_pt-br_ba2ff9a7f666dce2
14/2/2020 - 12:47:10.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.22843_pt-br_ba2ff9a7f666dce2
14/2/2020 - 12:47:10.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.23154_pt-br_ba2605f3f66e3fba
14/2/2020 - 12:47:10.668Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.23154_pt-br_ba2605f3f66e3fba
14/2/2020 - 12:47:10.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.23154_pt-br_ba2605f3f66e3fba
14/2/2020 - 12:47:10.809Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:10.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..do-backcompat-tlb20_31bf3856ad364e35_6.1.7601.17514_none_493d316208b5513f
14/2/2020 - 12:47:10.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..do-backcompat-tlb20_31bf3856ad364e35_6.1.7601.17514_none_493d316208b5513f
14/2/2020 - 12:47:10.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..do-backcompat-tlb21_31bf3856ad364e35_6.1.7601.17857_none_490a285608db206e
14/2/2020 - 12:47:10.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..do-backcompat-tlb21_31bf3856ad364e35_6.1.7601.17857_none_490a285608db206e
14/2/2020 - 12:47:10.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..do-backcompat-tlb25_31bf3856ad364e35_6.1.7601.17514_none_490721c608dddcf4
14/2/2020 - 12:47:10.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..do-backcompat-tlb25_31bf3856ad364e35_6.1.7601.17514_none_490721c608dddcf4
14/2/2020 - 12:47:10.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:11.90Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:11.137Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:11.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..do-backcompat-tlb60_31bf3856ad364e35_6.1.7601.22012_none_4b8ac82520b0fb2e
14/2/2020 - 12:47:11.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..do-backcompat-tlb60_31bf3856ad364e35_6.1.7601.22012_none_4b8ac82520b0fb2e
14/2/2020 - 12:47:11.278Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:11.418Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:11.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..enter-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3c189a492325efa9
14/2/2020 - 12:47:11.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..enter-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3c189a492325efa9
14/2/2020 - 12:47:11.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ents-mdac-ado15-rll_31bf3856ad364e35_6.1.7600.16385_none_6e5b38b18659f6df
14/2/2020 - 12:47:11.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ents-mdac-ado15-rll_31bf3856ad364e35_6.1.7600.16385_none_6e5b38b18659f6df
14/2/2020 - 12:47:11.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ents-mdac-oledb-jvs_31bf3856ad364e35_6.1.7600.16385_none_5063b7c415805c24
14/2/2020 - 12:47:11.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ents-mdac-oledb-jvs_31bf3856ad364e35_6.1.7600.16385_none_5063b7c415805c24
14/2/2020 - 12:47:11.559Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:11.653Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:11.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ents-mdac-rds-isapi_31bf3856ad364e35_6.1.7601.17514_none_ce7c6ea90d6c478a
14/2/2020 - 12:47:11.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ents-mdac-rds-isapi_31bf3856ad364e35_6.1.7601.17514_none_ce7c6ea90d6c478a
14/2/2020 - 12:47:11.793Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:11.934Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:11.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_6.1.7601.17514_none_b8bffa4921e2a435
14/2/2020 - 12:47:11.981Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_6.1.7601.17514_none_b8bffa4921e2a435
14/2/2020 - 12:47:12.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_6.1.7601.17514_none_b8bffa4921e2a435
14/2/2020 - 12:47:12.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.1.7601.19091_none_9cf6b76076678903
14/2/2020 - 12:47:12.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.1.7601.19091_none_9cf6b76076678903
14/2/2020 - 12:47:12.122Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:12.168Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:12.262Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:12.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..nents-mdac-ado15-rh_31bf3856ad364e35_6.1.7600.16385_none_8fcb05776848745b
14/2/2020 - 12:47:12.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..nents-mdac-ado15-rh_31bf3856ad364e35_6.1.7600.16385_none_8fcb05776848745b
14/2/2020 - 12:47:12.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..nistrator.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_12e332afc06bfcc0
14/2/2020 - 12:47:12.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..nistrator.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_12e332afc06bfcc0
14/2/2020 - 12:47:12.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ntationsettings-adm_31bf3856ad364e35_6.1.7600.16385_none_beb16d1f6f065720
14/2/2020 - 12:47:12.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ntationsettings-adm_31bf3856ad364e35_6.1.7600.16385_none_beb16d1f6f065720
14/2/2020 - 12:47:12.403Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:12.543Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:12.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..oledb-rll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d509f524801c5219
14/2/2020 - 12:47:12.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..oledb-rll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d509f524801c5219
14/2/2020 - 12:47:12.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_d911df4e81059b22
14/2/2020 - 12:47:12.590Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_d911df4e81059b22
14/2/2020 - 12:47:12.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_d911df4e81059b22\doskey.exe
14/2/2020 - 12:47:12.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_d911df4e81059b22\doskey.exe
14/2/2020 - 12:47:12.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_d911df4e81059b22\doskey.exe
14/2/2020 - 12:47:12.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_d911df4e81059b22\doskey.exe
14/2/2020 - 12:47:12.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_d911df4e81059b22\find.exe
14/2/2020 - 12:47:12.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_d911df4e81059b22\find.exe
14/2/2020 - 12:47:12.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_d911df4e81059b22\find.exe
14/2/2020 - 12:47:12.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_d911df4e81059b22\find.exe
14/2/2020 - 12:47:12.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_d911df4e81059b22
14/2/2020 - 12:47:12.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..onents-mdac-ado15-r_31bf3856ad364e35_6.1.7601.17857_none_52daa17154935e39
14/2/2020 - 12:47:12.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..onents-mdac-ado15-r_31bf3856ad364e35_6.1.7601.17857_none_52daa17154935e39
14/2/2020 - 12:47:12.825Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:12.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c
14/2/2020 - 12:47:12.918Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c
14/2/2020 - 12:47:12.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c\MigAutoPlay.exe
14/2/2020 - 12:47:13.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c\MigAutoPlay.exeMigAutoPlay.exe
14/2/2020 - 12:47:13.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c\MigAutoPlay.exe
14/2/2020 - 12:47:13.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c\MigAutoPlay.exe
14/2/2020 - 12:47:13.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c\MigAutoPlay.exe
14/2/2020 - 12:47:13.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c\migwiz.exe
14/2/2020 - 12:47:13.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c\migwiz.exe
14/2/2020 - 12:47:13.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c\migwiz.exe
14/2/2020 - 12:47:13.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c\migwiz.exe
14/2/2020 - 12:47:13.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c\PostMig.exe
14/2/2020 - 12:47:13.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c\PostMig.exe
14/2/2020 - 12:47:13.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c\PostMig.exe
14/2/2020 - 12:47:13.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c\PostMig.exe
14/2/2020 - 12:47:13.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c
14/2/2020 - 12:47:13.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..providers.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b9c01b4a5521dbd1
14/2/2020 - 12:47:13.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..providers.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b9c01b4a5521dbd1
14/2/2020 - 12:47:13.106Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:13.247Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:13.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..qlxml-rll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_515154d8886748bc
14/2/2020 - 12:47:13.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..qlxml-rll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_515154d8886748bc
14/2/2020 - 12:47:13.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..rds-datacontrol-dll_31bf3856ad364e35_6.1.7601.17514_none_22307ca34c725b74
14/2/2020 - 12:47:13.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..rds-datacontrol-dll_31bf3856ad364e35_6.1.7601.17514_none_22307ca34c725b74
14/2/2020 - 12:47:13.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..remote-provider-dll_31bf3856ad364e35_6.1.7601.17514_none_064a0b28b6145bf1
14/2/2020 - 12:47:13.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..remote-provider-dll_31bf3856ad364e35_6.1.7601.17514_none_064a0b28b6145bf1
14/2/2020 - 12:47:13.387Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:13.434Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:13.481Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:13.622Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:13.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..rsist-rll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b98e44881c067ed1
14/2/2020 - 12:47:13.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..rsist-rll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b98e44881c067ed1
14/2/2020 - 12:47:13.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..s-mdac-odbcconf-exe_31bf3856ad364e35_6.1.7600.16385_none_696bcc240bce3ca9
14/2/2020 - 12:47:13.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..s-mdac-odbcconf-exe_31bf3856ad364e35_6.1.7600.16385_none_696bcc240bce3ca9
14/2/2020 - 12:47:13.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..s-mdac-odbcconf-rsp_31bf3856ad364e35_6.1.7600.16385_none_66bc10f20d95a68e
14/2/2020 - 12:47:13.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..s-mdac-odbcconf-rsp_31bf3856ad364e35_6.1.7600.16385_none_66bc10f20d95a68e
14/2/2020 - 12:47:13.715Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:13.856Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:13.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..simple-provider-dll_31bf3856ad364e35_6.1.7601.17632_none_1d9f86bbdba43945
14/2/2020 - 12:47:13.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..simple-provider-dll_31bf3856ad364e35_6.1.7601.17632_none_1d9f86bbdba43945
14/2/2020 - 12:47:13.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..sor-library-unicode_31bf3856ad364e35_6.1.7600.16385_none_ccc779efa84d2be1
14/2/2020 - 12:47:13.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..sor-library-unicode_31bf3856ad364e35_6.1.7600.16385_none_ccc779efa84d2be1
14/2/2020 - 12:47:13.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..sor-library-unicode_31bf3856ad364e35_6.1.7601.17632_none_cee0ef31a54db1d6
14/2/2020 - 12:47:13.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..sor-library-unicode_31bf3856ad364e35_6.1.7601.17632_none_cee0ef31a54db1d6
14/2/2020 - 12:47:13.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:14.137Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:14.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ty-backcompat-tlb28_31bf3856ad364e35_6.1.7600.16385_none_0dbc842397c12a93
14/2/2020 - 12:47:14.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ty-backcompat-tlb28_31bf3856ad364e35_6.1.7600.16385_none_0dbc842397c12a93
14/2/2020 - 12:47:14.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..update-genuineintel_31bf3856ad364e35_6.1.7601.17514_none_1ae611d0c8ecd885
14/2/2020 - 12:47:14.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..update-genuineintel_31bf3856ad364e35_6.1.7601.17514_none_1ae611d0c8ecd885
14/2/2020 - 12:47:14.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..uxiliarydisplay-cpl_31bf3856ad364e35_6.1.7601.17514_none_57b024ef8c87f52b
14/2/2020 - 12:47:14.184Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..uxiliarydisplay-cpl_31bf3856ad364e35_6.1.7601.17514_none_57b024ef8c87f52b
14/2/2020 - 12:47:14.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..uxiliarydisplay-cpl_31bf3856ad364e35_6.1.7601.17514_none_57b024ef8c87f52b
14/2/2020 - 12:47:14.278Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:14.418Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:14.465Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:14.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..vider-rll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d5de9c5a3ac038b9
14/2/2020 - 12:47:14.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..vider-rll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d5de9c5a3ac038b9
14/2/2020 - 12:47:14.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..yer-wmasf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b883489eba7608ad
14/2/2020 - 12:47:14.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..yer-wmasf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b883489eba7608ad
14/2/2020 - 12:47:14.606Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:14.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.1.7601.21719_none_d865cffc88454a4e
14/2/2020 - 12:47:14.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.1.7601.21719_none_d865cffc88454a4e
14/2/2020 - 12:47:14.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-main.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0b355a6668263460
14/2/2020 - 12:47:14.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-main.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0b355a6668263460
14/2/2020 - 12:47:14.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-media-mp3acm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_88c81fc3175367df
14/2/2020 - 12:47:14.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-media-mp3acm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_88c81fc3175367df
14/2/2020 - 12:47:14.747Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:14.887Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:15.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.17514_none_fa8534ab236134c4
14/2/2020 - 12:47:15.28Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.17514_none_fa8534ab236134c4
14/2/2020 - 12:47:15.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.17514_none_fa8534ab236134c4
14/2/2020 - 12:47:15.75Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:15.215Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:15.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-drm_31bf3856ad364e35_6.1.7601.17514_none_cc5420b1db6c788a
14/2/2020 - 12:47:15.309Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-drm_31bf3856ad364e35_6.1.7601.17514_none_cc5420b1db6c788a
14/2/2020 - 12:47:15.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-drm_31bf3856ad364e35_6.1.7601.17514_none_cc5420b1db6c788a
14/2/2020 - 12:47:15.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-mls_31bf3856ad364e35_6.1.7600.16385_none_ccd5c347dcbf5a63
14/2/2020 - 12:47:15.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-mls_31bf3856ad364e35_6.1.7600.16385_none_ccd5c347dcbf5a63
14/2/2020 - 12:47:15.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-vis_31bf3856ad364e35_6.1.7600.16385_none_ccdf0a39dcb6f18f
14/2/2020 - 12:47:15.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-vis_31bf3856ad364e35_6.1.7600.16385_none_ccdf0a39dcb6f18f
14/2/2020 - 12:47:15.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.1.7601.17514_none_025e28c93e6b1358
14/2/2020 - 12:47:15.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.1.7601.17514_none_025e28c93e6b1358
14/2/2020 - 12:47:15.403Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:15.543Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:15.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-wmpsrcwp_31bf3856ad364e35_6.1.7601.17514_none_6ead1ee558e2c6aa
14/2/2020 - 12:47:15.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-wmpsrcwp_31bf3856ad364e35_6.1.7601.17514_none_6ead1ee558e2c6aa
14/2/2020 - 12:47:15.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.1.7601.17514_none_6558893cec770b80
14/2/2020 - 12:47:15.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.1.7601.17514_none_6558893cec770b80
14/2/2020 - 12:47:15.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-wmvsdk_31bf3856ad364e35_6.1.7601.17514_none_04514cd13d40a393
14/2/2020 - 12:47:15.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-wmvsdk_31bf3856ad364e35_6.1.7601.17514_none_04514cd13d40a393
14/2/2020 - 12:47:15.684Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:15.731Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:15.918Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:15.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mfplat_31bf3856ad364e35_6.1.7600.16385_none_529f8a546d2657c9
14/2/2020 - 12:47:15.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mfplat_31bf3856ad364e35_6.1.7600.16385_none_529f8a546d2657c9
14/2/2020 - 12:47:16.59Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:16.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d
14/2/2020 - 12:47:16.200Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d
14/2/2020 - 12:47:16.247Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d
14/2/2020 - 12:47:16.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d
14/2/2020 - 12:47:16.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_69239340abbb38d0
14/2/2020 - 12:47:16.293Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_69239340abbb38d0
14/2/2020 - 12:47:16.340Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_69239340abbb38d0
14/2/2020 - 12:47:16.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_69239340abbb38d0
14/2/2020 - 12:47:16.387Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:16.528Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:16.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23136_none_694dbbdeab9bc956
14/2/2020 - 12:47:16.622Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23136_none_694dbbdeab9bc956
14/2/2020 - 12:47:16.668Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23136_none_694dbbdeab9bc956
14/2/2020 - 12:47:16.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23136_none_694dbbdeab9bc956
14/2/2020 - 12:47:16.762Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:16.903Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:17.43Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:17.184Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:17.231Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:17.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e3d3caff9933b424
14/2/2020 - 12:47:17.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e3d3caff9933b424
14/2/2020 - 12:47:17.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_c75396a474adbc87
14/2/2020 - 12:47:17.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_c75396a474adbc87
14/2/2020 - 12:47:17.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_zh-tw_45ba3c3f11126d07
14/2/2020 - 12:47:17.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_zh-tw_45ba3c3f11126d07
14/2/2020 - 12:47:17.372Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:17.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mmc-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2058043721a8f159
14/2/2020 - 12:47:17.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mmc-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2058043721a8f159
14/2/2020 - 12:47:17.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mmres.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_55ba8bba8b07fd89
14/2/2020 - 12:47:17.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mmres.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_55ba8bba8b07fd89
14/2/2020 - 12:47:17.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mmsys_31bf3856ad364e35_6.1.7601.17514_none_bc95cfaff5caa70e
14/2/2020 - 12:47:17.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mmsys_31bf3856ad364e35_6.1.7601.17514_none_bc95cfaff5caa70e
14/2/2020 - 12:47:17.512Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:17.653Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:17.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mobsyncexe_31bf3856ad364e35_6.1.7601.17514_none_4d76defd6af4a83e
14/2/2020 - 12:47:17.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mobsyncexe_31bf3856ad364e35_6.1.7601.17514_none_4d76defd6af4a83e\mobsync.exe
14/2/2020 - 12:47:17.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mobsyncexe_31bf3856ad364e35_6.1.7601.17514_none_4d76defd6af4a83e\mobsync.exe
14/2/2020 - 12:47:17.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mobsyncexe_31bf3856ad364e35_6.1.7601.17514_none_4d76defd6af4a83e\mobsync.exe
14/2/2020 - 12:47:17.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mobsyncexe_31bf3856ad364e35_6.1.7601.17514_none_4d76defd6af4a83e\mobsync.exe
14/2/2020 - 12:47:17.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mobsyncexe_31bf3856ad364e35_6.1.7601.17514_none_4d76defd6af4a83e
14/2/2020 - 12:47:17.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.1.7601.18741_none_509aa6971dc06992
14/2/2020 - 12:47:17.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.1.7601.18741_none_509aa6971dc06992
14/2/2020 - 12:47:17.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mountvol.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_e334b9c2486eaf49
14/2/2020 - 12:47:17.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mountvol.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_e334b9c2486eaf49
14/2/2020 - 12:47:17.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mp3dmod_31bf3856ad364e35_6.1.7601.19091_none_4ae77809f08fc04b
14/2/2020 - 12:47:17.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mp3dmod_31bf3856ad364e35_6.1.7601.19091_none_4ae77809f08fc04b
14/2/2020 - 12:47:17.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mp43decd_31bf3856ad364e35_6.1.7600.16385_none_10281d340ae2249d
14/2/2020 - 12:47:17.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mp43decd_31bf3856ad364e35_6.1.7600.16385_none_10281d340ae2249d
14/2/2020 - 12:47:17.793Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:17.934Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:18.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mpg4decd_31bf3856ad364e35_6.1.7601.19091_none_be71dc6c78ed2fe3
14/2/2020 - 12:47:18.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mpg4decd_31bf3856ad364e35_6.1.7601.19091_none_be71dc6c78ed2fe3
14/2/2020 - 12:47:18.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mpr_31bf3856ad364e35_6.1.7600.16385_none_09cabb1971a25848
14/2/2020 - 12:47:18.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mpr_31bf3856ad364e35_6.1.7600.16385_none_09cabb1971a25848
14/2/2020 - 12:47:18.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mrc_31bf3856ad364e35_6.1.7600.16385_none_0323a1d775e947a1
14/2/2020 - 12:47:18.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mrc_31bf3856ad364e35_6.1.7600.16385_none_0323a1d775e947a1
14/2/2020 - 12:47:18.75Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:18.215Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:18.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.18637_none_2555cbe18f1a99ac
14/2/2020 - 12:47:18.309Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.18637_none_2555cbe18f1a99ac
14/2/2020 - 12:47:18.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.18637_none_2555cbe18f1a99ac\auditpol.exe
14/2/2020 - 12:47:18.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.18637_none_2555cbe18f1a99ac\auditpol.exe
14/2/2020 - 12:47:18.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.18637_none_2555cbe18f1a99ac\auditpol.exe
14/2/2020 - 12:47:18.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.18637_none_2555cbe18f1a99ac\auditpol.exe
14/2/2020 - 12:47:18.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.18637_none_2555cbe18f1a99ac
14/2/2020 - 12:47:18.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.18933_none_2551d06b8f1e2bc5
14/2/2020 - 12:47:18.403Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.18933_none_2551d06b8f1e2bc5
14/2/2020 - 12:47:18.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.18933_none_2551d06b8f1e2bc5
14/2/2020 - 12:47:18.497Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:18.543Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:18.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.22843_none_25d0997ea843ed32
14/2/2020 - 12:47:18.684Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.22843_none_25d0997ea843ed32
14/2/2020 - 12:47:18.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.22843_none_25d0997ea843ed32
14/2/2020 - 12:47:18.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.23017_none_25f4e472a8282f24
14/2/2020 - 12:47:18.731Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.23017_none_25f4e472a8282f24
14/2/2020 - 12:47:18.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.23017_none_25f4e472a8282f24
14/2/2020 - 12:47:18.778Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:18.918Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:19.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.23452_none_25c4aae8a84d14d1
14/2/2020 - 12:47:19.59Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.23452_none_25c4aae8a84d14d1
14/2/2020 - 12:47:19.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.23452_none_25c4aae8a84d14d1
14/2/2020 - 12:47:19.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msdt.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_9a20b76a88ee2ac1
14/2/2020 - 12:47:19.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msdt.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_9a20b76a88ee2ac1
14/2/2020 - 12:47:19.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msdt_31bf3856ad364e35_6.1.7600.16385_none_0177539a37378025
14/2/2020 - 12:47:19.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msdt_31bf3856ad364e35_6.1.7600.16385_none_0177539a37378025
14/2/2020 - 12:47:19.106Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:19.247Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:19.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msieftp_31bf3856ad364e35_6.1.7601.18300_none_74817e0f647cc03b
14/2/2020 - 12:47:19.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msieftp_31bf3856ad364e35_6.1.7601.18300_none_74817e0f647cc03b
14/2/2020 - 12:47:19.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msieftp_31bf3856ad364e35_6.1.7601.22496_none_74afcd4a7dddf388
14/2/2020 - 12:47:19.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msieftp_31bf3856ad364e35_6.1.7601.22496_none_74afcd4a7dddf388
14/2/2020 - 12:47:19.387Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:19.528Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:19.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_6.1.7601.17514_none_0a026c46104dd379
14/2/2020 - 12:47:19.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_6.1.7601.17514_none_0a026c46104dd379
14/2/2020 - 12:47:19.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msmpeg2enc_31bf3856ad364e35_6.1.7601.23290_none_679285f0760218d8
14/2/2020 - 12:47:19.622Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msmpeg2enc_31bf3856ad364e35_6.1.7601.23290_none_679285f0760218d8
14/2/2020 - 12:47:19.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msmpeg2enc_31bf3856ad364e35_6.1.7601.23290_none_679285f0760218d8
14/2/2020 - 12:47:19.715Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:19.856Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:19.903Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:20.43Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:20.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mssip32-dll_31bf3856ad364e35_6.1.7600.16385_none_d2562847b32f9711
14/2/2020 - 12:47:20.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mssip32-dll_31bf3856ad364e35_6.1.7600.16385_none_d2562847b32f9711
14/2/2020 - 12:47:20.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_2d4a27c7b8972454
14/2/2020 - 12:47:20.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_2d4a27c7b8972454
14/2/2020 - 12:47:20.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.17744_none_2f5acf97b59df60f
14/2/2020 - 12:47:20.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.17744_none_2f5acf97b59df60f
14/2/2020 - 12:47:20.184Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:20.325Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:20.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mulanttsvoicecommon_31bf3856ad364e35_6.1.7600.16385_none_3dde63977b9c6a62
14/2/2020 - 12:47:20.465Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mulanttsvoicecommon_31bf3856ad364e35_6.1.7600.16385_none_3dde63977b9c6a62
14/2/2020 - 12:47:20.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mulanttsvoicecommon_31bf3856ad364e35_6.1.7600.16385_none_3dde63977b9c6a62
14/2/2020 - 12:47:20.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mydocs.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9a8a2970d80be46e
14/2/2020 - 12:47:20.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mydocs.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9a8a2970d80be46e
14/2/2020 - 12:47:20.512Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:20.653Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:20.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..-netnwifi.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_633ae0e46db5eabc
14/2/2020 - 12:47:20.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..-netnwifi.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_633ae0e46db5eabc
14/2/2020 - 12:47:20.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..-statusui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a1a97498082db83d
14/2/2020 - 12:47:20.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..-statusui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a1a97498082db83d
14/2/2020 - 12:47:20.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..35wpfcomp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c7063ada095f559a
14/2/2020 - 12:47:20.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..35wpfcomp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c7063ada095f559a
14/2/2020 - 12:47:20.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..ction-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_812bea5ea813e40d
14/2/2020 - 12:47:20.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..ction-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_812bea5ea813e40d
14/2/2020 - 12:47:20.793Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:20.981Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:21.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006
14/2/2020 - 12:47:21.28Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006
14/2/2020 - 12:47:21.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006
14/2/2020 - 12:47:21.122Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:21.168Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:21.309Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:21.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..ion-agent.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_737a440a4b8e1f34
14/2/2020 - 12:47:21.356Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..ion-agent.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_737a440a4b8e1f34
14/2/2020 - 12:47:21.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..ion-agent.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_737a440a4b8e1f34
14/2/2020 - 12:47:21.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..ion-netsh.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_281191c161ac3c2d
14/2/2020 - 12:47:21.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..ion-netsh.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_281191c161ac3c2d
14/2/2020 - 12:47:21.497Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:21.637Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:21.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_247cf4623cbc3e5e
14/2/2020 - 12:47:21.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_247cf4623cbc3e5e
14/2/2020 - 12:47:21.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..nts-netsh.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a820648e82846599
14/2/2020 - 12:47:21.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..nts-netsh.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a820648e82846599
14/2/2020 - 12:47:21.731Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:21.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..omain-clients-netsh_31bf3856ad364e35_6.1.7601.17514_none_58884da45b10f345
14/2/2020 - 12:47:21.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..omain-clients-netsh_31bf3856ad364e35_6.1.7601.17514_none_58884da45b10f345
14/2/2020 - 12:47:21.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..rojection.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_72777cd528d89830
14/2/2020 - 12:47:21.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..rojection.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_72777cd528d89830
14/2/2020 - 12:47:21.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..s-package.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_fbebbc1222e292ba
14/2/2020 - 12:47:21.872Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..s-package.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_fbebbc1222e292ba
14/2/2020 - 12:47:21.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..s-package.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_fbebbc1222e292ba
14/2/2020 - 12:47:21.918Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:22.59Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:22.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..structure.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4bcb6c9e160f117b
14/2/2020 - 12:47:22.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..structure.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4bcb6c9e160f117b
14/2/2020 - 12:47:22.200Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:22.247Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:22.387Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:22.481Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.22731_pt-br_63b5d9762ed499cb
14/2/2020 - 12:47:22.481Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.22731_pt-br_63b5d9762ed499cb
14/2/2020 - 12:47:22.528Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.22731_pt-br_63b5d9762ed499cb
14/2/2020 - 12:47:22.575Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.22731_pt-br_63b5d9762ed499cb
14/2/2020 - 12:47:22.622Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.22731_pt-br_63b5d9762ed499cb
14/2/2020 - 12:47:22.668Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.22731_pt-br_63b5d9762ed499cb
14/2/2020 - 12:47:22.715Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.22731_pt-br_63b5d9762ed499cb
14/2/2020 - 12:47:22.762Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.22731_pt-br_63b5d9762ed499cb
14/2/2020 - 12:47:22.809Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.22731_pt-br_63b5d9762ed499cb
14/2/2020 - 12:47:22.856Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.22731_pt-br_63b5d9762ed499cb
14/2/2020 - 12:47:22.903Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.22731_pt-br_63b5d9762ed499cb
14/2/2020 - 12:47:22.950Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.22731_pt-br_63b5d9762ed499cb
14/2/2020 - 12:47:22.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.22731_pt-br_63b5d9762ed499cb
14/2/2020 - 12:47:22.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-native-80211_31bf3856ad364e35_6.1.7600.16385_none_aafd9ab7a8a38ce7
14/2/2020 - 12:47:22.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-native-80211_31bf3856ad364e35_6.1.7600.16385_none_aafd9ab7a8a38ce7
14/2/2020 - 12:47:22.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncdprop.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e4d572101dcce959
14/2/2020 - 12:47:22.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncdprop.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e4d572101dcce959
14/2/2020 - 12:47:22.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncdprop_31bf3856ad364e35_6.1.7600.16385_none_afaaadda29b44241
14/2/2020 - 12:47:22.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncdprop_31bf3856ad364e35_6.1.7600.16385_none_afaaadda29b44241
14/2/2020 - 12:47:23.43Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:23.184Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:23.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.18923_none_bbf87b9b0844a9bb
14/2/2020 - 12:47:23.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.18923_none_bbf87b9b0844a9bb
14/2/2020 - 12:47:23.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.22099_none_bc3c57b22195c1a0
14/2/2020 - 12:47:23.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.22099_none_bc3c57b22195c1a0
14/2/2020 - 12:47:23.325Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:23.465Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:23.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.22923_none_bc82168021624c5e
14/2/2020 - 12:47:23.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.22923_none_bc82168021624c5e
14/2/2020 - 12:47:23.606Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:23.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.23452_none_bc60862c217baeb8
14/2/2020 - 12:47:23.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.23452_none_bc60862c217baeb8
14/2/2020 - 12:47:23.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nddeapi.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3a891bbab0268481
14/2/2020 - 12:47:23.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nddeapi.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3a891bbab0268481
14/2/2020 - 12:47:23.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ndis-packetcapture_31bf3856ad364e35_6.1.7600.16385_none_42f0a15ff0f021a4
14/2/2020 - 12:47:23.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ndis-packetcapture_31bf3856ad364e35_6.1.7600.16385_none_42f0a15ff0f021a4
14/2/2020 - 12:47:23.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_6.1.7601.17514_none_9c3aecd33c2750cf
14/2/2020 - 12:47:23.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_6.1.7601.17514_none_9c3aecd33c2750cf
14/2/2020 - 12:47:23.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ndishelperclass_31bf3856ad364e35_6.1.7600.16385_none_c6f86bb79ad6ad75
14/2/2020 - 12:47:23.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ndishelperclass_31bf3856ad364e35_6.1.7600.16385_none_c6f86bb79ad6ad75
14/2/2020 - 12:47:23.747Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:23.887Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:23.934Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:23.981Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:24.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a
14/2/2020 - 12:47:24.75Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a
14/2/2020 - 12:47:24.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a
14/2/2020 - 12:47:24.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netapi32_31bf3856ad364e35_6.1.7601.17514_none_eb5a2082182f6873
14/2/2020 - 12:47:24.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netapi32_31bf3856ad364e35_6.1.7601.17514_none_eb5a2082182f6873
14/2/2020 - 12:47:24.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netapi32_31bf3856ad364e35_6.1.7601.17887_none_eb11779e18656f84
14/2/2020 - 12:47:24.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netapi32_31bf3856ad364e35_6.1.7601.17887_none_eb11779e18656f84
14/2/2020 - 12:47:24.168Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:24.309Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:24.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netcoinstaller_31bf3856ad364e35_6.1.7601.17514_none_5548538513d25a9a
14/2/2020 - 12:47:24.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netcoinstaller_31bf3856ad364e35_6.1.7601.17514_none_5548538513d25a9a
14/2/2020 - 12:47:24.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netevent.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e019a57a41fc5bd6
14/2/2020 - 12:47:24.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netevent.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e019a57a41fc5bd6
14/2/2020 - 12:47:24.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netevent_31bf3856ad364e35_6.1.7600.16385_none_b63b4a28843fd6da
14/2/2020 - 12:47:24.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netevent_31bf3856ad364e35_6.1.7600.16385_none_b63b4a28843fd6da
14/2/2020 - 12:47:24.450Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:24.590Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:24.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.1.7601.22457_none_b522b5a9e5288c86
14/2/2020 - 12:47:24.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.1.7601.22457_none_b522b5a9e5288c86
14/2/2020 - 12:47:24.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da
14/2/2020 - 12:47:24.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da
14/2/2020 - 12:47:24.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netpacerinf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5231d3c0d63fdac4
14/2/2020 - 12:47:24.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netpacerinf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5231d3c0d63fdac4
14/2/2020 - 12:47:24.731Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:24.872Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:24.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netprofui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b1ef1c320df5f613
14/2/2020 - 12:47:24.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netprofui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b1ef1c320df5f613
14/2/2020 - 12:47:24.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netshell_31bf3856ad364e35_6.1.7601.17514_none_33a9704224aa536e
14/2/2020 - 12:47:24.918Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netshell_31bf3856ad364e35_6.1.7601.17514_none_33a9704224aa536e
14/2/2020 - 12:47:24.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netshell_31bf3856ad364e35_6.1.7601.17514_none_33a9704224aa536e
14/2/2020 - 12:47:25.59Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:25.106Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:25.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-networktopology-inf_31bf3856ad364e35_6.1.7600.16385_none_964d9ab5bcef73d2
14/2/2020 - 12:47:25.200Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-networktopology-inf_31bf3856ad364e35_6.1.7600.16385_none_964d9ab5bcef73d2
14/2/2020 - 12:47:25.247Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-networktopology-inf_31bf3856ad364e35_6.1.7600.16385_none_964d9ab5bcef73d2
14/2/2020 - 12:47:25.293Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:25.434Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:25.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_6.1.7600.16385_none_ad5854ca0a23343d
14/2/2020 - 12:47:25.528Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_6.1.7600.16385_none_ad5854ca0a23343d
14/2/2020 - 12:47:25.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_6.1.7600.16385_none_ad5854ca0a23343d
14/2/2020 - 12:47:25.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_6.1.7601.17514_none_0b0882245933a065
14/2/2020 - 12:47:25.575Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_6.1.7601.17514_none_0b0882245933a065
14/2/2020 - 12:47:25.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_6.1.7601.17514_none_0b0882245933a065
14/2/2020 - 12:47:25.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a
14/2/2020 - 12:47:25.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a
14/2/2020 - 12:47:25.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nlahelperclass_31bf3856ad364e35_6.1.7600.16385_none_fa101593e19a831a
14/2/2020 - 12:47:25.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nlahelperclass_31bf3856ad364e35_6.1.7600.16385_none_fa101593e19a831a
14/2/2020 - 12:47:25.668Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:25.809Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:25.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-notepad_31bf3856ad364e35_6.1.7600.16385_none_cb0f7f2289b0c21a
14/2/2020 - 12:47:25.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-notepad_31bf3856ad364e35_6.1.7600.16385_none_cb0f7f2289b0c21a
14/2/2020 - 12:47:25.981Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:26.122Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:26.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nshhttp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_bd046ce9bdf22eee
14/2/2020 - 12:47:26.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nshhttp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_bd046ce9bdf22eee
14/2/2020 - 12:47:26.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nslookup.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d763185efb4e34d2
14/2/2020 - 12:47:26.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nslookup.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d763185efb4e34d2
14/2/2020 - 12:47:26.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ntdll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c625db40e286f7df
14/2/2020 - 12:47:26.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ntdll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c625db40e286f7df
14/2/2020 - 12:47:26.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7601.23338_none_b774ae8a2bf7af2c
14/2/2020 - 12:47:26.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7601.23338_none_b774ae8a2bf7af2c
14/2/2020 - 12:47:26.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7601.23418_none_b78a50482be77471
14/2/2020 - 12:47:26.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7601.23418_none_b78a50482be77471
14/2/2020 - 12:47:26.262Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:26.403Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:26.450Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:26.590Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:26.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-babygirl_31bf3856ad364e35_6.1.7600.16385_none_b2bd01695c9021fd
14/2/2020 - 12:47:26.684Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-babygirl_31bf3856ad364e35_6.1.7600.16385_none_b2bd01695c9021fd
14/2/2020 - 12:47:26.731Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-babygirl_31bf3856ad364e35_6.1.7600.16385_none_b2bd01695c9021fd
14/2/2020 - 12:47:26.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-babygirl_31bf3856ad364e35_6.1.7600.16385_none_b2bd01695c9021fd
14/2/2020 - 12:47:26.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-flippage_31bf3856ad364e35_6.1.7600.16385_none_0f19716417635239
14/2/2020 - 12:47:26.778Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-flippage_31bf3856ad364e35_6.1.7600.16385_none_0f19716417635239
14/2/2020 - 12:47:26.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-flippage_31bf3856ad364e35_6.1.7600.16385_none_0f19716417635239
14/2/2020 - 12:47:26.872Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:26.965Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:27.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-memories_31bf3856ad364e35_6.1.7600.16385_none_51190840a935f980
14/2/2020 - 12:47:27.59Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-memories_31bf3856ad364e35_6.1.7600.16385_none_51190840a935f980
14/2/2020 - 12:47:27.106Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-memories_31bf3856ad364e35_6.1.7600.16385_none_51190840a935f980
14/2/2020 - 12:47:27.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..disc-style-memories_31bf3856ad364e35_6.1.7600.16385_none_51190840a935f980
14/2/2020 - 12:47:27.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..files-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_df682956e81bcf8c
14/2/2020 - 12:47:27.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..files-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_df682956e81bcf8c
14/2/2020 - 12:47:27.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..iles-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6141dd4b6052c607
14/2/2020 - 12:47:27.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..iles-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6141dd4b6052c607
14/2/2020 - 12:47:27.200Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:27.340Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:27.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..nefiles-extend-apis_31bf3856ad364e35_6.1.7601.17514_none_eb18c2a64aeb3fb2
14/2/2020 - 12:47:27.434Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..nefiles-extend-apis_31bf3856ad364e35_6.1.7601.17514_none_eb18c2a64aeb3fb2
14/2/2020 - 12:47:27.481Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..nefiles-extend-apis_31bf3856ad364e35_6.1.7601.17514_none_eb18c2a64aeb3fb2
14/2/2020 - 12:47:27.481Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..sc-wizard.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_11c64d3b05996d4e
14/2/2020 - 12:47:27.481Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..sc-wizard.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_11c64d3b05996d4e
14/2/2020 - 12:47:27.528Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:27.668Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:27.715Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:27.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ocsetup.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0391369280366f70
14/2/2020 - 12:47:27.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ocsetup.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0391369280366f70
14/2/2020 - 12:47:27.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ocsetup_31bf3856ad364e35_6.1.7601.17514_none_41a3376575e751b4
14/2/2020 - 12:47:27.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ocsetup_31bf3856ad364e35_6.1.7601.17514_none_41a3376575e751b4
14/2/2020 - 12:47:27.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ole-automation-stdole2_31bf3856ad364e35_6.1.7600.16385_none_44cbb4eb32a6507b
14/2/2020 - 12:47:27.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ole-automation-stdole2_31bf3856ad364e35_6.1.7600.16385_none_44cbb4eb32a6507b
14/2/2020 - 12:47:27.856Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:27.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-oleacc_31bf3856ad364e35_6.1.7600.16385_none_c679af753c14c22a
14/2/2020 - 12:47:27.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-oleacc_31bf3856ad364e35_6.1.7600.16385_none_c679af753c14c22a
14/2/2020 - 12:47:27.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-onlineidcpl.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_dfa46f82557569b0
14/2/2020 - 12:47:27.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-onlineidcpl.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_dfa46f82557569b0
14/2/2020 - 12:47:27.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:28.137Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:28.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-openfiles.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d6e4d14cffaf1d4a
14/2/2020 - 12:47:28.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-openfiles.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d6e4d14cffaf1d4a
14/2/2020 - 12:47:28.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-opengl_31bf3856ad364e35_6.1.7600.16385_none_6ab9e7b9a318b3e8
14/2/2020 - 12:47:28.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-opengl_31bf3856ad364e35_6.1.7600.16385_none_6ab9e7b9a318b3e8
14/2/2020 - 12:47:28.278Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:28.418Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:28.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_ca56670fcac29ca9
14/2/2020 - 12:47:28.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_ca56670fcac29ca9
14/2/2020 - 12:47:28.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18409_none_ca661fbfcab61be5
14/2/2020 - 12:47:28.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18409_none_ca661fbfcab61be5\ntoskrnl.exe
14/2/2020 - 12:47:28.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18409_none_ca661fbfcab61be5\ntoskrnl.exe
14/2/2020 - 12:47:28.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18409_none_ca661fbfcab61be5\ntoskrnl.exe
14/2/2020 - 12:47:28.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18409_none_ca661fbfcab61be5\ntoskrnl.exe
14/2/2020 - 12:47:28.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18409_none_ca661fbfcab61be5
14/2/2020 - 12:47:28.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22616_none_cae1eda6e3de88c2
14/2/2020 - 12:47:28.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22616_none_cae1eda6e3de88c2
14/2/2020 - 12:47:28.606Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:28.747Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:28.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-osk_31bf3856ad364e35_6.1.7600.16385_none_06b1c513739fb828
14/2/2020 - 12:47:28.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-osk_31bf3856ad364e35_6.1.7600.16385_none_06b1c513739fb828
14/2/2020 - 12:47:28.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-osk_31bf3856ad364e35_6.1.7601.22722_none_095f904489b5db97
14/2/2020 - 12:47:28.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-osk_31bf3856ad364e35_6.1.7601.22722_none_095f904489b5db97
14/2/2020 - 12:47:28.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7601.18020_none_87fc392d0509276e
14/2/2020 - 12:47:28.793Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7601.18020_none_87fc392d0509276e
14/2/2020 - 12:47:28.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7601.18020_none_87fc392d0509276e
14/2/2020 - 12:47:28.934Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:28.981Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:29.75Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:29.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_da-dk_58a1f0f7e0539925
14/2/2020 - 12:47:29.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_da-dk_58a1f0f7e0539925
14/2/2020 - 12:47:29.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_el-gr_fe63b3c6d13f564d
14/2/2020 - 12:47:29.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_el-gr_fe63b3c6d13f564d
14/2/2020 - 12:47:29.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_fr-fr_a1412f0fc401018b
14/2/2020 - 12:47:29.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_fr-fr_a1412f0fc401018b
14/2/2020 - 12:47:29.215Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:29.356Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:29.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_nb-no_b98b024d58e3ebb6
14/2/2020 - 12:47:29.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_nb-no_b98b024d58e3ebb6
14/2/2020 - 12:47:29.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_ru-ru_47df73e1220cf52b
14/2/2020 - 12:47:29.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_ru-ru_47df73e1220cf52b
14/2/2020 - 12:47:29.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_sv-se_e3da5e561935ff86
14/2/2020 - 12:47:29.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_sv-se_e3da5e561935ff86
14/2/2020 - 12:47:29.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863
14/2/2020 - 12:47:29.403Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863
14/2/2020 - 12:47:29.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863
14/2/2020 - 12:47:29.543Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:29.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..alcontrolsmigration_31bf3856ad364e35_6.1.7600.16385_none_a722cd63cf18943a
14/2/2020 - 12:47:29.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..alcontrolsmigration_31bf3856ad364e35_6.1.7600.16385_none_a722cd63cf18943a
14/2/2020 - 12:47:29.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ecounters.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_83257d5a5dae7f33
14/2/2020 - 12:47:29.637Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ecounters.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_83257d5a5dae7f33
14/2/2020 - 12:47:29.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ecounters.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_83257d5a5dae7f33
14/2/2020 - 12:47:29.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..er-client.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2224af53979a5343
14/2/2020 - 12:47:29.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..er-client.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2224af53979a5343
14/2/2020 - 12:47:29.684Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:29.825Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:29.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..gssystems.resources_31bf3856ad364e35_6.1.7601.18020_pt-br_bbb4d65a5c5a10ea
14/2/2020 - 12:47:29.918Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..gssystems.resources_31bf3856ad364e35_6.1.7601.18020_pt-br_bbb4d65a5c5a10ea
14/2/2020 - 12:47:29.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..gssystems.resources_31bf3856ad364e35_6.1.7601.18020_pt-br_bbb4d65a5c5a10ea
14/2/2020 - 12:47:30.12Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:30.59Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:30.200Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:30.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ining-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_eb49a74e4d86810d
14/2/2020 - 12:47:30.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ining-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_eb49a74e4d86810d
14/2/2020 - 12:47:30.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6c3e8821d2b556c2
14/2/2020 - 12:47:30.293Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6c3e8821d2b556c2
14/2/2020 - 12:47:30.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6c3e8821d2b556c2
14/2/2020 - 12:47:30.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.1.7601.17514_none_347a450f0c8bd52d
14/2/2020 - 12:47:30.340Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.1.7601.17514_none_347a450f0c8bd52d
14/2/2020 - 12:47:30.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.1.7601.17514_none_347a450f0c8bd52d
14/2/2020 - 12:47:30.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..l-helpchm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_08b8fbcc040becd0
14/2/2020 - 12:47:30.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..l-helpchm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_08b8fbcc040becd0
14/2/2020 - 12:47:30.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ll-events.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_407a232be0b68ba6
14/2/2020 - 12:47:30.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ll-events.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_407a232be0b68ba6
14/2/2020 - 12:47:30.387Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:30.528Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:30.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.1.7601.17514_none_bf4980401574a899
14/2/2020 - 12:47:30.622Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.1.7601.17514_none_bf4980401574a899
14/2/2020 - 12:47:30.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.1.7601.17514_none_bf4980401574a899\diskperf.exe
14/2/2020 - 12:47:30.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.1.7601.17514_none_bf4980401574a899\diskperf.exe
14/2/2020 - 12:47:30.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.1.7601.17514_none_bf4980401574a899\diskperf.exe
14/2/2020 - 12:47:30.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.1.7601.17514_none_bf4980401574a899\diskperf.exe
14/2/2020 - 12:47:30.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.1.7601.17514_none_bf4980401574a899
14/2/2020 - 12:47:30.762Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:30.950Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:30.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ng-oleprn.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_107614d486e103ff
14/2/2020 - 12:47:30.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ng-oleprn.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_107614d486e103ff
14/2/2020 - 12:47:30.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..oler-core-isolation_31bf3856ad364e35_6.1.7601.17514_none_d21bb9d14b917922
14/2/2020 - 12:47:30.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..oler-core-isolation_31bf3856ad364e35_6.1.7601.17514_none_d21bb9d14b917922
14/2/2020 - 12:47:31.43Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:31.184Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:31.231Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:31.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..onhandler.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3e208e15d93e554e
14/2/2020 - 12:47:31.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..onhandler.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3e208e15d93e554e
14/2/2020 - 12:47:31.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.1.7601.21994_none_8e748687c2ac19e3
14/2/2020 - 12:47:31.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.1.7601.21994_none_8e748687c2ac19e3
14/2/2020 - 12:47:31.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.1.7601.17514_none_9799402887898e33
14/2/2020 - 12:47:31.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.1.7601.17514_none_9799402887898e33
14/2/2020 - 12:47:31.372Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:31.512Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:31.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..orkclient.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_171e3ba83d152cd9
14/2/2020 - 12:47:31.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..orkclient.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_171e3ba83d152cd9
14/2/2020 - 12:47:31.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..randprintui-asyncui_31bf3856ad364e35_6.1.7600.16385_none_d7d643c30bd72bf4
14/2/2020 - 12:47:31.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..randprintui-asyncui_31bf3856ad364e35_6.1.7600.16385_none_d7d643c30bd72bf4
14/2/2020 - 12:47:31.606Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:31.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..rgrouping.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ec2ca2554573b0d1
14/2/2020 - 12:47:31.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..rgrouping.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ec2ca2554573b0d1
14/2/2020 - 12:47:31.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..rshell-wsman-plugin_31bf3856ad364e35_6.1.7600.16385_none_d3042fff0275f347
14/2/2020 - 12:47:31.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..rshell-wsman-plugin_31bf3856ad364e35_6.1.7600.16385_none_d3042fff0275f347
14/2/2020 - 12:47:31.747Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:31.887Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:31.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..st-common.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c822cec662035a29
14/2/2020 - 12:47:31.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..st-common.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c822cec662035a29
14/2/2020 - 12:47:32.28Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:32.122Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:32.168Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:32.215Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:32.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..talcontrolssettings_31bf3856ad364e35_6.1.7601.18020_none_5203848d261acdb0
14/2/2020 - 12:47:32.309Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..talcontrolssettings_31bf3856ad364e35_6.1.7601.18020_none_5203848d261acdb0
14/2/2020 - 12:47:32.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..talcontrolssettings_31bf3856ad364e35_6.1.7601.18020_none_5203848d261acdb0
14/2/2020 - 12:47:32.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..talcontrolssettings_31bf3856ad364e35_6.1.7601.22183_none_524f42ae3f666125
14/2/2020 - 12:47:32.356Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..talcontrolssettings_31bf3856ad364e35_6.1.7601.22183_none_524f42ae3f666125
14/2/2020 - 12:47:32.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..talcontrolssettings_31bf3856ad364e35_6.1.7601.22183_none_524f42ae3f666125
14/2/2020 - 12:47:32.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_6.1.7601.17514_none_dfe02de35bf41e0b
14/2/2020 - 12:47:32.403Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_6.1.7601.17514_none_dfe02de35bf41e0b
14/2/2020 - 12:47:32.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_6.1.7601.17514_none_dfe02de35bf41e0b
14/2/2020 - 12:47:32.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ting-wsdportmonitor_31bf3856ad364e35_6.1.7600.16385_none_72c835d4f94a47fe
14/2/2020 - 12:47:32.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ting-wsdportmonitor_31bf3856ad364e35_6.1.7600.16385_none_72c835d4f94a47fe
14/2/2020 - 12:47:32.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..tomizationsnonwinpe_31bf3856ad364e35_6.1.7601.17514_none_29f4eed2a5d64c25
14/2/2020 - 12:47:32.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..tomizationsnonwinpe_31bf3856ad364e35_6.1.7601.17514_none_29f4eed2a5d64c25
14/2/2020 - 12:47:32.497Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:32.637Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:32.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-packager_31bf3856ad364e35_6.1.7601.22853_none_4c935dc8009cb27f
14/2/2020 - 12:47:32.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-packager_31bf3856ad364e35_6.1.7601.22853_none_4c935dc8009cb27f
14/2/2020 - 12:47:32.778Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:32.918Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:32.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-parentalcontrolspanel_31bf3856ad364e35_6.1.7601.17514_none_ff675a2d4d66d4bc
14/2/2020 - 12:47:32.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-parentalcontrolspanel_31bf3856ad364e35_6.1.7601.17514_none_ff675a2d4d66d4bc
14/2/2020 - 12:47:33.59Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:33.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrpautoreg_31bf3856ad364e35_6.1.7600.16385_none_3ed59563383363e7
14/2/2020 - 12:47:33.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrpautoreg_31bf3856ad364e35_6.1.7600.16385_none_3ed59563383363e7
14/2/2020 - 12:47:33.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-perfcentercpl-adm_31bf3856ad364e35_6.1.7600.16385_none_8c6369e7fc1e6e9d
14/2/2020 - 12:47:33.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-perfcentercpl-adm_31bf3856ad364e35_6.1.7600.16385_none_8c6369e7fc1e6e9d
14/2/2020 - 12:47:33.200Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:33.340Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:33.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-performance.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a44498449e27562b
14/2/2020 - 12:47:33.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-performance.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a44498449e27562b
14/2/2020 - 12:47:33.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7601.17514_none_fa2fc39ab7937a51
14/2/2020 - 12:47:33.434Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7601.17514_none_fa2fc39ab7937a51
14/2/2020 - 12:47:33.481Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7601.17514_none_fa2fc39ab7937a51\perfmon.exe
14/2/2020 - 12:47:33.481Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7601.17514_none_fa2fc39ab7937a51\perfmon.exe
14/2/2020 - 12:47:33.481Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7601.17514_none_fa2fc39ab7937a51\perfmon.exe
14/2/2020 - 12:47:33.481Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7601.17514_none_fa2fc39ab7937a51\perfmon.exe
14/2/2020 - 12:47:33.481Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7601.17514_none_fa2fc39ab7937a51\resmon.exe
14/2/2020 - 12:47:33.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7601.17514_none_fa2fc39ab7937a51\resmon.exe
14/2/2020 - 12:47:33.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7601.17514_none_fa2fc39ab7937a51\resmon.exe
14/2/2020 - 12:47:33.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7601.17514_none_fa2fc39ab7937a51\resmon.exe
14/2/2020 - 12:47:33.528Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7601.17514_none_fa2fc39ab7937a51
14/2/2020 - 12:47:33.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-photo-image-codec_31bf3856ad364e35_7.1.7601.18742_none_eeadac95e75f3e9d
14/2/2020 - 12:47:33.528Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-photo-image-codec_31bf3856ad364e35_7.1.7601.18742_none_eeadac95e75f3e9d
14/2/2020 - 12:47:33.575Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:33.622Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:33.762Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:33.903Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:34.43Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:34.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnpibs_31bf3856ad364e35_6.1.7600.16385_none_9def6e0a85a22ddf
14/2/2020 - 12:47:34.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnpibs_31bf3856ad364e35_6.1.7600.16385_none_9def6e0a85a22ddf
14/2/2020 - 12:47:34.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnpsysprep_31bf3856ad364e35_6.1.7601.17514_none_9fe380ebcdb1e969
14/2/2020 - 12:47:34.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnpsysprep_31bf3856ad364e35_6.1.7601.17514_none_9fe380ebcdb1e969
14/2/2020 - 12:47:34.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnpui_31bf3856ad364e35_6.1.7600.16385_none_bacc830144fa7791
14/2/2020 - 12:47:34.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnpui_31bf3856ad364e35_6.1.7600.16385_none_bacc830144fa7791
14/2/2020 - 12:47:34.184Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:34.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-printerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_21b432d7b46a7554
14/2/2020 - 12:47:34.325Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-printerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_21b432d7b46a7554
14/2/2020 - 12:47:34.372Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-printerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_21b432d7b46a7554
14/2/2020 - 12:47:34.418Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-printerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_21b432d7b46a7554
14/2/2020 - 12:47:34.465Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-printerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_21b432d7b46a7554
14/2/2020 - 12:47:34.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-printerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_21b432d7b46a7554
14/2/2020 - 12:47:34.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-printing-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7ef3095478f37c35
14/2/2020 - 12:47:34.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-printing-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7ef3095478f37c35
14/2/2020 - 12:47:34.512Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:34.653Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:34.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-printing-localprinting_31bf3856ad364e35_6.1.7600.16385_none_2838be9345011bd1
14/2/2020 - 12:47:34.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-printing-localprinting_31bf3856ad364e35_6.1.7600.16385_none_2838be9345011bd1
14/2/2020 - 12:47:34.793Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:34.934Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:34.981Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:35.122Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:35.262Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:35.403Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:35.543Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:35.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..bilityanalysisrules_31bf3856ad364e35_6.1.7601.17514_none_85194071b6440c78
14/2/2020 - 12:47:35.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..bilityanalysisrules_31bf3856ad364e35_6.1.7601.17514_none_85194071b6440c78
14/2/2020 - 12:47:35.637Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:35.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..erycenter.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e542c5b508c2205b
14/2/2020 - 12:47:35.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..erycenter.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e542c5b508c2205b
14/2/2020 - 12:47:35.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8bd35606a4829433
14/2/2020 - 12:47:35.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8bd35606a4829433
14/2/2020 - 12:47:35.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..ienttools.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5f62da4548778e09
14/2/2020 - 12:47:35.778Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..ienttools.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5f62da4548778e09
14/2/2020 - 12:47:35.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..ienttools.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5f62da4548778e09
14/2/2020 - 12:47:35.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..ility-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_51a554fb02ac7eec
14/2/2020 - 12:47:35.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..ility-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_51a554fb02ac7eec
14/2/2020 - 12:47:35.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..izard-mui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ec06c7db2788ac3b
14/2/2020 - 12:47:35.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..izard-mui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ec06c7db2788ac3b
14/2/2020 - 12:47:35.825Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:36.12Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:36.59Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:36.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..l-cmdline.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d3948d689c22bb3e
14/2/2020 - 12:47:36.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..l-cmdline.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d3948d689c22bb3e
14/2/2020 - 12:47:36.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..ne-editor.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_112dc96785b932a0
14/2/2020 - 12:47:36.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..ne-editor.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_112dc96785b932a0
14/2/2020 - 12:47:36.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..rtmanager.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_89d2e9595ee908f7
14/2/2020 - 12:47:36.153Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..rtmanager.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_89d2e9595ee908f7
14/2/2020 - 12:47:36.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..rtmanager.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_89d2e9595ee908f7
14/2/2020 - 12:47:36.247Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:36.340Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:36.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.22750_none_8e0e772437b077cc
14/2/2020 - 12:47:36.434Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.22750_none_8e0e772437b077cc
14/2/2020 - 12:47:36.481Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.22750_none_8e0e772437b077cc
14/2/2020 - 12:47:36.481Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_7.1.7601.19107_none_7f3247faa94ace5b
14/2/2020 - 12:47:36.481Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_7.1.7601.19107_none_7f3247faa94ace5b
14/2/2020 - 12:47:36.528Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_7.1.7601.19107_none_7f3247faa94ace5b
14/2/2020 - 12:47:36.575Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:36.715Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:36.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_7.2.7601.16415_none_3791aa0f3a45ec6b
14/2/2020 - 12:47:36.809Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_7.2.7601.16415_none_3791aa0f3a45ec6b
14/2/2020 - 12:47:36.856Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_7.2.7601.16415_none_3791aa0f3a45ec6b
14/2/2020 - 12:47:36.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..stion-detector-core_31bf3856ad364e35_6.1.7600.16385_none_54dd4ad229c92897
14/2/2020 - 12:47:36.856Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..stion-detector-core_31bf3856ad364e35_6.1.7600.16385_none_54dd4ad229c92897
14/2/2020 - 12:47:36.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..y-service.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_44516fb5ff1b7e4c
14/2/2020 - 12:47:36.856Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..y-service.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_44516fb5ff1b7e4c
14/2/2020 - 12:47:36.903Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:37.43Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:37.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a
14/2/2020 - 12:47:37.90Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a
14/2/2020 - 12:47:37.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a
14/2/2020 - 12:47:37.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasbase-agilevpn_31bf3856ad364e35_6.1.7601.17514_none_0d986093aec115a9
14/2/2020 - 12:47:37.137Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasbase-agilevpn_31bf3856ad364e35_6.1.7601.17514_none_0d986093aec115a9
14/2/2020 - 12:47:37.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasbase-agilevpn_31bf3856ad364e35_6.1.7601.17514_none_0d986093aec115a9
14/2/2020 - 12:47:37.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasbase-rasl2tp_31bf3856ad364e35_6.1.7601.17514_none_f802520bfe8dd487
14/2/2020 - 12:47:37.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasbase-rasl2tp_31bf3856ad364e35_6.1.7601.17514_none_f802520bfe8dd487
14/2/2020 - 12:47:37.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-raschap_31bf3856ad364e35_6.1.7601.17514_none_70e508748dec0127
14/2/2020 - 12:47:37.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-raschap_31bf3856ad364e35_6.1.7601.17514_none_70e508748dec0127
14/2/2020 - 12:47:37.278Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:37.325Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:37.465Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:37.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rascmdial_31bf3856ad364e35_6.1.7600.16385_none_2f9c0cf36f0a1c97
14/2/2020 - 12:47:37.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rascmdial_31bf3856ad364e35_6.1.7600.16385_none_2f9c0cf36f0a1c97
14/2/2020 - 12:47:37.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_bd4644e077251730
14/2/2020 - 12:47:37.559Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_bd4644e077251730
14/2/2020 - 12:47:37.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_bd4644e077251730\cmdl32.exe
14/2/2020 - 12:47:37.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_bd4644e077251730\cmdl32.exe
14/2/2020 - 12:47:37.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_bd4644e077251730\cmdl32.exe
14/2/2020 - 12:47:37.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_bd4644e077251730\cmdl32.exe
14/2/2020 - 12:47:37.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_bd4644e077251730\cmmon32.exe
14/2/2020 - 12:47:37.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_bd4644e077251730\cmmon32.exe
14/2/2020 - 12:47:37.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_bd4644e077251730\cmmon32.exe
14/2/2020 - 12:47:37.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_bd4644e077251730\cmmon32.exe
14/2/2020 - 12:47:37.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_bd4644e077251730
14/2/2020 - 12:47:37.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasifmon_31bf3856ad364e35_6.1.7600.16385_none_26c4bb7a06df867e
14/2/2020 - 12:47:37.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasifmon_31bf3856ad364e35_6.1.7600.16385_none_26c4bb7a06df867e
14/2/2020 - 12:47:37.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasipfilter_31bf3856ad364e35_6.1.7601.17514_none_458f8957d5cef9fa
14/2/2020 - 12:47:37.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasipfilter_31bf3856ad364e35_6.1.7601.17514_none_458f8957d5cef9fa
14/2/2020 - 12:47:37.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasmm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f80ccdb5447be7b9
14/2/2020 - 12:47:37.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasmm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f80ccdb5447be7b9
14/2/2020 - 12:47:37.793Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:37.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasplap-mui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_edf2096d698a77e4
14/2/2020 - 12:47:37.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasplap-mui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_edf2096d698a77e4
14/2/2020 - 12:47:37.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasrtutils_31bf3856ad364e35_6.1.7601.17514_none_6b3b9980011a19de
14/2/2020 - 12:47:37.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasrtutils_31bf3856ad364e35_6.1.7601.17514_none_6b3b9980011a19de
14/2/2020 - 12:47:37.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasserver_31bf3856ad364e35_6.1.7601.17514_none_09cf3ec67e6c6b50
14/2/2020 - 12:47:37.887Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasserver_31bf3856ad364e35_6.1.7601.17514_none_09cf3ec67e6c6b50
14/2/2020 - 12:47:37.934Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasserver_31bf3856ad364e35_6.1.7601.17514_none_09cf3ec67e6c6b50
14/2/2020 - 12:47:37.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasserver_31bf3856ad364e35_6.1.7601.17514_none_09cf3ec67e6c6b50
14/2/2020 - 12:47:38.28Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:38.168Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:38.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-regini_31bf3856ad364e35_6.1.7600.16385_none_684b2e15d381ea25
14/2/2020 - 12:47:38.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-regini_31bf3856ad364e35_6.1.7600.16385_none_684b2e15d381ea25
14/2/2020 - 12:47:38.309Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:38.450Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:38.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-reliability-postboot_31bf3856ad364e35_6.1.7600.16385_none_a9b5c1d91f03e0b4
14/2/2020 - 12:47:38.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-reliability-postboot_31bf3856ad364e35_6.1.7600.16385_none_a9b5c1d91f03e0b4
14/2/2020 - 12:47:38.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-resampledmo_31bf3856ad364e35_6.1.7600.16385_none_fb60e757f221f37e
14/2/2020 - 12:47:38.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-resampledmo_31bf3856ad364e35_6.1.7600.16385_none_fb60e757f221f37e
14/2/2020 - 12:47:38.590Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:38.731Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:38.778Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:38.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rmcast.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_452a4b6457eed2d7
14/2/2020 - 12:47:38.825Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rmcast.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_452a4b6457eed2d7
14/2/2020 - 12:47:38.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rmcast.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_452a4b6457eed2d7
14/2/2020 - 12:47:38.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rmcast_31bf3856ad364e35_6.1.7601.17514_none_b2a3d1a09e8a89b1
14/2/2020 - 12:47:38.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rmcast_31bf3856ad364e35_6.1.7601.17514_none_b2a3d1a09e8a89b1
14/2/2020 - 12:47:38.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rndis-miniport_31bf3856ad364e35_6.1.7601.17887_none_3f0c0c38a2baee0b
14/2/2020 - 12:47:38.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rndis-miniport_31bf3856ad364e35_6.1.7601.17887_none_3f0c0c38a2baee0b
14/2/2020 - 12:47:38.965Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:39.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-http_31bf3856ad364e35_6.1.7601.23154_none_fe7d186c6f31c4fc
14/2/2020 - 12:47:39.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-http_31bf3856ad364e35_6.1.7601.23154_none_fe7d186c6f31c4fc
14/2/2020 - 12:47:39.106Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:39.247Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:39.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-http_31bf3856ad364e35_6.1.7601.23390_none_fe4ddb606f55c9b2
14/2/2020 - 12:47:39.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-http_31bf3856ad364e35_6.1.7601.23390_none_fe4ddb606f55c9b2
14/2/2020 - 12:47:39.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-http_31bf3856ad364e35_6.1.7601.23392_none_fe4fdbf46f53fc60
14/2/2020 - 12:47:39.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-http_31bf3856ad364e35_6.1.7601.23392_none_fe4fdbf46f53fc60
14/2/2020 - 12:47:39.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-local_31bf3856ad364e35_6.1.7601.23154_none_127eca9374f22aad
14/2/2020 - 12:47:39.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-local_31bf3856ad364e35_6.1.7601.23154_none_127eca9374f22aad
14/2/2020 - 12:47:39.387Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:39.528Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:39.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-netsh.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4e9b81d071563df5
14/2/2020 - 12:47:39.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-netsh.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4e9b81d071563df5
14/2/2020 - 12:47:39.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-ping_31bf3856ad364e35_6.1.7600.16385_none_f9aeffb75a698a7f
14/2/2020 - 12:47:39.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-ping_31bf3856ad364e35_6.1.7600.16385_none_f9aeffb75a698a7f
14/2/2020 - 12:47:39.668Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:39.809Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:39.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-downlevel.binaries_31bf3856ad364e35_6.3.9600.18349_none_5f9ab982ff4ced24
14/2/2020 - 12:47:39.856Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-downlevel.binaries_31bf3856ad364e35_6.3.9600.18349_none_5f9ab982ff4ced24
14/2/2020 - 12:47:39.950Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:39.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:40.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-jscript9.resources_31bf3856ad364e35_11.2.9600.18349_en-us_c41efe4d8d14eccd
14/2/2020 - 12:47:40.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-jscript9.resources_31bf3856ad364e35_11.2.9600.18349_en-us_c41efe4d8d14eccd
14/2/2020 - 12:47:40.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-netlogon.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8d54ad15a5352e16
14/2/2020 - 12:47:40.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-netlogon.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8d54ad15a5352e16
14/2/2020 - 12:47:40.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-shanghai.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_21eb674d58d7dac8
14/2/2020 - 12:47:40.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-shanghai.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_21eb674d58d7dac8
14/2/2020 - 12:47:40.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-quirky_31bf3856ad364e35_6.1.7600.16385_none_e55404efe49bb9cb
14/2/2020 - 12:47:40.90Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-quirky_31bf3856ad364e35_6.1.7600.16385_none_e55404efe49bb9cb
14/2/2020 - 12:47:40.137Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-quirky_31bf3856ad364e35_6.1.7600.16385_none_e55404efe49bb9cb
14/2/2020 - 12:47:40.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-quirky_31bf3856ad364e35_6.1.7600.16385_none_e55404efe49bb9cb
14/2/2020 - 12:47:40.184Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:40.325Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:40.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-usermode.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_72366db85b50a0b9
14/2/2020 - 12:47:40.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-usermode.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_72366db85b50a0b9
14/2/2020 - 12:47:40.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-ux-sppcc.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_dde2402dc59720ed
14/2/2020 - 12:47:40.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-ux-sppcc.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_dde2402dc59720ed
14/2/2020 - 12:47:40.465Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:40.606Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:40.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.1.7601.17514_none_533cd4f8150e6a86
14/2/2020 - 12:47:40.700Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.1.7601.17514_none_533cd4f8150e6a86
14/2/2020 - 12:47:40.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.1.7601.17514_none_533cd4f8150e6a86
14/2/2020 - 12:47:40.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ator-base.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f59db6b443268b52
14/2/2020 - 12:47:40.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ator-base.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f59db6b443268b52
14/2/2020 - 12:47:40.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..c-mceburnengineicon_31bf3856ad364e35_6.1.7600.16385_none_0a0899f37b2bab4d
14/2/2020 - 12:47:40.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..c-mceburnengineicon_31bf3856ad364e35_6.1.7600.16385_none_0a0899f37b2bab4d
14/2/2020 - 12:47:40.747Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:40.934Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:41.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..component.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_df0c7f5c400be7ba
14/2/2020 - 12:47:41.28Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..component.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_df0c7f5c400be7ba
14/2/2020 - 12:47:41.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..component.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_df0c7f5c400be7ba
14/2/2020 - 12:47:41.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..configurationengine_31bf3856ad364e35_6.1.7601.18686_none_170125609f71419f
14/2/2020 - 12:47:41.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..configurationengine_31bf3856ad364e35_6.1.7601.18686_none_170125609f71419f
14/2/2020 - 12:47:41.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..cy-engine.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_235bbd2bbbc43dc1
14/2/2020 - 12:47:41.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..cy-engine.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_235bbd2bbbc43dc1
14/2/2020 - 12:47:41.122Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:41.168Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:41.309Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:41.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..downlevel.resources_31bf3856ad364e35_6.3.9600.16428_en-us_add432fbdc488eca
14/2/2020 - 12:47:41.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..downlevel.resources_31bf3856ad364e35_6.3.9600.16428_en-us_add432fbdc488eca
14/2/2020 - 12:47:41.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..downlevel.resources_31bf3856ad364e35_6.3.9600.16428_pt-br_af70698048fc8c69
14/2/2020 - 12:47:41.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..downlevel.resources_31bf3856ad364e35_6.3.9600.16428_pt-br_af70698048fc8c69
14/2/2020 - 12:47:41.403Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:41.543Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:41.684Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:41.825Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:41.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..es-common.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_35ba38f62bb9fc17
14/2/2020 - 12:47:41.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..es-common.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_35ba38f62bb9fc17
14/2/2020 - 12:47:41.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..estartup-fverecover_31bf3856ad364e35_6.1.7600.16385_none_ab0552bceeca5a61
14/2/2020 - 12:47:41.872Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..estartup-fverecover_31bf3856ad364e35_6.1.7600.16385_none_ab0552bceeca5a61
14/2/2020 - 12:47:41.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..estartup-fverecover_31bf3856ad364e35_6.1.7600.16385_none_ab0552bceeca5a61\BdeUnlockWizard.exe
14/2/2020 - 12:47:41.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..estartup-fverecover_31bf3856ad364e35_6.1.7600.16385_none_ab0552bceeca5a61\BdeUnlockWizard.exeBdeUnlockWizard.exe
14/2/2020 - 12:47:41.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..estartup-fverecover_31bf3856ad364e35_6.1.7600.16385_none_ab0552bceeca5a61\BdeUnlockWizard.exe
14/2/2020 - 12:47:41.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..estartup-fverecover_31bf3856ad364e35_6.1.7600.16385_none_ab0552bceeca5a61\BdeUnlockWizard.exe
14/2/2020 - 12:47:41.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..estartup-fverecover_31bf3856ad364e35_6.1.7600.16385_none_ab0552bceeca5a61\BdeUnlockWizard.exe
14/2/2020 - 12:47:41.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..estartup-fverecover_31bf3856ad364e35_6.1.7600.16385_none_ab0552bceeca5a61
14/2/2020 - 12:47:41.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..extension.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3e132e27461b3ee7
14/2/2020 - 12:47:41.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..extension.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3e132e27461b3ee7
14/2/2020 - 12:47:41.965Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:42.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..gement-ui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_82b61c6e47763847
14/2/2020 - 12:47:42.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..gement-ui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_82b61c6e47763847
14/2/2020 - 12:47:42.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..gnt-extension-agent_31bf3856ad364e35_6.1.7600.16385_none_03a02730cf3d9315
14/2/2020 - 12:47:42.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..gnt-extension-agent_31bf3856ad364e35_6.1.7600.16385_none_03a02730cf3d9315
14/2/2020 - 12:47:42.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..i-accessibilityuser_31bf3856ad364e35_6.1.7600.16385_none_bf396ba9226e0702
14/2/2020 - 12:47:42.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..i-accessibilityuser_31bf3856ad364e35_6.1.7600.16385_none_bf396ba9226e0702
14/2/2020 - 12:47:42.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_e222ff0c3a19e92e
14/2/2020 - 12:47:42.106Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_e222ff0c3a19e92e
14/2/2020 - 12:47:42.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_e222ff0c3a19e92e
14/2/2020 - 12:47:42.153Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:42.200Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:42.247Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:42.387Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:42.481Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ing-shell-extension_31bf3856ad364e35_6.1.7600.16385_none_6676c8cb3df48c7d
14/2/2020 - 12:47:42.481Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ing-shell-extension_31bf3856ad364e35_6.1.7600.16385_none_6676c8cb3df48c7d
14/2/2020 - 12:47:42.481Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ionengine.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_46d95426a0f29ca4
14/2/2020 - 12:47:42.481Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ionengine.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_46d95426a0f29ca4
14/2/2020 - 12:47:42.528Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:42.622Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:42.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..iprovider.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_31ec559d000809da
14/2/2020 - 12:47:42.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..iprovider.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_31ec559d000809da
14/2/2020 - 12:47:42.762Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:42.903Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:42.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..l-wallpaper-windows_31bf3856ad364e35_6.1.7600.16385_none_370717dbca22c586
14/2/2020 - 12:47:42.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..l-wallpaper-windows_31bf3856ad364e35_6.1.7600.16385_none_370717dbca22c586
14/2/2020 - 12:47:42.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..llercommandlinetool_31bf3856ad364e35_6.1.7600.16385_none_d0632cbfee5db937
14/2/2020 - 12:47:42.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..llercommandlinetool_31bf3856ad364e35_6.1.7600.16385_none_d0632cbfee5db937
14/2/2020 - 12:47:42.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ls-setspn.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_af512baed46f8b01
14/2/2020 - 12:47:42.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ls-setspn.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_af512baed46f8b01
14/2/2020 - 12:47:42.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..madvanced.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0cd688ee12658ad3
14/2/2020 - 12:47:42.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..madvanced.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0cd688ee12658ad3
14/2/2020 - 12:47:42.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mcomputer.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b8b833cfb8ca2ae8
14/2/2020 - 12:47:42.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mcomputer.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b8b833cfb8ca2ae8
14/2/2020 - 12:47:43.43Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:43.137Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:43.184Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:43.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mes-spidersolitaire_31bf3856ad364e35_6.1.7600.16385_none_dead260d8f002b73
14/2/2020 - 12:47:43.278Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mes-spidersolitaire_31bf3856ad364e35_6.1.7600.16385_none_dead260d8f002b73
14/2/2020 - 12:47:43.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mes-spidersolitaire_31bf3856ad364e35_6.1.7600.16385_none_dead260d8f002b73\SpiderSolitaire.exe
14/2/2020 - 12:47:43.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mes-spidersolitaire_31bf3856ad364e35_6.1.7600.16385_none_dead260d8f002b73\SpiderSolitaire.exeSpiderSolitaire.exe
14/2/2020 - 12:47:43.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mes-spidersolitaire_31bf3856ad364e35_6.1.7600.16385_none_dead260d8f002b73\SpiderSolitaire.exe
14/2/2020 - 12:47:43.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mes-spidersolitaire_31bf3856ad364e35_6.1.7600.16385_none_dead260d8f002b73\SpiderSolitaire.exeSpiderSolitaire.exe
14/2/2020 - 12:47:43.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mes-spidersolitaire_31bf3856ad364e35_6.1.7600.16385_none_dead260d8f002b73\SpiderSolitaire.exeSpiderSolitaire.exe
14/2/2020 - 12:47:43.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mes-spidersolitaire_31bf3856ad364e35_6.1.7600.16385_none_dead260d8f002b73\SpiderSolitaire.exe
14/2/2020 - 12:47:43.372Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mes-spidersolitaire_31bf3856ad364e35_6.1.7600.16385_none_dead260d8f002b73\SpiderSolitaire.exeSpiderSolitaire.exe
14/2/2020 - 12:47:43.372Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mes-spidersolitaire_31bf3856ad364e35_6.1.7600.16385_none_dead260d8f002b73\SpiderSolitaire.exeSpiderSolitaire.exe
14/2/2020 - 12:47:43.418Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mes-spidersolitaire_31bf3856ad364e35_6.1.7600.16385_none_dead260d8f002b73\SpiderSolitaire.exeSpiderSolitaire.exe
14/2/2020 - 12:47:43.418Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mes-spidersolitaire_31bf3856ad364e35_6.1.7600.16385_none_dead260d8f002b73\SpiderSolitaire.exeSpiderSolitaire.exe
14/2/2020 - 12:47:43.418Write1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mes-spidersolitaire_31bf3856ad364e35_6.1.7600.16385_none_dead260d8f002b73\SpiderSolitaire.exeSpiderSolitaire.exe
14/2/2020 - 12:47:43.418Write1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mes-spidersolitaire_31bf3856ad364e35_6.1.7600.16385_none_dead260d8f002b73\SpiderSolitaire.exeSpiderSolitaire.exe
14/2/2020 - 12:47:43.418Write1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mes-spidersolitaire_31bf3856ad364e35_6.1.7600.16385_none_dead260d8f002b73\SpiderSolitaire.exeSpiderSolitaire.exe
14/2/2020 - 12:47:43.418Write1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mes-spidersolitaire_31bf3856ad364e35_6.1.7600.16385_none_dead260d8f002b73\SpiderSolitaire.exeSpiderSolitaire.exe
14/2/2020 - 12:47:43.418Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mes-spidersolitaire_31bf3856ad364e35_6.1.7600.16385_none_dead260d8f002b73\SpiderSolitaire.exeSpiderSolitaire.exe
14/2/2020 - 12:47:43.465Open1480C:\malware.exeC:\Monitor\PE
14/2/2020 - 12:47:43.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mes-spidersolitaire_31bf3856ad364e35_6.1.7600.16385_none_dead260d8f002b73
14/2/2020 - 12:47:43.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mib-extension-agent_31bf3856ad364e35_6.1.7600.16385_none_d4706cf73480781c
14/2/2020 - 12:47:43.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mib-extension-agent_31bf3856ad364e35_6.1.7600.16385_none_d4706cf73480781c
14/2/2020 - 12:47:43.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mmaintenanceservice_31bf3856ad364e35_6.1.7601.18933_none_9b5d4867f6e809e0
14/2/2020 - 12:47:43.465Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mmaintenanceservice_31bf3856ad364e35_6.1.7601.18933_none_9b5d4867f6e809e0
14/2/2020 - 12:47:43.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mmaintenanceservice_31bf3856ad364e35_6.1.7601.18933_none_9b5d4867f6e809e0
14/2/2020 - 12:47:43.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mmaintenanceservice_31bf3856ad364e35_6.1.7601.23136_none_9be9be33100328f1
14/2/2020 - 12:47:43.465Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mmaintenanceservice_31bf3856ad364e35_6.1.7601.23136_none_9be9be33100328f1
14/2/2020 - 12:47:43.481Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mmaintenanceservice_31bf3856ad364e35_6.1.7601.23136_none_9be9be33100328f1
14/2/2020 - 12:47:43.481Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..monnoia64.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b10571bddd69c23e
14/2/2020 - 12:47:43.481Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..monnoia64.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b10571bddd69c23e
14/2/2020 - 12:47:43.481Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:43.481Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:43.481Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.1.7601.17514_none_4777e36e0649406c
14/2/2020 - 12:47:43.481Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.1.7601.17514_none_4777e36e0649406c
14/2/2020 - 12:47:43.528Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.1.7601.17514_none_4777e36e0649406c
14/2/2020 - 12:47:43.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.1.7601.18332_none_4760286e065b64f3
14/2/2020 - 12:47:43.528Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.1.7601.18332_none_4760286e065b64f3
14/2/2020 - 12:47:43.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.1.7601.18332_none_4760286e065b64f3
14/2/2020 - 12:47:43.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..nboxgames-cardgames_31bf3856ad364e35_6.1.7600.16385_none_9888c15ccd6f74c7
14/2/2020 - 12:47:43.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..nboxgames-cardgames_31bf3856ad364e35_6.1.7600.16385_none_9888c15ccd6f74c7
14/2/2020 - 12:47:43.622Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:43.622Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:43.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ols-klist.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8adf23125d907ee1
14/2/2020 - 12:47:43.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ols-klist.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8adf23125d907ee1
14/2/2020 - 12:47:43.622Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:43.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..oundthemes-festival_31bf3856ad364e35_6.1.7600.16385_none_121f20b55f0bde68
14/2/2020 - 12:47:43.622Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..oundthemes-festival_31bf3856ad364e35_6.1.7600.16385_none_121f20b55f0bde68
14/2/2020 - 12:47:43.668Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..oundthemes-festival_31bf3856ad364e35_6.1.7600.16385_none_121f20b55f0bde68
14/2/2020 - 12:47:43.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..oundthemes-festival_31bf3856ad364e35_6.1.7600.16385_none_121f20b55f0bde68
14/2/2020 - 12:47:43.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8091a7bdf0ba76a3
14/2/2020 - 12:47:43.715Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8091a7bdf0ba76a3
14/2/2020 - 12:47:43.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8091a7bdf0ba76a3
14/2/2020 - 12:47:43.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..oxgames-purbleplace_31bf3856ad364e35_6.1.7600.16385_none_622070221822eb39
14/2/2020 - 12:47:43.762Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..oxgames-purbleplace_31bf3856ad364e35_6.1.7600.16385_none_622070221822eb39
14/2/2020 - 12:47:43.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..oxgames-purbleplace_31bf3856ad364e35_6.1.7600.16385_none_622070221822eb39
14/2/2020 - 12:47:43.809Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:43.809Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:43.809Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:43.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ponent-sku-ultimate_31bf3856ad364e35_6.1.7601.17514_none_f7e6a2aa970662b7
14/2/2020 - 12:47:43.809Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ponent-sku-ultimate_31bf3856ad364e35_6.1.7601.17514_none_f7e6a2aa970662b7
14/2/2020 - 12:47:43.856Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ponent-sku-ultimate_31bf3856ad364e35_6.1.7601.17514_none_f7e6a2aa970662b7
14/2/2020 - 12:47:43.903Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ponent-sku-ultimate_31bf3856ad364e35_6.1.7601.17514_none_f7e6a2aa970662b7
14/2/2020 - 12:47:43.950Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ponent-sku-ultimate_31bf3856ad364e35_6.1.7601.17514_none_f7e6a2aa970662b7
14/2/2020 - 12:47:43.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ponent-sku-ultimate_31bf3856ad364e35_6.1.7601.17514_none_f7e6a2aa970662b7
14/2/2020 - 12:47:43.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..repairbde.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d6a1180fa835ffd4
14/2/2020 - 12:47:43.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..repairbde.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d6a1180fa835ffd4
14/2/2020 - 12:47:43.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..resourcemanager-adm_31bf3856ad364e35_6.1.7600.16385_none_f1eab87a7a638b12
14/2/2020 - 12:47:43.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..resourcemanager-adm_31bf3856ad364e35_6.1.7600.16385_none_f1eab87a7a638b12
14/2/2020 - 12:47:43.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:43.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:43.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..restore-wmiprovider_31bf3856ad364e35_6.1.7600.16385_none_13810fa5e691bcc3
14/2/2020 - 12:47:43.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..restore-wmiprovider_31bf3856ad364e35_6.1.7600.16385_none_13810fa5e691bcc3
14/2/2020 - 12:47:43.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:43.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:43.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:43.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:43.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..subsystem.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5156fa66a4d091c5
14/2/2020 - 12:47:43.997Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..subsystem.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5156fa66a4d091c5
14/2/2020 - 12:47:44.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..subsystem.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5156fa66a4d091c5
14/2/2020 - 12:47:44.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..t-tracker.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8385e0f5e80152cd
14/2/2020 - 12:47:44.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..t-tracker.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8385e0f5e80152cd
14/2/2020 - 12:47:44.43Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:44.43Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:44.43Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:44.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..tings-adm.resources_31bf3856ad364e35_6.1.7601.22923_pt-br_08e0a609956a8b50
14/2/2020 - 12:47:44.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..tings-adm.resources_31bf3856ad364e35_6.1.7601.22923_pt-br_08e0a609956a8b50
14/2/2020 - 12:47:44.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..tore-main.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_de0059fbc24b3ac4
14/2/2020 - 12:47:44.43Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..tore-main.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_de0059fbc24b3ac4
14/2/2020 - 12:47:44.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..tore-main.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_de0059fbc24b3ac4
14/2/2020 - 12:47:44.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_79e9e96da879e072
14/2/2020 - 12:47:44.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_79e9e96da879e072
14/2/2020 - 12:47:44.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-afternoon_31bf3856ad364e35_6.1.7600.16385_none_2a05e57d5ab3659e
14/2/2020 - 12:47:44.90Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-afternoon_31bf3856ad364e35_6.1.7600.16385_none_2a05e57d5ab3659e
14/2/2020 - 12:47:44.90Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-afternoon_31bf3856ad364e35_6.1.7600.16385_none_2a05e57d5ab3659e
14/2/2020 - 12:47:44.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-afternoon_31bf3856ad364e35_6.1.7600.16385_none_2a05e57d5ab3659e
14/2/2020 - 12:47:44.137Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:44.137Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:44.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-landscape_31bf3856ad364e35_6.1.7600.16385_none_7a83a914edc3de49
14/2/2020 - 12:47:44.137Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-landscape_31bf3856ad364e35_6.1.7600.16385_none_7a83a914edc3de49
14/2/2020 - 12:47:44.184Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-landscape_31bf3856ad364e35_6.1.7600.16385_none_7a83a914edc3de49
14/2/2020 - 12:47:44.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-landscape_31bf3856ad364e35_6.1.7600.16385_none_7a83a914edc3de49
14/2/2020 - 12:47:44.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..y-biometrics-client_31bf3856ad364e35_6.1.7600.16385_none_0e0db2469e796225
14/2/2020 - 12:47:44.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..y-biometrics-client_31bf3856ad364e35_6.1.7600.16385_none_0e0db2469e796225
14/2/2020 - 12:47:44.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..y-spp-plugin-common_31bf3856ad364e35_6.1.7601.17514_none_2136d8ac9cfcea8b
14/2/2020 - 12:47:44.231Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..y-spp-plugin-common_31bf3856ad364e35_6.1.7601.17514_none_2136d8ac9cfcea8b
14/2/2020 - 12:47:44.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..y-spp-plugin-common_31bf3856ad364e35_6.1.7601.17514_none_2136d8ac9cfcea8b
14/2/2020 - 12:47:44.372Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:44.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..y-spp-wmi.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4321fe3fe53be0ed
14/2/2020 - 12:47:44.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..y-spp-wmi.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4321fe3fe53be0ed
14/2/2020 - 12:47:44.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-scanprofiles.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_61eac4e1c6888176
14/2/2020 - 12:47:44.512Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-scanprofiles.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_61eac4e1c6888176
14/2/2020 - 12:47:44.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-scanprofiles.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_61eac4e1c6888176
14/2/2020 - 12:47:44.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-scavenge-cleanup_31bf3856ad364e35_6.1.7601.22607_none_b6e9e935e205a6c9
14/2/2020 - 12:47:44.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-scavenge-cleanup_31bf3856ad364e35_6.1.7601.22607_none_b6e9e935e205a6c9
14/2/2020 - 12:47:44.559Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:44.700Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:44.840Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:44.981Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:45.28Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:45.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-searchfolder.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_dae8991a926c63e9
14/2/2020 - 12:47:45.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-searchfolder.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_dae8991a926c63e9
14/2/2020 - 12:47:45.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-searchfolder_31bf3856ad364e35_6.1.7601.17514_none_f8963f65dfec0ddb
14/2/2020 - 12:47:45.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-searchfolder_31bf3856ad364e35_6.1.7601.17514_none_f8963f65dfec0ddb
14/2/2020 - 12:47:45.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-secinit_31bf3856ad364e35_6.1.7600.16385_none_e3ace21ee6af3fb6
14/2/2020 - 12:47:45.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-secinit_31bf3856ad364e35_6.1.7600.16385_none_e3ace21ee6af3fb6
14/2/2020 - 12:47:45.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-secondarylogonservice_31bf3856ad364e35_6.1.7601.17514_none_4a8a649ab236510d
14/2/2020 - 12:47:45.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-secondarylogonservice_31bf3856ad364e35_6.1.7601.17514_none_4a8a649ab236510d
14/2/2020 - 12:47:45.168Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:45.309Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:45.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-securestartup-service_31bf3856ad364e35_6.1.7600.16385_none_c09aa5b3bec88beb
14/2/2020 - 12:47:45.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-securestartup-service_31bf3856ad364e35_6.1.7600.16385_none_c09aa5b3bec88beb
14/2/2020 - 12:47:45.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-securestartup-ui-libs_31bf3856ad364e35_6.1.7600.16385_none_97aa510e566e45d3
14/2/2020 - 12:47:45.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-securestartup-ui-libs_31bf3856ad364e35_6.1.7600.16385_none_97aa510e566e45d3
14/2/2020 - 12:47:45.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-securestartup_31bf3856ad364e35_6.1.7600.16385_none_c922e7c7a7c903d5
14/2/2020 - 12:47:45.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-securestartup_31bf3856ad364e35_6.1.7600.16385_none_c922e7c7a7c903d5
14/2/2020 - 12:47:45.450Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:45.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.18812_none_21dc2534b8316d7a
14/2/2020 - 12:47:45.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.18812_none_21dc2534b8316d7a
14/2/2020 - 12:47:45.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.22712_none_2265be33d14f12f6
14/2/2020 - 12:47:45.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.22712_none_2265be33d14f12f6
14/2/2020 - 12:47:45.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.22923_none_225bf25dd156428c
14/2/2020 - 12:47:45.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.22923_none_225bf25dd156428c
14/2/2020 - 12:47:45.590Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:45.731Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:45.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.23136_none_2253fd57d15bdaeb
14/2/2020 - 12:47:45.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.23136_none_2253fd57d15bdaeb
14/2/2020 - 12:47:45.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.23338_none_225601b7d15a07e7
14/2/2020 - 12:47:45.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.23338_none_225601b7d15a07e7
14/2/2020 - 12:47:45.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest-mof_31bf3856ad364e35_6.1.7600.16385_none_882154d1711868d5
14/2/2020 - 12:47:45.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest-mof_31bf3856ad364e35_6.1.7600.16385_none_882154d1711868d5
14/2/2020 - 12:47:45.872Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:46.12Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:46.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.19135_none_98de7bd093642de9
14/2/2020 - 12:47:46.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.19135_none_98de7bd093642de9
14/2/2020 - 12:47:46.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.22807_none_998aab1fac6781d7
14/2/2020 - 12:47:46.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.22807_none_998aab1fac6781d7
14/2/2020 - 12:47:46.153Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:46.200Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:46.340Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:46.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.23136_none_996916ffac80e9e3
14/2/2020 - 12:47:46.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.23136_none_996916ffac80e9e3
14/2/2020 - 12:47:46.481Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:46.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.18606_none_45099e38c76347be
14/2/2020 - 12:47:46.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.18606_none_45099e38c76347be
14/2/2020 - 12:47:46.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.18741_none_44d95efcc78835f6
14/2/2020 - 12:47:46.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.18741_none_44d95efcc78835f6
14/2/2020 - 12:47:46.622Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:46.762Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:46.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.23338_none_4574ad73e097930e
14/2/2020 - 12:47:46.856Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.23338_none_4574ad73e097930e
14/2/2020 - 12:47:46.903Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:47.43Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:47.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-ntlm-mof_31bf3856ad364e35_6.1.7600.16385_none_804c1858b0159436
14/2/2020 - 12:47:47.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-ntlm-mof_31bf3856ad364e35_6.1.7600.16385_none_804c1858b0159436
14/2/2020 - 12:47:47.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.1.7601.17514_none_dad8f242792a4d59
14/2/2020 - 12:47:47.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.1.7601.17514_none_dad8f242792a4d59
14/2/2020 - 12:47:47.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.1.7601.18812_none_dad6e098792c2bc1
14/2/2020 - 12:47:47.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.1.7601.18812_none_dad6e098792c2bc1
14/2/2020 - 12:47:47.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.1.7601.22616_none_db6478d992463972
14/2/2020 - 12:47:47.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.1.7601.22616_none_db6478d992463972
14/2/2020 - 12:47:47.184Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:47.325Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:47.372Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:47.512Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:47.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel-mof_31bf3856ad364e35_6.1.7600.16385_none_41b1a1917f0b6acd
14/2/2020 - 12:47:47.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel-mof_31bf3856ad364e35_6.1.7600.16385_none_41b1a1917f0b6acd
14/2/2020 - 12:47:47.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18409_none_804c092d6bd5e03e
14/2/2020 - 12:47:47.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18409_none_804c092d6bd5e03e
14/2/2020 - 12:47:47.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18812_none_803a3ed36be43f6a
14/2/2020 - 12:47:47.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18812_none_803a3ed36be43f6a
14/2/2020 - 12:47:47.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18933_none_8025a12b6bf38dca
14/2/2020 - 12:47:47.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18933_none_8025a12b6bf38dca
14/2/2020 - 12:47:47.653Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:47.793Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:47.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22616_none_80c7d71484fe4d1b
14/2/2020 - 12:47:47.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22616_none_80c7d71484fe4d1b
14/2/2020 - 12:47:47.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22712_none_80c3d7d28501e4e6
14/2/2020 - 12:47:47.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22712_none_80c3d7d28501e4e6
14/2/2020 - 12:47:47.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22865_none_8090cafa8527b9c7
14/2/2020 - 12:47:47.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22865_none_8090cafa8527b9c7
14/2/2020 - 12:47:47.934Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:48.75Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:48.215Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:48.356Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:48.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-spp-ux-data_31bf3856ad364e35_6.1.7601.17514_none_be0641cc2012c4dc
14/2/2020 - 12:47:48.403Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-spp-ux-data_31bf3856ad364e35_6.1.7601.17514_none_be0641cc2012c4dc
14/2/2020 - 12:47:48.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-spp-ux-data_31bf3856ad364e35_6.1.7601.17514_none_be0641cc2012c4dc
14/2/2020 - 12:47:48.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-spp-wmi_31bf3856ad364e35_6.1.7600.16385_none_5d99275dbb91746d
14/2/2020 - 12:47:48.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-spp-wmi_31bf3856ad364e35_6.1.7600.16385_none_5d99275dbb91746d
14/2/2020 - 12:47:48.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-spp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_fa591f3dbd3f9f95
14/2/2020 - 12:47:48.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-spp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_fa591f3dbd3f9f95
14/2/2020 - 12:47:48.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-syskey_31bf3856ad364e35_6.1.7600.16385_none_74578a893f33207c
14/2/2020 - 12:47:48.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-syskey_31bf3856ad364e35_6.1.7600.16385_none_74578a893f33207c\syskey.exe
14/2/2020 - 12:47:48.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-syskey_31bf3856ad364e35_6.1.7600.16385_none_74578a893f33207c\syskey.exe
14/2/2020 - 12:47:48.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-syskey_31bf3856ad364e35_6.1.7600.16385_none_74578a893f33207c\syskey.exe
14/2/2020 - 12:47:48.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-syskey_31bf3856ad364e35_6.1.7600.16385_none_74578a893f33207c\syskey.exe
14/2/2020 - 12:47:48.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-syskey_31bf3856ad364e35_6.1.7600.16385_none_74578a893f33207c
14/2/2020 - 12:47:48.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-tools-klist_31bf3856ad364e35_6.1.7600.16385_none_9d299157e03ce00f
14/2/2020 - 12:47:48.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-tools-klist_31bf3856ad364e35_6.1.7600.16385_none_9d299157e03ce00f
14/2/2020 - 12:47:48.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-tools-nltest_31bf3856ad364e35_6.1.7601.17514_none_f8852afc12f84e8e
14/2/2020 - 12:47:48.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-tools-nltest_31bf3856ad364e35_6.1.7601.17514_none_f8852afc12f84e8e\nltest.exe
14/2/2020 - 12:47:48.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-tools-nltest_31bf3856ad364e35_6.1.7601.17514_none_f8852afc12f84e8e\nltest.exe
14/2/2020 - 12:47:48.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-tools-nltest_31bf3856ad364e35_6.1.7601.17514_none_f8852afc12f84e8e\nltest.exe
14/2/2020 - 12:47:48.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-tools-nltest_31bf3856ad364e35_6.1.7601.17514_none_f8852afc12f84e8e\nltest.exe
14/2/2020 - 12:47:48.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-tools-nltest_31bf3856ad364e35_6.1.7601.17514_none_f8852afc12f84e8e
14/2/2020 - 12:47:48.637Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:48.684Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:48.825Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:48.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:49.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c
14/2/2020 - 12:47:49.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c
14/2/2020 - 12:47:49.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b
14/2/2020 - 12:47:49.90Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b
14/2/2020 - 12:47:49.137Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b
14/2/2020 - 12:47:49.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b\poqexec.exe
14/2/2020 - 12:47:49.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b\poqexec.exe
14/2/2020 - 12:47:49.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b\poqexec.exe
14/2/2020 - 12:47:49.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b\poqexec.exe
14/2/2020 - 12:47:49.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b
14/2/2020 - 12:47:49.278Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:49.418Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:49.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-setup-unattend_31bf3856ad364e35_6.1.7600.16385_none_f1a9dbb58f680982
14/2/2020 - 12:47:49.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-setup-unattend_31bf3856ad364e35_6.1.7600.16385_none_f1a9dbb58f680982
14/2/2020 - 12:47:49.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0c95c59ca21b6aba
14/2/2020 - 12:47:49.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0c95c59ca21b6aba
14/2/2020 - 12:47:49.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e
14/2/2020 - 12:47:49.512Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e
14/2/2020 - 12:47:49.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e
14/2/2020 - 12:47:49.606Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:49.747Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:49.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shdocvw.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2553e9b2e0a0a2e9
14/2/2020 - 12:47:49.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shdocvw.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2553e9b2e0a0a2e9
14/2/2020 - 12:47:49.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-acccursors_31bf3856ad364e35_6.1.7600.16385_none_406675269603c3b4
14/2/2020 - 12:47:49.793Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-acccursors_31bf3856ad364e35_6.1.7600.16385_none_406675269603c3b4
14/2/2020 - 12:47:49.840Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-acccursors_31bf3856ad364e35_6.1.7600.16385_none_406675269603c3b4
14/2/2020 - 12:47:49.887Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-acccursors_31bf3856ad364e35_6.1.7600.16385_none_406675269603c3b4
14/2/2020 - 12:47:49.934Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-acccursors_31bf3856ad364e35_6.1.7600.16385_none_406675269603c3b4
14/2/2020 - 12:47:49.981Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-acccursors_31bf3856ad364e35_6.1.7600.16385_none_406675269603c3b4
14/2/2020 - 12:47:50.28Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-acccursors_31bf3856ad364e35_6.1.7600.16385_none_406675269603c3b4
14/2/2020 - 12:47:50.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-acccursors_31bf3856ad364e35_6.1.7600.16385_none_406675269603c3b4
14/2/2020 - 12:47:50.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-cursors_31bf3856ad364e35_6.1.7600.16385_none_a72c807474764763
14/2/2020 - 12:47:50.75Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-cursors_31bf3856ad364e35_6.1.7600.16385_none_a72c807474764763
14/2/2020 - 12:47:50.122Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-cursors_31bf3856ad364e35_6.1.7600.16385_none_a72c807474764763
14/2/2020 - 12:47:50.168Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-cursors_31bf3856ad364e35_6.1.7600.16385_none_a72c807474764763
14/2/2020 - 12:47:50.215Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-cursors_31bf3856ad364e35_6.1.7600.16385_none_a72c807474764763
14/2/2020 - 12:47:50.262Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-cursors_31bf3856ad364e35_6.1.7600.16385_none_a72c807474764763
14/2/2020 - 12:47:50.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-cursors_31bf3856ad364e35_6.1.7600.16385_none_a72c807474764763
14/2/2020 - 12:47:50.403Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:50.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_6.1.7600.16385_none_73076dd9cf3a9dce
14/2/2020 - 12:47:50.543Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_6.1.7600.16385_none_73076dd9cf3a9dce
14/2/2020 - 12:47:50.590Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_6.1.7600.16385_none_73076dd9cf3a9dce
14/2/2020 - 12:47:50.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_6.1.7600.16385_none_73076dd9cf3a9dce
14/2/2020 - 12:47:50.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7601.17514_none_ca4f304d289b7800
14/2/2020 - 12:47:50.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7601.17514_none_ca4f304d289b7800
14/2/2020 - 12:47:50.637Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:50.684Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:50.731Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:50.872Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:50.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7601.22403_none_cae2822641b201d5
14/2/2020 - 12:47:50.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7601.22403_none_cae2822641b201d5
14/2/2020 - 12:47:51.12Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:51.153Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:51.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sidebar.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_93cc23abf0725661
14/2/2020 - 12:47:51.247Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sidebar.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_93cc23abf0725661
14/2/2020 - 12:47:51.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sidebar.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_93cc23abf0725661
14/2/2020 - 12:47:51.340Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:51.481Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:51.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smartcardksp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_64a5b56bc1f2cd96
14/2/2020 - 12:47:51.528Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smartcardksp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_64a5b56bc1f2cd96
14/2/2020 - 12:47:51.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smartcardksp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_64a5b56bc1f2cd96
14/2/2020 - 12:47:51.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smartcardplugins_31bf3856ad364e35_6.1.7601.17514_none_7992975835f65c9e
14/2/2020 - 12:47:51.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smartcardplugins_31bf3856ad364e35_6.1.7601.17514_none_7992975835f65c9e
14/2/2020 - 12:47:51.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.18933_none_e6b3e1a6621f648e
14/2/2020 - 12:47:51.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.18933_none_e6b3e1a6621f648e
14/2/2020 - 12:47:51.668Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:51.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.21666_none_e7201ebb7b5295f3
14/2/2020 - 12:47:51.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.21666_none_e7201ebb7b5295f3
14/2/2020 - 12:47:51.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23154_none_e728b7057b4c88d3
14/2/2020 - 12:47:51.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23154_none_e728b7057b4c88d3
14/2/2020 - 12:47:51.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23338_none_e7425bd17b38b09b
14/2/2020 - 12:47:51.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23338_none_e7425bd17b38b09b
14/2/2020 - 12:47:51.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23392_none_e6fb7a8d7b6ec037
14/2/2020 - 12:47:51.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23392_none_e6fb7a8d7b6ec037
14/2/2020 - 12:47:51.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23452_none_e726bc237b4e4d9a
14/2/2020 - 12:47:51.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23452_none_e726bc237b4e4d9a
14/2/2020 - 12:47:51.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.18923_none_e8f51ba4a06e7c0e
14/2/2020 - 12:47:51.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.18923_none_e8f51ba4a06e7c0e
14/2/2020 - 12:47:51.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.18933_none_e8ea4bb8a07697ff
14/2/2020 - 12:47:51.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.18933_none_e8ea4bb8a07697ff
14/2/2020 - 12:47:51.809Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:51.950Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:51.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:52.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.18951_none_e8d2ab4ca0889d33
14/2/2020 - 12:47:52.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.18951_none_e8d2ab4ca0889d33
14/2/2020 - 12:47:52.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.23126_none_e981916fb9899b1f
14/2/2020 - 12:47:52.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.23126_none_e981916fb9899b1f
14/2/2020 - 12:47:52.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbhelperclasses_31bf3856ad364e35_6.1.7600.16385_none_46321726efd38801
14/2/2020 - 12:47:52.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbhelperclasses_31bf3856ad364e35_6.1.7600.16385_none_46321726efd38801
14/2/2020 - 12:47:52.137Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:52.278Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:52.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.18951_none_dd8922e667e02b60
14/2/2020 - 12:47:52.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.18951_none_dd8922e667e02b60
14/2/2020 - 12:47:52.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.21666_none_de0d006781015791
14/2/2020 - 12:47:52.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.21666_none_de0d006781015791
14/2/2020 - 12:47:52.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23126_none_de38090980e1294c
14/2/2020 - 12:47:52.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23126_none_de38090980e1294c
14/2/2020 - 12:47:52.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23154_none_de1598b180fb4a71
14/2/2020 - 12:47:52.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23154_none_de1598b180fb4a71
14/2/2020 - 12:47:52.418Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:52.559Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:52.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7601.17608_none_620b069d26bae78a
14/2/2020 - 12:47:52.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7601.17608_none_620b069d26bae78a
14/2/2020 - 12:47:52.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.21717_none_38aa0e59262e0b0c
14/2/2020 - 12:47:52.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.21717_none_38aa0e59262e0b0c
14/2/2020 - 12:47:52.700Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:52.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbserver_31bf3856ad364e35_6.1.7601.17514_none_571aee68017b07d2
14/2/2020 - 12:47:52.840Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbserver_31bf3856ad364e35_6.1.7601.17514_none_571aee68017b07d2
14/2/2020 - 12:47:52.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbserver_31bf3856ad364e35_6.1.7601.17514_none_571aee68017b07d2
14/2/2020 - 12:47:52.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smi-engine_31bf3856ad364e35_6.1.7601.17514_none_f63b350329826c41
14/2/2020 - 12:47:52.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smi-engine_31bf3856ad364e35_6.1.7601.17514_none_f63b350329826c41
14/2/2020 - 12:47:52.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18229_none_0a5ac2782fd4e6cb
14/2/2020 - 12:47:52.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18229_none_0a5ac2782fd4e6cb
14/2/2020 - 12:47:52.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18933_none_0a49fe1a2fe256c3
14/2/2020 - 12:47:52.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18933_none_0a49fe1a2fe256c3
14/2/2020 - 12:47:52.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23136_none_0ad673e548fd75d4
14/2/2020 - 12:47:52.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23136_none_0ad673e548fd75d4
14/2/2020 - 12:47:52.887Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:53.28Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:53.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23418_none_0aee1a0348eb6815
14/2/2020 - 12:47:53.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23418_none_0aee1a0348eb6815
14/2/2020 - 12:47:53.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-snmp-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_01c7f6ed1a27bfae
14/2/2020 - 12:47:53.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-snmp-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_01c7f6ed1a27bfae
14/2/2020 - 12:47:53.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-snmp-evntwin_31bf3856ad364e35_6.1.7600.16385_none_12c5b5b81f2d2f1d
14/2/2020 - 12:47:53.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-snmp-evntwin_31bf3856ad364e35_6.1.7600.16385_none_12c5b5b81f2d2f1d
14/2/2020 - 12:47:53.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-snmp-inetmib1-raw-file_31bf3856ad364e35_6.1.7601.17514_none_80c31516ed44265d
14/2/2020 - 12:47:53.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-snmp-inetmib1-raw-file_31bf3856ad364e35_6.1.7601.17514_none_80c31516ed44265d
14/2/2020 - 12:47:53.168Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:53.215Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:53.356Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:53.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-clickme_31bf3856ad364e35_6.1.7600.16385_none_560dd693a7476c8c
14/2/2020 - 12:47:53.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-clickme_31bf3856ad364e35_6.1.7600.16385_none_560dd693a7476c8c
14/2/2020 - 12:47:53.497Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:53.637Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:53.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-symphonyntsc_31bf3856ad364e35_6.1.7600.16385_none_d75d6085d60aa50d
14/2/2020 - 12:47:53.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-symphonyntsc_31bf3856ad364e35_6.1.7600.16385_none_d75d6085d60aa50d
14/2/2020 - 12:47:53.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-tables-2cb0_31bf3856ad364e35_6.1.7600.16385_none_c46617687e0c4dcf
14/2/2020 - 12:47:53.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-tables-2cb0_31bf3856ad364e35_6.1.7600.16385_none_c46617687e0c4dcf
14/2/2020 - 12:47:53.778Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:53.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-tables-absthr_0_31bf3856ad364e35_6.1.7600.16385_none_ebc38b3f10da3e95
14/2/2020 - 12:47:53.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-tables-absthr_0_31bf3856ad364e35_6.1.7600.16385_none_ebc38b3f10da3e95
14/2/2020 - 12:47:53.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-tables-absthr_2_31bf3856ad364e35_6.1.7600.16385_none_ebc58bd310d87143
14/2/2020 - 12:47:53.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-tables-absthr_2_31bf3856ad364e35_6.1.7600.16385_none_ebc58bd310d87143
14/2/2020 - 12:47:53.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-tables-dewindow_31bf3856ad364e35_6.1.7600.16385_none_39e139cc9d368b6b
14/2/2020 - 12:47:53.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-tables-dewindow_31bf3856ad364e35_6.1.7600.16385_none_39e139cc9d368b6b
14/2/2020 - 12:47:53.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-soundrec-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c8077405f63cce97
14/2/2020 - 12:47:53.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-soundrec-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c8077405f63cce97
14/2/2020 - 12:47:53.965Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:54.106Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:54.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-speech-userexperience_31bf3856ad364e35_6.1.7601.17514_none_7a2ff57a626c29fd
14/2/2020 - 12:47:54.247Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-speech-userexperience_31bf3856ad364e35_6.1.7601.17514_none_7a2ff57a626c29fd
14/2/2020 - 12:47:54.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-speech-userexperience_31bf3856ad364e35_6.1.7601.17514_none_7a2ff57a626c29fd
14/2/2020 - 12:47:54.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-spfileq_31bf3856ad364e35_6.1.7600.16385_none_d0dbc7d4d96f516f
14/2/2020 - 12:47:54.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-spfileq_31bf3856ad364e35_6.1.7600.16385_none_d0dbc7d4d96f516f
14/2/2020 - 12:47:54.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-spp-main.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1e4662ace02c26fa
14/2/2020 - 12:47:54.293Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-spp-main.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1e4662ace02c26fa
14/2/2020 - 12:47:54.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-spp-main.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1e4662ace02c26fa
14/2/2020 - 12:47:54.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-spp-main_31bf3856ad364e35_6.1.7601.17514_none_426cfc30c37c5a4e
14/2/2020 - 12:47:54.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-spp-main_31bf3856ad364e35_6.1.7601.17514_none_426cfc30c37c5a4e
14/2/2020 - 12:47:54.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sqlliteqp_31bf3856ad364e35_6.1.7600.16385_none_150ca4ff7cfab552
14/2/2020 - 12:47:54.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sqlliteqp_31bf3856ad364e35_6.1.7600.16385_none_150ca4ff7cfab552
14/2/2020 - 12:47:54.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sqllitese_31bf3856ad364e35_6.1.7601.17514_none_171d15c17a035a11
14/2/2020 - 12:47:54.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sqllitese_31bf3856ad364e35_6.1.7601.17514_none_171d15c17a035a11
14/2/2020 - 12:47:54.340Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:54.481Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:54.528Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:54.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sstext3d.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e6fe9e05691c4ca7
14/2/2020 - 12:47:54.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sstext3d.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e6fe9e05691c4ca7
14/2/2020 - 12:47:54.668Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:54.809Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:54.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-storport_31bf3856ad364e35_6.1.7601.21680_none_85dc404760286e19
14/2/2020 - 12:47:54.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-storport_31bf3856ad364e35_6.1.7601.21680_none_85dc404760286e19
14/2/2020 - 12:47:54.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-streambufferengine_31bf3856ad364e35_6.1.7601.17514_none_90b1bea0c80c2a3b
14/2/2020 - 12:47:54.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-streambufferengine_31bf3856ad364e35_6.1.7601.17514_none_90b1bea0c80c2a3b
14/2/2020 - 12:47:54.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sud.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b33cfb5febc88907
14/2/2020 - 12:47:54.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sud.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b33cfb5febc88907
14/2/2020 - 12:47:54.950Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:55.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-synceng_31bf3856ad364e35_6.1.7601.22119_none_1b1ccd926d92291f
14/2/2020 - 12:47:55.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-synceng_31bf3856ad364e35_6.1.7601.22119_none_1b1ccd926d92291f
14/2/2020 - 12:47:55.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-syncui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ea7b3f3d6634231e
14/2/2020 - 12:47:55.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-syncui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ea7b3f3d6634231e
14/2/2020 - 12:47:55.90Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:55.231Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:55.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sysdm_31bf3856ad364e35_6.1.7601.17514_none_c0a8382e8bdc6241
14/2/2020 - 12:47:55.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sysdm_31bf3856ad364e35_6.1.7601.17514_none_c0a8382e8bdc6241
14/2/2020 - 12:47:55.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sysprep-spopk_31bf3856ad364e35_6.1.7601.17514_none_75d7ba2e6407eabf
14/2/2020 - 12:47:55.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sysprep-spopk_31bf3856ad364e35_6.1.7601.17514_none_75d7ba2e6407eabf
14/2/2020 - 12:47:55.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sysprep_31bf3856ad364e35_6.1.7600.16385_none_4b73926c122be805
14/2/2020 - 12:47:55.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sysprep_31bf3856ad364e35_6.1.7600.16385_none_4b73926c122be805
14/2/2020 - 12:47:55.372Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:55.512Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:55.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.18923_none_a4f9f5f0c9e79941
14/2/2020 - 12:47:55.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.18923_none_a4f9f5f0c9e79941
14/2/2020 - 12:47:55.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.23136_none_a57b9bcfe30ad443
14/2/2020 - 12:47:55.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.23136_none_a57b9bcfe30ad443
14/2/2020 - 12:47:55.653Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:55.700Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:55.840Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:55.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.23338_none_a57da02fe309013f
14/2/2020 - 12:47:55.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.23338_none_a57da02fe309013f\rstrui.exe
14/2/2020 - 12:47:55.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.23338_none_a57da02fe309013f\rstrui.exe
14/2/2020 - 12:47:55.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.23338_none_a57da02fe309013f\rstrui.exe
14/2/2020 - 12:47:55.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.23338_none_a57da02fe309013f\rstrui.exe
14/2/2020 - 12:47:55.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.23338_none_a57da02fe309013f
14/2/2020 - 12:47:56.28Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:56.168Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:56.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..alservices-webproxy_31bf3856ad364e35_7.1.7601.16398_none_80bbc151fa12e3b8
14/2/2020 - 12:47:56.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..alservices-webproxy_31bf3856ad364e35_7.1.7601.16398_none_80bbc151fa12e3b8
14/2/2020 - 12:47:56.262Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:56.403Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:56.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..andinkinputservices_31bf3856ad364e35_6.1.7601.18984_none_7a87719f2feb1f37
14/2/2020 - 12:47:56.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..andinkinputservices_31bf3856ad364e35_6.1.7601.18984_none_7a87719f2feb1f37
14/2/2020 - 12:47:56.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..atahelper.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e0d39ad6222379d6
14/2/2020 - 12:47:56.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..atahelper.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e0d39ad6222379d6
14/2/2020 - 12:47:56.543Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:56.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ceruntime.resources_31bf3856ad364e35_7.2.7601.16415_pt-br_f7366b145baaa06a
14/2/2020 - 12:47:56.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ceruntime.resources_31bf3856ad364e35_7.2.7601.16415_pt-br_f7366b145baaa06a
14/2/2020 - 12:47:56.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ces-serverlicensing_31bf3856ad364e35_6.1.7601.17514_none_4fef7c4d4c17f87f
14/2/2020 - 12:47:56.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ces-serverlicensing_31bf3856ad364e35_6.1.7601.17514_none_4fef7c4d4c17f87f
14/2/2020 - 12:47:56.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ces-theme.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2df1d63c5b9f964e
14/2/2020 - 12:47:56.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ces-theme.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2df1d63c5b9f964e
14/2/2020 - 12:47:56.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..cesclient.resources_31bf3856ad364e35_7.2.7601.16415_pt-br_8e004f611b22ea8e
14/2/2020 - 12:47:56.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..cesclient.resources_31bf3856ad364e35_7.2.7601.16415_pt-br_8e004f611b22ea8e
14/2/2020 - 12:47:56.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-msctfp_31bf3856ad364e35_6.1.7600.16385_none_26d2511408a24b3e
14/2/2020 - 12:47:56.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-msctfp_31bf3856ad364e35_6.1.7600.16385_none_26d2511408a24b3e
14/2/2020 - 12:47:56.684Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:56.731Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:56.825Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:56.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..cheduler-apis-proxy_31bf3856ad364e35_6.1.7600.16385_none_31a8e7113546f43e
14/2/2020 - 12:47:56.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..cheduler-apis-proxy_31bf3856ad364e35_6.1.7600.16385_none_31a8e7113546f43e
14/2/2020 - 12:47:56.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..chxreadingstringime_31bf3856ad364e35_6.1.7600.16385_none_6baa41720aa2b58a
14/2/2020 - 12:47:56.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..chxreadingstringime_31bf3856ad364e35_6.1.7600.16385_none_6baa41720aa2b58a
14/2/2020 - 12:47:56.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..cognition-licensing_31bf3856ad364e35_6.1.7600.16385_none_01682c82ede5dbb4
14/2/2020 - 12:47:56.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..cognition-licensing_31bf3856ad364e35_6.1.7600.16385_none_01682c82ede5dbb4
14/2/2020 - 12:47:56.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..cognition.en-us.ale_31bf3856ad364e35_6.1.7600.16385_en-us_6b6eca0454dc8c13
14/2/2020 - 12:47:56.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..cognition.en-us.ale_31bf3856ad364e35_6.1.7600.16385_en-us_6b6eca0454dc8c13
14/2/2020 - 12:47:56.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..commandlinetoolsmqq_31bf3856ad364e35_6.1.7600.16385_none_851e6308c5b62529
14/2/2020 - 12:47:56.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..commandlinetoolsmqq_31bf3856ad364e35_6.1.7600.16385_none_851e6308c5b62529
14/2/2020 - 12:47:56.965Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:57.106Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:57.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..dp-configextensions_31bf3856ad364e35_6.1.7601.17514_none_d7f06036df14d621
14/2/2020 - 12:47:57.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..dp-configextensions_31bf3856ad364e35_6.1.7601.17514_none_d7f06036df14d621
14/2/2020 - 12:47:57.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17779_none_a95fb36cebce3342
14/2/2020 - 12:47:57.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17779_none_a95fb36cebce3342
14/2/2020 - 12:47:57.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.18540_none_a9770602ebbe1ab3
14/2/2020 - 12:47:57.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.18540_none_a9770602ebbe1ab3
14/2/2020 - 12:47:57.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.21924_none_aa1a604804c7c5cb
14/2/2020 - 12:47:57.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.21924_none_aa1a604804c7c5cb
14/2/2020 - 12:47:57.247Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:57.340Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:57.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..erver-adm.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_fbb50d19ab8c511d
14/2/2020 - 12:47:57.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..erver-adm.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_fbb50d19ab8c511d
14/2/2020 - 12:47:57.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..es-licensing-srvlic_31bf3856ad364e35_6.1.7601.17514_none_9f04b3924a232af0
14/2/2020 - 12:47:57.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..es-licensing-srvlic_31bf3856ad364e35_6.1.7601.17514_none_9f04b3924a232af0
14/2/2020 - 12:47:57.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7601.21924_none_3a510f6c747c8048
14/2/2020 - 12:47:57.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7601.21924_none_3a510f6c747c8048
14/2/2020 - 12:47:57.481Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:57.622Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:57.668Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:57.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..esframework-softkbd_31bf3856ad364e35_6.1.7600.16385_none_0ea5105470d7098e
14/2/2020 - 12:47:57.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..esframework-softkbd_31bf3856ad364e35_6.1.7600.16385_none_0ea5105470d7098e
14/2/2020 - 12:47:57.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..et-client.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_da8ece2756ce851b
14/2/2020 - 12:47:57.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..et-client.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_da8ece2756ce851b
14/2/2020 - 12:47:57.809Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:57.903Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:57.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..fcounters.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8201949662709c2c
14/2/2020 - 12:47:57.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..fcounters.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8201949662709c2c
14/2/2020 - 12:47:57.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ices-msrdpwebaccess_31bf3856ad364e35_6.1.7600.16385_none_e37f55fa65409972
14/2/2020 - 12:47:57.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ices-msrdpwebaccess_31bf3856ad364e35_6.1.7600.16385_none_e37f55fa65409972
14/2/2020 - 12:47:57.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ices-msrdpwebaccess_31bf3856ad364e35_7.1.7601.16398_none_d6ce7acbed52f6d0
14/2/2020 - 12:47:57.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ices-msrdpwebaccess_31bf3856ad364e35_7.1.7601.16398_none_d6ce7acbed52f6d0
14/2/2020 - 12:47:58.43Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:58.184Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:58.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.17514_none_f8373ee981acd109
14/2/2020 - 12:47:58.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.17514_none_f8373ee981acd109
14/2/2020 - 12:47:58.325Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:58.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.18540_none_f812b73581c8d921
14/2/2020 - 12:47:58.418Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.18540_none_f812b73581c8d921
14/2/2020 - 12:47:58.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.18540_none_f812b73581c8d921
14/2/2020 - 12:47:58.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.22750_none_f89185fa9aee9203
14/2/2020 - 12:47:58.465Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.22750_none_f89185fa9aee9203
14/2/2020 - 12:47:58.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.22750_none_f89185fa9aee9203\rdrmemptylst.exe
14/2/2020 - 12:47:58.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.22750_none_f89185fa9aee9203\rdrmemptylst.exerdrmemptylst.exe
14/2/2020 - 12:47:58.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.22750_none_f89185fa9aee9203\rdrmemptylst.exe
14/2/2020 - 12:47:58.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.22750_none_f89185fa9aee9203\rdrmemptylst.exe
14/2/2020 - 12:47:58.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.22750_none_f89185fa9aee9203\rdrmemptylst.exe
14/2/2020 - 12:47:58.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.22750_none_f89185fa9aee9203
14/2/2020 - 12:47:58.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..k-softkbd.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_811d86bb931378d2
14/2/2020 - 12:47:58.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..k-softkbd.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_811d86bb931378d2
14/2/2020 - 12:47:58.559Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:58.700Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:58.747Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:58.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_el-gr_10a868070f9479e5
14/2/2020 - 12:47:58.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_el-gr_10a868070f9479e5
14/2/2020 - 12:47:58.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_es-es_10ce6d510f840ec1
14/2/2020 - 12:47:58.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_es-es_10ce6d510f840ec1
14/2/2020 - 12:47:58.934Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:59.75Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:59.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_3fd358a3cca31c7c
14/2/2020 - 12:47:59.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_3fd358a3cca31c7c
14/2/2020 - 12:47:59.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_ru-ru_5a242821606218c3
14/2/2020 - 12:47:59.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_ru-ru_5a242821606218c3
14/2/2020 - 12:47:59.168Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:59.309Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:59.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_tr-tr_9f2c5cdd4647250f
14/2/2020 - 12:47:59.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_tr-tr_9f2c5cdd4647250f
14/2/2020 - 12:47:59.450Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:59.590Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:59.684Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:59.731Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:59.778Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:59.918Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:47:59.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..nalservices-drivers_31bf3856ad364e35_6.1.7601.23154_none_afd443c22658255c
14/2/2020 - 12:47:59.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..nalservices-drivers_31bf3856ad364e35_6.1.7601.23154_none_afd443c22658255c
14/2/2020 - 12:47:59.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..nalservices-runtime_31bf3856ad364e35_6.1.7601.18540_none_3ae16d1fe2bc7854
14/2/2020 - 12:47:59.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..nalservices-runtime_31bf3856ad364e35_6.1.7601.18540_none_3ae16d1fe2bc7854
14/2/2020 - 12:48:0.59Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:0.200Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:0.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..nalservices-utildll_31bf3856ad364e35_6.1.7600.16385_none_6d72db8caaefcdee
14/2/2020 - 12:48:0.247Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..nalservices-utildll_31bf3856ad364e35_6.1.7600.16385_none_6d72db8caaefcdee
14/2/2020 - 12:48:0.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.1.7600.16385_none_9ba1049ce0053bef
14/2/2020 - 12:48:0.247Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.1.7600.16385_none_9ba1049ce0053bef
14/2/2020 - 12:48:0.293Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.1.7600.16385_none_9ba1049ce0053bef
14/2/2020 - 12:48:0.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.1.7600.16385_none_9ba1049ce0053bef
14/2/2020 - 12:48:0.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..omruntime.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_326599457ad40d7c
14/2/2020 - 12:48:0.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..omruntime.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_326599457ad40d7c
14/2/2020 - 12:48:0.387Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:0.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ork-msctf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_04f656f83faa61d2
14/2/2020 - 12:48:0.528Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ork-msctf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_04f656f83faa61d2
14/2/2020 - 12:48:0.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7601.23415_none_ac48ab39ae614afc
14/2/2020 - 12:48:0.528Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7601.23415_none_ac48ab39ae614afc
14/2/2020 - 12:48:0.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7601.23415_none_ac48ab39ae614afc
14/2/2020 - 12:48:0.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ovidermof.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6f78b8c10b8dccec
14/2/2020 - 12:48:0.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ovidermof.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6f78b8c10b8dccec
14/2/2020 - 12:48:0.575Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:0.715Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:0.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..pulations.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_87e6bb343e71cda7
14/2/2020 - 12:48:0.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..pulations.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_87e6bb343e71cda7
14/2/2020 - 12:48:0.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..r-service.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1cf50b24f5cba36b
14/2/2020 - 12:48:0.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..r-service.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1cf50b24f5cba36b
14/2/2020 - 12:48:0.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..rk-ctfmon.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f40abd54bc898022
14/2/2020 - 12:48:0.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..rk-ctfmon.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f40abd54bc898022
14/2/2020 - 12:48:0.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..rk-msimtf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_428f3ec7e5a66259
14/2/2020 - 12:48:0.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..rk-msimtf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_428f3ec7e5a66259
14/2/2020 - 12:48:0.856Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:0.903Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:0.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:1.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..rvices-registryapis_31bf3856ad364e35_6.1.7601.17514_none_02782d41389b3794
14/2/2020 - 12:48:1.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..rvices-registryapis_31bf3856ad364e35_6.1.7601.17514_none_02782d41389b3794
14/2/2020 - 12:48:1.137Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:1.278Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:1.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_7.2.7601.23137_none_482a1d791f2527de
14/2/2020 - 12:48:1.372Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_7.2.7601.23137_none_482a1d791f2527de
14/2/2020 - 12:48:1.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_7.2.7601.23137_none_482a1d791f2527de
14/2/2020 - 12:48:1.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..s-collaboration-api_31bf3856ad364e35_6.1.7601.17514_none_a39735a9b3e58f7a
14/2/2020 - 12:48:1.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..s-collaboration-api_31bf3856ad364e35_6.1.7601.17514_none_a39735a9b3e58f7a
14/2/2020 - 12:48:1.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..s-utildll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9e73f2a94053ddea
14/2/2020 - 12:48:1.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..s-utildll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9e73f2a94053ddea
14/2/2020 - 12:48:1.465Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:1.559Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:1.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22843_none_ed2d60f8841a8fd8
14/2/2020 - 12:48:1.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22843_none_ed2d60f8841a8fd8
14/2/2020 - 12:48:1.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..tion-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8605dea4baf03643
14/2/2020 - 12:48:1.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..tion-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8605dea4baf03643
14/2/2020 - 12:48:1.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..tional-chinese-dayi_31bf3856ad364e35_6.1.7600.16385_none_bc71031cff4c1a63
14/2/2020 - 12:48:1.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..tional-chinese-dayi_31bf3856ad364e35_6.1.7600.16385_none_bc71031cff4c1a63
14/2/2020 - 12:48:1.700Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:1.840Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:1.887Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:1.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..tivexcore.resources_31bf3856ad364e35_6.1.7601.18540_pt-br_d35f655109ede37e
14/2/2020 - 12:48:1.934Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..tivexcore.resources_31bf3856ad364e35_6.1.7601.18540_pt-br_d35f655109ede37e
14/2/2020 - 12:48:1.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..tivexcore.resources_31bf3856ad364e35_6.1.7601.18540_pt-br_d35f655109ede37e
14/2/2020 - 12:48:1.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..torclient.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_9e60fe79c0ae1dda
14/2/2020 - 12:48:1.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..torclient.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_9e60fe79c0ae1dda
14/2/2020 - 12:48:2.75Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:2.168Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:2.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..usbredirectorclient_31bf3856ad364e35_7.1.7601.16398_none_f642bcff6c8b2640
14/2/2020 - 12:48:2.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..usbredirectorclient_31bf3856ad364e35_7.1.7601.16398_none_f642bcff6c8b2640
14/2/2020 - 12:48:2.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..utcontrol.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_55a2663ff978c8ec
14/2/2020 - 12:48:2.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..utcontrol.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_55a2663ff978c8ec
14/2/2020 - 12:48:2.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ventextservice-core_31bf3856ad364e35_6.1.7600.16385_none_8049c66281fe73bd
14/2/2020 - 12:48:2.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ventextservice-core_31bf3856ad364e35_6.1.7600.16385_none_8049c66281fe73bd
14/2/2020 - 12:48:2.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ver-winip.resources_31bf3856ad364e35_7.1.7601.16398_en-us_8be28cf3af5773ce
14/2/2020 - 12:48:2.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ver-winip.resources_31bf3856ad364e35_7.1.7601.16398_en-us_8be28cf3af5773ce
14/2/2020 - 12:48:2.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..vices-configbackend_31bf3856ad364e35_6.1.7600.16385_none_3289e93f0b48fde4
14/2/2020 - 12:48:2.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..vices-configbackend_31bf3856ad364e35_6.1.7600.16385_none_3289e93f0b48fde4
14/2/2020 - 12:48:2.309Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:2.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..workspace.resources_31bf3856ad364e35_6.1.7601.22757_pt-br_710f19132dce8722
14/2/2020 - 12:48:2.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..workspace.resources_31bf3856ad364e35_6.1.7601.22757_pt-br_710f19132dce8722
14/2/2020 - 12:48:2.450Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:2.590Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:2.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.18984_none_6f695c918e5aa933
14/2/2020 - 12:48:2.684Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.18984_none_6f695c918e5aa933
14/2/2020 - 12:48:2.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.18984_none_6f695c918e5aa933
14/2/2020 - 12:48:2.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.22722_none_7031d29ea7497734
14/2/2020 - 12:48:2.731Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.22722_none_7031d29ea7497734
14/2/2020 - 12:48:2.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.22722_none_7031d29ea7497734
14/2/2020 - 12:48:2.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-ipsplugin_31bf3856ad364e35_6.1.7600.16385_none_183763f35905b40c
14/2/2020 - 12:48:2.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-ipsplugin_31bf3856ad364e35_6.1.7600.16385_none_183763f35905b40c
14/2/2020 - 12:48:2.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.19112_none_75d55804bb39cc1e
14/2/2020 - 12:48:2.778Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.19112_none_75d55804bb39cc1e
14/2/2020 - 12:48:2.825Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.19112_none_75d55804bb39cc1e
14/2/2020 - 12:48:2.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.19112_none_75d55804bb39cc1e\Journal.exe
14/2/2020 - 12:48:2.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.19112_none_75d55804bb39cc1e\Journal.exe
14/2/2020 - 12:48:2.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.19112_none_75d55804bb39cc1e\Journal.exe
14/2/2020 - 12:48:2.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.19112_none_75d55804bb39cc1e\Journal.exe
14/2/2020 - 12:48:2.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.19112_none_75d55804bb39cc1e
14/2/2020 - 12:48:2.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_6.1.7601.22722_none_30546cd28123fc4b
14/2/2020 - 12:48:2.872Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_6.1.7601.22722_none_30546cd28123fc4b
14/2/2020 - 12:48:2.918Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_6.1.7601.22722_none_30546cd28123fc4b
14/2/2020 - 12:48:2.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_6.1.7601.22722_none_30546cd28123fc4b
14/2/2020 - 12:48:2.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-uihub_31bf3856ad364e35_6.1.7600.16385_none_6f7e04cab5e74750
14/2/2020 - 12:48:2.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-uihub_31bf3856ad364e35_6.1.7600.16385_none_6f7e04cab5e74750
14/2/2020 - 12:48:3.12Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:3.153Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:3.200Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:3.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-takeown_31bf3856ad364e35_6.1.7601.17514_none_58116b392c3da43c
14/2/2020 - 12:48:3.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-takeown_31bf3856ad364e35_6.1.7601.17514_none_58116b392c3da43c
14/2/2020 - 12:48:3.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tapiservice.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e46705c2680d95aa
14/2/2020 - 12:48:3.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tapiservice.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e46705c2680d95aa
14/2/2020 - 12:48:3.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7601.17514_none_4162de4afb9222c0
14/2/2020 - 12:48:3.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7601.17514_none_4162de4afb9222c0
14/2/2020 - 12:48:3.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tapisetup_31bf3856ad364e35_6.1.7600.16385_none_c5e81c6ab4db0c88
14/2/2020 - 12:48:3.293Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tapisetup_31bf3856ad364e35_6.1.7600.16385_none_c5e81c6ab4db0c88
14/2/2020 - 12:48:3.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tapisetup_31bf3856ad364e35_6.1.7600.16385_none_c5e81c6ab4db0c88
14/2/2020 - 12:48:3.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-taskbarcpl.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d290e6bec834d824
14/2/2020 - 12:48:3.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-taskbarcpl.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d290e6bec834d824
14/2/2020 - 12:48:3.387Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:3.528Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:3.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tasklist.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1e1e1659ba23384a
14/2/2020 - 12:48:3.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tasklist.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1e1e1659ba23384a
14/2/2020 - 12:48:3.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-taskmanager-events_31bf3856ad364e35_6.1.7600.16385_none_e0ac3efe41cead57
14/2/2020 - 12:48:3.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-taskmanager-events_31bf3856ad364e35_6.1.7600.16385_none_e0ac3efe41cead57
14/2/2020 - 12:48:3.668Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:3.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-netapi_31bf3856ad364e35_6.1.7601.17514_none_67e6c3074ea71107
14/2/2020 - 12:48:3.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-netapi_31bf3856ad364e35_6.1.7601.17514_none_67e6c3074ea71107
14/2/2020 - 12:48:3.809Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:3.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:4.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tcpip-netip6-pro_31bf3856ad364e35_6.1.7600.16385_none_bc82dc0973ef3b46
14/2/2020 - 12:48:4.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tcpip-netip6-pro_31bf3856ad364e35_6.1.7600.16385_none_bc82dc0973ef3b46
14/2/2020 - 12:48:4.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.1.7601.17514_none_bfab9b4ba5f934f9
14/2/2020 - 12:48:4.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.1.7601.17514_none_bfab9b4ba5f934f9
14/2/2020 - 12:48:4.137Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:4.278Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:4.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-telnet-client_31bf3856ad364e35_6.1.7600.16385_none_1426830c3ebb712d
14/2/2020 - 12:48:4.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-telnet-client_31bf3856ad364e35_6.1.7600.16385_none_1426830c3ebb712d
14/2/2020 - 12:48:4.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-terminalmanager_31bf3856ad364e35_6.1.7601.17514_none_524e7eb2b99a5a7c
14/2/2020 - 12:48:4.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-terminalmanager_31bf3856ad364e35_6.1.7601.17514_none_524e7eb2b99a5a7c
14/2/2020 - 12:48:4.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-terminalservices-rdpdr_31bf3856ad364e35_6.1.7601.17514_none_5f60151d5fa6ce24
14/2/2020 - 12:48:4.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-terminalservices-rdpdr_31bf3856ad364e35_6.1.7601.17514_none_5f60151d5fa6ce24
14/2/2020 - 12:48:4.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-themefile-aero_31bf3856ad364e35_6.1.7600.16385_none_d5e81742635a7176
14/2/2020 - 12:48:4.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-themefile-aero_31bf3856ad364e35_6.1.7600.16385_none_d5e81742635a7176
14/2/2020 - 12:48:4.418Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:4.465Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:4.606Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:4.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-thumbnailcache_31bf3856ad364e35_6.1.7601.17514_none_9d408bcc2fc6b125
14/2/2020 - 12:48:4.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-thumbnailcache_31bf3856ad364e35_6.1.7601.17514_none_9d408bcc2fc6b125
14/2/2020 - 12:48:4.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-time-service_31bf3856ad364e35_6.1.7600.16385_none_e49c555686fbabd6
14/2/2020 - 12:48:4.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-time-service_31bf3856ad364e35_6.1.7600.16385_none_e49c555686fbabd6
14/2/2020 - 12:48:4.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-timedate-mui-callback_31bf3856ad364e35_6.1.7600.16385_none_506354f04ec77b5e
14/2/2020 - 12:48:4.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-timedate-mui-callback_31bf3856ad364e35_6.1.7600.16385_none_506354f04ec77b5e
14/2/2020 - 12:48:4.747Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:4.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tpm-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_683819fc00daa4a1
14/2/2020 - 12:48:4.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tpm-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_683819fc00daa4a1
14/2/2020 - 12:48:4.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.1.7600.16385_none_cb820007d9f4cd19
14/2/2020 - 12:48:4.887Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.1.7600.16385_none_cb820007d9f4cd19
14/2/2020 - 12:48:4.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.1.7600.16385_none_cb820007d9f4cd19
14/2/2020 - 12:48:4.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tpm-tbs-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3eff9b06f97e0a4a
14/2/2020 - 12:48:4.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tpm-tbs-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3eff9b06f97e0a4a
14/2/2020 - 12:48:4.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tunnel.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d4468d54ef2f86b1
14/2/2020 - 12:48:4.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tunnel.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d4468d54ef2f86b1
14/2/2020 - 12:48:4.934Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:5.75Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:5.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-twext_31bf3856ad364e35_6.1.7601.17514_none_ba2ad705a9940c3b
14/2/2020 - 12:48:5.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-twext_31bf3856ad364e35_6.1.7601.17514_none_ba2ad705a9940c3b
14/2/2020 - 12:48:5.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..-core-tsp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cbf10b5690519617
14/2/2020 - 12:48:5.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..-core-tsp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cbf10b5690519617
14/2/2020 - 12:48:5.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..ackup-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5b0686eb74382acb
14/2/2020 - 12:48:5.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..ackup-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5b0686eb74382acb
14/2/2020 - 12:48:5.215Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:5.356Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:5.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..em-core-classdriver_31bf3856ad364e35_6.1.7601.21818_none_8eb82a1f1e656462
14/2/2020 - 12:48:5.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..em-core-classdriver_31bf3856ad364e35_6.1.7601.21818_none_8eb82a1f1e656462
14/2/2020 - 12:48:5.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..endedjoin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f6daf163cb4d5fa3
14/2/2020 - 12:48:5.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..endedjoin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f6daf163cb4d5fa3
14/2/2020 - 12:48:5.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_21d794a4214d00ca
14/2/2020 - 12:48:5.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_21d794a4214d00ca
14/2/2020 - 12:48:5.497Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:5.543Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:5.684Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:5.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-uianimation.resources_31bf3856ad364e35_6.1.7600.16385_en-us_337d2147f4e313c0
14/2/2020 - 12:48:5.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-uianimation.resources_31bf3856ad364e35_6.1.7600.16385_en-us_337d2147f4e313c0
14/2/2020 - 12:48:5.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-uianimation.resources_31bf3856ad364e35_7.1.7601.16492_en-us_26c646437cfad63b
14/2/2020 - 12:48:5.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-uianimation.resources_31bf3856ad364e35_7.1.7601.16492_en-us_26c646437cfad63b
14/2/2020 - 12:48:5.825Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:5.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-uianimation.resources_31bf3856ad364e35_7.1.7601.16492_nl-nl_dfd237a20602d242
14/2/2020 - 12:48:5.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-uianimation.resources_31bf3856ad364e35_7.1.7601.16492_nl-nl_dfd237a20602d242
14/2/2020 - 12:48:5.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-uiribbon.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2b11dccd709a4a5f
14/2/2020 - 12:48:5.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-uiribbon.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2b11dccd709a4a5f
14/2/2020 - 12:48:5.965Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:6.106Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:6.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-usbceip.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f97826e6a0bac290
14/2/2020 - 12:48:6.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-usbceip.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f97826e6a0bac290
14/2/2020 - 12:48:6.247Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:6.387Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:6.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-usbui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0a116e7d2acd498d
14/2/2020 - 12:48:6.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-usbui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0a116e7d2acd498d
14/2/2020 - 12:48:6.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-user-pnpevents_31bf3856ad364e35_6.1.7600.16385_none_b7d2c366ce1d6aa2
14/2/2020 - 12:48:6.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-user-pnpevents_31bf3856ad364e35_6.1.7600.16385_none_b7d2c366ce1d6aa2
14/2/2020 - 12:48:6.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973
14/2/2020 - 12:48:6.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973
14/2/2020 - 12:48:6.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23265_none_2bb2ca019d418cef
14/2/2020 - 12:48:6.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23265_none_2bb2ca019d418cef
14/2/2020 - 12:48:6.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-userenv.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_21836c0ca9d6f79d
14/2/2020 - 12:48:6.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-userenv.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_21836c0ca9d6f79d
14/2/2020 - 12:48:6.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-userenv_31bf3856ad364e35_6.1.7601.17514_none_ee666fe261e263e3
14/2/2020 - 12:48:6.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-userenv_31bf3856ad364e35_6.1.7601.17514_none_ee666fe261e263e3
14/2/2020 - 12:48:6.528Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:6.668Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:6.715Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:6.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-userprofiles-adm_31bf3856ad364e35_6.1.7600.16385_none_d9c3b338d608f3d7
14/2/2020 - 12:48:6.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-userprofiles-adm_31bf3856ad364e35_6.1.7600.16385_none_d9c3b338d608f3d7
14/2/2020 - 12:48:6.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-utilman.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_bd4a49fb094b9db1
14/2/2020 - 12:48:6.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-utilman.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_bd4a49fb094b9db1
14/2/2020 - 12:48:6.856Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:6.950Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:6.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_01d98c7b2040a1b9
14/2/2020 - 12:48:6.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_01d98c7b2040a1b9
14/2/2020 - 12:48:6.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..cprovider.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_739dec20bf6f7b64
14/2/2020 - 12:48:6.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..cprovider.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_739dec20bf6f7b64
14/2/2020 - 12:48:6.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17669_none_39f231556dd3364d
14/2/2020 - 12:48:6.997Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17669_none_39f231556dd3364d
14/2/2020 - 12:48:7.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17669_none_39f231556dd3364d
14/2/2020 - 12:48:7.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..ice-dynamicprovider_31bf3856ad364e35_6.1.7600.16385_none_b9ee1de1ca498be1
14/2/2020 - 12:48:7.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..ice-dynamicprovider_31bf3856ad364e35_6.1.7600.16385_none_b9ee1de1ca498be1
14/2/2020 - 12:48:7.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..kprovider.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8d2d55c63c4a4287
14/2/2020 - 12:48:7.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..kprovider.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8d2d55c63c4a4287
14/2/2020 - 12:48:7.137Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:7.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..virtualdiskprovider_31bf3856ad364e35_6.1.7600.16385_none_59631737001e424e
14/2/2020 - 12:48:7.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..virtualdiskprovider_31bf3856ad364e35_6.1.7600.16385_none_59631737001e424e
14/2/2020 - 12:48:7.278Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:7.418Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:7.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-vssadmin_31bf3856ad364e35_6.1.7600.16385_none_207247174b54af00
14/2/2020 - 12:48:7.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-vssadmin_31bf3856ad364e35_6.1.7600.16385_none_207247174b54af00
14/2/2020 - 12:48:7.559Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:7.700Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:7.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-vwifi_31bf3856ad364e35_6.1.7600.16385_none_bb899fc9dd3605e0
14/2/2020 - 12:48:7.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-vwifi_31bf3856ad364e35_6.1.7600.16385_none_bb899fc9dd3605e0
14/2/2020 - 12:48:7.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-chinesetraditional_31bf3856ad364e35_7.0.7600.16385_none_72e2ed435bc16317
14/2/2020 - 12:48:7.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-chinesetraditional_31bf3856ad364e35_7.0.7600.16385_none_72e2ed435bc16317
14/2/2020 - 12:48:7.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf
14/2/2020 - 12:48:7.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf
14/2/2020 - 12:48:7.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_164e004b440bdabf
14/2/2020 - 12:48:7.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_164e004b440bdabf
14/2/2020 - 12:48:7.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8a5b315523d5b814
14/2/2020 - 12:48:7.793Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8a5b315523d5b814
14/2/2020 - 12:48:7.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8a5b315523d5b814
14/2/2020 - 12:48:7.887Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:7.934Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:8.28Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:8.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cb68ee94138ca128
14/2/2020 - 12:48:8.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cb68ee94138ca128
14/2/2020 - 12:48:8.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..akerstemmer-neutral_31bf3856ad364e35_7.0.7600.16385_none_e5375903a41baace
14/2/2020 - 12:48:8.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..akerstemmer-neutral_31bf3856ad364e35_7.0.7600.16385_none_e5375903a41baace
14/2/2020 - 12:48:8.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..atibility.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a056a5c22305ad04
14/2/2020 - 12:48:8.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..atibility.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a056a5c22305ad04
14/2/2020 - 12:48:8.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ationservice-netapi_31bf3856ad364e35_6.1.7601.17514_none_d3a15c29cbd0ca1d
14/2/2020 - 12:48:8.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ationservice-netapi_31bf3856ad364e35_6.1.7601.17514_none_d3a15c29cbd0ca1d
14/2/2020 - 12:48:8.168Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:8.309Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:8.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ccore-api.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5e7311fc944e9fe5
14/2/2020 - 12:48:8.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ccore-api.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5e7311fc944e9fe5
14/2/2020 - 12:48:8.450Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:8.543Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:8.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ctnow-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9377e85e94548301
14/2/2020 - 12:48:8.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ctnow-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9377e85e94548301
14/2/2020 - 12:48:8.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..cywmdmapi.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d910d63b6a12b15b
14/2/2020 - 12:48:8.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..cywmdmapi.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d910d63b6a12b15b
14/2/2020 - 12:48:8.684Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:8.825Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:8.950Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:8.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:9.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..emassessmenttoolapi_31bf3856ad364e35_6.1.7601.17514_none_41c467890e39ee07
14/2/2020 - 12:48:9.43Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..emassessmenttoolapi_31bf3856ad364e35_6.1.7601.17514_none_41c467890e39ee07
14/2/2020 - 12:48:9.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..emassessmenttoolapi_31bf3856ad364e35_6.1.7601.17514_none_41c467890e39ee07
14/2/2020 - 12:48:9.184Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:9.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..essmenttool-shaders_31bf3856ad364e35_6.1.7600.16385_none_8a4274f1ba5f802e
14/2/2020 - 12:48:9.278Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..essmenttool-shaders_31bf3856ad364e35_6.1.7600.16385_none_8a4274f1ba5f802e
14/2/2020 - 12:48:9.325Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..essmenttool-shaders_31bf3856ad364e35_6.1.7600.16385_none_8a4274f1ba5f802e
14/2/2020 - 12:48:9.325Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:9.465Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:9.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..geadapter.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e16e6ac995e69f7b
14/2/2020 - 12:48:9.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..geadapter.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e16e6ac995e69f7b
14/2/2020 - 12:48:9.606Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:9.747Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:9.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.6.7601.18937_pt-br_3e60d6d60673a970
14/2/2020 - 12:48:9.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.6.7601.18937_pt-br_3e60d6d60673a970
14/2/2020 - 12:48:9.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.6.7601.19046_pt-br_3e54dec2067cdf4c
14/2/2020 - 12:48:9.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.6.7601.19046_pt-br_3e54dec2067cdf4c
14/2/2020 - 12:48:9.840Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:9.981Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:10.28Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:10.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..lient-aux.resources_31bf3856ad364e35_7.6.7601.18804_pt-br_e8aba3848105c576
14/2/2020 - 12:48:10.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..lient-aux.resources_31bf3856ad364e35_7.6.7601.18804_pt-br_e8aba3848105c576
14/2/2020 - 12:48:10.168Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:10.309Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:10.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_83a61ecf5d7486de
14/2/2020 - 12:48:10.356Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_83a61ecf5d7486de
14/2/2020 - 12:48:10.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_83a61ecf5d7486de
14/2/2020 - 12:48:10.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..lorer-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_212eb036292a4c44
14/2/2020 - 12:48:10.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..lorer-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_212eb036292a4c44
14/2/2020 - 12:48:10.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005
14/2/2020 - 12:48:10.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005
14/2/2020 - 12:48:10.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.23451_none_5138e112fe368c82
14/2/2020 - 12:48:10.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.23451_none_5138e112fe368c82
14/2/2020 - 12:48:10.450Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:10.590Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:10.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..oradapter.resources_31bf3856ad364e35_6.1.7600.16385_en-us_688bce682bc4b24c
14/2/2020 - 12:48:10.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..oradapter.resources_31bf3856ad364e35_6.1.7600.16385_en-us_688bce682bc4b24c
14/2/2020 - 12:48:10.731Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:10.872Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:10.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.6.7601.19161_none_cd3ad59e7904413f
14/2/2020 - 12:48:10.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.6.7601.19161_none_cd3ad59e7904413f
14/2/2020 - 12:48:10.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..pdate-adm.resources_31bf3856ad364e35_7.6.7600.320_pt-br_86be21c3d76c43cc
14/2/2020 - 12:48:10.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..pdate-adm.resources_31bf3856ad364e35_7.6.7600.320_pt-br_86be21c3d76c43cc
14/2/2020 - 12:48:10.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..pdate-adm.resources_31bf3856ad364e35_7.6.7601.18937_pt-br_9818075deb026fd6
14/2/2020 - 12:48:10.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..pdate-adm.resources_31bf3856ad364e35_7.6.7601.18937_pt-br_9818075deb026fd6
14/2/2020 - 12:48:10.965Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:11.12Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:11.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.6.7601.18804_none_77899a571e87ea0a
14/2/2020 - 12:48:11.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.6.7601.18804_none_77899a571e87ea0a
14/2/2020 - 12:48:11.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.6.7601.19046_none_776035431ea6bce5
14/2/2020 - 12:48:11.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.6.7601.19046_none_776035431ea6bce5\wuapp.exe
14/2/2020 - 12:48:11.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.6.7601.19046_none_776035431ea6bce5\wuapp.exe
14/2/2020 - 12:48:11.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.6.7601.19046_none_776035431ea6bce5\wuapp.exe
14/2/2020 - 12:48:11.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.6.7601.19046_none_776035431ea6bce5\wuapp.exe
14/2/2020 - 12:48:11.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.6.7601.19046_none_776035431ea6bce5
14/2/2020 - 12:48:11.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.6.7601.19077_none_7740c5c91ebe2a0f
14/2/2020 - 12:48:11.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.6.7601.19077_none_7740c5c91ebe2a0f
14/2/2020 - 12:48:11.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8
14/2/2020 - 12:48:11.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8
14/2/2020 - 12:48:11.200Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:11.340Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:11.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..registrar.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7a08e460301174c0
14/2/2020 - 12:48:11.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..registrar.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7a08e460301174c0
14/2/2020 - 12:48:11.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ropertypageprovider_31bf3856ad364e35_6.1.7600.16385_none_df05ec5796b1db12
14/2/2020 - 12:48:11.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ropertypageprovider_31bf3856ad364e35_6.1.7600.16385_none_df05ec5796b1db12
14/2/2020 - 12:48:11.481Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:11.575Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:11.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..umservice.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c9bc37fa68121291
14/2/2020 - 12:48:11.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..umservice.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c9bc37fa68121291
14/2/2020 - 12:48:11.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.320_none_d5f64d30518fd000
14/2/2020 - 12:48:11.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.320_none_d5f64d30518fd000
14/2/2020 - 12:48:11.715Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:11.856Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:11.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7601.19077_none_e724cb3c65469f10
14/2/2020 - 12:48:11.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7601.19077_none_e724cb3c65469f10
14/2/2020 - 12:48:11.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7600.16385_none_b1185f1c637a2a97
14/2/2020 - 12:48:11.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7600.16385_none_b1185f1c637a2a97
14/2/2020 - 12:48:11.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:12.43Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:12.184Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:12.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.22733_pt-br_00ff81a7d5fb92b6
14/2/2020 - 12:48:12.231Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.22733_pt-br_00ff81a7d5fb92b6
14/2/2020 - 12:48:12.278Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.22733_pt-br_00ff81a7d5fb92b6
14/2/2020 - 12:48:12.325Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.22733_pt-br_00ff81a7d5fb92b6
14/2/2020 - 12:48:12.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7601.17803_none_d482f2fd34846558
14/2/2020 - 12:48:12.325Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7601.17803_none_d482f2fd34846558
14/2/2020 - 12:48:12.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7601.17803_none_d482f2fd34846558
14/2/2020 - 12:48:12.465Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:12.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7601.18198_none_d426811134c90d14
14/2/2020 - 12:48:12.606Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7601.18198_none_d426811134c90d14
14/2/2020 - 12:48:12.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7601.18198_none_d426811134c90d14
14/2/2020 - 12:48:12.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7601.22004_none_d50d68344da151bb
14/2/2020 - 12:48:12.653Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7601.22004_none_d50d68344da151bb
14/2/2020 - 12:48:12.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7601.22004_none_d50d68344da151bb
14/2/2020 - 12:48:12.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wdi-adm_31bf3856ad364e35_6.1.7600.16385_none_ceb5d594e10b1c54
14/2/2020 - 12:48:12.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wdi-adm_31bf3856ad364e35_6.1.7600.16385_none_ceb5d594e10b1c54
14/2/2020 - 12:48:12.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-webdavredir-davclient_31bf3856ad364e35_6.1.7601.18912_none_f1f15eea68e0a054
14/2/2020 - 12:48:12.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-webdavredir-davclient_31bf3856ad364e35_6.1.7601.18912_none_f1f15eea68e0a054
14/2/2020 - 12:48:12.700Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:12.840Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:12.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-webio.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_5f3bd4d9bbfdb859
14/2/2020 - 12:48:12.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-webio.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_5f3bd4d9bbfdb859
14/2/2020 - 12:48:12.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-webio_31bf3856ad364e35_6.1.7601.21861_none_bb60cfaa0e9b9e85
14/2/2020 - 12:48:12.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-webio_31bf3856ad364e35_6.1.7601.21861_none_bb60cfaa0e9b9e85
14/2/2020 - 12:48:12.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wfpipsechelperclasses_31bf3856ad364e35_6.1.7601.17514_none_d0c392d2129a680a
14/2/2020 - 12:48:12.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wfpipsechelperclasses_31bf3856ad364e35_6.1.7601.17514_none_d0c392d2129a680a
14/2/2020 - 12:48:12.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-whea-troubleshooter_31bf3856ad364e35_6.1.7600.16385_none_124dff546524b2a8
14/2/2020 - 12:48:12.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-whea-troubleshooter_31bf3856ad364e35_6.1.7600.16385_none_124dff546524b2a8
14/2/2020 - 12:48:12.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-where_31bf3856ad364e35_6.1.7600.16385_none_b9c82ac6f7db99ae
14/2/2020 - 12:48:12.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-where_31bf3856ad364e35_6.1.7600.16385_none_b9c82ac6f7db99ae
14/2/2020 - 12:48:12.981Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:13.122Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:13.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wia-automation_31bf3856ad364e35_6.1.7600.16385_none_61674587dd8f679e
14/2/2020 - 12:48:13.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wia-automation_31bf3856ad364e35_6.1.7600.16385_none_61674587dd8f679e
14/2/2020 - 12:48:13.262Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:13.403Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:13.450Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:13.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22722_none_17963692ca4df3d6
14/2/2020 - 12:48:13.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22722_none_17963692ca4df3d6
14/2/2020 - 12:48:13.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wincal-adm_31bf3856ad364e35_6.1.7600.16385_none_793f2aa0e2c738e8
14/2/2020 - 12:48:13.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wincal-adm_31bf3856ad364e35_6.1.7600.16385_none_793f2aa0e2c738e8
14/2/2020 - 12:48:13.590Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:13.731Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:13.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-windowscolorsystem-adm_31bf3856ad364e35_6.1.7600.16385_none_f0556db6185e1bb7
14/2/2020 - 12:48:13.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-windowscolorsystem-adm_31bf3856ad364e35_6.1.7600.16385_none_f0556db6185e1bb7
14/2/2020 - 12:48:13.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-windowsupdate-adm_31bf3856ad364e35_7.6.7601.18937_none_a3e1e9afce4b2a72
14/2/2020 - 12:48:13.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-windowsupdate-adm_31bf3856ad364e35_7.6.7601.18937_none_a3e1e9afce4b2a72
14/2/2020 - 12:48:13.918Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:14.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winhstb.resources_31bf3856ad364e35_50.1.7600.16386_pt-br_e14ceccb42fefdbe
14/2/2020 - 12:48:14.59Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winhstb.resources_31bf3856ad364e35_50.1.7600.16386_pt-br_e14ceccb42fefdbe
14/2/2020 - 12:48:14.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winhstb.resources_31bf3856ad364e35_50.1.7600.16386_pt-br_e14ceccb42fefdbe
14/2/2020 - 12:48:14.106Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:14.247Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:14.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wininethelperclass_31bf3856ad364e35_6.1.7600.16385_none_8124dc1852de3883
14/2/2020 - 12:48:14.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wininethelperclass_31bf3856ad364e35_6.1.7600.16385_none_8124dc1852de3883
14/2/2020 - 12:48:14.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wininit-mof_31bf3856ad364e35_6.1.7600.16385_none_36d5ce20633a8c3c
14/2/2020 - 12:48:14.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wininit-mof_31bf3856ad364e35_6.1.7600.16385_none_36d5ce20633a8c3c
14/2/2020 - 12:48:14.387Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:14.528Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:14.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572
14/2/2020 - 12:48:14.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
14/2/2020 - 12:48:14.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
14/2/2020 - 12:48:14.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
14/2/2020 - 12:48:14.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
14/2/2020 - 12:48:14.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572
14/2/2020 - 12:48:14.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winre-recoveryagent_31bf3856ad364e35_6.1.7601.17514_none_18f2a35386830449
14/2/2020 - 12:48:14.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winre-recoveryagent_31bf3856ad364e35_6.1.7601.17514_none_18f2a35386830449
14/2/2020 - 12:48:14.668Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:14.715Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:14.856Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:14.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsetupui_31bf3856ad364e35_6.1.7601.19161_none_bcf8ed43dc75d7be
14/2/2020 - 12:48:14.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsetupui_31bf3856ad364e35_6.1.7601.19161_none_bcf8ed43dc75d7be
14/2/2020 - 12:48:14.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsock-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a979e88704cb9f2d
14/2/2020 - 12:48:14.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsock-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a979e88704cb9f2d
14/2/2020 - 12:48:14.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991
14/2/2020 - 12:48:14.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991
14/2/2020 - 12:48:14.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:15.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsock-legacy_31bf3856ad364e35_6.1.7600.16385_none_3f5a28502b37c577
14/2/2020 - 12:48:15.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsock-legacy_31bf3856ad364e35_6.1.7600.16385_none_3f5a28502b37c577
14/2/2020 - 12:48:15.137Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:15.278Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:15.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23338_none_151c66eacc1f38c1
14/2/2020 - 12:48:15.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23338_none_151c66eacc1f38c1
14/2/2020 - 12:48:15.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23418_none_153208a8cc0efe06
14/2/2020 - 12:48:15.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23418_none_153208a8cc0efe06
14/2/2020 - 12:48:15.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.1.7601.18741_none_4db0bb96b0cb8b01
14/2/2020 - 12:48:15.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.1.7601.18741_none_4db0bb96b0cb8b01
14/2/2020 - 12:48:15.418Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:15.559Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:15.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlan-dialog.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e08987d5e675ccb8
14/2/2020 - 12:48:15.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlan-dialog.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e08987d5e675ccb8
14/2/2020 - 12:48:15.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlan-dialog_31bf3856ad364e35_6.1.7600.16385_none_6ba366bd0755f2bc
14/2/2020 - 12:48:15.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlan-dialog_31bf3856ad364e35_6.1.7600.16385_none_6ba366bd0755f2bc
14/2/2020 - 12:48:15.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlanconnectionflow_31bf3856ad364e35_6.1.7600.16385_none_e629c73a8182aca5
14/2/2020 - 12:48:15.653Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlanconnectionflow_31bf3856ad364e35_6.1.7600.16385_none_e629c73a8182aca5
14/2/2020 - 12:48:15.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlanconnectionflow_31bf3856ad364e35_6.1.7600.16385_none_e629c73a8182aca5
14/2/2020 - 12:48:15.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlanpref_31bf3856ad364e35_6.1.7601.17514_none_97b3a79825a15d40
14/2/2020 - 12:48:15.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlanpref_31bf3856ad364e35_6.1.7601.17514_none_97b3a79825a15d40
14/2/2020 - 12:48:15.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlanschemas_31bf3856ad364e35_6.1.7600.16385_none_09f70e22d614643b
14/2/2020 - 12:48:15.700Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlanschemas_31bf3856ad364e35_6.1.7600.16385_none_09f70e22d614643b
14/2/2020 - 12:48:15.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlanschemas_31bf3856ad364e35_6.1.7600.16385_none_09f70e22d614643b
14/2/2020 - 12:48:15.793Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:15.934Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:15.981Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:16.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlanui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_848c364968eb6c05
14/2/2020 - 12:48:16.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlanui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_848c364968eb6c05
14/2/2020 - 12:48:16.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlanui_31bf3856ad364e35_6.1.7601.17514_none_cab225b60372e411
14/2/2020 - 12:48:16.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlanui_31bf3856ad364e35_6.1.7601.17514_none_cab225b60372e411
14/2/2020 - 12:48:16.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-cmiplugin_31bf3856ad364e35_6.1.7601.17514_none_1b28925642a756f7
14/2/2020 - 12:48:16.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-cmiplugin_31bf3856ad364e35_6.1.7601.17514_none_1b28925642a756f7
14/2/2020 - 12:48:16.122Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:16.262Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:16.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.1.7600.16385_none_573e4501936daa8f
14/2/2020 - 12:48:16.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.1.7600.16385_none_573e4501936daa8f
14/2/2020 - 12:48:16.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-core-wbemcore-dll_31bf3856ad364e35_6.1.7601.17514_none_3fe5b852ed7138b6
14/2/2020 - 12:48:16.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-core-wbemcore-dll_31bf3856ad364e35_6.1.7601.17514_none_3fe5b852ed7138b6
14/2/2020 - 12:48:16.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_6.1.7601.17514_none_177a088436382a34
14/2/2020 - 12:48:16.309Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_6.1.7601.17514_none_177a088436382a34
14/2/2020 - 12:48:16.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_6.1.7601.17514_none_177a088436382a34\mofcomp.exe
14/2/2020 - 12:48:16.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_6.1.7601.17514_none_177a088436382a34\mofcomp.exe
14/2/2020 - 12:48:16.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_6.1.7601.17514_none_177a088436382a34\mofcomp.exe
14/2/2020 - 12:48:16.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_6.1.7601.17514_none_177a088436382a34\mofcomp.exe
14/2/2020 - 12:48:16.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_6.1.7601.17514_none_177a088436382a34\WMIADAP.exe
14/2/2020 - 12:48:16.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_6.1.7601.17514_none_177a088436382a34\WMIADAP.exe
14/2/2020 - 12:48:16.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_6.1.7601.17514_none_177a088436382a34\WMIADAP.exe
14/2/2020 - 12:48:16.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_6.1.7601.17514_none_177a088436382a34\WMIADAP.exe
14/2/2020 - 12:48:16.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_6.1.7601.17514_none_177a088436382a34
14/2/2020 - 12:48:16.450Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:16.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-iproute-provider_31bf3856ad364e35_6.1.7600.16385_none_a917cbad413907b3
14/2/2020 - 12:48:16.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-iproute-provider_31bf3856ad364e35_6.1.7600.16385_none_a917cbad413907b3
14/2/2020 - 12:48:16.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-ntevent-provider_31bf3856ad364e35_6.1.7601.17514_none_4e7fa5bfc379eecd
14/2/2020 - 12:48:16.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-ntevent-provider_31bf3856ad364e35_6.1.7601.17514_none_4e7fa5bfc379eecd
14/2/2020 - 12:48:16.590Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:16.731Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:16.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-wdm-provider_31bf3856ad364e35_6.1.7601.17514_none_d858d17478af3bc1
14/2/2020 - 12:48:16.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-wdm-provider_31bf3856ad364e35_6.1.7601.17514_none_d858d17478af3bc1
14/2/2020 - 12:48:16.872Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:17.12Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:17.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmpnss-api.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c25b9bb6a70544cc
14/2/2020 - 12:48:17.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmpnss-api.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c25b9bb6a70544cc
14/2/2020 - 12:48:17.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmpnss-ux.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_206f7621a8790333
14/2/2020 - 12:48:17.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmpnss-ux.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_206f7621a8790333
14/2/2020 - 12:48:17.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmpnssui_31bf3856ad364e35_6.1.7600.16385_none_1475e2507460e085
14/2/2020 - 12:48:17.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmpnssui_31bf3856ad364e35_6.1.7600.16385_none_1475e2507460e085
14/2/2020 - 12:48:17.153Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:17.200Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:17.340Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:17.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmvdecod_31bf3856ad364e35_6.1.7601.19091_none_2056d274f73381b0
14/2/2020 - 12:48:17.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmvdecod_31bf3856ad364e35_6.1.7601.19091_none_2056d274f73381b0
14/2/2020 - 12:48:17.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmvdspa_31bf3856ad364e35_6.1.7600.16385_none_4270c70a1e6621ed
14/2/2020 - 12:48:17.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmvdspa_31bf3856ad364e35_6.1.7600.16385_none_4270c70a1e6621ed
14/2/2020 - 12:48:17.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmviddsp_31bf3856ad364e35_6.1.7601.19091_none_04b041cf8c2144ed
14/2/2020 - 12:48:17.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmviddsp_31bf3856ad364e35_6.1.7601.19091_none_04b041cf8c2144ed
14/2/2020 - 12:48:17.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmvsdecd_31bf3856ad364e35_6.1.7601.19091_none_c445c8c0bbae89e8
14/2/2020 - 12:48:17.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmvsdecd_31bf3856ad364e35_6.1.7601.19091_none_c445c8c0bbae89e8
14/2/2020 - 12:48:17.481Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:17.622Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:17.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmvsencd_31bf3856ad364e35_6.1.7601.23290_none_c4ce9a69d4cd0d82
14/2/2020 - 12:48:17.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmvsencd_31bf3856ad364e35_6.1.7601.23290_none_c4ce9a69d4cd0d82
14/2/2020 - 12:48:17.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wordpad_31bf3856ad364e35_6.1.7601.17514_none_8be07ea283850f02
14/2/2020 - 12:48:17.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wordpad_31bf3856ad364e35_6.1.7601.17514_none_8be07ea283850f02
14/2/2020 - 12:48:17.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.18015_none_c64cad7cededfd3f
14/2/2020 - 12:48:17.668Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.18015_none_c64cad7cededfd3f
14/2/2020 - 12:48:17.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.18015_none_c64cad7cededfd3f
14/2/2020 - 12:48:17.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.18409_none_c65b8628ede23b46
14/2/2020 - 12:48:17.715Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.18409_none_c65b8628ede23b46
14/2/2020 - 12:48:17.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.18409_none_c65b8628ede23b46
14/2/2020 - 12:48:17.856Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:17.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.22177_none_c6976b54073a775d
14/2/2020 - 12:48:17.997Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.22177_none_c6976b54073a775d
14/2/2020 - 12:48:18.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.22177_none_c6976b54073a775d
14/2/2020 - 12:48:18.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.22653_none_c6a91382072dcbe2
14/2/2020 - 12:48:18.43Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.22653_none_c6a91382072dcbe2
14/2/2020 - 12:48:18.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.22653_none_c6a91382072dcbe2
14/2/2020 - 12:48:18.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.23126_none_c6cc63de0712ebf2
14/2/2020 - 12:48:18.90Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.23126_none_c6cc63de0712ebf2
14/2/2020 - 12:48:18.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.23126_none_c6cc63de0712ebf2
14/2/2020 - 12:48:18.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpd-busenumservice_31bf3856ad364e35_6.1.7601.17514_none_d62435c4e2a1ee5b
14/2/2020 - 12:48:18.137Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpd-busenumservice_31bf3856ad364e35_6.1.7601.17514_none_d62435c4e2a1ee5b
14/2/2020 - 12:48:18.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpd-busenumservice_31bf3856ad364e35_6.1.7601.17514_none_d62435c4e2a1ee5b
14/2/2020 - 12:48:18.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpd-legacywmdmapi_31bf3856ad364e35_6.1.7600.16385_none_b59f82ea895b94d5
14/2/2020 - 12:48:18.184Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpd-legacywmdmapi_31bf3856ad364e35_6.1.7600.16385_none_b59f82ea895b94d5
14/2/2020 - 12:48:18.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpd-legacywmdmapi_31bf3856ad364e35_6.1.7600.16385_none_b59f82ea895b94d5
14/2/2020 - 12:48:18.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpd-legacywmdmcesp_31bf3856ad364e35_6.1.7601.23075_none_1b0d703130e25941
14/2/2020 - 12:48:18.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpd-legacywmdmcesp_31bf3856ad364e35_6.1.7601.23075_none_1b0d703130e25941
14/2/2020 - 12:48:18.231Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:18.372Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:18.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpd-shellextension_31bf3856ad364e35_6.1.7601.17514_none_6f4ef219dd693ca6
14/2/2020 - 12:48:18.465Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpd-shellextension_31bf3856ad364e35_6.1.7601.17514_none_6f4ef219dd693ca6
14/2/2020 - 12:48:18.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpd-shellextension_31bf3856ad364e35_6.1.7601.17514_none_6f4ef219dd693ca6
14/2/2020 - 12:48:18.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpd-status.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_66093a3a47f65089
14/2/2020 - 12:48:18.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpd-status.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_66093a3a47f65089
14/2/2020 - 12:48:18.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpfcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_pt-br_11ca4d0613acd83f
14/2/2020 - 12:48:18.512Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpfcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_pt-br_11ca4d0613acd83f
14/2/2020 - 12:48:18.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpfcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_pt-br_11ca4d0613acd83f
14/2/2020 - 12:48:18.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-writewin_31bf3856ad364e35_6.1.7600.16385_none_378836c309ee380e
14/2/2020 - 12:48:18.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-writewin_31bf3856ad364e35_6.1.7600.16385_none_378836c309ee380e
14/2/2020 - 12:48:18.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wrp-integrity-api_31bf3856ad364e35_6.1.7600.16385_none_64adac8df39747b7
14/2/2020 - 12:48:18.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wrp-integrity-api_31bf3856ad364e35_6.1.7600.16385_none_64adac8df39747b7
14/2/2020 - 12:48:18.606Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:18.747Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:18.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wwanhc.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1900b1cb85652341
14/2/2020 - 12:48:18.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wwanhc.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1900b1cb85652341
14/2/2020 - 12:48:18.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wwanui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6d6cf5cb30edf308
14/2/2020 - 12:48:18.840Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wwanui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6d6cf5cb30edf308
14/2/2020 - 12:48:18.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wwanui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6d6cf5cb30edf308
14/2/2020 - 12:48:18.981Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:19.122Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:19.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-x..lugin-mui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b36055924ab76d4c
14/2/2020 - 12:48:19.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-x..lugin-mui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b36055924ab76d4c
14/2/2020 - 12:48:19.262Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:19.403Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:19.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.mediacenter.itv.media_31bf3856ad364e35_6.1.7601.17514_none_d1ce91acb3723e8a
14/2/2020 - 12:48:19.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.mediacenter.itv.media_31bf3856ad364e35_6.1.7601.17514_none_d1ce91acb3723e8a
14/2/2020 - 12:48:19.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.security...gement.policyengine_31bf3856ad364e35_6.1.7600.16385_none_8929f9240896e8ce
14/2/2020 - 12:48:19.590Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.security...gement.policyengine_31bf3856ad364e35_6.1.7600.16385_none_8929f9240896e8ce
14/2/2020 - 12:48:19.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.security...gement.policyengine_31bf3856ad364e35_6.1.7600.16385_none_8929f9240896e8ce
14/2/2020 - 12:48:19.637Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:19.778Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:19.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.transactions.bridge.dtc_b03f5f7f11d50a3a_6.1.7601.22733_none_65085bdd54b4a629
14/2/2020 - 12:48:19.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.transactions.bridge.dtc_b03f5f7f11d50a3a_6.1.7601.22733_none_65085bdd54b4a629
14/2/2020 - 12:48:19.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_de-de_11656bd895c187f7
14/2/2020 - 12:48:19.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_de-de_11656bd895c187f7
14/2/2020 - 12:48:19.918Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:20.59Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:20.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_es-es_ba219eb584c68561
14/2/2020 - 12:48:20.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_es-es_ba219eb584c68561
14/2/2020 - 12:48:20.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_et-ee_b3e16a4588cc61f0
14/2/2020 - 12:48:20.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_et-ee_b3e16a4588cc61f0
14/2/2020 - 12:48:20.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_it-it_47010afb4eca8141
14/2/2020 - 12:48:20.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_it-it_47010afb4eca8141
14/2/2020 - 12:48:20.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_ko-kr_8c9066bd34565a32
14/2/2020 - 12:48:20.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_ko-kr_8c9066bd34565a32
14/2/2020 - 12:48:20.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_lv-lv_3129014225fc66bf
14/2/2020 - 12:48:20.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_lv-lv_3129014225fc66bf
14/2/2020 - 12:48:20.153Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:20.293Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:20.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_bbf27855f153915b
14/2/2020 - 12:48:20.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_bbf27855f153915b
14/2/2020 - 12:48:20.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_sk-sk_a2925e32cabe818d
14/2/2020 - 12:48:20.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_sk-sk_a2925e32cabe818d
14/2/2020 - 12:48:20.434Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:20.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_de-de_677ec5ef54cba91e
14/2/2020 - 12:48:20.528Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_de-de_677ec5ef54cba91e
14/2/2020 - 12:48:20.575Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:20.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_he-il_f712166d1d11bdd8
14/2/2020 - 12:48:20.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_he-il_f712166d1d11bdd8
14/2/2020 - 12:48:20.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_hu-hu_fa62ef131b028c06
14/2/2020 - 12:48:20.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_hu-hu_fa62ef131b028c06
14/2/2020 - 12:48:20.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_ja-jp_3f3fe41f00efb443
14/2/2020 - 12:48:20.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_ja-jp_3f3fe41f00efb443
14/2/2020 - 12:48:20.715Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:20.856Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:20.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_120bd26cb05db282
14/2/2020 - 12:48:20.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_120bd26cb05db282
14/2/2020 - 12:48:20.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-pt_12eda1d8afcd225e
14/2/2020 - 12:48:20.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-pt_12eda1d8afcd225e
14/2/2020 - 12:48:20.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_sl-si_f7bdda018a62b597
14/2/2020 - 12:48:20.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_sl-si_f7bdda018a62b597
14/2/2020 - 12:48:20.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_sr-..-cs_9747569403bb18df
14/2/2020 - 12:48:20.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_sr-..-cs_9747569403bb18df
14/2/2020 - 12:48:20.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_zh-cn_6ff606562acb8ef5
14/2/2020 - 12:48:20.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_zh-cn_6ff606562acb8ef5
14/2/2020 - 12:48:20.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:21.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_zh-tw_73f243ac283c6b65
14/2/2020 - 12:48:21.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_zh-tw_73f243ac283c6b65
14/2/2020 - 12:48:21.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.d..eshootingpackmodule_31bf3856ad364e35_6.1.7600.16385_none_7d19911b0fafbb5f
14/2/2020 - 12:48:21.43Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.d..eshootingpackmodule_31bf3856ad364e35_6.1.7600.16385_none_7d19911b0fafbb5f
14/2/2020 - 12:48:21.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.d..eshootingpackmodule_31bf3856ad364e35_6.1.7600.16385_none_7d19911b0fafbb5f
14/2/2020 - 12:48:21.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.7601.17514_none_3bd2e487d8e769d3
14/2/2020 - 12:48:21.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.7601.17514_none_3bd2e487d8e769d3
14/2/2020 - 12:48:21.231Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:21.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23149_none_145940228b926863
14/2/2020 - 12:48:21.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23149_none_145940228b926863
14/2/2020 - 12:48:21.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.h..changer-driverclass_31bf3856ad364e35_6.1.7600.16385_none_249a5cc1e06b4240
14/2/2020 - 12:48:21.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.h..changer-driverclass_31bf3856ad364e35_6.1.7600.16385_none_249a5cc1e06b4240
14/2/2020 - 12:48:21.325Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:21.465Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:21.512Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:21.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a52d26ce1992a02d
14/2/2020 - 12:48:21.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a52d26ce1992a02d
14/2/2020 - 12:48:21.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.h..ler.wpd-driverclass_31bf3856ad364e35_6.1.7601.17514_none_c6d433b37ea91ac2
14/2/2020 - 12:48:21.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.h..ler.wpd-driverclass_31bf3856ad364e35_6.1.7601.17514_none_c6d433b37ea91ac2
14/2/2020 - 12:48:21.653Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:21.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.isolationautomation_6595b64144ccf1df_1.0.0.0_none_ee2620cf57bc84de
14/2/2020 - 12:48:21.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.isolationautomation_6595b64144ccf1df_1.0.0.0_none_ee2620cf57bc84de
14/2/2020 - 12:48:21.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.winhttp_31bf3856ad364e35_5.1.7601.17514_none_bac5319939f7951a
14/2/2020 - 12:48:21.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.winhttp_31bf3856ad364e35_5.1.7601.17514_none_bac5319939f7951a
14/2/2020 - 12:48:21.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_modemcsa.inf_31bf3856ad364e35_6.1.7601.17514_none_78520ca36170c34f
14/2/2020 - 12:48:21.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_modemcsa.inf_31bf3856ad364e35_6.1.7601.17514_none_78520ca36170c34f
14/2/2020 - 12:48:21.793Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:21.981Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:22.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_mpio.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_32f1daa9762505c8
14/2/2020 - 12:48:22.75Read1480C:\malware.exeC:\Windows\winsxs\amd64_mpio.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_32f1daa9762505c8
14/2/2020 - 12:48:22.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mpio.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_32f1daa9762505c8
14/2/2020 - 12:48:22.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_mscorlib_b77a5c561934e089_6.1.7601.22740_none_3d9b61788326e4f1
14/2/2020 - 12:48:22.122Read1480C:\malware.exeC:\Windows\winsxs\amd64_mscorlib_b77a5c561934e089_6.1.7601.22740_none_3d9b61788326e4f1
14/2/2020 - 12:48:22.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mscorlib_b77a5c561934e089_6.1.7601.22740_none_3d9b61788326e4f1
14/2/2020 - 12:48:22.215Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:22.356Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:22.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_msdri.inf_31bf3856ad364e35_6.1.7600.16385_none_816bc9a0f88677bf
14/2/2020 - 12:48:22.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_msdri.inf_31bf3856ad364e35_6.1.7600.16385_none_816bc9a0f88677bf
14/2/2020 - 12:48:22.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd
14/2/2020 - 12:48:22.450Read1480C:\malware.exeC:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd
14/2/2020 - 12:48:22.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd
14/2/2020 - 12:48:22.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9
14/2/2020 - 12:48:22.497Read1480C:\malware.exeC:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9
14/2/2020 - 12:48:22.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9
14/2/2020 - 12:48:22.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_mstape.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_31181f88c2e81487
14/2/2020 - 12:48:22.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mstape.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_31181f88c2e81487
14/2/2020 - 12:48:22.590Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:22.778Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:22.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_multiprt.inf_31bf3856ad364e35_6.1.7600.16385_none_889a2679a0b03465
14/2/2020 - 12:48:22.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_multiprt.inf_31bf3856ad364e35_6.1.7600.16385_none_889a2679a0b03465
14/2/2020 - 12:48:22.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_napcrypt_31bf3856ad364e35_6.1.7601.17514_none_99fb87a0aad31261
14/2/2020 - 12:48:22.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_napcrypt_31bf3856ad364e35_6.1.7601.17514_none_99fb87a0aad31261
14/2/2020 - 12:48:22.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_net1yx64.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_545c1ed97fbcb706
14/2/2020 - 12:48:22.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_net1yx64.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_545c1ed97fbcb706
14/2/2020 - 12:48:22.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_net44amd.inf_31bf3856ad364e35_6.1.7600.16385_none_0579b36b41e62541
14/2/2020 - 12:48:22.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_net44amd.inf_31bf3856ad364e35_6.1.7600.16385_none_0579b36b41e62541
14/2/2020 - 12:48:22.918Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:23.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_net8185.inf_31bf3856ad364e35_6.1.7600.16385_none_cba7660201f05131
14/2/2020 - 12:48:23.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_net8185.inf_31bf3856ad364e35_6.1.7600.16385_none_cba7660201f05131
14/2/2020 - 12:48:23.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_net8187se64.inf_31bf3856ad364e35_6.1.7600.16385_none_6a1eccb666dcecad
14/2/2020 - 12:48:23.59Read1480C:\malware.exeC:\Windows\winsxs\amd64_net8187se64.inf_31bf3856ad364e35_6.1.7600.16385_none_6a1eccb666dcecad
14/2/2020 - 12:48:23.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_net8187se64.inf_31bf3856ad364e35_6.1.7600.16385_none_6a1eccb666dcecad
14/2/2020 - 12:48:23.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_netb57va.inf_31bf3856ad364e35_6.1.7600.16385_none_581eb8ede4375d14
14/2/2020 - 12:48:23.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netb57va.inf_31bf3856ad364e35_6.1.7600.16385_none_581eb8ede4375d14
14/2/2020 - 12:48:23.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_netbc664.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_36a0f534143cc349
14/2/2020 - 12:48:23.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netbc664.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_36a0f534143cc349
14/2/2020 - 12:48:23.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_netbc664.inf_31bf3856ad364e35_6.1.7600.16385_none_a3677e8bc4b04b78
14/2/2020 - 12:48:23.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netbc664.inf_31bf3856ad364e35_6.1.7600.16385_none_a3677e8bc4b04b78
14/2/2020 - 12:48:23.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_netbxnda.inf_31bf3856ad364e35_6.1.7600.16385_none_f1c768728ab70982
14/2/2020 - 12:48:23.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netbxnda.inf_31bf3856ad364e35_6.1.7600.16385_none_f1c768728ab70982
14/2/2020 - 12:48:23.106Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:23.153Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:23.293Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:23.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-accessibility_b03f5f7f11d50a3a_6.1.7600.16385_none_b7702fadd2143c3d
14/2/2020 - 12:48:23.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-accessibility_b03f5f7f11d50a3a_6.1.7600.16385_none_b7702fadd2143c3d
14/2/2020 - 12:48:23.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-applaunch_exe_b03f5f7f11d50a3a_6.1.7601.22733_none_3b1a56602cc072d5
14/2/2020 - 12:48:23.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-applaunch_exe_b03f5f7f11d50a3a_6.1.7601.22733_none_3b1a56602cc072d5
14/2/2020 - 12:48:23.481Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:23.622Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:23.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnetmmcext_b03f5f7f11d50a3a_6.1.7600.16385_none_bfba567785514114
14/2/2020 - 12:48:23.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnetmmcext_b03f5f7f11d50a3a_6.1.7600.16385_none_bfba567785514114
14/2/2020 - 12:48:23.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.1.7600.16385_none_c56d3c38f38b0256
14/2/2020 - 12:48:23.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.1.7600.16385_none_c56d3c38f38b0256
14/2/2020 - 12:48:23.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_installpersistsql_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d7c7d648fe7470
14/2/2020 - 12:48:23.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_installpersistsql_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d7c7d648fe7470
14/2/2020 - 12:48:23.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_isapi_dll_b03f5f7f11d50a3a_6.1.7601.22617_none_535eab3d2ad2fc2a
14/2/2020 - 12:48:23.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_isapi_dll_b03f5f7f11d50a3a_6.1.7601.22617_none_535eab3d2ad2fc2a
14/2/2020 - 12:48:23.762Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:23.950Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:23.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_perf_dll_b03f5f7f11d50a3a_6.1.7601.18410_none_6a59c9eea4dfb343
14/2/2020 - 12:48:23.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_perf_dll_b03f5f7f11d50a3a_6.1.7601.18410_none_6a59c9eea4dfb343
14/2/2020 - 12:48:24.90Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:24.231Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:24.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_rc_dll_res_b03f5f7f11d50a3a_6.1.7601.18410_none_bcc96041a5ec3660
14/2/2020 - 12:48:24.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_rc_dll_res_b03f5f7f11d50a3a_6.1.7601.18410_none_bcc96041a5ec3660
14/2/2020 - 12:48:24.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_state_exe_b03f5f7f11d50a3a_6.1.7600.16385_none_0df703f36aac2f13
14/2/2020 - 12:48:24.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_state_exe_b03f5f7f11d50a3a_6.1.7600.16385_none_0df703f36aac2f13
14/2/2020 - 12:48:24.372Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:24.418Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:24.559Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:24.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_state_perf_h_b03f5f7f11d50a3a_6.1.7600.16385_none_730c92cdcdf3f501
14/2/2020 - 12:48:24.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_state_perf_h_b03f5f7f11d50a3a_6.1.7600.16385_none_730c92cdcdf3f501
14/2/2020 - 12:48:24.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.1.7600.16385_none_dbcd81fadebda0bf
14/2/2020 - 12:48:24.606Read1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.1.7600.16385_none_dbcd81fadebda0bf
14/2/2020 - 12:48:24.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.1.7600.16385_none_dbcd81fadebda0bf
14/2/2020 - 12:48:24.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.1.7600.16385_none_dba90e9e11c02732
14/2/2020 - 12:48:24.653Read1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.1.7600.16385_none_dba90e9e11c02732
14/2/2020 - 12:48:24.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.1.7600.16385_none_dba90e9e11c02732
14/2/2020 - 12:48:24.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.1.7600.16385_none_6cb4cb2fec54f7c8
14/2/2020 - 12:48:24.700Read1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.1.7600.16385_none_6cb4cb2fec54f7c8
14/2/2020 - 12:48:24.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.1.7600.16385_none_6cb4cb2fec54f7c8
14/2/2020 - 12:48:24.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_3b995fcfc0e586ab
14/2/2020 - 12:48:24.747Read1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_3b995fcfc0e586ab
14/2/2020 - 12:48:24.793Read1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_3b995fcfc0e586ab
14/2/2020 - 12:48:24.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_3b995fcfc0e586ab
14/2/2020 - 12:48:24.934Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:25.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_res_res_b03f5f7f11d50a3a_6.1.7600.16385_none_88c53c175f60c188
14/2/2020 - 12:48:25.28Read1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_res_res_b03f5f7f11d50a3a_6.1.7600.16385_none_88c53c175f60c188
14/2/2020 - 12:48:25.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_res_res_b03f5f7f11d50a3a_6.1.7600.16385_none_88c53c175f60c188
14/2/2020 - 12:48:25.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_users_b03f5f7f11d50a3a_6.1.7600.16385_none_be918bff95b9bbc5
14/2/2020 - 12:48:25.75Read1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_users_b03f5f7f11d50a3a_6.1.7600.16385_none_be918bff95b9bbc5
14/2/2020 - 12:48:25.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_users_b03f5f7f11d50a3a_6.1.7600.16385_none_be918bff95b9bbc5
14/2/2020 - 12:48:25.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.1.7600.16385_none_325c9d528a9569f1
14/2/2020 - 12:48:25.122Read1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.1.7600.16385_none_325c9d528a9569f1
14/2/2020 - 12:48:25.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.1.7600.16385_none_325c9d528a9569f1
14/2/2020 - 12:48:25.215Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:25.356Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:25.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.1.7600.16385_none_b93ccc9cc4c70a9a
14/2/2020 - 12:48:25.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.1.7600.16385_none_b93ccc9cc4c70a9a
14/2/2020 - 12:48:25.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.1.7601.18758_none_519ba398346d2f0c
14/2/2020 - 12:48:25.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.1.7601.18758_none_519ba398346d2f0c
14/2/2020 - 12:48:25.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.1.7601.22500_none_3ac9b2124e184264
14/2/2020 - 12:48:25.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.1.7601.22500_none_3ac9b2124e184264\aspnet_wp.exe
14/2/2020 - 12:48:25.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.1.7601.22500_none_3ac9b2124e184264\aspnet_wp.exeaspnet_wp.exe
14/2/2020 - 12:48:25.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.1.7601.22500_none_3ac9b2124e184264\aspnet_wp.exe
14/2/2020 - 12:48:25.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.1.7601.22500_none_3ac9b2124e184264\aspnet_wp.exe
14/2/2020 - 12:48:25.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.1.7601.22500_none_3ac9b2124e184264\aspnet_wp.exe
14/2/2020 - 12:48:25.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.1.7601.22500_none_3ac9b2124e184264
14/2/2020 - 12:48:25.543Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:25.684Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:25.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-clr_ilasm_exe_b03f5f7f11d50a3a_6.1.7601.18523_none_8fc063ff35f4970f
14/2/2020 - 12:48:25.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-clr_ilasm_exe_b03f5f7f11d50a3a_6.1.7601.18523_none_8fc063ff35f4970f
14/2/2020 - 12:48:25.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-clr_sys_entservcs_thunk_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_df3a1ffa5faa4434
14/2/2020 - 12:48:25.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-clr_sys_entservcs_thunk_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_df3a1ffa5faa4434
14/2/2020 - 12:48:25.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-clr_sys_entservcs_thunk_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_df104676600087c7
14/2/2020 - 12:48:25.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-clr_sys_entservcs_thunk_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_df104676600087c7
14/2/2020 - 12:48:25.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-corperfmonext_dll_b03f5f7f11d50a3a_6.1.7601.17514_none_3f96b77d6b1b3d74
14/2/2020 - 12:48:25.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-corperfmonext_dll_b03f5f7f11d50a3a_6.1.7601.17514_none_3f96b77d6b1b3d74
14/2/2020 - 12:48:25.825Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:26.12Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:26.59Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:26.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-csharpcompilermsg_b03f5f7f11d50a3a_6.1.7600.16385_none_fdae421192a7398e
14/2/2020 - 12:48:26.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-csharpcompilermsg_b03f5f7f11d50a3a_6.1.7600.16385_none_fdae421192a7398e
14/2/2020 - 12:48:26.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-csharpcompilermsg_b03f5f7f11d50a3a_6.1.7601.18523_none_fd84688d92fd7d21
14/2/2020 - 12:48:26.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-csharpcompilermsg_b03f5f7f11d50a3a_6.1.7601.18523_none_fd84688d92fd7d21
14/2/2020 - 12:48:26.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-csharpcompilermsg_b03f5f7f11d50a3a_6.1.7601.22733_none_e6b7c1f3aca3f6cf
14/2/2020 - 12:48:26.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-csharpcompilermsg_b03f5f7f11d50a3a_6.1.7601.22733_none_e6b7c1f3aca3f6cf
14/2/2020 - 12:48:26.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-culture_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_675e11abf862cee9
14/2/2020 - 12:48:26.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-culture_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_675e11abf862cee9
14/2/2020 - 12:48:26.200Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:26.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-cvtres_for_vc_and_vb_b03f5f7f11d50a3a_6.1.7601.18523_none_7270592bdc34d6f2
14/2/2020 - 12:48:26.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-cvtres_for_vc_and_vb_b03f5f7f11d50a3a_6.1.7601.18523_none_7270592bdc34d6f2
14/2/2020 - 12:48:26.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-debugging_msdia70_b03f5f7f11d50a3a_6.1.7601.17514_none_5d8d6334bcdccf63
14/2/2020 - 12:48:26.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-debugging_msdia70_b03f5f7f11d50a3a_6.1.7601.17514_none_5d8d6334bcdccf63
14/2/2020 - 12:48:26.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-dfdll_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_152a54ddfc5e14f6
14/2/2020 - 12:48:26.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-dfdll_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_152a54ddfc5e14f6
14/2/2020 - 12:48:26.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-dfshim_dll_31bf3856ad364e35_6.2.7601.18514_none_9ed4b25c1264e7f0
14/2/2020 - 12:48:26.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-dfshim_dll_31bf3856ad364e35_6.2.7601.18514_none_9ed4b25c1264e7f0
14/2/2020 - 12:48:26.340Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:26.481Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:26.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-dfsvc_b03f5f7f11d50a3a_6.1.7600.16385_none_96dbb959ba7c7a79
14/2/2020 - 12:48:26.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-dfsvc_b03f5f7f11d50a3a_6.1.7600.16385_none_96dbb959ba7c7a79
14/2/2020 - 12:48:26.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-dfsvc_b03f5f7f11d50a3a_6.1.7601.22733_none_7fe5393bd47937ba
14/2/2020 - 12:48:26.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-dfsvc_b03f5f7f11d50a3a_6.1.7601.22733_none_7fe5393bd47937ba
14/2/2020 - 12:48:26.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.1.7600.16385_none_8150ce75bdfeffdc
14/2/2020 - 12:48:26.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.1.7600.16385_none_8150ce75bdfeffdc
14/2/2020 - 12:48:26.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-eventlogmessages_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_5c3e74509ac94820
14/2/2020 - 12:48:26.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-eventlogmessages_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_5c3e74509ac94820
14/2/2020 - 12:48:26.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-eventlogmessages_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_5c149acc9b1f8bb3
14/2/2020 - 12:48:26.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-eventlogmessages_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_5c149acc9b1f8bb3
14/2/2020 - 12:48:26.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-fusion_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_8fab7b70b26a3690
14/2/2020 - 12:48:26.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-fusion_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_8fab7b70b26a3690
14/2/2020 - 12:48:26.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-fusion_dll_b03f5f7f11d50a3a_6.1.7601.22733_none_78b4fb52cc66f3d1
14/2/2020 - 12:48:26.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-fusion_dll_b03f5f7f11d50a3a_6.1.7601.22733_none_78b4fb52cc66f3d1
14/2/2020 - 12:48:26.668Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:26.809Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:26.950Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:27.90Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:27.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-jsc_b03f5f7f11d50a3a_6.1.7601.22733_none_fdf069bcd133055e
14/2/2020 - 12:48:27.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-jsc_b03f5f7f11d50a3a_6.1.7601.22733_none_fdf069bcd133055e\jsc.exe
14/2/2020 - 12:48:27.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-jsc_b03f5f7f11d50a3a_6.1.7601.22733_none_fdf069bcd133055e\jsc.exe
14/2/2020 - 12:48:27.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-jsc_b03f5f7f11d50a3a_6.1.7601.22733_none_fdf069bcd133055e\jsc.exe
14/2/2020 - 12:48:27.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-jsc_b03f5f7f11d50a3a_6.1.7601.22733_none_fdf069bcd133055e\jsc.exe
14/2/2020 - 12:48:27.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-jsc_b03f5f7f11d50a3a_6.1.7601.22733_none_fdf069bcd133055e
14/2/2020 - 12:48:27.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-ldr64_exe_31bf3856ad364e35_6.1.7601.18523_none_fbb375336452533c
14/2/2020 - 12:48:27.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-ldr64_exe_31bf3856ad364e35_6.1.7601.18523_none_fbb375336452533c
14/2/2020 - 12:48:27.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-microsoft.build.framework_b03f5f7f11d50a3a_6.1.7601.18523_none_4c9fc450e2f80e60
14/2/2020 - 12:48:27.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-microsoft.build.framework_b03f5f7f11d50a3a_6.1.7601.18523_none_4c9fc450e2f80e60
14/2/2020 - 12:48:27.278Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:27.325Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:27.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-microsoft.build.utilities_b03f5f7f11d50a3a_6.1.7601.17514_none_1af3e9f26809c8b1
14/2/2020 - 12:48:27.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-microsoft.build.utilities_b03f5f7f11d50a3a_6.1.7601.17514_none_1af3e9f26809c8b1
14/2/2020 - 12:48:27.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-microsoft.build.utilities_b03f5f7f11d50a3a_6.1.7601.18523_none_1af502ea6808c58e
14/2/2020 - 12:48:27.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-microsoft.build.utilities_b03f5f7f11d50a3a_6.1.7601.18523_none_1af502ea6808c58e
14/2/2020 - 12:48:27.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-microsoft.build.utilities_b03f5f7f11d50a3a_6.1.7601.22733_none_04285c5081af3f3c
14/2/2020 - 12:48:27.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-microsoft.build.utilities_b03f5f7f11d50a3a_6.1.7601.22733_none_04285c5081af3f3c
14/2/2020 - 12:48:27.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-microsoft.jscript_b03f5f7f11d50a3a_6.1.7601.22733_none_dc7b796aff4d1eab
14/2/2020 - 12:48:27.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-microsoft.jscript_b03f5f7f11d50a3a_6.1.7601.22733_none_dc7b796aff4d1eab
14/2/2020 - 12:48:27.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-microsoft.visualbasic_b03f5f7f11d50a3a_6.1.7601.18523_none_cfb8ce4cc5a21132
14/2/2020 - 12:48:27.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-microsoft.visualbasic_b03f5f7f11d50a3a_6.1.7601.18523_none_cfb8ce4cc5a21132
14/2/2020 - 12:48:27.465Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:27.465Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:27.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.1.7600.16385_none_41170ef266aac7f4
14/2/2020 - 12:48:27.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.1.7600.16385_none_41170ef266aac7f4
14/2/2020 - 12:48:27.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscordacwks_b03f5f7f11d50a3a_6.1.7601.17514_none_b7d09c4caf0b124a
14/2/2020 - 12:48:27.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscordacwks_b03f5f7f11d50a3a_6.1.7601.17514_none_b7d09c4caf0b124a
14/2/2020 - 12:48:27.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscordbc_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_f9c9eb8d6d88670f
14/2/2020 - 12:48:27.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscordbc_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_f9c9eb8d6d88670f
14/2/2020 - 12:48:27.700Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:27.840Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:27.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorier_dll_non_mui_31bf3856ad364e35_6.1.7601.22724_none_db36c8fe0ad49e76
14/2/2020 - 12:48:27.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorier_dll_non_mui_31bf3856ad364e35_6.1.7601.22724_none_db36c8fe0ad49e76
14/2/2020 - 12:48:27.981Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:28.122Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:28.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorjit_dll_b03f5f7f11d50a3a_6.1.7601.17514_none_4c0bcee0d9569e7d
14/2/2020 - 12:48:28.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorjit_dll_b03f5f7f11d50a3a_6.1.7601.17514_none_4c0bcee0d9569e7d
14/2/2020 - 12:48:28.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorjit_dll_b03f5f7f11d50a3a_6.1.7601.17966_none_4c10a232d95251b6
14/2/2020 - 12:48:28.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorjit_dll_b03f5f7f11d50a3a_6.1.7601.17966_none_4c10a232d95251b6
14/2/2020 - 12:48:28.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorjit_dll_b03f5f7f11d50a3a_6.1.7601.21890_none_35468548f2f66359
14/2/2020 - 12:48:28.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorjit_dll_b03f5f7f11d50a3a_6.1.7601.21890_none_35468548f2f66359
14/2/2020 - 12:48:28.309Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:28.450Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:28.497Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:28.543Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:28.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorpjt_dll_31bf3856ad364e35_6.1.7601.18523_none_d9a0266c96cbe96e
14/2/2020 - 12:48:28.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorpjt_dll_31bf3856ad364e35_6.1.7601.18523_none_d9a0266c96cbe96e
14/2/2020 - 12:48:28.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorrc_res_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_7cd768e7446fb711
14/2/2020 - 12:48:28.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorrc_res_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_7cd768e7446fb711
14/2/2020 - 12:48:28.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorsecr_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_3245b7d996aca128
14/2/2020 - 12:48:28.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorsecr_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_3245b7d996aca128
14/2/2020 - 12:48:28.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorsec_dll_b03f5f7f11d50a3a_6.1.7601.22733_none_8794ec51b6934234
14/2/2020 - 12:48:28.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorsec_dll_b03f5f7f11d50a3a_6.1.7601.22733_none_8794ec51b6934234
14/2/2020 - 12:48:28.684Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:28.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorsvc__dll_b03f5f7f11d50a3a_6.1.7601.22733_none_d0d3ba9bc5d62a48
14/2/2020 - 12:48:28.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorsvc__dll_b03f5f7f11d50a3a_6.1.7601.22733_none_d0d3ba9bc5d62a48
14/2/2020 - 12:48:28.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.1.7601.22733_none_95d9bd7daa457ab9
14/2/2020 - 12:48:28.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.1.7601.22733_none_95d9bd7daa457ab9
14/2/2020 - 12:48:28.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_bf0d925dd7090354
14/2/2020 - 12:48:28.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_bf0d925dd7090354
14/2/2020 - 12:48:28.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-ngen_exe_b03f5f7f11d50a3a_6.1.7601.17514_none_046c078df2caf5d8
14/2/2020 - 12:48:28.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-ngen_exe_b03f5f7f11d50a3a_6.1.7601.17514_none_046c078df2caf5d8
14/2/2020 - 12:48:28.825Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:29.59Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:29.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-redist_config_files_b03f5f7f11d50a3a_6.1.7600.16385_none_0802cd2b76f0255f
14/2/2020 - 12:48:29.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-redist_config_files_b03f5f7f11d50a3a_6.1.7600.16385_none_0802cd2b76f0255f
14/2/2020 - 12:48:29.200Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:29.340Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:29.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-sbscmp10_dll_31bf3856ad364e35_6.1.7601.22724_none_d3aabe0e34c149f9
14/2/2020 - 12:48:29.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-sbscmp10_dll_31bf3856ad364e35_6.1.7601.22724_none_d3aabe0e34c149f9
14/2/2020 - 12:48:29.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7601.18514_none_ddd4661c5cf17e49
14/2/2020 - 12:48:29.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7601.18514_none_ddd4661c5cf17e49
14/2/2020 - 12:48:29.481Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:29.622Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:29.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-sos_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_a09ffd05a2feeb3c
14/2/2020 - 12:48:29.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-sos_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_a09ffd05a2feeb3c
14/2/2020 - 12:48:29.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-sos_dll_b03f5f7f11d50a3a_6.1.7601.22733_none_89d3566bbca564ea
14/2/2020 - 12:48:29.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-sos_dll_b03f5f7f11d50a3a_6.1.7601.22733_none_89d3566bbca564ea
14/2/2020 - 12:48:29.762Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:29.809Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:29.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.configuration.install_b03f5f7f11d50a3a_6.1.7601.22733_none_e410b5ad1643732c
14/2/2020 - 12:48:29.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.configuration.install_b03f5f7f11d50a3a_6.1.7601.22733_none_e410b5ad1643732c
14/2/2020 - 12:48:29.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.data.sqlxml_b03f5f7f11d50a3a_6.1.7601.18529_none_141bab5a23b1444a
14/2/2020 - 12:48:29.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.data.sqlxml_b03f5f7f11d50a3a_6.1.7601.18529_none_141bab5a23b1444a
14/2/2020 - 12:48:29.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.deployment_b03f5f7f11d50a3a_6.1.7601.19025_none_7714d3b853f8ec5c
14/2/2020 - 12:48:29.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.deployment_b03f5f7f11d50a3a_6.1.7601.19025_none_7714d3b853f8ec5c
14/2/2020 - 12:48:29.950Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:30.137Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:30.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.deployment_b03f5f7f11d50a3a_6.1.7601.23230_none_60489f066d9ee5e5
14/2/2020 - 12:48:30.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.deployment_b03f5f7f11d50a3a_6.1.7601.23230_none_60489f066d9ee5e5
14/2/2020 - 12:48:30.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.design_b03f5f7f11d50a3a_6.1.7601.22126_none_73ed560c2f3d4fcd
14/2/2020 - 12:48:30.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.design_b03f5f7f11d50a3a_6.1.7601.22126_none_73ed560c2f3d4fcd
14/2/2020 - 12:48:30.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.directoryservices.protocols_b03f5f7f11d50a3a_6.1.7600.16385_none_f65534c04a41b956
14/2/2020 - 12:48:30.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.directoryservices.protocols_b03f5f7f11d50a3a_6.1.7600.16385_none_f65534c04a41b956
14/2/2020 - 12:48:30.278Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:30.418Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:30.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.directoryservices_b03f5f7f11d50a3a_6.1.7601.18523_none_16b7e18da0931dea
14/2/2020 - 12:48:30.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.directoryservices_b03f5f7f11d50a3a_6.1.7601.18523_none_16b7e18da0931dea
14/2/2020 - 12:48:30.559Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:30.700Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:30.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.management_b03f5f7f11d50a3a_6.1.7601.22733_none_df6deda1a67b5af6
14/2/2020 - 12:48:30.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.management_b03f5f7f11d50a3a_6.1.7601.22733_none_df6deda1a67b5af6
14/2/2020 - 12:48:30.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d1bee515273f56
14/2/2020 - 12:48:30.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d1bee515273f56
14/2/2020 - 12:48:30.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.runtime.remoting_b03f5f7f11d50a3a_6.1.7601.17514_none_dbb72f2052e2a0db
14/2/2020 - 12:48:30.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.runtime.remoting_b03f5f7f11d50a3a_6.1.7601.17514_none_dbb72f2052e2a0db
14/2/2020 - 12:48:30.840Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:30.981Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:31.28Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:31.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.runtime.remoting_b03f5f7f11d50a3a_6.1.7601.22617_none_c4e945ee6c8a4aeb
14/2/2020 - 12:48:31.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.runtime.remoting_b03f5f7f11d50a3a_6.1.7601.22617_none_c4e945ee6c8a4aeb
14/2/2020 - 12:48:31.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.security_b03f5f7f11d50a3a_6.1.7601.17514_none_31853bdb99fcc1ee
14/2/2020 - 12:48:31.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.security_b03f5f7f11d50a3a_6.1.7601.17514_none_31853bdb99fcc1ee
14/2/2020 - 12:48:31.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.security_b03f5f7f11d50a3a_6.1.7601.19144_none_3188411599fa06fd
14/2/2020 - 12:48:31.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.security_b03f5f7f11d50a3a_6.1.7601.19144_none_3188411599fa06fd
14/2/2020 - 12:48:31.168Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:31.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.web.mobile_b03f5f7f11d50a3a_6.1.7601.18410_none_1a511664f74f9b64
14/2/2020 - 12:48:31.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.web.mobile_b03f5f7f11d50a3a_6.1.7601.18410_none_1a511664f74f9b64
14/2/2020 - 12:48:31.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.web.mobile_b03f5f7f11d50a3a_6.1.7601.22500_none_03826f5b10f7e213
14/2/2020 - 12:48:31.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.web.mobile_b03f5f7f11d50a3a_6.1.7601.22500_none_03826f5b10f7e213
14/2/2020 - 12:48:31.309Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:31.450Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:31.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.windows.forms_b03f5f7f11d50a3a_6.1.7601.17514_none_837199a67b60fe06
14/2/2020 - 12:48:31.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.windows.forms_b03f5f7f11d50a3a_6.1.7601.17514_none_837199a67b60fe06
14/2/2020 - 12:48:31.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.windows.forms_b03f5f7f11d50a3a_6.1.7601.18763_none_8376b37e7b5c60e1
14/2/2020 - 12:48:31.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.windows.forms_b03f5f7f11d50a3a_6.1.7601.18763_none_8376b37e7b5c60e1
14/2/2020 - 12:48:31.637Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:31.778Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:31.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.xml_b03f5f7f11d50a3a_6.1.7601.19091_none_615a18343c22d61d
14/2/2020 - 12:48:31.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system.xml_b03f5f7f11d50a3a_6.1.7601.19091_none_615a18343c22d61d
14/2/2020 - 12:48:31.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system_b03f5f7f11d50a3a_6.1.7601.18529_none_bf302d87fdcf47ad
14/2/2020 - 12:48:31.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system_b03f5f7f11d50a3a_6.1.7601.18529_none_bf302d87fdcf47ad
14/2/2020 - 12:48:31.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system_b03f5f7f11d50a3a_6.1.7601.22126_none_a862cbd41776593b
14/2/2020 - 12:48:31.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system_b03f5f7f11d50a3a_6.1.7601.22126_none_a862cbd41776593b
14/2/2020 - 12:48:31.918Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:32.59Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:32.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system_tlb_b03f5f7f11d50a3a_6.1.7600.16385_none_5f66f6003d640f77
14/2/2020 - 12:48:32.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-system_tlb_b03f5f7f11d50a3a_6.1.7600.16385_none_5f66f6003d640f77
14/2/2020 - 12:48:32.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-sys_enterpriseservices_tlb_b03f5f7f11d50a3a_6.1.7601.18523_none_a87a29d50a379192
14/2/2020 - 12:48:32.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-sys_enterpriseservices_tlb_b03f5f7f11d50a3a_6.1.7601.18523_none_a87a29d50a379192
14/2/2020 - 12:48:32.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-sys_windows_forms_tlb_b03f5f7f11d50a3a_6.1.7601.18523_none_248f1685e6157baa
14/2/2020 - 12:48:32.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-sys_windows_forms_tlb_b03f5f7f11d50a3a_6.1.7601.18523_none_248f1685e6157baa
14/2/2020 - 12:48:32.200Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:32.247Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:32.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.1.7600.16385_none_2faaad2bcfc99b5f
14/2/2020 - 12:48:32.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.1.7600.16385_none_2faaad2bcfc99b5f
14/2/2020 - 12:48:32.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-vb_compiler_b03f5f7f11d50a3a_6.1.7601.17514_none_cc9e34fd4e687b15
14/2/2020 - 12:48:32.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-vb_compiler_b03f5f7f11d50a3a_6.1.7601.17514_none_cc9e34fd4e687b15
14/2/2020 - 12:48:32.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-vb_compiler_ui_b03f5f7f11d50a3a_6.1.7600.16385_none_281aa88152564d62
14/2/2020 - 12:48:32.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-vb_compiler_ui_b03f5f7f11d50a3a_6.1.7600.16385_none_281aa88152564d62
14/2/2020 - 12:48:32.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-vb_compiler_ui_b03f5f7f11d50a3a_6.1.7601.22733_none_112428636c530aa3
14/2/2020 - 12:48:32.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-vb_compiler_ui_b03f5f7f11d50a3a_6.1.7601.22733_none_112428636c530aa3
14/2/2020 - 12:48:32.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.1.7600.16385_none_4ce9dc6ecc5205aa
14/2/2020 - 12:48:32.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.1.7600.16385_none_4ce9dc6ecc5205aa
14/2/2020 - 12:48:32.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-web_engine_dll_b03f5f7f11d50a3a_6.1.7601.18410_none_c34ec396e012823b
14/2/2020 - 12:48:32.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-web_engine_dll_b03f5f7f11d50a3a_6.1.7601.18410_none_c34ec396e012823b
14/2/2020 - 12:48:32.387Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:32.528Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:32.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-web_engine_dll_b03f5f7f11d50a3a_6.1.7601.22617_none_ac807d3af9ba95f9
14/2/2020 - 12:48:32.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-web_engine_dll_b03f5f7f11d50a3a_6.1.7601.22617_none_ac807d3af9ba95f9
14/2/2020 - 12:48:32.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-_vc_assembly_linker_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_c5ac2e9b93b68df0
14/2/2020 - 12:48:32.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-_vc_assembly_linker_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_c5ac2e9b93b68df0
14/2/2020 - 12:48:32.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-_vc_assembly_linker_dll_b03f5f7f11d50a3a_6.1.7601.22733_none_aedf8801ad5d079e
14/2/2020 - 12:48:32.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-_vc_assembly_linker_dll_b03f5f7f11d50a3a_6.1.7601.22733_none_aedf8801ad5d079e
14/2/2020 - 12:48:32.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-_vc_assembly_linker_messages_b03f5f7f11d50a3a_6.1.7601.22733_none_db146d0866d123da
14/2/2020 - 12:48:32.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-_vc_assembly_linker_messages_b03f5f7f11d50a3a_6.1.7601.22733_none_db146d0866d123da
14/2/2020 - 12:48:32.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35cdf-cdf_mof_files_31bf3856ad364e35_6.1.7600.16385_none_f64bda6899b28685
14/2/2020 - 12:48:32.668Read1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35cdf-cdf_mof_files_31bf3856ad364e35_6.1.7600.16385_none_f64bda6899b28685
14/2/2020 - 12:48:32.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35cdf-cdf_mof_files_31bf3856ad364e35_6.1.7600.16385_none_f64bda6899b28685
14/2/2020 - 12:48:32.715Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:32.856Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:32.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-datasvcutil_31bf3856ad364e35_6.1.7601.17514_none_ed7ce39bb395c4e0
14/2/2020 - 12:48:32.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-datasvcutil_31bf3856ad364e35_6.1.7601.17514_none_ed7ce39bb395c4e0
14/2/2020 - 12:48:32.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-datasvcutil_31bf3856ad364e35_6.1.7601.17933_none_ed664b11b3a6d807
14/2/2020 - 12:48:32.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-datasvcutil_31bf3856ad364e35_6.1.7601.17933_none_ed664b11b3a6d807
14/2/2020 - 12:48:32.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:33.137Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:33.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-framework_assemblylist_31bf3856ad364e35_6.1.7600.16385_none_2e52f21a630e843f
14/2/2020 - 12:48:33.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-framework_assemblylist_31bf3856ad364e35_6.1.7600.16385_none_2e52f21a630e843f
14/2/2020 - 12:48:33.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-microso...entity.build.tasks_31bf3856ad364e35_6.1.7600.16385_none_3250e53a62eb6f11
14/2/2020 - 12:48:33.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-microso...entity.build.tasks_31bf3856ad364e35_6.1.7600.16385_none_3250e53a62eb6f11
14/2/2020 - 12:48:33.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-msbuild_core_schema__v35_31bf3856ad364e35_6.1.7600.16385_none_7a4294a74548ee4c
14/2/2020 - 12:48:33.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-msbuild_core_schema__v35_31bf3856ad364e35_6.1.7600.16385_none_7a4294a74548ee4c
14/2/2020 - 12:48:33.278Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:33.418Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:33.465Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:33.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-msbuild_schema_v35_31bf3856ad364e35_6.1.7600.16385_none_a45890c6256df783
14/2/2020 - 12:48:33.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-msbuild_schema_v35_31bf3856ad364e35_6.1.7600.16385_none_a45890c6256df783
14/2/2020 - 12:48:33.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-msbuild_targetfiles_31bf3856ad364e35_6.1.7600.16385_none_6ec8fca242b4dcc9
14/2/2020 - 12:48:33.512Read1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-msbuild_targetfiles_31bf3856ad364e35_6.1.7600.16385_none_6ec8fca242b4dcc9
14/2/2020 - 12:48:33.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-msbuild_targetfiles_31bf3856ad364e35_6.1.7600.16385_none_6ec8fca242b4dcc9
14/2/2020 - 12:48:33.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-system.addin_31bf3856ad364e35_6.1.7601.17514_none_97288e952e73747d
14/2/2020 - 12:48:33.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-system.addin_31bf3856ad364e35_6.1.7601.17514_none_97288e952e73747d
14/2/2020 - 12:48:33.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-system.core_31bf3856ad364e35_6.1.7601.17514_none_bd8097b9a570d758
14/2/2020 - 12:48:33.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-system.core_31bf3856ad364e35_6.1.7601.17514_none_bd8097b9a570d758
14/2/2020 - 12:48:33.653Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:33.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-system.data.entity_31bf3856ad364e35_6.1.7601.17514_none_913a3c3df2332df4
14/2/2020 - 12:48:33.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-system.data.entity_31bf3856ad364e35_6.1.7601.17514_none_913a3c3df2332df4
14/2/2020 - 12:48:33.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-system.data.linq_31bf3856ad364e35_6.1.7601.17514_none_c7e615d52227d49b
14/2/2020 - 12:48:33.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-system.data.linq_31bf3856ad364e35_6.1.7601.17514_none_c7e615d52227d49b
14/2/2020 - 12:48:33.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-system.data.linq_31bf3856ad364e35_6.1.7601.22326_none_c866c6ce3b4be530
14/2/2020 - 12:48:33.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-system.data.linq_31bf3856ad364e35_6.1.7601.22326_none_c866c6ce3b4be530
14/2/2020 - 12:48:33.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-system.data.services.client_31bf3856ad364e35_6.1.7601.17514_none_2c400be857e72e9c
14/2/2020 - 12:48:33.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-system.data.services.client_31bf3856ad364e35_6.1.7601.17514_none_2c400be857e72e9c
14/2/2020 - 12:48:33.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-system.data.services.design_31bf3856ad364e35_6.1.7601.17514_none_57f64808c4ad1ed1
14/2/2020 - 12:48:33.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-system.data.services.design_31bf3856ad364e35_6.1.7601.17514_none_57f64808c4ad1ed1
14/2/2020 - 12:48:33.793Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:33.981Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:34.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-system.web.entity.design_31bf3856ad364e35_6.1.7601.17514_none_f7214c4c29a6074a
14/2/2020 - 12:48:34.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-system.web.entity.design_31bf3856ad364e35_6.1.7601.17514_none_f7214c4c29a6074a
14/2/2020 - 12:48:34.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-system.web.extensions.design_31bf3856ad364e35_6.1.7601.17514_none_642b0dde6210c9f7
14/2/2020 - 12:48:34.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-system.web.extensions.design_31bf3856ad364e35_6.1.7601.17514_none_642b0dde6210c9f7
14/2/2020 - 12:48:34.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-system.web.routing_31bf3856ad364e35_6.1.7601.17514_none_593ac721b0aeff29
14/2/2020 - 12:48:34.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-system.web.routing_31bf3856ad364e35_6.1.7601.17514_none_593ac721b0aeff29
14/2/2020 - 12:48:34.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-system.xml.linq_31bf3856ad364e35_6.1.7601.17514_none_fa08851339f04110
14/2/2020 - 12:48:34.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-system.xml.linq_31bf3856ad364e35_6.1.7601.17514_none_fa08851339f04110
14/2/2020 - 12:48:34.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-vbc_exe_config_orcas_31bf3856ad364e35_6.1.7600.16385_none_64f9016fb645370e
14/2/2020 - 12:48:34.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35linq-vbc_exe_config_orcas_31bf3856ad364e35_6.1.7600.16385_none_64f9016fb645370e
14/2/2020 - 12:48:34.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35wpf-sentinel.v3.5client_31bf3856ad364e35_6.1.7600.16385_none_c3ecf9cbf269734c
14/2/2020 - 12:48:34.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx35wpf-sentinel.v3.5client_31bf3856ad364e35_6.1.7600.16385_none_c3ecf9cbf269734c
14/2/2020 - 12:48:34.122Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:34.309Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:34.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_netimm.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_165413db8567c969
14/2/2020 - 12:48:34.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netimm.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_165413db8567c969
14/2/2020 - 12:48:34.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_netk57a.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7cc0764c8109dbae
14/2/2020 - 12:48:34.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netk57a.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7cc0764c8109dbae
14/2/2020 - 12:48:34.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_netk57a.inf_31bf3856ad364e35_6.1.7600.16385_none_b67bb5081937ae73
14/2/2020 - 12:48:34.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netk57a.inf_31bf3856ad364e35_6.1.7600.16385_none_b67bb5081937ae73
14/2/2020 - 12:48:34.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_netl160a.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7dc24511a4014118
14/2/2020 - 12:48:34.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netl160a.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7dc24511a4014118
14/2/2020 - 12:48:34.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_netl1e64.inf_31bf3856ad364e35_6.1.7600.16385_none_97e8f61adcecb187
14/2/2020 - 12:48:34.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netl1e64.inf_31bf3856ad364e35_6.1.7600.16385_none_97e8f61adcecb187
14/2/2020 - 12:48:34.450Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:34.590Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:34.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_netmyk00.inf_31bf3856ad364e35_6.1.7600.16385_none_18eefc05dfc312ee
14/2/2020 - 12:48:34.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netmyk00.inf_31bf3856ad364e35_6.1.7600.16385_none_18eefc05dfc312ee
14/2/2020 - 12:48:34.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_netnvma.inf_31bf3856ad364e35_6.1.7600.16385_none_8e00a40a4192c673
14/2/2020 - 12:48:34.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netnvma.inf_31bf3856ad364e35_6.1.7600.16385_none_8e00a40a4192c673
14/2/2020 - 12:48:34.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_netr28ux.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ffdd70a4a054e62b
14/2/2020 - 12:48:34.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netr28ux.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ffdd70a4a054e62b
14/2/2020 - 12:48:34.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_netr28ux.inf_31bf3856ad364e35_6.1.7600.16385_none_9e04f5ea3d7bf9e0
14/2/2020 - 12:48:34.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netr28ux.inf_31bf3856ad364e35_6.1.7600.16385_none_9e04f5ea3d7bf9e0
14/2/2020 - 12:48:34.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_netr28x.inf_31bf3856ad364e35_6.1.7600.16385_none_f6bd180f0177aea7
14/2/2020 - 12:48:34.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netr28x.inf_31bf3856ad364e35_6.1.7600.16385_none_f6bd180f0177aea7
14/2/2020 - 12:48:34.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_netrndis.inf_31bf3856ad364e35_6.1.7600.16385_none_23b780d15f7da9af
14/2/2020 - 12:48:34.637Read1480C:\malware.exeC:\Windows\winsxs\amd64_netrndis.inf_31bf3856ad364e35_6.1.7600.16385_none_23b780d15f7da9af
14/2/2020 - 12:48:34.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netrndis.inf_31bf3856ad364e35_6.1.7600.16385_none_23b780d15f7da9af
14/2/2020 - 12:48:34.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_netrndis.inf_31bf3856ad364e35_6.1.7601.17887_none_259febb55ca2345a
14/2/2020 - 12:48:34.684Read1480C:\malware.exeC:\Windows\winsxs\amd64_netrndis.inf_31bf3856ad364e35_6.1.7601.17887_none_259febb55ca2345a
14/2/2020 - 12:48:34.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netrndis.inf_31bf3856ad364e35_6.1.7601.17887_none_259febb55ca2345a
14/2/2020 - 12:48:34.825Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:34.872Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:35.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_netrtl64.inf_31bf3856ad364e35_6.1.7600.16385_none_0510be2ea42fdbdd
14/2/2020 - 12:48:35.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netrtl64.inf_31bf3856ad364e35_6.1.7600.16385_none_0510be2ea42fdbdd
14/2/2020 - 12:48:35.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_netvg62a.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_69024328efa85bd2
14/2/2020 - 12:48:35.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netvg62a.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_69024328efa85bd2
14/2/2020 - 12:48:35.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_netvg62a.inf_31bf3856ad364e35_6.1.7600.16385_none_b8f94f7ef3dea179
14/2/2020 - 12:48:35.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netvg62a.inf_31bf3856ad364e35_6.1.7600.16385_none_b8f94f7ef3dea179
14/2/2020 - 12:48:35.59Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:35.200Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:35.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7601.17514_none_f83a40e7de7c47da
14/2/2020 - 12:48:35.293Read1480C:\malware.exeC:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7601.17514_none_f83a40e7de7c47da
14/2/2020 - 12:48:35.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7601.17514_none_f83a40e7de7c47da
14/2/2020 - 12:48:35.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_nfrd960.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4cf756a8cdf2ab9e
14/2/2020 - 12:48:35.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_nfrd960.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4cf756a8cdf2ab9e
14/2/2020 - 12:48:35.387Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:35.528Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:35.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_ntprint.inf_31bf3856ad364e35_6.1.7601.17514_none_9926a270d1526b79
14/2/2020 - 12:48:35.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_ntprint.inf_31bf3856ad364e35_6.1.7601.17514_none_9926a270d1526b79\Amd64
14/2/2020 - 12:48:35.622Read1480C:\malware.exeC:\Windows\winsxs\amd64_ntprint.inf_31bf3856ad364e35_6.1.7601.17514_none_9926a270d1526b79\Amd64
14/2/2020 - 12:48:35.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_ntprint.inf_31bf3856ad364e35_6.1.7601.17514_none_9926a270d1526b79\Amd64
14/2/2020 - 12:48:35.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_ntprint.inf_31bf3856ad364e35_6.1.7601.17514_none_9926a270d1526b79
14/2/2020 - 12:48:35.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_nulhpopr.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9bbc515b6b831d6c
14/2/2020 - 12:48:35.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_nulhpopr.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9bbc515b6b831d6c
14/2/2020 - 12:48:35.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253
14/2/2020 - 12:48:35.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253
14/2/2020 - 12:48:35.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_oxpsconverter_31bf3856ad364e35_6.1.7601.22091_none_084b74e2df1696ce
14/2/2020 - 12:48:35.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_oxpsconverter_31bf3856ad364e35_6.1.7601.22091_none_084b74e2df1696ce
14/2/2020 - 12:48:35.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_ph3xibc1.inf_31bf3856ad364e35_6.1.7600.16385_none_9c58b99c7d660146
14/2/2020 - 12:48:35.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_ph3xibc1.inf_31bf3856ad364e35_6.1.7600.16385_none_9c58b99c7d660146
14/2/2020 - 12:48:35.762Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:35.903Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:35.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_ph6xib64c0.inf_31bf3856ad364e35_6.1.7600.16385_none_f3eb68fc33ce478c
14/2/2020 - 12:48:35.950Read1480C:\malware.exeC:\Windows\winsxs\amd64_ph6xib64c0.inf_31bf3856ad364e35_6.1.7600.16385_none_f3eb68fc33ce478c
14/2/2020 - 12:48:35.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_ph6xib64c0.inf_31bf3856ad364e35_6.1.7600.16385_none_f3eb68fc33ce478c
14/2/2020 - 12:48:36.90Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:36.278Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:36.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.1.7600.16385_none_48aef4ef4511d002
14/2/2020 - 12:48:36.325Read1480C:\malware.exeC:\Windows\winsxs\amd64_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.1.7600.16385_none_48aef4ef4511d002
14/2/2020 - 12:48:36.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.1.7600.16385_none_48aef4ef4511d002
14/2/2020 - 12:48:36.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_presentationcore_31bf3856ad364e35_6.1.7601.23149_none_0ac50f19bfc5878c
14/2/2020 - 12:48:36.372Read1480C:\malware.exeC:\Windows\winsxs\amd64_presentationcore_31bf3856ad364e35_6.1.7601.23149_none_0ac50f19bfc5878c
14/2/2020 - 12:48:36.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_presentationcore_31bf3856ad364e35_6.1.7601.23149_none_0ac50f19bfc5878c
14/2/2020 - 12:48:36.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnbr002.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_322bf4f7c41cc47f
14/2/2020 - 12:48:36.418Read1480C:\malware.exeC:\Windows\winsxs\amd64_prnbr002.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_322bf4f7c41cc47f
14/2/2020 - 12:48:36.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnbr002.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_322bf4f7c41cc47f
14/2/2020 - 12:48:36.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnbr003.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_75e32241ed915c68
14/2/2020 - 12:48:36.465Read1480C:\malware.exeC:\Windows\winsxs\amd64_prnbr003.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_75e32241ed915c68
14/2/2020 - 12:48:36.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnbr003.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_75e32241ed915c68
14/2/2020 - 12:48:36.653Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:36.700Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:36.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnbr006.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_410990c969ef2423
14/2/2020 - 12:48:36.887Read1480C:\malware.exeC:\Windows\winsxs\amd64_prnbr006.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_410990c969ef2423
14/2/2020 - 12:48:36.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnbr006.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_410990c969ef2423
14/2/2020 - 12:48:36.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnbr007.inf_31bf3856ad364e35_6.1.7600.16385_none_4c7695ac41c77cab
14/2/2020 - 12:48:36.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnbr007.inf_31bf3856ad364e35_6.1.7600.16385_none_4c7695ac41c77cab
14/2/2020 - 12:48:36.934Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:37.168Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:37.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnca00b.inf_31bf3856ad364e35_6.1.7600.16385_none_dd3ee736dd6ff736
14/2/2020 - 12:48:37.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnca00b.inf_31bf3856ad364e35_6.1.7600.16385_none_dd3ee736dd6ff736\Amd64
14/2/2020 - 12:48:37.309Read1480C:\malware.exeC:\Windows\winsxs\amd64_prnca00b.inf_31bf3856ad364e35_6.1.7600.16385_none_dd3ee736dd6ff736\Amd64
14/2/2020 - 12:48:37.356Read1480C:\malware.exeC:\Windows\winsxs\amd64_prnca00b.inf_31bf3856ad364e35_6.1.7600.16385_none_dd3ee736dd6ff736\Amd64
14/2/2020 - 12:48:37.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnca00b.inf_31bf3856ad364e35_6.1.7600.16385_none_dd3ee736dd6ff736\Amd64
14/2/2020 - 12:48:37.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnca00b.inf_31bf3856ad364e35_6.1.7600.16385_none_dd3ee736dd6ff736
14/2/2020 - 12:48:37.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnca00c.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_928ddfae8716e27f
14/2/2020 - 12:48:37.403Read1480C:\malware.exeC:\Windows\winsxs\amd64_prnca00c.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_928ddfae8716e27f
14/2/2020 - 12:48:37.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnca00c.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_928ddfae8716e27f
14/2/2020 - 12:48:37.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnca00f.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5db44e360374aa3a
14/2/2020 - 12:48:37.450Read1480C:\malware.exeC:\Windows\winsxs\amd64_prnca00f.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5db44e360374aa3a
14/2/2020 - 12:48:37.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnca00f.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5db44e360374aa3a
14/2/2020 - 12:48:37.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnca00h.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e522a8ca565dda0c
14/2/2020 - 12:48:37.497Read1480C:\malware.exeC:\Windows\winsxs\amd64_prnca00h.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e522a8ca565dda0c
14/2/2020 - 12:48:37.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnca00h.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e522a8ca565dda0c
14/2/2020 - 12:48:37.543Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:37.731Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:37.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnca00x.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_20983167eda7589c
14/2/2020 - 12:48:37.825Read1480C:\malware.exeC:\Windows\winsxs\amd64_prnca00x.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_20983167eda7589c
14/2/2020 - 12:48:37.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnca00x.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_20983167eda7589c
14/2/2020 - 12:48:37.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnep002.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ba9de9214f7c0163
14/2/2020 - 12:48:37.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnep002.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ba9de9214f7c0163
14/2/2020 - 12:48:37.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnep003.inf_31bf3856ad364e35_6.1.7600.16385_none_9403111e2c10328e
14/2/2020 - 12:48:37.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnep003.inf_31bf3856ad364e35_6.1.7600.16385_none_9403111e2c10328e
14/2/2020 - 12:48:37.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnep004.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_43a87a3a0f192ed4
14/2/2020 - 12:48:37.872Read1480C:\malware.exeC:\Windows\winsxs\amd64_prnep004.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_43a87a3a0f192ed4
14/2/2020 - 12:48:37.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnep004.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_43a87a3a0f192ed4
14/2/2020 - 12:48:38.12Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:38.200Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:38.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnep00b.inf_31bf3856ad364e35_6.1.7600.16385_none_ad2d68ddc89d49d5
14/2/2020 - 12:48:38.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnep00b.inf_31bf3856ad364e35_6.1.7600.16385_none_ad2d68ddc89d49d5
14/2/2020 - 12:48:38.434Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:38.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_prngt004.inf_31bf3856ad364e35_6.1.7600.16385_none_a0b67189fe7a0ea1
14/2/2020 - 12:48:38.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prngt004.inf_31bf3856ad364e35_6.1.7600.16385_none_a0b67189fe7a0ea1
14/2/2020 - 12:48:38.622Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:38.809Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:38.903Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:39.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnkm003.inf_31bf3856ad364e35_6.1.7600.16385_none_50766fcc42797a9b
14/2/2020 - 12:48:39.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnkm003.inf_31bf3856ad364e35_6.1.7600.16385_none_50766fcc42797a9b
14/2/2020 - 12:48:39.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnkm004.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0f4709cfc7e99c7c
14/2/2020 - 12:48:39.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnkm004.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0f4709cfc7e99c7c
14/2/2020 - 12:48:39.137Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:39.325Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:39.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnky003.inf_31bf3856ad364e35_6.1.7600.16385_none_3d4c795ded41268f
14/2/2020 - 12:48:39.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnky003.inf_31bf3856ad364e35_6.1.7600.16385_none_3d4c795ded41268f\Amd64
14/2/2020 - 12:48:39.465Read1480C:\malware.exeC:\Windows\winsxs\amd64_prnky003.inf_31bf3856ad364e35_6.1.7600.16385_none_3d4c795ded41268f\Amd64
14/2/2020 - 12:48:39.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnky003.inf_31bf3856ad364e35_6.1.7600.16385_none_3d4c795ded41268f\Amd64
14/2/2020 - 12:48:39.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnky003.inf_31bf3856ad364e35_6.1.7600.16385_none_3d4c795ded41268f
14/2/2020 - 12:48:39.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnky007.inf_31bf3856ad364e35_6.1.7600.16385_none_3f70c23251ba1833
14/2/2020 - 12:48:39.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnky007.inf_31bf3856ad364e35_6.1.7600.16385_none_3f70c23251ba1833
14/2/2020 - 12:48:39.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnky008.inf_31bf3856ad364e35_6.1.7600.16385_none_3ff9d4676ad8549c
14/2/2020 - 12:48:39.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnky008.inf_31bf3856ad364e35_6.1.7600.16385_none_3ff9d4676ad8549c
14/2/2020 - 12:48:39.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnle002.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9edd8d6a95ab1cf9
14/2/2020 - 12:48:39.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnle002.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9edd8d6a95ab1cf9
14/2/2020 - 12:48:39.606Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:39.793Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:39.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnle004.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_264ccea7e8944ccb
14/2/2020 - 12:48:39.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnle004.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_264ccea7e8944ccb
14/2/2020 - 12:48:39.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnlx003.inf_31bf3856ad364e35_6.1.7600.16385_none_482c1e14df350b67
14/2/2020 - 12:48:39.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnlx003.inf_31bf3856ad364e35_6.1.7600.16385_none_482c1e14df350b67\Amd64
14/2/2020 - 12:48:39.887Read1480C:\malware.exeC:\Windows\winsxs\amd64_prnlx003.inf_31bf3856ad364e35_6.1.7600.16385_none_482c1e14df350b67\Amd64
14/2/2020 - 12:48:39.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnlx003.inf_31bf3856ad364e35_6.1.7600.16385_none_482c1e14df350b67\Amd64
14/2/2020 - 12:48:39.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnlx003.inf_31bf3856ad364e35_6.1.7600.16385_none_482c1e14df350b67
14/2/2020 - 12:48:40.28Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:40.262Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:40.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnlx00b.inf_31bf3856ad364e35_6.1.7600.16385_none_615675d47bc222ae
14/2/2020 - 12:48:40.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnlx00b.inf_31bf3856ad364e35_6.1.7600.16385_none_615675d47bc222ae
14/2/2020 - 12:48:40.450Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:40.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnlx00w.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f2d2cd0024c55338
14/2/2020 - 12:48:40.637Read1480C:\malware.exeC:\Windows\winsxs\amd64_prnlx00w.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f2d2cd0024c55338
14/2/2020 - 12:48:40.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnlx00w.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f2d2cd0024c55338
14/2/2020 - 12:48:40.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnlx00z.inf_31bf3856ad364e35_6.1.7600.16385_none_6e302aced697cc86
14/2/2020 - 12:48:40.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnlx00z.inf_31bf3856ad364e35_6.1.7600.16385_none_6e302aced697cc86\Amd64
14/2/2020 - 12:48:40.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnlx00z.inf_31bf3856ad364e35_6.1.7600.16385_none_6e302aced697cc86\Amd64
14/2/2020 - 12:48:40.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnlx00z.inf_31bf3856ad364e35_6.1.7600.16385_none_6e302aced697cc86
14/2/2020 - 12:48:40.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnnr003.inf_31bf3856ad364e35_6.1.7600.16385_none_b9a40efcdf84f11b
14/2/2020 - 12:48:40.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnnr003.inf_31bf3856ad364e35_6.1.7600.16385_none_b9a40efcdf84f11b
14/2/2020 - 12:48:40.684Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:40.918Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:40.965Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:41.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnok002.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_14d662dba5620723
14/2/2020 - 12:48:41.106Read1480C:\malware.exeC:\Windows\winsxs\amd64_prnok002.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_14d662dba5620723
14/2/2020 - 12:48:41.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnok002.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_14d662dba5620723
14/2/2020 - 12:48:41.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnrc002.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2a5872c4f08d7e81
14/2/2020 - 12:48:41.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnrc002.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2a5872c4f08d7e81
14/2/2020 - 12:48:41.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnrc002.inf_31bf3856ad364e35_6.1.7600.16385_none_20d55c335c54951d
14/2/2020 - 12:48:41.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnrc002.inf_31bf3856ad364e35_6.1.7600.16385_none_20d55c335c54951d
14/2/2020 - 12:48:41.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnrc004.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b1c6cd594376ae53
14/2/2020 - 12:48:41.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnrc004.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b1c6cd594376ae53
14/2/2020 - 12:48:41.200Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:41.434Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:41.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnrc00a.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9a9e15d7f9a95fe7
14/2/2020 - 12:48:41.528Read1480C:\malware.exeC:\Windows\winsxs\amd64_prnrc00a.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9a9e15d7f9a95fe7
14/2/2020 - 12:48:41.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnrc00a.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9a9e15d7f9a95fe7
14/2/2020 - 12:48:41.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnsa002.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b1bd449c516bf456
14/2/2020 - 12:48:41.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnsa002.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b1bd449c516bf456
14/2/2020 - 12:48:41.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnso002.inf_31bf3856ad364e35_6.1.7600.16385_none_419ce09d71f61ee8
14/2/2020 - 12:48:41.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnso002.inf_31bf3856ad364e35_6.1.7600.16385_none_419ce09d71f61ee8
14/2/2020 - 12:48:41.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnsv002.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3d9ac95ab22127ab
14/2/2020 - 12:48:41.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnsv002.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3d9ac95ab22127ab
14/2/2020 - 12:48:41.668Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:41.856Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:41.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_prnts002.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_06c0629adda1a73f
14/2/2020 - 12:48:41.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_prnts002.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_06c0629adda1a73f
14/2/2020 - 12:48:41.997Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:42.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_rawsilo.inf_31bf3856ad364e35_6.1.7600.16385_none_72e15d77b1af67e1
14/2/2020 - 12:48:42.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_rawsilo.inf_31bf3856ad364e35_6.1.7600.16385_none_72e15d77b1af67e1
14/2/2020 - 12:48:42.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_regasm_b03f5f7f11d50a3a_6.1.7601.17514_none_a3c349b4bdac0898
14/2/2020 - 12:48:42.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_regasm_b03f5f7f11d50a3a_6.1.7601.17514_none_a3c349b4bdac0898
14/2/2020 - 12:48:42.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_ricoh.inf_31bf3856ad364e35_6.1.7600.16385_none_74eae2fb3c9f26c1
14/2/2020 - 12:48:42.137Read1480C:\malware.exeC:\Windows\winsxs\amd64_ricoh.inf_31bf3856ad364e35_6.1.7600.16385_none_74eae2fb3c9f26c1
14/2/2020 - 12:48:42.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_ricoh.inf_31bf3856ad364e35_6.1.7600.16385_none_74eae2fb3c9f26c1
14/2/2020 - 12:48:42.184Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:42.325Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:42.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_rndiscmp.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_76f49e344f5a0677
14/2/2020 - 12:48:42.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_rndiscmp.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_76f49e344f5a0677
14/2/2020 - 12:48:42.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_sbp2.inf_31bf3856ad364e35_6.1.7601.17514_none_a35eaa5c0cc2c3af
14/2/2020 - 12:48:42.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_sbp2.inf_31bf3856ad364e35_6.1.7601.17514_none_a35eaa5c0cc2c3af
14/2/2020 - 12:48:42.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_sdbus.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_884c766c654c8420
14/2/2020 - 12:48:42.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_sdbus.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_884c766c654c8420
14/2/2020 - 12:48:42.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_118cf1dcd54a3dea
14/2/2020 - 12:48:42.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_118cf1dcd54a3dea
14/2/2020 - 12:48:42.465Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:42.606Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:42.653Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:42.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca
14/2/2020 - 12:48:42.747Read1480C:\malware.exeC:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca
14/2/2020 - 12:48:42.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MSASCui.exe
14/2/2020 - 12:48:42.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MSASCui.exe
14/2/2020 - 12:48:42.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MSASCui.exe
14/2/2020 - 12:48:42.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MSASCui.exe
14/2/2020 - 12:48:42.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca
14/2/2020 - 12:48:42.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_security-malware-windows-filehascode_31bf3856ad364e35_6.1.7600.16385_none_981b8704d8c91d3c
14/2/2020 - 12:48:42.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_security-malware-windows-filehascode_31bf3856ad364e35_6.1.7600.16385_none_981b8704d8c91d3c
14/2/2020 - 12:48:42.918Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:43.59Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:43.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_server-help-chm.eventviewer_lh.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_80dc1440e1b84ff1
14/2/2020 - 12:48:43.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_server-help-chm.eventviewer_lh.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_80dc1440e1b84ff1
14/2/2020 - 12:48:43.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_server-help-chm.file_srv.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2055908a236f163e
14/2/2020 - 12:48:43.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_server-help-chm.file_srv.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2055908a236f163e
14/2/2020 - 12:48:43.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_server-help-chm.ipsecpolicy.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b4cf63d41670011e
14/2/2020 - 12:48:43.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_server-help-chm.ipsecpolicy.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b4cf63d41670011e
14/2/2020 - 12:48:43.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_server-help-chm.netcfg.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5407c43c526ff62b
14/2/2020 - 12:48:43.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_server-help-chm.netcfg.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5407c43c526ff62b
14/2/2020 - 12:48:43.200Read1480C:\malware.exeC:\Windows\winsxs
14/2/2020 - 12:48:43.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_server-help-chm.nfs_client.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f0810aaa56d19461
14/2/2020 - 12:48:43.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_server-help-chm.nfs_client.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f0810aaa56d19461
14/2/2020 - 12:48:43.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_server-help-chm.regedit32.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3b5fff4429b71c4f
14/2/2020 - 12:48:43.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_server-help-chm.regedit32.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3b5fff4429b71c4f
14/2/2020 - 12:48:43.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_server-help-chm.reliab.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2053098915438e3d
14/2/2020 - 12:48:43.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_server-help-chm.reliab.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2053098915438e3d
14/2/2020 - 12:48:43.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_server-help-chm.snmp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_46e238da9be67c8c
14/2/2020 - 12:48:43.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_server-help-chm.snmp.resources_31bf3856ad364e35_6.1.7600.1638