Report #6878 check_circle

  • Creation Date: Feb. 19, 2020, 3:54 p.m.
  • Last Update: Feb. 19, 2020, 8:43 p.m.
  • File: perfmon.exe
  • Results:
Binary
DLL
False cancel
Size
17.50KB
trid
61.7% Win64 Executable
14.7% Win32 Dynamic Link Library
10.0% Win32 Executable
4.5% OS/2 Executable
4.4% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
cc88dee32e3cef9e2454bd0edc43697b
sha1
802ecb031f76d36191bceb9be19c3a0d328270fe
crc32
0xa49011ee
sha224
b81538b423e71f3656ced1da8266fbbb1adcaa6eaa783a22f4efcbf0
sha256
3112ac68063bd24fc8deb81c7ccfe51f3c49afe82ffeb2a79355bff0c4c69edd
sha384
8166461fc961d4dda346731509f7b9dc2e43f89e88dfa76f1bb29d6cad2ff89167d49877097a55d90999fd4f893bd9f5
sha512
bce886045310b32915e2180039232987aa1220bb81ec51456ad18ab77288b803951b32d6ca5e3dc782b1de9b935c7af1e43b4e280601d6f5e24d40165947338b
ssdeep
384:Zs0R8gFX/ilLdDY6TlpvweGX1U/eWDInYWSZ69jR:myVIZU6TXolKInIZ4jR
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
maldoc_getEIP_method_1, domain, Dropper_Strings, HasRichSignature, contentis_base64, HasDebugData, win_files_operation, IsPE32, IsWindowsGUI

Suspicious
True check_circle

Strings
List
perfmon.pdb
%windir%\system32\perfmon.msc /s
%windir%\system32\mmc.exe
%%temp%%\%s_%8.8x%8.8x.htm
pdh.dll
pdh.dll
SysmonControl%d
</HEAD><BODY bgcolor="#%6.6x">
<META HTTP-EQUIV="Content-Type" content="text/html; charset=iso-8859-1">
<OBJECT ID="%s" WIDTH="100%%" HEIGHT="100%%"
EOFCommandFile
CommandFile
<PARAM NAME="Counter%5.5d.%s" VALUE="%d">
<PARAM NAME="Counter%5.5d.%s" VALUE="%s">
<PARAM NAME="Counter%5.5d.%s" VALUE="%f">
<PARAM NAME="%s" VALUE="%d">
<PARAM NAME="%s" VALUE="%ws">
<PARAM NAME="%s" VALUE="%s">
-= XOR 2009 Valhalla =- Assembled 1997 .. Activated 07.2002 - devoted for peace and harmony in universe against war, racism, terrorism and cruel brutality .. remember .. life is the most important thing - not money .. it's time for a revolution NOW ....
NetworkName
Created from Perfmon Settings File "%ws%ws"
TerminateProcess
CreateProcessW
SetFilePointer
GetModuleHandleA
CreateFileW
QueryPerformanceCounter
CopyFileW
DeleteFileW
ReadFile
Microsoft Corporation. All rights reserved.
_wfopen
GetTickCount
fwprintf
Sleep
<HEAD>
CLASSID="CLSID:C4D2D8E0-D1DD-11CE-940F-008029004347">
_wsplitpath
GetProcessHeap
PERFMON.EXE
PERFMON.EXE
__p__commode
</OBJECT>
Performance Monitor Command Line Shell
_except_handler3
_initterm
__p__fmode
|GetTickCount
|GlobalAlloc
|GlobalLock
|GlobalFree
|FindClose
|FindNextFileA
|GetFileAttributesA
|SetFileAttributesA
__setusermatherr
|FindFirstFileA
</HTML>
_controlfp
__set_app_type
|GetSystemDirectoryA
__winitenv
__wgetmainargs
_XcptFilter
_adjust_fdiv
/SYSMON_WMI
NTDLL.DLL
5.1.2600.5512
_wfullpath
Microsoft
Microsoft Corporation
|_llseek
|_lclose
|_lwrite
ScaleFactor
MaximumScale
SystemMonitor1
CompanyName
|_lread
_c_exit
|_lopen
ProductName
LogFileAutoFormat
DisplayType
AlertThreshold
<HTML>
Comment
ShowScaleLabels
CounterCount
UpdateInterval
FileVersion
InternalName
OriginalFilename
ShowToolbar
VarFileInfo
ManualUpdate
ReportValueType
LogFileName
BorderStyle
BackColor

Foremost
Matches
0.exe, 17 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: USER32.dll, pdh.dll, KERNEL32.dll, msvcrt.dll, NTDLL.DLL
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 3072
Suspicious: False cancel
Image
Address: 16777216
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 38841
Suspicous: False cancel

Sections
Allowed: .text, .data, .rsrc, xor
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 5
Linker
Version: 7.10
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 24576
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: user32.dll, pdh.dll, kernel32.dll, msvcrt.dll, ntdll.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2008-04-13 15:42:53
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
False cancel
Tricks
AVclass
xorala
1
VirusTotal
md5
cc88dee32e3cef9e2454bd0edc43697b
sha1
802ecb031f76d36191bceb9be19c3a0d328270fe
SCANS (DETECTION RATE = 91.18%)
AVG
result: Win32:Valla
update: 20180216
version: 18.1.3800.0
detected: True check_circle

CMC
result: Virus.Win32!O
update: 20180216
version: 1.1.0.977
detected: True check_circle

MAX
result: malware (ai score=87)
update: 20180216
version: 2017.11.15.1
detected: True check_circle

Bkav
result: W32.Valla
update: 20180212
version: 1.3.0.9466
detected: True check_circle

K7GW
result: Virus ( 0008d6e31 )
update: 20180216
version: 10.40.26234
detected: True check_circle

ALYac
result: Win32.Valhalla.2048
update: 20180216
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Valla
update: 20180216
version: 18.1.3800.0
detected: True check_circle

Avira
result: W32/Xorala.b
update: 20180216
version: 8.3.3.6
detected: True check_circle

Baidu
result: Win32.Virus.Xorala.a
update: 20180208
version: 1.0.0.2
detected: True check_circle

Cyren
result: W32/Harmony.A
update: 20180216
version: 5.4.30.7
detected: True check_circle

DrWeb
result: Win32.Valhala.2048
update: 20180216
version: 7.0.28.2020
detected: True check_circle

GData
result: Win32.Virus.Xorala.A
update: 20180216
version: A:25.16051B:25.11598
detected: True check_circle

Panda
result: W32/Valla.2048
update: 20180216
version: 4.6.4.2
detected: True check_circle

VBA32
result: Win32.Xoralda.2048
update: 20180216
version: 3.12.28.0
detected: True check_circle

VIPRE
result: Virus.Win32.Valla.a (v)
update: 20180216
version: 64642
detected: True check_circle

Zoner
result: Win32.Xorala.A
update: 20180216
version: 1.0
detected: True check_circle

AVware
result: Virus.Win32.Valla.a (v)
update: 20180216
version: 1.5.0.42
detected: True check_circle

ClamAV
result: Win.Trojan.Xorala-1
update: 20180216
version: 0.99.2.0
detected: True check_circle

Comodo
result: Virus.Win32.Xorala.b0
update: 20180216
version: 28535
detected: True check_circle

F-Prot
result: W32/Harmony.A
update: 20180216
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Win32.Xorala
update: 20180216
version: 0.1.5.2
detected: True check_circle

McAfee
result: W32/Valla.a
update: 20180216
version: 6.0.6.653
detected: True check_circle

Rising
result: Win32.Xorala.a (CLASSIC)
update: 20180216
version: 25.0.0.1
detected: True check_circle

Sophos
result: W32/Rox-A
update: 20180216
version: 4.98.0
detected: True check_circle

Yandex
result: Win32.Xorala
update: 20180216
version: 5.5.1.3
detected: True check_circle

Zillya
result: Virus.Xorala.Win32.1
update: 20180216
version: 2.0.0.3493
detected: True check_circle

Arcabit
result: Win32.Valhalla.2048
update: 20180216
version: 1.0.0.830
detected: True check_circle

Cylance
result: Unsafe
update: 20180216
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180216
version: 1.2.1
detected: True check_circle

Tencent
result: Virus.Win32.Valla.a
update: 20180216
version: 1.0.0.1
detected: True check_circle

ViRobot
result: Win32.Valla.2048
update: 20180216
version: 2014.3.20.0
detected: True check_circle

Webroot
update: 20180216
version: 1.0.0.207
detected: False cancel

eGambit
update: 20180216
version: v4.3.4
detected: False cancel

Ad-Aware
result: Win32.Valhalla.2048
update: 20180216
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: W32.W.Runouce.l4QL
update: 20180216
version: 4.2
detected: True check_circle

Emsisoft
result: Win32.Valhalla.2048 (B)
update: 20180216
version: 4.0.2.899
detected: True check_circle

F-Secure
result: Win32.Valhalla.2048
update: 20180216
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: W32/Valla.2048
update: 20180216
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20180121
version: 6.3.4.26036
detected: True check_circle

Jiangmin
result: Hacktool/VB.ASPX.a
update: 20180216
version: 16.0.100
detected: True check_circle

Kingsoft
result: Win32.Xorala.2048
update: 20180216
version: 2013.8.14.323
detected: True check_circle

Paloalto
update: 20180216
version: 1.0
detected: False cancel

Symantec
result: W32.Valla.2048
update: 20180216
version: 1.5.0.0
detected: True check_circle

nProtect
result: Virus/W32.Valla
update: 20180216
version: 2018-02-16.02
detected: True check_circle

AhnLab-V3
result: Win32/Valla.2048
update: 20180216
version: 3.11.3.19504
detected: True check_circle

Antiy-AVL
result: Virus/Win32.Xorala.b
update: 20180216
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Virus.Win32.Xorala
update: 20180216
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Virus:Win32/Valla.2048
update: 20180216
version: 1.1.14500.5
detected: True check_circle

Qihoo-360
result: Virus.Win32.Agent.A
update: 20180216
version: 1.0.0.1120
detected: True check_circle

TheHacker
result: W32/Valla.a
update: 20180216
version: 6.8.0.5.2415
detected: True check_circle

ZoneAlarm
result: Virus.Win32.Xorala
update: 20180216
version: 1.0
detected: True check_circle

Cybereason
result: malicious.32e3ce
update: 20180205
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: Win32/Xorala.A
update: 20180216
version: 16915
detected: True check_circle

TrendMicro
result: PE_VALLA.A
update: 20180216
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20180205
detected: False cancel

BitDefender
result: Win32.Valhalla.2048
update: 20180216
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_100% (W)
update: 20170201
version: 1.0
detected: True check_circle

K7AntiVirus
result: Virus ( 0008d6e31 )
update: 20180216
version: 10.40.26238
detected: True check_circle

SentinelOne
result: static engine - malicious
update: 20180115
version: 1.0.12.202
detected: True check_circle

Avast-Mobile
update: 20180216
version: 180216-04
detected: False cancel

Malwarebytes
result: Trojan.FakeMS
update: 20180216
version: 2.1.1.1115
detected: True check_circle

TotalDefense
result: Win32/Valla.2048
update: 20180216
version: 37.1.62.1
detected: True check_circle

CAT-QuickHeal
result: W32.Xorala
update: 20180216
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Virus.Win32.Xorala.cbehdj
update: 20180216
version: 1.0.100.21498
detected: True check_circle

MicroWorld-eScan
result: Win32.Valhalla.2048
update: 20180216
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180216
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Valla.lm
update: 20180216
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: PE_VALLA.A
update: 20180216
version: 9.950.0.1006
detected: True check_circle

total
68
sha256
3112ac68063bd24fc8deb81c7ccfe51f3c49afe82ffeb2a79355bff0c4c69edd
scan_id
3112ac68063bd24fc8deb81c7ccfe51f3c49afe82ffeb2a79355bff0c4c69edd-1518802677
resource
cc88dee32e3cef9e2454bd0edc43697b
positives
62
scan_date
2018-02-16 17:37:57
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
</
19/2/2020 - 19:45:43.668Open1480C:\malware.exeC:\Windows\SysWOW64\getmac.exe
19/2/2020 - 19:45:43.668Open1480C:\malware.exeC:\Windows\SysWOW64\getmac.exe
19/2/2020 - 19:45:43.668Open1480C:\malware.exeC:\Windows\SysWOW64\getmac.exe
19/2/2020 - 19:45:43.668Open1480C:\malware.exeC:\Windows\SysWOW64\GroupPolicyUsers
19/2/2020 - 19:45:43.668Unknown1480C:\malware.exeC:\Windows\SysWOW64\GroupPolicyUsers
19/2/2020 - 19:45:43.668Open1480C:\malware.exeC:\Windows\SysWOW64\hu-HU
19/2/2020 - 19:45:43.668Read1480C:\malware.exeC:\Windows\SysWOW64\hu-HU
19/2/2020 - 19:45:43.715Unknown1480C:\malware.exeC:\Windows\SysWOW64\hu-HU
19/2/2020 - 19:45:43.715Open1480C:\malware.exeC:\Windows\SysWOW64\icacls.exe
19/2/2020 - 19:45:43.762Open1480C:\malware.exeC:\Windows\SysWOW64\icacls.exe
19/2/2020 - 19:45:43.762Open1480C:\malware.exeC:\Windows\SysWOW64\icacls.exe
19/2/2020 - 19:45:43.762Open1480C:\malware.exeC:\Windows\SysWOW64\icacls.exe
19/2/2020 - 19:45:43.762Open1480C:\malware.exeC:\Windows\SysWOW64\icsunattend.exe
19/2/2020 - 19:45:43.809Unknown1480C:\malware.exeC:\Windows\SysWOW64\icsunattend.exeicsunattend.exe
19/2/2020 - 19:45:43.809Open1480C:\malware.exeC:\Windows\SysWOW64\icsunattend.exe
19/2/2020 - 19:45:43.809Open1480C:\malware.exeC:\Windows\SysWOW64\icsunattend.exe
19/2/2020 - 19:45:43.809Open1480C:\malware.exeC:\Windows\SysWOW64\icsunattend.exe
19/2/2020 - 19:45:43.809Open1480C:\malware.exeC:\Windows\SysWOW64\ieUnatt.exe
19/2/2020 - 19:45:43.809Open1480C:\malware.exeC:\Windows\SysWOW64\ieUnatt.exe
19/2/2020 - 19:45:43.809Open1480C:\malware.exeC:\Windows\SysWOW64\ieUnatt.exe
19/2/2020 - 19:45:43.809Open1480C:\malware.exeC:\Windows\SysWOW64\ieUnatt.exe
19/2/2020 - 19:45:43.809Open1480C:\malware.exeC:\Windows\SysWOW64\InstallShield
19/2/2020 - 19:45:43.809Open1480C:\malware.exeC:\Windows\SysWOW64\InstallShield\_isdel.exe
19/2/2020 - 19:45:43.856Open1480C:\malware.exeC:\Windows\SysWOW64\InstallShield\_isdel.exe
19/2/2020 - 19:45:43.856Open1480C:\malware.exeC:\Windows\SysWOW64\InstallShield\_isdel.exe
19/2/2020 - 19:45:43.856Open1480C:\malware.exeC:\Windows\SysWOW64\InstallShield\_isdel.exe
19/2/2020 - 19:45:43.856Unknown1480C:\malware.exeC:\Windows\SysWOW64\InstallShield
19/2/2020 - 19:45:43.856Open1480C:\malware.exeC:\Windows\SysWOW64\ko-KR
19/2/2020 - 19:45:43.856Read1480C:\malware.exeC:\Windows\SysWOW64\ko-KR
19/2/2020 - 19:45:43.903Unknown1480C:\malware.exeC:\Windows\SysWOW64\ko-KR
19/2/2020 - 19:45:43.903Open1480C:\malware.exeC:\Windows\SysWOW64\migwiz
19/2/2020 - 19:45:43.903Open1480C:\malware.exeC:\Windows\SysWOW64\migwiz\dlmanifests
19/2/2020 - 19:45:43.903Read1480C:\malware.exeC:\Windows\SysWOW64\migwiz\dlmanifests
19/2/2020 - 19:45:43.950Read1480C:\malware.exeC:\Windows\SysWOW64\migwiz\dlmanifests
19/2/2020 - 19:45:43.997Read1480C:\malware.exeC:\Windows\SysWOW64\migwiz\dlmanifests
19/2/2020 - 19:45:44.43Read1480C:\malware.exeC:\Windows\SysWOW64\migwiz\dlmanifests
19/2/2020 - 19:45:44.90Open1480C:\malware.exeC:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-IE-ESC
19/2/2020 - 19:45:44.90Unknown1480C:\malware.exeC:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-IE-ESC
19/2/2020 - 19:45:44.90Read1480C:\malware.exeC:\Windows\SysWOW64\migwiz\dlmanifests
19/2/2020 - 19:45:44.137Open1480C:\malware.exeC:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-MediaPlayer
19/2/2020 - 19:45:44.137Unknown1480C:\malware.exeC:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-MediaPlayer
19/2/2020 - 19:45:44.137Open1480C:\malware.exeC:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-PerformanceCounterInfrastructure-DL
19/2/2020 - 19:45:44.137Unknown1480C:\malware.exeC:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-PerformanceCounterInfrastructure-DL
19/2/2020 - 19:45:44.137Open1480C:\malware.exeC:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-shmig-DL
19/2/2020 - 19:45:44.137Unknown1480C:\malware.exeC:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-shmig-DL
19/2/2020 - 19:45:44.137Open1480C:\malware.exeC:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL
19/2/2020 - 19:45:44.137Read1480C:\malware.exeC:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL
19/2/2020 - 19:45:44.184Unknown1480C:\malware.exeC:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL
19/2/2020 - 19:45:44.184Open1480C:\malware.exeC:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-Unimodem-Config
19/2/2020 - 19:45:44.184Unknown1480C:\malware.exeC:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-Unimodem-Config
19/2/2020 - 19:45:44.184Open1480C:\malware.exeC:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-WMI-Core
19/2/2020 - 19:45:44.184Unknown1480C:\malware.exeC:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-WMI-Core
19/2/2020 - 19:45:44.184Read1480C:\malware.exeC:\Windows\SysWOW64\migwiz\dlmanifests
19/2/2020 - 19:45:44.231Read1480C:\malware.exeC:\Windows\SysWOW64\migwiz\dlmanifests
19/2/2020 - 19:45:44.278Read1480C:\malware.exeC:\Windows\SysWOW64\migwiz\dlmanifests
19/2/2020 - 19:45:44.325Read1480C:\malware.exeC:\Windows\SysWOW64\migwiz\dlmanifests
19/2/2020 - 19:45:44.372Read1480C:\malware.exeC:\Windows\SysWOW64\migwiz\dlmanifests
19/2/2020 - 19:45:44.418Unknown1480C:\malware.exeC:\Windows\SysWOW64\migwiz\dlmanifests
19/2/2020 - 19:45:44.418Open1480C:\malware.exeC:\Windows\SysWOW64\migwiz\mighost.exe
19/2/2020 - 19:45:44.465Open1480C:\malware.exeC:\Windows\SysWOW64\migwiz\mighost.exe
19/2/2020 - 19:45:44.465Open1480C:\malware.exeC:\Windows\SysWOW64\migwiz\mighost.exe
19/2/2020 - 19:45:44.465Open1480C:\malware.exeC:\Windows\SysWOW64\migwiz\mighost.exe
19/2/2020 - 19:45:44.465Unknown1480C:\malware.exeC:\Windows\SysWOW64\migwiz
19/2/2020 - 19:45:44.465Open1480C:\malware.exeC:\Windows\SysWOW64\mobsync.exe
19/2/2020 - 19:45:44.465Open1480C:\malware.exeC:\Windows\SysWOW64\mobsync.exe
19/2/2020 - 19:45:44.465Open1480C:\malware.exeC:\Windows\SysWOW64\mobsync.exe
19/2/2020 - 19:45:44.465Open1480C:\malware.exeC:\Windows\SysWOW64\mobsync.exe
19/2/2020 - 19:45:44.465Open1480C:\malware.exeC:\Windows\SysWOW64\MRINFO.EXE
19/2/2020 - 19:45:44.512Open1480C:\malware.exeC:\Windows\SysWOW64\MRINFO.EXE
19/2/2020 - 19:45:44.512Open1480C:\malware.exeC:\Windows\SysWOW64\MRINFO.EXE
19/2/2020 - 19:45:44.512Open1480C:\malware.exeC:\Windows\SysWOW64\MRINFO.EXE
19/2/2020 - 19:45:44.512Open1480C:\malware.exeC:\Windows\SysWOW64\msinfo32.exe
19/2/2020 - 19:45:44.559Open1480C:\malware.exeC:\Windows\SysWOW64\msinfo32.exe
19/2/2020 - 19:45:44.559Open1480C:\malware.exeC:\Windows\SysWOW64\msinfo32.exe
19/2/2020 - 19:45:44.559Open1480C:\malware.exeC:\Windows\SysWOW64\msinfo32.exe
19/2/2020 - 19:45:44.559Open1480C:\malware.exeC:\Windows\SysWOW64\mspaint.exe
19/2/2020 - 19:45:44.559Open1480C:\malware.exeC:\Windows\SysWOW64\mspaint.exe
19/2/2020 - 19:45:44.559Open1480C:\malware.exeC:\Windows\SysWOW64\mspaint.exe
19/2/2020 - 19:45:44.559Open1480C:\malware.exeC:\Windows\SysWOW64\mspaint.exe
19/2/2020 - 19:45:44.559Open1480C:\malware.exeC:\Windows\SysWOW64\mstsc.exe
19/2/2020 - 19:45:44.606Open1480C:\malware.exeC:\Windows\SysWOW64\mstsc.exe
19/2/2020 - 19:45:44.606Open1480C:\malware.exeC:\Windows\SysWOW64\mstsc.exe
19/2/2020 - 19:45:44.606Open1480C:\malware.exeC:\Windows\SysWOW64\mstsc.exe
19/2/2020 - 19:45:44.606Open1480C:\malware.exeC:\Windows\SysWOW64\mtstocom.exe
19/2/2020 - 19:45:44.653Open1480C:\malware.exeC:\Windows\SysWOW64\mtstocom.exe
19/2/2020 - 19:45:44.653Open1480C:\malware.exeC:\Windows\SysWOW64\mtstocom.exe
19/2/2020 - 19:45:44.653Open1480C:\malware.exeC:\Windows\SysWOW64\mtstocom.exe
19/2/2020 - 19:45:44.653Open1480C:\malware.exeC:\Windows\SysWOW64\NETSTAT.EXE
19/2/2020 - 19:45:44.700Open1480C:\malware.exeC:\Windows\SysWOW64\NETSTAT.EXE
19/2/2020 - 19:45:44.700Open1480C:\malware.exeC:\Windows\SysWOW64\NETSTAT.EXE
19/2/2020 - 19:45:44.700Open1480C:\malware.exeC:\Windows\SysWOW64\NETSTAT.EXE
19/2/2020 - 19:45:44.700Open1480C:\malware.exeC:\Windows\SysWOW64\OptionalFeatures.exe
19/2/2020 - 19:45:44.747Unknown1480C:\malware.exeC:\Windows\SysWOW64\OptionalFeatures.exeOptionalFeatures.exe
19/2/2020 - 19:45:44.747Open1480C:\malware.exeC:\Windows\SysWOW64\OptionalFeatures.exe
19/2/2020 - 19:45:44.747Open1480C:\malware.exeC:\Windows\SysWOW64\OptionalFeatures.exe
19/2/2020 - 19:45:44.747Open1480C:\malware.exeC:\Windows\SysWOW64\OptionalFeatures.exe
19/2/2020 - 19:45:44.747Open1480C:\malware.exeC:\Windows\SysWOW64\PATHPING.EXE
19/2/2020 - 19:45:44.747Open1480C:\malware.exeC:\Windows\SysWOW64\PATHPING.EXE
19/2/2020 - 19:45:44.747Open1480C:\malware.exeC:\Windows\SysWOW64\PATHPING.EXE
19/2/2020 - 19:45:44.747Open1480C:\malware.exeC:\Windows\SysWOW64\PATHPING.EXE
19/2/2020 - 19:45:44.747Open1480C:\malware.exeC:\Windows\SysWOW64\perfhost.exe
19/2/2020 - 19:45:44.747Open1480C:\malware.exeC:\Windows\SysWOW64\perfhost.exe
19/2/2020 - 19:45:44.747Open1480C:\malware.exeC:\Windows\SysWOW64\perfhost.exe
19/2/2020 - 19:45:44.747Open1480C:\malware.exeC:\Windows\SysWOW64\perfhost.exe
19/2/2020 - 19:45:44.747Open1480C:\malware.exeC:\Windows\SysWOW64\perfmon.exe
19/2/2020 - 19:45:44.747Open1480C:\malware.exeC:\Windows\SysWOW64\perfmon.exe
19/2/2020 - 19:45:44.747Open1480C:\malware.exeC:\Windows\SysWOW64\perfmon.exe
19/2/2020 - 19:45:44.747Open1480C:\malware.exeC:\Windows\SysWOW64\perfmon.exe
19/2/2020 - 19:45:44.747Open1480C:\malware.exeC:\Windows\SysWOW64\poqexec.exe
19/2/2020 - 19:45:44.809Open1480C:\malware.exeC:\Windows\SysWOW64\poqexec.exe
19/2/2020 - 19:45:44.809Open1480C:\malware.exeC:\Windows\SysWOW64\poqexec.exe
19/2/2020 - 19:45:44.809Open1480C:\malware.exeC:\Windows\SysWOW64\poqexec.exe
19/2/2020 - 19:45:44.809Open1480C:\malware.exeC:\Windows\SysWOW64\powercfg.exe
19/2/2020 - 19:45:44.856Open1480C:\malware.exeC:\Windows\SysWOW64\powercfg.exe
19/2/2020 - 19:45:44.856Open1480C:\malware.exeC:\Windows\SysWOW64\powercfg.exe
19/2/2020 - 19:45:44.856Open1480C:\malware.exeC:\Windows\SysWOW64\powercfg.exe
19/2/2020 - 19:45:44.856Open1480C:\malware.exeC:\Windows\SysWOW64\prevhost.exe
19/2/2020 - 19:45:44.903Open1480C:\malware.exeC:\Windows\SysWOW64\prevhost.exe
19/2/2020 - 19:45:44.903Open1480C:\malware.exeC:\Windows\SysWOW64\prevhost.exe
19/2/2020 - 19:45:44.903Open1480C:\malware.exeC:\Windows\SysWOW64\prevhost.exe
19/2/2020 - 19:45:44.903Open1480C:\malware.exeC:\Windows\SysWOW64\printui.exe
19/2/2020 - 19:45:44.950Open1480C:\malware.exeC:\Windows\SysWOW64\printui.exe
19/2/2020 - 19:45:44.950Open1480C:\malware.exeC:\Windows\SysWOW64\printui.exe
19/2/2020 - 19:45:44.950Open1480C:\malware.exeC:\Windows\SysWOW64\printui.exe
19/2/2020 - 19:45:44.950Open1480C:\malware.exeC:\Windows\SysWOW64\recover.exe
19/2/2020 - 19:45:44.950Open1480C:\malware.exeC:\Windows\SysWOW64\recover.exe
19/2/2020 - 19:45:44.950Open1480C:\malware.exeC:\Windows\SysWOW64\recover.exe
19/2/2020 - 19:45:44.950Open1480C:\malware.exeC:\Windows\SysWOW64\recover.exe
19/2/2020 - 19:45:44.950Open1480C:\malware.exeC:\Windows\SysWOW64\RMActivate_isv.exe
19/2/2020 - 19:45:44.997Unknown1480C:\malware.exeC:\Windows\SysWOW64\RMActivate_isv.exeRMActivate_isv.exe
19/2/2020 - 19:45:44.997Open1480C:\malware.exeC:\Windows\SysWOW64\RMActivate_isv.exe
19/2/2020 - 19:45:44.997Open1480C:\malware.exeC:\Windows\SysWOW64\RMActivate_isv.exe
19/2/2020 - 19:45:44.997Open1480C:\malware.exeC:\Windows\SysWOW64\RMActivate_isv.exe
19/2/2020 - 19:45:44.997Open1480C:\malware.exeC:\Windows\SysWOW64\RMActivate_ssp.exe
19/2/2020 - 19:45:45.43Unknown1480C:\malware.exeC:\Windows\SysWOW64\RMActivate_ssp.exeRMActivate_ssp.exe
19/2/2020 - 19:45:45.43Open1480C:\malware.exeC:\Windows\SysWOW64\RMActivate_ssp.exe
19/2/2020 - 19:45:45.43Open1480C:\malware.exeC:\Windows\SysWOW64\RMActivate_ssp.exe
19/2/2020 - 19:45:45.43Open1480C:\malware.exeC:\Windows\SysWOW64\RMActivate_ssp.exe
19/2/2020 - 19:45:45.43Open1480C:\malware.exeC:\Windows\SysWOW64\RpcPing.exe
19/2/2020 - 19:45:45.90Open1480C:\malware.exeC:\Windows\SysWOW64\RpcPing.exe
19/2/2020 - 19:45:45.90Open1480C:\malware.exeC:\Windows\SysWOW64\RpcPing.exe
19/2/2020 - 19:45:45.90Open1480C:\malware.exeC:\Windows\SysWOW64\RpcPing.exe
19/2/2020 - 19:45:45.90Open1480C:\malware.exeC:\Windows\SysWOW64\runas.exe
19/2/2020 - 19:45:45.90Open1480C:\malware.exeC:\Windows\SysWOW64\runas.exe
19/2/2020 - 19:45:45.90Open1480C:\malware.exeC:\Windows\SysWOW64\runas.exe
19/2/2020 - 19:45:45.90Open1480C:\malware.exeC:\Windows\SysWOW64\runas.exe
19/2/2020 - 19:45:45.90Open1480C:\malware.exeC:\Windows\SysWOW64\sbunattend.exe
19/2/2020 - 19:45:45.90Unknown1480C:\malware.exeC:\Windows\SysWOW64\sbunattend.exesbunattend.exe
19/2/2020 - 19:45:45.90Open1480C:\malware.exeC:\Windows\SysWOW64\sbunattend.exe
19/2/2020 - 19:45:45.90Open1480C:\malware.exeC:\Windows\SysWOW64\sbunattend.exe
19/2/2020 - 19:45:45.90Open1480C:\malware.exeC:\Windows\SysWOW64\sbunattend.exe
19/2/2020 - 19:45:45.90Open1480C:\malware.exeC:\Windows\SysWOW64\sc.exe
19/2/2020 - 19:45:45.90Open1480C:\malware.exeC:\Windows\SysWOW64\sc.exe
19/2/2020 - 19:45:45.90Open1480C:\malware.exeC:\Windows\SysWOW64\sc.exe
19/2/2020 - 19:45:45.90Open1480C:\malware.exeC:\Windows\SysWOW64\sc.exe
19/2/2020 - 19:45:45.90Open1480C:\malware.exeC:\Windows\SysWOW64\sethc.exe
19/2/2020 - 19:45:45.137Open1480C:\malware.exeC:\Windows\SysWOW64\sethc.exe
19/2/2020 - 19:45:45.137Open1480C:\malware.exeC:\Windows\SysWOW64\sethc.exe
19/2/2020 - 19:45:45.137Open1480C:\malware.exeC:\Windows\SysWOW64\sethc.exe
19/2/2020 - 19:45:45.137Open1480C:\malware.exeC:\Windows\SysWOW64\Setup
19/2/2020 - 19:45:45.137Read1480C:\malware.exeC:\Windows\SysWOW64\Setup
19/2/2020 - 19:45:45.184Unknown1480C:\malware.exeC:\Windows\SysWOW64\Setup
19/2/2020 - 19:45:45.184Open1480C:\malware.exeC:\Windows\SysWOW64\shrpubw.exe
19/2/2020 - 19:45:45.231Open1480C:\malware.exeC:\Windows\SysWOW64\shrpubw.exe
19/2/2020 - 19:45:45.231Open1480C:\malware.exeC:\Windows\SysWOW64\shrpubw.exe
19/2/2020 - 19:45:45.231Open1480C:\malware.exeC:\Windows\SysWOW64\shrpubw.exe
19/2/2020 - 19:45:45.231Open1480C:\malware.exeC:\Windows\SysWOW64\SndVol.exe
19/2/2020 - 19:45:45.231Open1480C:\malware.exeC:\Windows\SysWOW64\SndVol.exe
19/2/2020 - 19:45:45.231Open1480C:\malware.exeC:\Windows\SysWOW64\SndVol.exe
19/2/2020 - 19:45:45.231Open1480C:\malware.exeC:\Windows\SysWOW64\SndVol.exe
19/2/2020 - 19:45:45.231Open1480C:\malware.exeC:\Windows\SysWOW64\sort.exe
19/2/2020 - 19:45:45.231Open1480C:\malware.exeC:\Windows\SysWOW64\sort.exe
19/2/2020 - 19:45:45.231Open1480C:\malware.exeC:\Windows\SysWOW64\sort.exe
19/2/2020 - 19:45:45.231Open1480C:\malware.exeC:\Windows\SysWOW64\sort.exe
19/2/2020 - 19:45:45.231Open1480C:\malware.exeC:\Windows\SysWOW64\spp
19/2/2020 - 19:45:45.231Unknown1480C:\malware.exeC:\Windows\SysWOW64\spp
19/2/2020 - 19:45:45.231Open1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesRemote.exe
19/2/2020 - 19:45:45.278Unknown1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesRemote.exeSystemPropertiesRemote.exe
19/2/2020 - 19:45:45.278Open1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesRemote.exe
19/2/2020 - 19:45:45.278Open1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesRemote.exe
19/2/2020 - 19:45:45.278Open1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesRemote.exe
19/2/2020 - 19:45:45.278Open1480C:\malware.exeC:\Windows\SysWOW64\taskkill.exe
19/2/2020 - 19:45:45.325Open1480C:\malware.exeC:\Windows\SysWOW64\taskkill.exe
19/2/2020 - 19:45:45.325Open1480C:\malware.exeC:\Windows\SysWOW64\taskkill.exe
19/2/2020 - 19:45:45.325Open1480C:\malware.exeC:\Windows\SysWOW64\taskkill.exe
19/2/2020 - 19:45:45.325Open1480C:\malware.exeC:\Windows\SysWOW64\tr-TR
19/2/2020 - 19:45:45.325Read1480C:\malware.exeC:\Windows\SysWOW64\tr-TR
19/2/2020 - 19:45:45.372Unknown1480C:\malware.exeC:\Windows\SysWOW64\tr-TR
19/2/2020 - 19:45:45.372Open1480C:\malware.exeC:\Windows\SysWOW64\TRACERT.EXE
19/2/2020 - 19:45:45.372Open1480C:\malware.exeC:\Windows\SysWOW64\TRACERT.EXE
19/2/2020 - 19:45:45.372Open1480C:\malware.exeC:\Windows\SysWOW64\TRACERT.EXE
19/2/2020 - 19:45:45.372Open1480C:\malware.exeC:\Windows\SysWOW64\TRACERT.EXE
19/2/2020 - 19:45:45.372Open1480C:\malware.exeC:\Windows\SysWOW64\tzutil.exe
19/2/2020 - 19:45:45.372Open1480C:\malware.exeC:\Windows\SysWOW64\tzutil.exe
19/2/2020 - 19:45:45.372Open1480C:\malware.exeC:\Windows\SysWOW64\tzutil.exe
19/2/2020 - 19:45:45.372Open1480C:\malware.exeC:\Windows\SysWOW64\tzutil.exe
19/2/2020 - 19:45:45.372Open1480C:\malware.exeC:\Windows\SysWOW64\unlodctr.exe
19/2/2020 - 19:45:45.372Open1480C:\malware.exeC:\Windows\SysWOW64\unlodctr.exe
19/2/2020 - 19:45:45.372Open1480C:\malware.exeC:\Windows\SysWOW64\unlodctr.exe
19/2/2020 - 19:45:45.372Open1480C:\malware.exeC:\Windows\SysWOW64\unlodctr.exe
19/2/2020 - 19:45:45.372Open1480C:\malware.exeC:\Windows\SysWOW64\unregmp2.exe
19/2/2020 - 19:45:45.372Open1480C:\malware.exeC:\Windows\SysWOW64\unregmp2.exe
19/2/2020 - 19:45:45.372Open1480C:\malware.exeC:\Windows\SysWOW64\unregmp2.exe
19/2/2020 - 19:45:45.372Open1480C:\malware.exeC:\Windows\SysWOW64\unregmp2.exe
19/2/2020 - 19:45:45.372Open1480C:\malware.exeC:\Windows\SysWOW64\upnpcont.exe
19/2/2020 - 19:45:45.418Open1480C:\malware.exeC:\Windows\SysWOW64\upnpcont.exe
19/2/2020 - 19:45:45.418Open1480C:\malware.exeC:\Windows\SysWOW64\upnpcont.exe
19/2/2020 - 19:45:45.418Open1480C:\malware.exeC:\Windows\SysWOW64\upnpcont.exe
19/2/2020 - 19:45:45.418Open1480C:\malware.exeC:\Windows\SysWOW64\verifier.exe
19/2/2020 - 19:45:45.465Open1480C:\malware.exeC:\Windows\SysWOW64\verifier.exe
19/2/2020 - 19:45:45.465Open1480C:\malware.exeC:\Windows\SysWOW64\verifier.exe
19/2/2020 - 19:45:45.465Open1480C:\malware.exeC:\Windows\SysWOW64\verifier.exe
19/2/2020 - 19:45:45.465Open1480C:\malware.exeC:\Windows\SysWOW64\wdi
19/2/2020 - 19:45:45.465Unknown1480C:\malware.exeC:\Windows\SysWOW64\wdi
19/2/2020 - 19:45:45.465Open1480C:\malware.exeC:\Windows\SysWOW64\where.exe
19/2/2020 - 19:45:45.512Open1480C:\malware.exeC:\Windows\SysWOW64\where.exe
19/2/2020 - 19:45:45.512Open1480C:\malware.exeC:\Windows\SysWOW64\where.exe
19/2/2020 - 19:45:45.512Open1480C:\malware.exeC:\Windows\SysWOW64\where.exe
19/2/2020 - 19:45:45.512Open1480C:\malware.exeC:\Windows\SysWOW64\wimserv.exe
19/2/2020 - 19:45:45.512Open1480C:\malware.exeC:\Windows\SysWOW64\wimserv.exe
19/2/2020 - 19:45:45.512Open1480C:\malware.exeC:\Windows\SysWOW64\wimserv.exe
19/2/2020 - 19:45:45.512Open1480C:\malware.exeC:\Windows\SysWOW64\wimserv.exe
19/2/2020 - 19:45:45.512Open1480C:\malware.exeC:\Windows\SysWOW64\write.exe
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\Windows\SysWOW64\write.exe
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\Windows\SysWOW64\write.exe
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\Windows\SysWOW64\write.exe
19/2/2020 - 19:45:45.559Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\Monitor
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\Monitor\zip.exe
19/2/2020 - 19:45:45.559Unknown1480C:\malware.exeC:\Monitor\zip.exe
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\Monitor\zip.exe
19/2/2020 - 19:45:45.559Unknown1480C:\malware.exeC:\Monitor\zip.exe
19/2/2020 - 19:45:45.559Unknown1480C:\malware.exeC:\Monitor\zip.exe
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\Monitor\zip.exe
19/2/2020 - 19:45:45.559Unknown1480C:\malware.exeC:\Monitor\zip.exe
19/2/2020 - 19:45:45.559Read1480C:\malware.exeC:\Monitor\zip.exe
19/2/2020 - 19:45:45.559Read1480C:\malware.exeC:\Monitor\zip.exe
19/2/2020 - 19:45:45.559Read1480C:\malware.exeC:\Monitor\zip.exe
19/2/2020 - 19:45:45.559Read1480C:\malware.exeC:\Monitor\zip.exe
19/2/2020 - 19:45:45.559Read1480C:\malware.exeC:\Monitor\zip.exe
19/2/2020 - 19:45:45.559Write1480C:\malware.exeC:\Monitor\zip.exe
19/2/2020 - 19:45:45.559Write1480C:\malware.exeC:\Monitor\zip.exe
19/2/2020 - 19:45:45.559Write1480C:\malware.exeC:\Monitor\zip.exe
19/2/2020 - 19:45:45.559Write1480C:\malware.exeC:\Monitor\zip.exe
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\Monitor\PE
19/2/2020 - 19:45:45.559Unknown1480C:\malware.exeC:\Monitor
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\Program Files (x86)
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\Program Files (x86)\MSBuild
19/2/2020 - 19:45:45.559Unknown1480C:\malware.exeC:\Program Files (x86)\MSBuild
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\Program Files (x86)\Windows Photo Viewer
19/2/2020 - 19:45:45.559Unknown1480C:\malware.exeC:\Program Files (x86)\Windows Photo Viewer
19/2/2020 - 19:45:45.559Unknown1480C:\malware.exeC:\Program Files (x86)\Windows Photo Viewer
19/2/2020 - 19:45:45.559Unknown1480C:\malware.exeC:\Program Files (x86)
19/2/2020 - 19:45:45.559Unknown1480C:\malware.exeC:\
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\Monitor
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\Monitor\Malware
19/2/2020 - 19:45:45.559Unknown1480C:\malware.exeC:\Monitor\Malware
19/2/2020 - 19:45:45.559Unknown1480C:\malware.exeC:\Monitor
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\Documents and Settings
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\Documents and Settings
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\Users
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\Users\Public
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\Users\Public\Recorded TV
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\Users\Public\Recorded TV\Sample Media
19/2/2020 - 19:45:45.559Unknown1480C:\malware.exeC:\Users\Public\Recorded TV\Sample Media
19/2/2020 - 19:45:45.559Unknown1480C:\malware.exeC:\Users\Public\Recorded TV
19/2/2020 - 19:45:45.559Unknown1480C:\malware.exeC:\Users\Public
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\Users\Todos os Usurios
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\ProgramData
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\ProgramData\Desktop
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\ProgramData\Desktop
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\ProgramData\Desktop
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\ProgramData\Desktop
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\ProgramData\Documentos
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\ProgramData\Documentos
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\ProgramData\Documentos
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\ProgramData\Documentos
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\ProgramData\Modelos
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\ProgramData\Modelos
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\ProgramData\Modelos
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\ProgramData\Modelos
19/2/2020 - 19:45:45.559Unknown1480C:\malware.exeC:\ProgramData
19/2/2020 - 19:45:45.559Unknown1480C:\malware.exeC:\Users
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\Windows
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\Windows\AppCompat
19/2/2020 - 19:45:45.559Unknown1480C:\malware.exeC:\Windows\AppCompat
19/2/2020 - 19:45:45.559Open1480C:\malware.exeC:\Windows\hh.exe
19/2/2020 - 19:45:45.606Open1480C:\malware.exeC:\Windows\hh.exe
19/2/2020 - 19:45:45.606Open1480C:\malware.exeC:\Windows\hh.exe
19/2/2020 - 19:45:45.606Open1480C:\malware.exeC:\Windows\hh.exe
19/2/2020 - 19:45:45.606Open1480C:\malware.exeC:\Windows\Installer
19/2/2020 - 19:45:45.606Unknown1480C:\malware.exeC:\Windows\Installer
19/2/2020 - 19:45:45.606Open1480C:\malware.exeC:\Windows\ModemLogs
19/2/2020 - 19:45:45.606Unknown1480C:\malware.exeC:\Windows\ModemLogs
19/2/2020 - 19:45:45.606Open1480C:\malware.exeC:\Windows\notepad.exe
19/2/2020 - 19:45:45.606Open1480C:\malware.exeC:\Windows\notepad.exe
19/2/2020 - 19:45:45.606Open1480C:\malware.exeC:\Windows\notepad.exe
19/2/2020 - 19:45:45.606Open1480C:\malware.exeC:\Windows\notepad.exe
19/2/2020 - 19:45:45.606Open1480C:\malware.exeC:\Windows\PolicyDefinitions
19/2/2020 - 19:45:45.606Read1480C:\malware.exeC:\Windows\PolicyDefinitions
19/2/2020 - 19:45:45.653Read1480C:\malware.exeC:\Windows\PolicyDefinitions
19/2/2020 - 19:45:45.700Read1480C:\malware.exeC:\Windows\PolicyDefinitions
19/2/2020 - 19:45:45.747Read1480C:\malware.exeC:\Windows\PolicyDefinitions
19/2/2020 - 19:45:45.793Read1480C:\malware.exeC:\Windows\PolicyDefinitions
19/2/2020 - 19:45:45.840Read1480C:\malware.exeC:\Windows\PolicyDefinitions
19/2/2020 - 19:45:45.887Unknown1480C:\malware.exeC:\Windows\PolicyDefinitions
19/2/2020 - 19:45:45.887Unknown1480C:\malware.exeC:\Windows\PolicyDefinitions
19/2/2020 - 19:45:45.887Open1480C:\malware.exeC:\Windows\Prefetch
19/2/2020 - 19:45:45.887Open1480C:\malware.exeC:\Windows\Prefetch\ReadyBoot
19/2/2020 - 19:45:45.887Unknown1480C:\malware.exeC:\Windows\Prefetch\ReadyBoot
19/2/2020 - 19:45:45.887Unknown1480C:\malware.exeC:\Windows\Prefetch
19/2/2020 - 19:45:45.887Open1480C:\malware.exeC:\Windows\SchCache
19/2/2020 - 19:45:45.887Unknown1480C:\malware.exeC:\Windows\SchCache
19/2/2020 - 19:45:45.887Open1480C:\malware.exeC:\Windows\twain_32
19/2/2020 - 19:45:45.887Unknown1480C:\malware.exeC:\Windows\twain_32
19/2/2020 - 19:45:45.887Open1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:45.887Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:45.934Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:45.981Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:46.28Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:46.75Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:46.122Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:46.168Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:46.215Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:46.262Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:46.309Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:46.356Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:46.403Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:46.450Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:46.497Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:46.543Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:46.590Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:46.637Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:46.684Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:46.731Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:46.778Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:46.825Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:46.872Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:46.918Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:46.965Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:47.12Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:47.59Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:47.106Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:47.153Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:47.200Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:47.247Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:47.293Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:47.340Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:47.387Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:47.434Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:47.481Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:47.528Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:47.575Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:47.622Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:47.668Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:47.715Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:47.762Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:47.809Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:47.856Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:47.903Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:47.950Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:47.997Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:48.43Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:48.90Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:48.137Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:48.184Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:48.231Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:48.278Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:48.325Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:48.372Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:48.418Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:48.465Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:48.512Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:48.559Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:48.606Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:48.653Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:48.700Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:48.747Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:48.793Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:48.887Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:48.934Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:48.981Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:49.28Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:49.75Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:49.122Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:49.168Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:49.215Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:49.262Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:49.309Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:49.356Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:49.403Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:49.450Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:49.497Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:49.543Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:49.590Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:49.637Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:49.684Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:49.731Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:49.778Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:49.825Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:49.872Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:49.918Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:49.965Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:50.12Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:50.59Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:50.106Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:50.153Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:50.200Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:50.247Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:50.293Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:50.340Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:50.387Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:50.434Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:50.481Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:50.528Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:50.575Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:50.622Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:50.668Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:50.715Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:50.762Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:50.809Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:50.856Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:50.903Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:50.950Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:50.997Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:51.43Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:51.90Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:51.137Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:51.184Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:51.231Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:51.278Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:51.325Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:51.372Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:51.418Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:51.465Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:51.512Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:51.559Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:51.606Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:51.653Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:51.700Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:51.747Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:51.793Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:51.840Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:51.887Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:51.934Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:51.981Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:52.28Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:52.75Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:52.122Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:52.168Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:52.215Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:52.262Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:52.309Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:52.356Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:52.403Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:52.450Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:52.497Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:52.543Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:52.590Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:52.637Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:52.684Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:52.731Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:52.778Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:52.825Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:52.872Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:52.918Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:52.965Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:53.12Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:53.59Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:53.106Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:53.153Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:53.200Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:53.247Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:53.293Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:53.340Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:53.387Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:53.434Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:53.481Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:53.528Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:53.575Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:53.622Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:53.668Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:53.715Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:53.762Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:53.809Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:53.856Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:53.903Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:53.950Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:53.997Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:54.43Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:54.90Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:54.137Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:54.184Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:54.231Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:54.278Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:54.325Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:54.372Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:54.418Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:54.465Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:54.512Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:54.559Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:54.606Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:54.653Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:54.700Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:54.747Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:54.793Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:54.840Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:54.887Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:54.934Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:54.981Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:55.28Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:55.75Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:55.122Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:55.168Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:55.215Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:55.262Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:55.309Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:55.356Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:55.403Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:55.450Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:55.497Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:55.543Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:55.590Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:55.637Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:55.684Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:55.731Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:55.778Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:55.825Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:55.872Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:55.918Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:55.965Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:56.12Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:56.59Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:56.106Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:56.153Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:56.200Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:56.247Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:56.293Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:56.340Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:56.387Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:56.434Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:56.481Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:56.528Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:56.575Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:56.622Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:56.668Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:56.715Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:56.762Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:56.809Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:56.856Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:56.903Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:56.950Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:56.997Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:57.43Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:57.90Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:57.137Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:57.184Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:57.231Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:57.278Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:57.325Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:57.372Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:57.418Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:57.465Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:57.512Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:57.559Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:57.606Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:57.653Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:57.700Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:57.747Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:57.793Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:57.840Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:57.887Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:57.934Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:57.981Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:58.28Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:58.75Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:58.122Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:58.168Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:58.215Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:58.262Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:58.309Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:58.356Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:58.403Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:58.450Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:58.497Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:58.543Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:58.590Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:58.637Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:58.684Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:58.731Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:58.778Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:58.825Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:58.872Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:58.918Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:58.965Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:59.12Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:59.59Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:59.106Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:59.247Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:59.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_1394.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c04c15dca8449bde
19/2/2020 - 19:45:59.387Read1480C:\malware.exeC:\Windows\winsxs\amd64_1394.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c04c15dca8449bde
19/2/2020 - 19:45:59.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_1394.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c04c15dca8449bde
19/2/2020 - 19:45:59.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_adpu320.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6be1d6ded7b00818
19/2/2020 - 19:45:59.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_adpu320.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6be1d6ded7b00818
19/2/2020 - 19:45:59.434Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:59.575Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:59.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_amdsata.inf_31bf3856ad364e35_6.1.7601.17577_none_aa54fe0598b884c4
19/2/2020 - 19:45:59.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_amdsata.inf_31bf3856ad364e35_6.1.7601.17577_none_aa54fe0598b884c4
19/2/2020 - 19:45:59.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_amdsata.inf_31bf3856ad364e35_6.1.7601.21680_none_aaccc8deb1e48f1e
19/2/2020 - 19:45:59.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_amdsata.inf_31bf3856ad364e35_6.1.7601.21680_none_aaccc8deb1e48f1e
19/2/2020 - 19:45:59.762Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:59.903Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:45:59.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_aspnet_compiler_b03f5f7f11d50a3a_6.1.7601.18410_none_a5769fe600b79680
19/2/2020 - 19:45:59.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_aspnet_compiler_b03f5f7f11d50a3a_6.1.7601.18410_none_a5769fe600b79680
19/2/2020 - 19:45:59.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_atiriol6.inf_31bf3856ad364e35_6.1.7600.16385_none_a909ad21d26d5bd0
19/2/2020 - 19:45:59.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_atiriol6.inf_31bf3856ad364e35_6.1.7600.16385_none_a909ad21d26d5bd0
19/2/2020 - 19:46:0.43Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:0.184Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:0.231Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:0.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_bda.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_92067a83558c343a
19/2/2020 - 19:46:0.325Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_bda.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_92067a83558c343a
19/2/2020 - 19:46:0.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_bda.inf_31bf3856ad364e35_6.1.7600.16385_none_5e69a2a6daa14883
19/2/2020 - 19:46:0.325Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_bda.inf_31bf3856ad364e35_6.1.7600.16385_none_5e69a2a6daa14883
19/2/2020 - 19:46:0.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_blbdrive.inf_31bf3856ad364e35_6.1.7600.16385_none_e96898ffe0d97c7e
19/2/2020 - 19:46:0.325Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_blbdrive.inf_31bf3856ad364e35_6.1.7600.16385_none_e96898ffe0d97c7e
19/2/2020 - 19:46:0.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_brmfcmf.inf_31bf3856ad364e35_6.1.7600.16385_none_6f8740b92fea8e01
19/2/2020 - 19:46:0.325Read1480C:\malware.exeC:\Windows\winsxs\amd64_brmfcmf.inf_31bf3856ad364e35_6.1.7600.16385_none_6f8740b92fea8e01
19/2/2020 - 19:46:0.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_brmfcmf.inf_31bf3856ad364e35_6.1.7600.16385_none_6f8740b92fea8e01
19/2/2020 - 19:46:0.481Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:0.622Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:0.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.22046_none_d0d5d519eb6512d8
19/2/2020 - 19:46:0.668Read1480C:\malware.exeC:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.22046_none_d0d5d519eb6512d8
19/2/2020 - 19:46:0.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.22046_none_d0d5d519eb6512d8
19/2/2020 - 19:46:0.809Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:0.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_caspol_b03f5f7f11d50a3a_6.1.7601.22733_none_e1ba4370b1abe898
19/2/2020 - 19:46:0.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_caspol_b03f5f7f11d50a3a_6.1.7601.22733_none_e1ba4370b1abe898\CasPol.exe
19/2/2020 - 19:46:0.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_caspol_b03f5f7f11d50a3a_6.1.7601.22733_none_e1ba4370b1abe898\CasPol.exe
19/2/2020 - 19:46:0.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_caspol_b03f5f7f11d50a3a_6.1.7601.22733_none_e1ba4370b1abe898\CasPol.exe
19/2/2020 - 19:46:0.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_caspol_b03f5f7f11d50a3a_6.1.7601.22733_none_e1ba4370b1abe898\CasPol.exe
19/2/2020 - 19:46:0.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_caspol_b03f5f7f11d50a3a_6.1.7601.22733_none_e1ba4370b1abe898
19/2/2020 - 19:46:0.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_cpu.inf_31bf3856ad364e35_6.1.7600.16385_none_b93f4c460912265a
19/2/2020 - 19:46:0.997Read1480C:\malware.exeC:\Windows\winsxs\amd64_cpu.inf_31bf3856ad364e35_6.1.7600.16385_none_b93f4c460912265a
19/2/2020 - 19:46:1.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_cpu.inf_31bf3856ad364e35_6.1.7600.16385_none_b93f4c460912265a
19/2/2020 - 19:46:1.43Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:1.184Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:1.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_cxfalcon_ibv64.inf_31bf3856ad364e35_6.1.7600.16385_none_a242cda757046042
19/2/2020 - 19:46:1.325Read1480C:\malware.exeC:\Windows\winsxs\amd64_cxfalcon_ibv64.inf_31bf3856ad364e35_6.1.7600.16385_none_a242cda757046042
19/2/2020 - 19:46:1.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_cxfalcon_ibv64.inf_31bf3856ad364e35_6.1.7600.16385_none_a242cda757046042
19/2/2020 - 19:46:1.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_cxraptor_fm1236mk5_ibv64.inf_31bf3856ad364e35_6.1.7600.16385_none_a0e6031d536a7892
19/2/2020 - 19:46:1.372Read1480C:\malware.exeC:\Windows\winsxs\amd64_cxraptor_fm1236mk5_ibv64.inf_31bf3856ad364e35_6.1.7600.16385_none_a0e6031d536a7892
19/2/2020 - 19:46:1.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_cxraptor_fm1236mk5_ibv64.inf_31bf3856ad364e35_6.1.7600.16385_none_a0e6031d536a7892
19/2/2020 - 19:46:1.418Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:1.606Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:1.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_devicepairingproxy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dccc313b2f493e49
19/2/2020 - 19:46:1.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_devicepairingproxy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dccc313b2f493e49
19/2/2020 - 19:46:1.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_dot4.inf_31bf3856ad364e35_6.1.7600.16385_none_3868f74cf5b51f17
19/2/2020 - 19:46:1.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_dot4.inf_31bf3856ad364e35_6.1.7600.16385_none_3868f74cf5b51f17
19/2/2020 - 19:46:1.747Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:1.793Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:1.934Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:1.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_eaphost.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4c4dd95f9d02e645
19/2/2020 - 19:46:1.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_eaphost.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4c4dd95f9d02e645
19/2/2020 - 19:46:1.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_ehome-mcstoredb_31bf3856ad364e35_6.1.7601.17514_none_e0c92ff471b6c7a2
19/2/2020 - 19:46:1.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_ehome-mcstoredb_31bf3856ad364e35_6.1.7601.17514_none_e0c92ff471b6c7a2
19/2/2020 - 19:46:1.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_ehstorcertdrv.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4ff544654cad721a
19/2/2020 - 19:46:1.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_ehstorcertdrv.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4ff544654cad721a
19/2/2020 - 19:46:1.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_eventviewersettings.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f4c31aa31a4963b1
19/2/2020 - 19:46:1.981Read1480C:\malware.exeC:\Windows\winsxs\amd64_eventviewersettings.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f4c31aa31a4963b1
19/2/2020 - 19:46:2.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_eventviewersettings.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f4c31aa31a4963b1
19/2/2020 - 19:46:2.122Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:2.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_faxca003.inf_31bf3856ad364e35_6.1.7600.16385_none_8f99fd41b27fdd58
19/2/2020 - 19:46:2.262Read1480C:\malware.exeC:\Windows\winsxs\amd64_faxca003.inf_31bf3856ad364e35_6.1.7600.16385_none_8f99fd41b27fdd58
19/2/2020 - 19:46:2.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_faxca003.inf_31bf3856ad364e35_6.1.7600.16385_none_8f99fd41b27fdd58
19/2/2020 - 19:46:2.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_fdc.inf_31bf3856ad364e35_6.1.7600.16385_none_5d86a514fa18ed1d
19/2/2020 - 19:46:2.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_fdc.inf_31bf3856ad364e35_6.1.7600.16385_none_5d86a514fa18ed1d
19/2/2020 - 19:46:2.356Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:2.497Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:2.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_flpydisk.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_719568c988232f75
19/2/2020 - 19:46:2.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_flpydisk.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_719568c988232f75
19/2/2020 - 19:46:2.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_42ff01d4942cc5ea
19/2/2020 - 19:46:2.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_42ff01d4942cc5ea
19/2/2020 - 19:46:2.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_gameport.inf_31bf3856ad364e35_6.1.7600.16385_none_32f188a073c09ceb
19/2/2020 - 19:46:2.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_gameport.inf_31bf3856ad364e35_6.1.7600.16385_none_32f188a073c09ceb
19/2/2020 - 19:46:2.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_hal.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9b1bcea733fd087a
19/2/2020 - 19:46:2.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_hal.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9b1bcea733fd087a
19/2/2020 - 19:46:2.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_hal.inf_31bf3856ad364e35_6.1.7600.16385_none_5f1101d221a06a37
19/2/2020 - 19:46:2.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_hal.inf_31bf3856ad364e35_6.1.7600.16385_none_5f1101d221a06a37
19/2/2020 - 19:46:2.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_hdaudio.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3f30304bb27d5f13
19/2/2020 - 19:46:2.590Read1480C:\malware.exeC:\Windows\winsxs\amd64_hdaudio.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3f30304bb27d5f13
19/2/2020 - 19:46:2.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_hdaudio.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3f30304bb27d5f13
19/2/2020 - 19:46:2.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_hdaudio.inf_31bf3856ad364e35_6.1.7601.17514_none_73863b3e7e0f937c
19/2/2020 - 19:46:2.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_hdaudio.inf_31bf3856ad364e35_6.1.7601.17514_none_73863b3e7e0f937c
19/2/2020 - 19:46:2.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_hdaudss.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_fb4435170900a989
19/2/2020 - 19:46:2.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_hdaudss.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_fb4435170900a989
19/2/2020 - 19:46:2.684Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:2.825Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:2.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_hidbth.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2a4d3ec4f9a2a96a
19/2/2020 - 19:46:2.918Read1480C:\malware.exeC:\Windows\winsxs\amd64_hidbth.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2a4d3ec4f9a2a96a
19/2/2020 - 19:46:2.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_hidbth.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2a4d3ec4f9a2a96a
19/2/2020 - 19:46:2.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_hidir.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_60adf4130033106f
19/2/2020 - 19:46:2.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_hidir.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_60adf4130033106f
19/2/2020 - 19:46:2.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_hidirkbd.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f2a282a953d4438a
19/2/2020 - 19:46:2.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_hidirkbd.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f2a282a953d4438a
19/2/2020 - 19:46:2.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_hidirkbd.inf_31bf3856ad364e35_6.1.7600.16385_none_0a5398b9d5cdc5e1
19/2/2020 - 19:46:2.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_hidirkbd.inf_31bf3856ad364e35_6.1.7600.16385_none_0a5398b9d5cdc5e1
19/2/2020 - 19:46:2.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_hidserv.inf_31bf3856ad364e35_6.1.7600.16385_none_a5cbab96e62548af
19/2/2020 - 19:46:2.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_hidserv.inf_31bf3856ad364e35_6.1.7600.16385_none_a5cbab96e62548af
19/2/2020 - 19:46:2.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_hpoa1nd.inf_31bf3856ad364e35_6.1.7600.16385_none_7c44203a0475c81b
19/2/2020 - 19:46:2.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_hpoa1nd.inf_31bf3856ad364e35_6.1.7600.16385_none_7c44203a0475c81b
19/2/2020 - 19:46:3.59Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:3.200Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:3.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_hpoa1ss.inf_31bf3856ad364e35_6.1.7600.16385_none_551deeb482597ed9
19/2/2020 - 19:46:3.247Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_hpoa1ss.inf_31bf3856ad364e35_6.1.7600.16385_none_551deeb482597ed9
19/2/2020 - 19:46:3.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_hpsamd.inf_31bf3856ad364e35_6.1.7601.17514_none_5b5cf553a3ff2443
19/2/2020 - 19:46:3.247Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_hpsamd.inf_31bf3856ad364e35_6.1.7601.17514_none_5b5cf553a3ff2443
19/2/2020 - 19:46:3.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_iirsp.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a3f505c6b82bbbfa
19/2/2020 - 19:46:3.247Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_iirsp.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a3f505c6b82bbbfa
19/2/2020 - 19:46:3.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_iirsp2.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f0a63413643b939e
19/2/2020 - 19:46:3.247Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_iirsp2.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f0a63413643b939e
19/2/2020 - 19:46:3.340Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:3.387Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:3.528Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:3.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_infocard.resources_b77a5c561934e089_6.1.7600.16385_pt-br_1006d692884ec09d
19/2/2020 - 19:46:3.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_infocard.resources_b77a5c561934e089_6.1.7600.16385_pt-br_1006d692884ec09d
19/2/2020 - 19:46:3.715Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:3.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_iscsi.inf_31bf3856ad364e35_6.1.7601.18386_none_9aa001af0a7d5207
19/2/2020 - 19:46:3.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_iscsi.inf_31bf3856ad364e35_6.1.7601.18386_none_9aa001af0a7d5207
19/2/2020 - 19:46:3.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_isymwrapper_b03f5f7f11d50a3a_6.1.7601.22733_none_7e3f3364d4ed0b97
19/2/2020 - 19:46:3.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_isymwrapper_b03f5f7f11d50a3a_6.1.7601.22733_none_7e3f3364d4ed0b97
19/2/2020 - 19:46:3.856Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:3.997Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:4.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_ksfilter.inf_31bf3856ad364e35_6.1.7600.16385_none_48b10038ffc70afe
19/2/2020 - 19:46:4.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_ksfilter.inf_31bf3856ad364e35_6.1.7600.16385_none_48b10038ffc70afe
19/2/2020 - 19:46:4.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_lsi_sas2.inf_31bf3856ad364e35_6.1.7600.16385_none_94aaac30f0f50f7c
19/2/2020 - 19:46:4.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_lsi_sas2.inf_31bf3856ad364e35_6.1.7600.16385_none_94aaac30f0f50f7c
19/2/2020 - 19:46:4.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_lsi_scsi.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8386a42365ed6c64
19/2/2020 - 19:46:4.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_lsi_scsi.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8386a42365ed6c64
19/2/2020 - 19:46:4.137Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:4.325Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:4.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_mcx2.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f3e3c47e3eda3789
19/2/2020 - 19:46:4.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mcx2.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f3e3c47e3eda3789
19/2/2020 - 19:46:4.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_mcx2.inf_31bf3856ad364e35_6.1.7600.16385_none_b9377d751c8089cc
19/2/2020 - 19:46:4.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mcx2.inf_31bf3856ad364e35_6.1.7600.16385_none_b9377d751c8089cc
19/2/2020 - 19:46:4.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmaiwa3.inf_31bf3856ad364e35_6.1.7600.16385_none_09c31aee77564011
19/2/2020 - 19:46:4.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmaiwa3.inf_31bf3856ad364e35_6.1.7600.16385_none_09c31aee77564011
19/2/2020 - 19:46:4.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmaiwa5.inf_31bf3856ad364e35_6.1.7600.16385_none_0ad53f58a992b8e3
19/2/2020 - 19:46:4.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmaiwa5.inf_31bf3856ad364e35_6.1.7600.16385_none_0ad53f58a992b8e3
19/2/2020 - 19:46:4.465Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:4.606Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:4.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmarch.inf_31bf3856ad364e35_6.1.7600.16385_none_5a4aa286326cef32
19/2/2020 - 19:46:4.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmarch.inf_31bf3856ad364e35_6.1.7600.16385_none_5a4aa286326cef32
19/2/2020 - 19:46:4.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmbr006.inf_31bf3856ad364e35_6.1.7600.16385_none_c218b25e6c778a2c
19/2/2020 - 19:46:4.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmbr006.inf_31bf3856ad364e35_6.1.7600.16385_none_c218b25e6c778a2c
19/2/2020 - 19:46:4.747Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:4.793Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:4.981Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:5.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmbr007.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1a0863134345a800
19/2/2020 - 19:46:5.28Read1480C:\malware.exeC:\Windows\winsxs\amd64_mdmbr007.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1a0863134345a800
19/2/2020 - 19:46:5.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmbr007.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1a0863134345a800
19/2/2020 - 19:46:5.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmbr007.inf_31bf3856ad364e35_6.1.7600.16385_none_c2a1c4938595c695
19/2/2020 - 19:46:5.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmbr007.inf_31bf3856ad364e35_6.1.7600.16385_none_c2a1c4938595c695
19/2/2020 - 19:46:5.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmc26a.inf_31bf3856ad364e35_6.1.7600.16385_none_2ca97652b619e316
19/2/2020 - 19:46:5.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmc26a.inf_31bf3856ad364e35_6.1.7600.16385_none_2ca97652b619e316
19/2/2020 - 19:46:5.168Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:5.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmcomp.inf_31bf3856ad364e35_6.1.7600.16385_none_aaac94866321a3b9
19/2/2020 - 19:46:5.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmcomp.inf_31bf3856ad364e35_6.1.7600.16385_none_aaac94866321a3b9
19/2/2020 - 19:46:5.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmcpq.inf_31bf3856ad364e35_6.1.7601.18247_none_d11d1800cb809992
19/2/2020 - 19:46:5.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmcpq.inf_31bf3856ad364e35_6.1.7601.18247_none_d11d1800cb809992
19/2/2020 - 19:46:5.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmcxhv6.inf_31bf3856ad364e35_6.1.7600.16385_none_064a4eb4ec0af80f
19/2/2020 - 19:46:5.309Read1480C:\malware.exeC:\Windows\winsxs\amd64_mdmcxhv6.inf_31bf3856ad364e35_6.1.7600.16385_none_064a4eb4ec0af80f
19/2/2020 - 19:46:5.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmcxhv6.inf_31bf3856ad364e35_6.1.7600.16385_none_064a4eb4ec0af80f
19/2/2020 - 19:46:5.356Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:5.497Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:5.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmeiger.inf_31bf3856ad364e35_6.1.7600.16385_none_7f0b94a29fdc42f0
19/2/2020 - 19:46:5.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmeiger.inf_31bf3856ad364e35_6.1.7600.16385_none_7f0b94a29fdc42f0
19/2/2020 - 19:46:5.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmfj2.inf_31bf3856ad364e35_6.1.7600.16385_none_b5c7033b92bd022e
19/2/2020 - 19:46:5.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmfj2.inf_31bf3856ad364e35_6.1.7600.16385_none_b5c7033b92bd022e
19/2/2020 - 19:46:5.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmgatew.inf_31bf3856ad364e35_6.1.7600.16385_none_e996a8c57d55e098
19/2/2020 - 19:46:5.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmgatew.inf_31bf3856ad364e35_6.1.7600.16385_none_e996a8c57d55e098
19/2/2020 - 19:46:5.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmgen.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_64c1888bee02e91d
19/2/2020 - 19:46:5.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmgen.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_64c1888bee02e91d
19/2/2020 - 19:46:5.684Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:5.825Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:5.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmgl010.inf_31bf3856ad364e35_6.1.7600.16385_none_f9997b85348f7f3e
19/2/2020 - 19:46:5.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmgl010.inf_31bf3856ad364e35_6.1.7600.16385_none_f9997b85348f7f3e
19/2/2020 - 19:46:5.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmhandy.inf_31bf3856ad364e35_6.1.7600.16385_none_1e79dade4d15a79c
19/2/2020 - 19:46:5.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmhandy.inf_31bf3856ad364e35_6.1.7600.16385_none_1e79dade4d15a79c
19/2/2020 - 19:46:5.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmhay2.inf_31bf3856ad364e35_6.1.7600.16385_none_13ebd70762da3f5e
19/2/2020 - 19:46:5.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmhay2.inf_31bf3856ad364e35_6.1.7600.16385_none_13ebd70762da3f5e
19/2/2020 - 19:46:5.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmhayes.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_046873a8b7a494af
19/2/2020 - 19:46:5.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmhayes.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_046873a8b7a494af
19/2/2020 - 19:46:5.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdminfot.inf_31bf3856ad364e35_6.1.7600.16385_none_404ae09612cbb5f6
19/2/2020 - 19:46:5.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdminfot.inf_31bf3856ad364e35_6.1.7600.16385_none_404ae09612cbb5f6
19/2/2020 - 19:46:5.965Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:6.122Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:6.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmlasno.inf_31bf3856ad364e35_6.1.7600.16385_none_dea8b5e2e5831811
19/2/2020 - 19:46:6.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmlasno.inf_31bf3856ad364e35_6.1.7600.16385_none_dea8b5e2e5831811
19/2/2020 - 19:46:6.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmmc288.inf_31bf3856ad364e35_6.1.7600.16385_none_4812c1d1f5383134
19/2/2020 - 19:46:6.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmmc288.inf_31bf3856ad364e35_6.1.7600.16385_none_4812c1d1f5383134
19/2/2020 - 19:46:6.325Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:6.372Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:6.512Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:6.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmmot64.inf_31bf3856ad364e35_6.1.7600.16385_none_e5bc62f58910b398
19/2/2020 - 19:46:6.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmmot64.inf_31bf3856ad364e35_6.1.7600.16385_none_e5bc62f58910b398
19/2/2020 - 19:46:6.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmmoto1.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6f6bd14a3e81d251
19/2/2020 - 19:46:6.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmmoto1.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6f6bd14a3e81d251
19/2/2020 - 19:46:6.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmmts.inf_31bf3856ad364e35_6.1.7600.16385_none_bee826439264ce7c
19/2/2020 - 19:46:6.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmmts.inf_31bf3856ad364e35_6.1.7600.16385_none_bee826439264ce7c
19/2/2020 - 19:46:6.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmnis2u.inf_31bf3856ad364e35_6.1.7600.16385_none_ed46e0a714e373a9
19/2/2020 - 19:46:6.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmnis2u.inf_31bf3856ad364e35_6.1.7600.16385_none_ed46e0a714e373a9
19/2/2020 - 19:46:6.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmnis5t.inf_31bf3856ad364e35_6.1.7600.16385_none_74fe4d4e5594d82d
19/2/2020 - 19:46:6.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmnis5t.inf_31bf3856ad364e35_6.1.7600.16385_none_74fe4d4e5594d82d
19/2/2020 - 19:46:6.653Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:6.793Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:6.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmntt1.inf_31bf3856ad364e35_6.1.7600.16385_none_c672ffa117dbb255
19/2/2020 - 19:46:6.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmntt1.inf_31bf3856ad364e35_6.1.7600.16385_none_c672ffa117dbb255
19/2/2020 - 19:46:6.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmnttd2.inf_31bf3856ad364e35_6.1.7600.16385_none_0f272be87f4643ca
19/2/2020 - 19:46:6.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmnttd2.inf_31bf3856ad364e35_6.1.7600.16385_none_0f272be87f4643ca
19/2/2020 - 19:46:6.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmnttp.inf_31bf3856ad364e35_6.1.7600.16385_none_f3bd67b475e3e5c6
19/2/2020 - 19:46:6.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmnttp.inf_31bf3856ad364e35_6.1.7600.16385_none_f3bd67b475e3e5c6
19/2/2020 - 19:46:6.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmpn1.inf_31bf3856ad364e35_6.1.7600.16385_none_bc4acdcb7ef2250b
19/2/2020 - 19:46:6.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmpn1.inf_31bf3856ad364e35_6.1.7600.16385_none_bc4acdcb7ef2250b
19/2/2020 - 19:46:6.981Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:7.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmracal.inf_31bf3856ad364e35_6.1.7600.16385_none_94654f616d035e4d
19/2/2020 - 19:46:7.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmracal.inf_31bf3856ad364e35_6.1.7600.16385_none_94654f616d035e4d
19/2/2020 - 19:46:7.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmsier.inf_31bf3856ad364e35_6.1.7600.16385_none_feb63cafc6f86b25
19/2/2020 - 19:46:7.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmsier.inf_31bf3856ad364e35_6.1.7600.16385_none_feb63cafc6f86b25
19/2/2020 - 19:46:7.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmsii64.inf_31bf3856ad364e35_6.1.7600.16385_none_24ad52dcc88bcf35
19/2/2020 - 19:46:7.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmsii64.inf_31bf3856ad364e35_6.1.7600.16385_none_24ad52dcc88bcf35
19/2/2020 - 19:46:7.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmsonyu.inf_31bf3856ad364e35_6.1.7600.16385_none_50730731913a42a2
19/2/2020 - 19:46:7.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmsonyu.inf_31bf3856ad364e35_6.1.7600.16385_none_50730731913a42a2
19/2/2020 - 19:46:7.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmtdk.inf_31bf3856ad364e35_6.1.7600.16385_none_189823581f4ffba3
19/2/2020 - 19:46:7.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmtdk.inf_31bf3856ad364e35_6.1.7600.16385_none_189823581f4ffba3
19/2/2020 - 19:46:7.122Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:7.262Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:7.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmtdkj7.inf_31bf3856ad364e35_6.1.7600.16385_none_0cd09f551c1e4fca
19/2/2020 - 19:46:7.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmtdkj7.inf_31bf3856ad364e35_6.1.7600.16385_none_0cd09f551c1e4fca
19/2/2020 - 19:46:7.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmusrf.inf_31bf3856ad364e35_6.1.7600.16385_none_c202376b9c50961e
19/2/2020 - 19:46:7.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmusrf.inf_31bf3856ad364e35_6.1.7600.16385_none_c202376b9c50961e
19/2/2020 - 19:46:7.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_mdmusrk1.inf_31bf3856ad364e35_6.1.7600.16385_none_48d5ea17c5a406fa
19/2/2020 - 19:46:7.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mdmusrk1.inf_31bf3856ad364e35_6.1.7600.16385_none_48d5ea17c5a406fa
19/2/2020 - 19:46:7.403Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:7.590Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:7.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_mediacenter-licensepolicies_31bf3856ad364e35_6.1.7600.16385_none_3bffd7434e668bfb
19/2/2020 - 19:46:7.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mediacenter-licensepolicies_31bf3856ad364e35_6.1.7600.16385_none_3bffd7434e668bfb
19/2/2020 - 19:46:7.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_megasas2.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6dd831e977351bf4
19/2/2020 - 19:46:7.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_megasas2.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6dd831e977351bf4
19/2/2020 - 19:46:7.731Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:7.778Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:7.918Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:7.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_mf.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1e62872b08699346
19/2/2020 - 19:46:7.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mf.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1e62872b08699346
19/2/2020 - 19:46:7.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-jsintl.resources_31bf3856ad364e35_6.3.9600.16428_en-us_890c3bca68e856fa
19/2/2020 - 19:46:7.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-jsintl.resources_31bf3856ad364e35_6.3.9600.16428_en-us_890c3bca68e856fa
19/2/2020 - 19:46:7.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..-provider.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5378650fc0d2a021
19/2/2020 - 19:46:7.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..-provider.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5378650fc0d2a021
19/2/2020 - 19:46:7.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..assistant.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6760d77aecca3d75
19/2/2020 - 19:46:7.965Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..assistant.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6760d77aecca3d75
19/2/2020 - 19:46:8.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..assistant.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6760d77aecca3d75
19/2/2020 - 19:46:8.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..atibility-assistant_31bf3856ad364e35_6.1.7600.16385_none_8fbb77bb3cd808d1
19/2/2020 - 19:46:8.12Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..atibility-assistant_31bf3856ad364e35_6.1.7600.16385_none_8fbb77bb3cd808d1
19/2/2020 - 19:46:8.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..atibility-assistant_31bf3856ad364e35_6.1.7600.16385_none_8fbb77bb3cd808d1
19/2/2020 - 19:46:8.153Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:8.247Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:8.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..bilitycpl.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c75d88df64dbc258
19/2/2020 - 19:46:8.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..bilitycpl.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c75d88df64dbc258
19/2/2020 - 19:46:8.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ce-useractionrecord_31bf3856ad364e35_6.1.7600.16385_none_8ee34c400d95f0ab
19/2/2020 - 19:46:8.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ce-useractionrecord_31bf3856ad364e35_6.1.7600.16385_none_8ee34c400d95f0ab
19/2/2020 - 19:46:8.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..dcredentialprovider_31bf3856ad364e35_6.1.7601.18276_none_9ff1aebad95bd823
19/2/2020 - 19:46:8.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..dcredentialprovider_31bf3856ad364e35_6.1.7601.18276_none_9ff1aebad95bd823
19/2/2020 - 19:46:8.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..dcredentialprovider_31bf3856ad364e35_6.1.7601.22472_none_a0774c43f27d0fb8
19/2/2020 - 19:46:8.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..dcredentialprovider_31bf3856ad364e35_6.1.7601.22472_none_a0774c43f27d0fb8
19/2/2020 - 19:46:8.387Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:8.528Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:8.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.1.7601.17514_none_3337092d63596104
19/2/2020 - 19:46:8.575Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.1.7601.17514_none_3337092d63596104
19/2/2020 - 19:46:8.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.1.7601.17514_none_3337092d63596104
19/2/2020 - 19:46:8.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.1.7601.22298_none_6a813e602245326f
19/2/2020 - 19:46:8.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.1.7601.22298_none_6a813e602245326f
19/2/2020 - 19:46:8.715Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:8.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.1.7601.22298_none_6a823eaa22444bc6
19/2/2020 - 19:46:8.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.1.7601.22298_none_6a823eaa22444bc6
19/2/2020 - 19:46:8.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..es-interface-router_31bf3856ad364e35_6.1.7600.16385_none_b3eaf84f983a33ee
19/2/2020 - 19:46:8.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..es-interface-router_31bf3856ad364e35_6.1.7600.16385_none_b3eaf84f983a33ee
19/2/2020 - 19:46:8.809Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:8.856Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:8.997Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:9.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_470d14244cd8c7e7
19/2/2020 - 19:46:9.90Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_470d14244cd8c7e7
19/2/2020 - 19:46:9.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_470d14244cd8c7e7
19/2/2020 - 19:46:9.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..iles-help.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ec0b349bd61d1d1e
19/2/2020 - 19:46:9.137Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..iles-help.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ec0b349bd61d1d1e
19/2/2020 - 19:46:9.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..iles-help.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ec0b349bd61d1d1e
19/2/2020 - 19:46:9.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ility-assistant-adm_31bf3856ad364e35_6.1.7600.16385_none_7b487ca06770a648
19/2/2020 - 19:46:9.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ility-assistant-adm_31bf3856ad364e35_6.1.7600.16385_none_7b487ca06770a648
19/2/2020 - 19:46:9.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ime-upgrade-results_31bf3856ad364e35_6.1.7601.17514_none_21de7e134213566a
19/2/2020 - 19:46:9.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ime-upgrade-results_31bf3856ad364e35_6.1.7601.17514_none_21de7e134213566a
19/2/2020 - 19:46:9.231Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:9.372Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:9.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..llservice.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_bb5f3a4d29964c6e
19/2/2020 - 19:46:9.465Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..llservice.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_bb5f3a4d29964c6e
19/2/2020 - 19:46:9.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..llservice.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_bb5f3a4d29964c6e
19/2/2020 - 19:46:9.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ltimateed.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_072ff2c0b1ac9217
19/2/2020 - 19:46:9.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..ltimateed.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_072ff2c0b1ac9217
19/2/2020 - 19:46:9.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..on-authui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e90dbf9a236e7f34
19/2/2020 - 19:46:9.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..on-authui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e90dbf9a236e7f34
19/2/2020 - 19:46:9.512Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:9.653Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:9.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..on-authui.resources_31bf3856ad364e35_6.1.7601.22472_pt-br_eb85757d39ad36e3
19/2/2020 - 19:46:9.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..on-authui.resources_31bf3856ad364e35_6.1.7601.22472_pt-br_eb85757d39ad36e3
19/2/2020 - 19:46:9.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..rience-program-data_31bf3856ad364e35_6.1.7601.17514_none_cf8e57a399a81456
19/2/2020 - 19:46:9.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..rience-program-data_31bf3856ad364e35_6.1.7601.17514_none_cf8e57a399a81456
19/2/2020 - 19:46:9.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..rvice-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_69dcbcc760cfa3a1
19/2/2020 - 19:46:9.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..rvice-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_69dcbcc760cfa3a1
19/2/2020 - 19:46:9.793Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:9.934Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:9.981Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:10.28Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:10.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..structure.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_457f2a2539b2e4aa
19/2/2020 - 19:46:10.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..structure.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_457f2a2539b2e4aa
19/2/2020 - 19:46:10.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..terface-ldapc-layer_31bf3856ad364e35_6.1.7600.16385_none_bb2765e0802e6023
19/2/2020 - 19:46:10.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-a..terface-ldapc-layer_31bf3856ad364e35_6.1.7600.16385_none_bb2765e0802e6023
19/2/2020 - 19:46:10.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-accessibilitycpl_31bf3856ad364e35_6.1.7601.17514_none_b783c6426a7b1abc
19/2/2020 - 19:46:10.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-accessibilitycpl_31bf3856ad364e35_6.1.7601.17514_none_b783c6426a7b1abc
19/2/2020 - 19:46:10.168Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:10.309Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:10.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-advapi32.resources_31bf3856ad364e35_6.1.7601.19135_pt-br_7836df7134380756
19/2/2020 - 19:46:10.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-advapi32.resources_31bf3856ad364e35_6.1.7601.19135_pt-br_7836df7134380756
19/2/2020 - 19:46:10.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.23338_none_41e621f2b64bbbc6
19/2/2020 - 19:46:10.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.23338_none_41e621f2b64bbbc6
19/2/2020 - 19:46:10.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.23392_none_419f40aeb681cb62
19/2/2020 - 19:46:10.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.23392_none_419f40aeb681cb62
19/2/2020 - 19:46:10.450Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:10.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-alg_31bf3856ad364e35_6.1.7600.16385_none_04de43c774cf8fe3
19/2/2020 - 19:46:10.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-alg_31bf3856ad364e35_6.1.7600.16385_none_04de43c774cf8fe3
19/2/2020 - 19:46:10.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-alttab.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_401b36bf6a550d49
19/2/2020 - 19:46:10.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-alttab.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_401b36bf6a550d49
19/2/2020 - 19:46:10.590Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:10.731Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:10.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22653_none_b5cf5bc3e205e61f
19/2/2020 - 19:46:10.825Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22653_none_b5cf5bc3e205e61f
19/2/2020 - 19:46:10.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22653_none_b5cf5bc3e205e61f\appidpolicyconverter.exe
19/2/2020 - 19:46:10.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22653_none_b5cf5bc3e205e61f\appidpolicyconverter.exeappidpolicyconverter.exe
19/2/2020 - 19:46:10.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22653_none_b5cf5bc3e205e61f\appidpolicyconverter.exe
19/2/2020 - 19:46:10.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22653_none_b5cf5bc3e205e61f\appidpolicyconverter.exe
19/2/2020 - 19:46:10.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22653_none_b5cf5bc3e205e61f\appidpolicyconverter.exe
19/2/2020 - 19:46:10.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22653_none_b5cf5bc3e205e61f
19/2/2020 - 19:46:10.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23136_none_b5e7dc33e1f32220
19/2/2020 - 19:46:10.918Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23136_none_b5e7dc33e1f32220
19/2/2020 - 19:46:10.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23136_none_b5e7dc33e1f32220\appidcertstorecheck.exe
19/2/2020 - 19:46:11.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23136_none_b5e7dc33e1f32220\appidcertstorecheck.exeappidcertstorecheck.exe
19/2/2020 - 19:46:11.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23136_none_b5e7dc33e1f32220\appidcertstorecheck.exe
19/2/2020 - 19:46:11.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23136_none_b5e7dc33e1f32220\appidcertstorecheck.exe
19/2/2020 - 19:46:11.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23136_none_b5e7dc33e1f32220\appidcertstorecheck.exe
19/2/2020 - 19:46:11.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23136_none_b5e7dc33e1f32220
19/2/2020 - 19:46:11.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-atbroker_31bf3856ad364e35_6.1.7600.16385_none_2b95a17838063e9b
19/2/2020 - 19:46:11.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-atbroker_31bf3856ad364e35_6.1.7600.16385_none_2b95a17838063e9b\AtBroker.exe
19/2/2020 - 19:46:11.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-atbroker_31bf3856ad364e35_6.1.7600.16385_none_2b95a17838063e9b\AtBroker.exe
19/2/2020 - 19:46:11.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-atbroker_31bf3856ad364e35_6.1.7600.16385_none_2b95a17838063e9b\AtBroker.exe
19/2/2020 - 19:46:11.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-atbroker_31bf3856ad364e35_6.1.7600.16385_none_2b95a17838063e9b\AtBroker.exe
19/2/2020 - 19:46:11.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-atbroker_31bf3856ad364e35_6.1.7600.16385_none_2b95a17838063e9b
19/2/2020 - 19:46:11.59Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:11.200Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:11.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-atl_31bf3856ad364e35_6.1.7600.16385_none_0715316d7363738e
19/2/2020 - 19:46:11.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-atl_31bf3856ad364e35_6.1.7600.16385_none_0715316d7363738e
19/2/2020 - 19:46:11.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-attachmentmanager-adm_31bf3856ad364e35_6.1.7600.16385_none_113e6afb9a41db74
19/2/2020 - 19:46:11.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-attachmentmanager-adm_31bf3856ad364e35_6.1.7600.16385_none_113e6afb9a41db74
19/2/2020 - 19:46:11.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.1.7601.17514_none_d4c5c995fb3f4a1b
19/2/2020 - 19:46:11.293Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.1.7601.17514_none_d4c5c995fb3f4a1b
19/2/2020 - 19:46:11.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.1.7601.17514_none_d4c5c995fb3f4a1b
19/2/2020 - 19:46:11.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.1.7601.18741_none_d4a245f7fb5a65d8
19/2/2020 - 19:46:11.340Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.1.7601.18741_none_d4a245f7fb5a65d8
19/2/2020 - 19:46:11.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.1.7601.18741_none_d4a245f7fb5a65d8
19/2/2020 - 19:46:11.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-audio-dmusic.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_33b4af3eaff6f247
19/2/2020 - 19:46:11.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-audio-dmusic.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_33b4af3eaff6f247
19/2/2020 - 19:46:11.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-audio-dsound.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b98b9477e3b42461
19/2/2020 - 19:46:11.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-audio-dsound.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b98b9477e3b42461
19/2/2020 - 19:46:11.434Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:11.481Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:11.622Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:11.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-authentication-authui_31bf3856ad364e35_6.1.7601.18276_none_69da87180c3668b8
19/2/2020 - 19:46:11.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-authentication-authui_31bf3856ad364e35_6.1.7601.18276_none_69da87180c3668b8
19/2/2020 - 19:46:11.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-authentication-logonui_31bf3856ad364e35_6.1.7601.17514_none_c3b917fd89d834f3
19/2/2020 - 19:46:11.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-authentication-logonui_31bf3856ad364e35_6.1.7601.17514_none_c3b917fd89d834f3
19/2/2020 - 19:46:11.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-authorizationmanagerui_31bf3856ad364e35_6.1.7601.17514_none_7ffffc0c16450377
19/2/2020 - 19:46:11.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-authorizationmanagerui_31bf3856ad364e35_6.1.7601.17514_none_7ffffc0c16450377
19/2/2020 - 19:46:11.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-autochkconfigurator_31bf3856ad364e35_6.1.7600.16385_none_74b76d3fa1757c6f
19/2/2020 - 19:46:11.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-autochkconfigurator_31bf3856ad364e35_6.1.7600.16385_none_74b76d3fa1757c6f
19/2/2020 - 19:46:11.762Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:11.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30
19/2/2020 - 19:46:11.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30
19/2/2020 - 19:46:11.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-autofmt.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e5cf35a6b53a8657
19/2/2020 - 19:46:11.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-autofmt.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e5cf35a6b53a8657
19/2/2020 - 19:46:11.934Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:12.75Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:12.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..core-fonts-jpn-boot_31bf3856ad364e35_6.1.7600.16385_none_e5111c134362b45f
19/2/2020 - 19:46:12.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..core-fonts-jpn-boot_31bf3856ad364e35_6.1.7600.16385_none_e5111c134362b45f
19/2/2020 - 19:46:12.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..dlinetool.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7e9eebb5feb4e62b
19/2/2020 - 19:46:12.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..dlinetool.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7e9eebb5feb4e62b
19/2/2020 - 19:46:12.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..dlinetool.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_e1f138abd202750e
19/2/2020 - 19:46:12.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..dlinetool.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_e1f138abd202750e
19/2/2020 - 19:46:12.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-strings_31bf3856ad364e35_6.1.7600.16385_none_54770154269f6123
19/2/2020 - 19:46:12.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-strings_31bf3856ad364e35_6.1.7600.16385_none_54770154269f6123
19/2/2020 - 19:46:12.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.17514_none_c75e9c99a36a285a
19/2/2020 - 19:46:12.168Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.17514_none_c75e9c99a36a285a
19/2/2020 - 19:46:12.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.17514_none_c75e9c99a36a285a\winload.exe
19/2/2020 - 19:46:12.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.17514_none_c75e9c99a36a285a\winload.exe
19/2/2020 - 19:46:12.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.17514_none_c75e9c99a36a285a\winload.exe
19/2/2020 - 19:46:12.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.17514_none_c75e9c99a36a285a\winload.exe
19/2/2020 - 19:46:12.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.17514_none_c75e9c99a36a285a\winresume.exe
19/2/2020 - 19:46:12.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.17514_none_c75e9c99a36a285a\winresume.exewinresume.exe
19/2/2020 - 19:46:12.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.17514_none_c75e9c99a36a285a\winresume.exe
19/2/2020 - 19:46:12.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.17514_none_c75e9c99a36a285a\winresume.exe
19/2/2020 - 19:46:12.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.17514_none_c75e9c99a36a285a\winresume.exe
19/2/2020 - 19:46:12.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.17514_none_c75e9c99a36a285a
19/2/2020 - 19:46:12.356Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:12.450Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:12.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.23126_none_c7df32febc8e5842
19/2/2020 - 19:46:12.543Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.23126_none_c7df32febc8e5842
19/2/2020 - 19:46:12.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.23126_none_c7df32febc8e5842
19/2/2020 - 19:46:12.637Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:12.684Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:12.825Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:12.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..ironment-dvd-efisys_31bf3856ad364e35_6.1.7601.17514_none_c0c6eceaf97c4827
19/2/2020 - 19:46:12.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..ironment-dvd-efisys_31bf3856ad364e35_6.1.7601.17514_none_c0c6eceaf97c4827
19/2/2020 - 19:46:12.965Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:13.59Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:13.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_hu-hu_c4c039aed9f6cc39
19/2/2020 - 19:46:13.153Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_hu-hu_c4c039aed9f6cc39
19/2/2020 - 19:46:13.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_hu-hu_c4c039aed9f6cc39
19/2/2020 - 19:46:13.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_nb-no_95998ca48a79e748
19/2/2020 - 19:46:13.200Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_nb-no_95998ca48a79e748
19/2/2020 - 19:46:13.247Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_nb-no_95998ca48a79e748
19/2/2020 - 19:46:13.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_23edfe3853a2f0bd
19/2/2020 - 19:46:13.247Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_23edfe3853a2f0bd
19/2/2020 - 19:46:13.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_23edfe3853a2f0bd
19/2/2020 - 19:46:13.340Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:13.481Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:13.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_zh-tw_3e4f8e47e730ab98
19/2/2020 - 19:46:13.528Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_zh-tw_3e4f8e47e730ab98
19/2/2020 - 19:46:13.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_zh-tw_3e4f8e47e730ab98
19/2/2020 - 19:46:13.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d429e2316a68dab9
19/2/2020 - 19:46:13.575Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d429e2316a68dab9
19/2/2020 - 19:46:13.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d429e2316a68dab9
19/2/2020 - 19:46:13.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22923_pt-br_d6d8b178807e11cd
19/2/2020 - 19:46:13.622Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22923_pt-br_d6d8b178807e11cd
19/2/2020 - 19:46:13.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22923_pt-br_d6d8b178807e11cd
19/2/2020 - 19:46:13.762Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:13.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23136_pt-br_d6d0bc728083aa2c
19/2/2020 - 19:46:13.856Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23136_pt-br_d6d0bc728083aa2c
19/2/2020 - 19:46:13.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23136_pt-br_d6d0bc728083aa2c
19/2/2020 - 19:46:13.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23418_pt-br_d6e8629080719c6d
19/2/2020 - 19:46:13.903Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23418_pt-br_d6e8629080719c6d
19/2/2020 - 19:46:13.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23418_pt-br_d6e8629080719c6d
19/2/2020 - 19:46:13.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9e00bd6d95900029
19/2/2020 - 19:46:13.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9e00bd6d95900029
19/2/2020 - 19:46:13.950Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:13.997Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:14.137Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:14.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..t-windows.resources_31bf3856ad364e35_6.1.7601.23418_pt-br_7ccca13ecc971050
19/2/2020 - 19:46:14.231Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..t-windows.resources_31bf3856ad364e35_6.1.7601.23418_pt-br_7ccca13ecc971050
19/2/2020 - 19:46:14.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..t-windows.resources_31bf3856ad364e35_6.1.7601.23418_pt-br_7ccca13ecc971050
19/2/2020 - 19:46:14.325Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:14.465Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:14.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_b9293c0383618646
19/2/2020 - 19:46:14.559Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_b9293c0383618646
19/2/2020 - 19:46:14.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_b9293c0383618646
19/2/2020 - 19:46:14.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23126_none_b9cd56069c6a9a71
19/2/2020 - 19:46:14.606Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23126_none_b9cd56069c6a9a71
19/2/2020 - 19:46:14.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23126_none_b9cd56069c6a9a71\winload.exe
19/2/2020 - 19:46:14.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23126_none_b9cd56069c6a9a71\winload.exe
19/2/2020 - 19:46:14.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23126_none_b9cd56069c6a9a71\winload.exe
19/2/2020 - 19:46:14.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23126_none_b9cd56069c6a9a71\winload.exe
19/2/2020 - 19:46:14.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23126_none_b9cd56069c6a9a71
19/2/2020 - 19:46:14.653Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:14.793Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:14.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23392_none_b97da9369ca6f2fa
19/2/2020 - 19:46:14.887Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23392_none_b97da9369ca6f2fa
19/2/2020 - 19:46:14.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23392_none_b97da9369ca6f2fa
19/2/2020 - 19:46:14.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-basesrv_31bf3856ad364e35_6.1.7600.16385_none_68bfdc7cfd6bd477
19/2/2020 - 19:46:14.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-basesrv_31bf3856ad364e35_6.1.7600.16385_none_68bfdc7cfd6bd477
19/2/2020 - 19:46:14.981Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:15.122Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:15.168Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:15.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bcrypt-primitives-dll_31bf3856ad364e35_6.1.7601.23392_none_70886869470a5f8e
19/2/2020 - 19:46:15.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bcrypt-primitives-dll_31bf3856ad364e35_6.1.7601.23392_none_70886869470a5f8e
19/2/2020 - 19:46:15.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-biometrics-adm_31bf3856ad364e35_6.1.7600.16385_none_0d91f148b856f7cf
19/2/2020 - 19:46:15.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-biometrics-adm_31bf3856ad364e35_6.1.7600.16385_none_0d91f148b856f7cf
19/2/2020 - 19:46:15.309Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:15.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bits-client.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_efbcc5daf0e8bb57
19/2/2020 - 19:46:15.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bits-client.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_efbcc5daf0e8bb57
19/2/2020 - 19:46:15.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd
19/2/2020 - 19:46:15.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd
19/2/2020 - 19:46:15.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bits-proxy2_31bf3856ad364e35_6.1.7600.16385_none_0c56be7522fa37d4
19/2/2020 - 19:46:15.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bits-proxy2_31bf3856ad364e35_6.1.7600.16385_none_0c56be7522fa37d4
19/2/2020 - 19:46:15.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-blb-cli-main.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_52558dca173e348a
19/2/2020 - 19:46:15.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-blb-cli-main.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_52558dca173e348a
19/2/2020 - 19:46:15.450Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:15.590Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:15.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-blb-engine-main_31bf3856ad364e35_6.1.7601.17514_none_4207fb67165f731a
19/2/2020 - 19:46:15.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-blb-engine-main_31bf3856ad364e35_6.1.7601.17514_none_4207fb67165f731a
19/2/2020 - 19:46:15.731Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:15.872Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:15.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-browserservice-netapi_31bf3856ad364e35_6.1.7601.17887_none_8b6ac064ae90620d
19/2/2020 - 19:46:15.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-browserservice-netapi_31bf3856ad364e35_6.1.7601.17887_none_8b6ac064ae90620d
19/2/2020 - 19:46:15.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17514_none_d70f2c28b49dffae
19/2/2020 - 19:46:15.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17514_none_d70f2c28b49dffae
19/2/2020 - 19:46:15.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.22044_none_d7783703cdd41e02
19/2/2020 - 19:46:15.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.22044_none_d7783703cdd41e02
19/2/2020 - 19:46:16.12Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:16.153Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:16.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bubbles_31bf3856ad364e35_6.1.7601.17514_none_cca44baae0912bbe
19/2/2020 - 19:46:16.247Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-bubbles_31bf3856ad364e35_6.1.7601.17514_none_cca44baae0912bbe
19/2/2020 - 19:46:16.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..ent-indexing-common_31bf3856ad364e35_6.1.7601.17514_none_64da1339edafdc37
19/2/2020 - 19:46:16.247Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..ent-indexing-common_31bf3856ad364e35_6.1.7601.17514_none_64da1339edafdc37
19/2/2020 - 19:46:16.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..ent-xpsgdiconverter_31bf3856ad364e35_6.1.7601.17514_none_71127af901f051ca
19/2/2020 - 19:46:16.247Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..ent-xpsgdiconverter_31bf3856ad364e35_6.1.7601.17514_none_71127af901f051ca
19/2/2020 - 19:46:16.293Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:16.340Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:16.481Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:16.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..entsnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d4d5367b7583b450
19/2/2020 - 19:46:16.528Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..entsnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d4d5367b7583b450
19/2/2020 - 19:46:16.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..erecovery.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_27abb08980aaf78c
19/2/2020 - 19:46:16.528Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..erecovery.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_27abb08980aaf78c
19/2/2020 - 19:46:16.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..erecovery.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_27abb08980aaf78c
19/2/2020 - 19:46:16.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..gement-perfcounters_31bf3856ad364e35_6.1.7600.16385_none_814c249ec2a32783
19/2/2020 - 19:46:16.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..gement-perfcounters_31bf3856ad364e35_6.1.7600.16385_none_814c249ec2a32783
19/2/2020 - 19:46:16.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..helibrary.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0191a269c3abb9ed
19/2/2020 - 19:46:16.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..helibrary.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0191a269c3abb9ed
19/2/2020 - 19:46:16.622Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:16.762Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:16.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..integrity.resources_31bf3856ad364e35_6.1.7601.22923_en-us_57d8418f7d20c468
19/2/2020 - 19:46:16.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..integrity.resources_31bf3856ad364e35_6.1.7601.22923_en-us_57d8418f7d20c468
19/2/2020 - 19:46:16.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..integrity.resources_31bf3856ad364e35_6.1.7601.22948_en-us_57c7a3297d2c7afd
19/2/2020 - 19:46:16.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..integrity.resources_31bf3856ad364e35_6.1.7601.22948_en-us_57c7a3297d2c7afd
19/2/2020 - 19:46:16.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..integrity.resources_31bf3856ad364e35_6.1.7601.23338_en-us_57d250e97d2489c3
19/2/2020 - 19:46:16.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..integrity.resources_31bf3856ad364e35_6.1.7601.23338_en-us_57d250e97d2489c3
19/2/2020 - 19:46:16.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..ityclient.resources_31bf3856ad364e35_6.1.7601.22653_pt-br_c4ded8e73c6750eb
19/2/2020 - 19:46:16.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..ityclient.resources_31bf3856ad364e35_6.1.7601.22653_pt-br_c4ded8e73c6750eb
19/2/2020 - 19:46:16.903Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:17.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..ityclient.resources_31bf3856ad364e35_6.1.7601.22814_pt-br_c50b1cad3c45f4cc
19/2/2020 - 19:46:17.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..ityclient.resources_31bf3856ad364e35_6.1.7601.22814_pt-br_c50b1cad3c45f4cc
19/2/2020 - 19:46:17.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..ityclient.resources_31bf3856ad364e35_6.1.7601.22923_pt-br_c4ff4e5d3c4ef48d
19/2/2020 - 19:46:17.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..ityclient.resources_31bf3856ad364e35_6.1.7601.22923_pt-br_c4ff4e5d3c4ef48d
19/2/2020 - 19:46:17.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..ityclient.resources_31bf3856ad364e35_6.1.7601.23017_pt-br_c50df7933c43713a
19/2/2020 - 19:46:17.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..ityclient.resources_31bf3856ad364e35_6.1.7601.23017_pt-br_c50df7933c43713a
19/2/2020 - 19:46:17.75Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:17.168Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:17.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..lus-setup.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f828316ceeb0b308
19/2/2020 - 19:46:17.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..lus-setup.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f828316ceeb0b308
19/2/2020 - 19:46:17.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..mplus-admin-comrepl_31bf3856ad364e35_6.1.7600.16385_none_45fe6fe8a9201e55
19/2/2020 - 19:46:17.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..mplus-admin-comrepl_31bf3856ad364e35_6.1.7600.16385_none_45fe6fe8a9201e55
19/2/2020 - 19:46:17.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..n-comrepl.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d7feab5360b1ba43
19/2/2020 - 19:46:17.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..n-comrepl.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d7feab5360b1ba43
19/2/2020 - 19:46:17.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..nable-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d6c8933b9a9cb632
19/2/2020 - 19:46:17.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..nable-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d6c8933b9a9cb632
19/2/2020 - 19:46:17.309Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:17.356Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:17.497Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:17.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..plus-setup-migregdb_31bf3856ad364e35_6.1.7600.16385_none_8945930a7d61b9f0
19/2/2020 - 19:46:17.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..plus-setup-migregdb_31bf3856ad364e35_6.1.7600.16385_none_8945930a7d61b9f0
19/2/2020 - 19:46:17.637Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:17.731Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:17.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..rolpaneldisplay-adm_31bf3856ad364e35_6.1.7600.16385_none_c5fb78c4c8ecc851
19/2/2020 - 19:46:17.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..rolpaneldisplay-adm_31bf3856ad364e35_6.1.7600.16385_none_c5fb78c4c8ecc851
19/2/2020 - 19:46:17.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..splay-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f9f432e1944d7b4d
19/2/2020 - 19:46:17.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..splay-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f9f432e1944d7b4d
19/2/2020 - 19:46:17.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..tionauthorityclient_31bf3856ad364e35_6.1.7601.18833_none_358d09b353584208
19/2/2020 - 19:46:17.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..tionauthorityclient_31bf3856ad364e35_6.1.7601.18833_none_358d09b353584208
19/2/2020 - 19:46:17.872Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:18.12Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:18.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..tionauthorityclient_31bf3856ad364e35_6.1.7601.22865_none_35f835686c8c6b2c
19/2/2020 - 19:46:18.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..tionauthorityclient_31bf3856ad364e35_6.1.7601.22865_none_35f835686c8c6b2c
19/2/2020 - 19:46:18.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..tionauthorityclient_31bf3856ad364e35_6.1.7601.23154_none_3601e0f86c856374
19/2/2020 - 19:46:18.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..tionauthorityclient_31bf3856ad364e35_6.1.7601.23154_none_3601e0f86c856374
19/2/2020 - 19:46:18.153Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:18.293Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:18.340Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:18.387Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:18.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..us-dtc-vistasp1.res_31bf3856ad364e35_6.1.7600.16385_none_6e3b85a81ba17d68
19/2/2020 - 19:46:18.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-c..us-dtc-vistasp1.res_31bf3856ad364e35_6.1.7600.16385_none_6e3b85a81ba17d68
19/2/2020 - 19:46:18.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cabinet_31bf3856ad364e35_6.1.7601.17514_none_9565568bf88b3e87
19/2/2020 - 19:46:18.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cabinet_31bf3856ad364e35_6.1.7601.17514_none_9565568bf88b3e87
19/2/2020 - 19:46:18.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cabview.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3ea01504597da81e
19/2/2020 - 19:46:18.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cabview.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3ea01504597da81e
19/2/2020 - 19:46:18.528Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:18.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_ar-sa_29d12cdb138d0965
19/2/2020 - 19:46:18.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_ar-sa_29d12cdb138d0965
19/2/2020 - 19:46:18.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_de-de_157ffa61e9b18780
19/2/2020 - 19:46:18.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_de-de_157ffa61e9b18780
19/2/2020 - 19:46:18.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_el-gr_be1627f4d8c6f00e
19/2/2020 - 19:46:18.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_el-gr_be1627f4d8c6f00e
19/2/2020 - 19:46:18.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_fi-fi_5d5731ebcdd07714
19/2/2020 - 19:46:18.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_fi-fi_5d5731ebcdd07714
19/2/2020 - 19:46:18.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_it-it_4b1b9984a2ba80ca
19/2/2020 - 19:46:18.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_it-it_4b1b9984a2ba80ca
19/2/2020 - 19:46:18.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_ko-kr_90aaf546884659bb
19/2/2020 - 19:46:18.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_ko-kr_90aaf546884659bb
19/2/2020 - 19:46:18.668Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:18.809Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:18.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_pl-pl_bdb91c3b46b9fd00
19/2/2020 - 19:46:18.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_pl-pl_bdb91c3b46b9fd00
19/2/2020 - 19:46:18.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_pt-pt_c0eed64b44b300c0
19/2/2020 - 19:46:18.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_pt-pt_c0eed64b44b300c0
19/2/2020 - 19:46:18.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ceipenable-adm_31bf3856ad364e35_6.1.7600.16385_none_206737a0e379f0ac
19/2/2020 - 19:46:18.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ceipenable-adm_31bf3856ad364e35_6.1.7600.16385_none_206737a0e379f0ac
19/2/2020 - 19:46:18.950Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:19.90Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:19.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-certcredprovider-dll_31bf3856ad364e35_6.1.7600.16385_none_07021efb6916d79d
19/2/2020 - 19:46:19.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-certcredprovider-dll_31bf3856ad364e35_6.1.7600.16385_none_07021efb6916d79d
19/2/2020 - 19:46:19.231Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:19.372Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:19.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-chkwudrv.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_29b77501c0923e65
19/2/2020 - 19:46:19.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-chkwudrv.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_29b77501c0923e65
19/2/2020 - 19:46:19.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-choice_31bf3856ad364e35_6.1.7601.17514_none_218cf07ba262766c
19/2/2020 - 19:46:19.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-choice_31bf3856ad364e35_6.1.7601.17514_none_218cf07ba262766c
19/2/2020 - 19:46:19.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cipher.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_fda40a857820d3b8
19/2/2020 - 19:46:19.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cipher.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_fda40a857820d3b8
19/2/2020 - 19:46:19.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ciphersuiteorder-adm_31bf3856ad364e35_6.1.7600.16385_none_5094a717453be501
19/2/2020 - 19:46:19.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ciphersuiteorder-adm_31bf3856ad364e35_6.1.7600.16385_none_5094a717453be501
19/2/2020 - 19:46:19.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ciphersuiteorder-adm_31bf3856ad364e35_6.1.7601.22814_none_534f44ae5b481c54
19/2/2020 - 19:46:19.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ciphersuiteorder-adm_31bf3856ad364e35_6.1.7601.22814_none_534f44ae5b481c54
19/2/2020 - 19:46:19.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cipher_31bf3856ad364e35_6.1.7600.16385_none_090b7101bec9a9e2
19/2/2020 - 19:46:19.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cipher_31bf3856ad364e35_6.1.7600.16385_none_090b7101bec9a9e2
19/2/2020 - 19:46:19.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-class_ss_31bf3856ad364e35_6.1.7600.16385_none_7390d7acc46c92ae
19/2/2020 - 19:46:19.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-class_ss_31bf3856ad364e35_6.1.7600.16385_none_7390d7acc46c92ae
19/2/2020 - 19:46:19.512Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:19.559Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:19.700Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:19.840Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:19.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-codeintegrity_31bf3856ad364e35_6.1.7601.23136_none_ff13bd26348bba60
19/2/2020 - 19:46:19.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-codeintegrity_31bf3856ad364e35_6.1.7601.23136_none_ff13bd26348bba60
19/2/2020 - 19:46:19.981Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:20.122Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:20.262Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:20.356Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:20.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-dtc-setup_31bf3856ad364e35_6.1.7600.16385_none_e9c098a4c7abd558
19/2/2020 - 19:46:20.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-dtc-setup_31bf3856ad364e35_6.1.7600.16385_none_e9c098a4c7abd558
19/2/2020 - 19:46:20.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-dtc-tracing_31bf3856ad364e35_6.1.7600.16385_none_73d43c6a0c805ae7
19/2/2020 - 19:46:20.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-com-dtc-tracing_31bf3856ad364e35_6.1.7600.16385_none_73d43c6a0c805ae7
19/2/2020 - 19:46:20.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_el-gr_be640d0cafcb6896
19/2/2020 - 19:46:20.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_el-gr_be640d0cafcb6896
19/2/2020 - 19:46:20.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_et-ee_b849dde6b3c0da01
19/2/2020 - 19:46:20.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_et-ee_b849dde6b3c0da01
19/2/2020 - 19:46:20.497Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:20.637Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:20.684Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:20.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_hr-hr_a77de2d787af8188
19/2/2020 - 19:46:20.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_hr-hr_a77de2d787af8188
19/2/2020 - 19:46:20.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_hu-hu_a8b2089d86ece2f0
19/2/2020 - 19:46:20.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_hu-hu_a8b2089d86ece2f0
19/2/2020 - 19:46:20.825Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:20.918Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:20.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_07dfcd2700990774
19/2/2020 - 19:46:20.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_07dfcd2700990774
19/2/2020 - 19:46:20.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_a6fad1d3f5b2f99e
19/2/2020 - 19:46:20.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_a6fad1d3f5b2f99e
19/2/2020 - 19:46:20.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_a3dab79bf7c211cf
19/2/2020 - 19:46:20.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_a3dab79bf7c211cf
19/2/2020 - 19:46:21.59Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:21.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_ar-sa_b47c902ac18ae93d
19/2/2020 - 19:46:21.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_ar-sa_b47c902ac18ae93d
19/2/2020 - 19:46:21.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_da-dk_a2ffc87595d912be
19/2/2020 - 19:46:21.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_da-dk_a2ffc87595d912be
19/2/2020 - 19:46:21.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_et-ee_42a75c1e8aba4151
19/2/2020 - 19:46:21.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_et-ee_42a75c1e8aba4151
19/2/2020 - 19:46:21.200Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:21.340Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:21.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_ru-ru_923d4b5ed7926ec4
19/2/2020 - 19:46:21.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_ru-ru_923d4b5ed7926ec4
19/2/2020 - 19:46:21.481Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:21.622Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:21.668Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:21.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_sv-se_2e3835d3cebb791f
19/2/2020 - 19:46:21.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_sv-se_2e3835d3cebb791f
19/2/2020 - 19:46:21.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_uk-ua_732562c1b4a8a15c
19/2/2020 - 19:46:21.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_uk-ua_732562c1b4a8a15c
19/2/2020 - 19:46:21.809Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:21.997Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:22.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-commonlog_31bf3856ad364e35_6.1.7600.16385_none_da778c54413d0c9c
19/2/2020 - 19:46:22.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-commonlog_31bf3856ad364e35_6.1.7600.16385_none_da778c54413d0c9c
19/2/2020 - 19:46:22.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-computer-name-ui_31bf3856ad364e35_6.1.7601.17514_none_6c2d2cfe0522b8a3
19/2/2020 - 19:46:22.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-computer-name-ui_31bf3856ad364e35_6.1.7601.17514_none_6c2d2cfe0522b8a3
19/2/2020 - 19:46:22.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17514_none_d281ccc018b94ff4
19/2/2020 - 19:46:22.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17514_none_d281ccc018b94ff4
19/2/2020 - 19:46:22.137Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:22.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.18933_none_d26b1d6e18ca7cbc
19/2/2020 - 19:46:22.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.18933_none_d26b1d6e18ca7cbc
19/2/2020 - 19:46:22.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.23338_none_d2f9979931e3c8c9
19/2/2020 - 19:46:22.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.23338_none_d2f9979931e3c8c9\conhost.exe
19/2/2020 - 19:46:22.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.23338_none_d2f9979931e3c8c9\conhost.exe
19/2/2020 - 19:46:22.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.23338_none_d2f9979931e3c8c9\conhost.exe
19/2/2020 - 19:46:22.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.23338_none_d2f9979931e3c8c9\conhost.exe
19/2/2020 - 19:46:22.325Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.23338_none_d2f9979931e3c8c9
19/2/2020 - 19:46:22.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.23392_none_d2b2b6553219d865
19/2/2020 - 19:46:22.325Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.23392_none_d2b2b6553219d865
19/2/2020 - 19:46:22.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-console_31bf3856ad364e35_6.1.7600.16385_none_f24e4c08c628068a
19/2/2020 - 19:46:22.325Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-console_31bf3856ad364e35_6.1.7600.16385_none_f24e4c08c628068a
19/2/2020 - 19:46:22.325Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:22.465Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:22.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-content-filter-rtf_31bf3856ad364e35_7.0.7600.16385_none_dc1c5135f1c8fa0a
19/2/2020 - 19:46:22.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-content-filter-rtf_31bf3856ad364e35_7.0.7600.16385_none_dc1c5135f1c8fa0a
19/2/2020 - 19:46:22.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-controlpanel-adm_31bf3856ad364e35_6.1.7600.16385_none_8f8fc7e8eeb22885
19/2/2020 - 19:46:22.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-controlpanel-adm_31bf3856ad364e35_6.1.7600.16385_none_8f8fc7e8eeb22885
19/2/2020 - 19:46:22.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.17514_none_83784bb654f0d178
19/2/2020 - 19:46:22.559Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.17514_none_83784bb654f0d178
19/2/2020 - 19:46:22.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.17514_none_83784bb654f0d178
19/2/2020 - 19:46:22.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.22484_none_83b61e796e47542c
19/2/2020 - 19:46:22.606Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.22484_none_83b61e796e47542c
19/2/2020 - 19:46:22.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.22484_none_83b61e796e47542c
19/2/2020 - 19:46:22.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.1.7601.21733_none_d59aaf345cba3ec2
19/2/2020 - 19:46:22.653Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.1.7601.21733_none_d59aaf345cba3ec2
19/2/2020 - 19:46:22.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.1.7601.21733_none_d59aaf345cba3ec2
19/2/2020 - 19:46:22.747Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:22.887Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:22.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cpfilters_31bf3856ad364e35_6.1.7601.19135_none_957c2241f4dd69aa
19/2/2020 - 19:46:22.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cpfilters_31bf3856ad364e35_6.1.7601.19135_none_957c2241f4dd69aa
19/2/2020 - 19:46:22.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cpfilters_31bf3856ad364e35_6.1.7601.21626_none_9611c46b0df1c834
19/2/2020 - 19:46:22.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cpfilters_31bf3856ad364e35_6.1.7601.21626_none_9611c46b0df1c834
19/2/2020 - 19:46:22.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-crashdump_31bf3856ad364e35_6.1.7600.16385_none_01824f663087096a
19/2/2020 - 19:46:22.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-crashdump_31bf3856ad364e35_6.1.7600.16385_none_01824f663087096a
19/2/2020 - 19:46:22.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-credssp-adm.resources_31bf3856ad364e35_6.1.7601.18496_pt-br_9757a48824dfe574
19/2/2020 - 19:46:22.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-credssp-adm.resources_31bf3856ad364e35_6.1.7601.18496_pt-br_9757a48824dfe574
19/2/2020 - 19:46:22.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-credssp-adm_31bf3856ad364e35_6.1.7600.16385_none_34d919c97529dfe0
19/2/2020 - 19:46:22.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-credssp-adm_31bf3856ad364e35_6.1.7600.16385_none_34d919c97529dfe0
19/2/2020 - 19:46:23.28Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:23.75Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:23.215Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:23.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-credssp-adm_31bf3856ad364e35_6.1.7601.22712_none_3791b4e68b37e75e
19/2/2020 - 19:46:23.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-credssp-adm_31bf3856ad364e35_6.1.7601.22712_none_3791b4e68b37e75e
19/2/2020 - 19:46:23.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-credui_31bf3856ad364e35_6.1.7601.17514_none_395d5230a58cfe49
19/2/2020 - 19:46:23.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-credui_31bf3856ad364e35_6.1.7601.17514_none_395d5230a58cfe49
19/2/2020 - 19:46:23.356Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:23.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-crypt32-dll.resources_31bf3856ad364e35_6.1.7601.22948_pt-br_2e56369b56cc668e
19/2/2020 - 19:46:23.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-crypt32-dll.resources_31bf3856ad364e35_6.1.7601.22948_pt-br_2e56369b56cc668e
19/2/2020 - 19:46:23.497Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:23.637Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:23.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptdll-dll_31bf3856ad364e35_6.1.7600.16385_none_6193778dc77677cc
19/2/2020 - 19:46:23.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptdll-dll_31bf3856ad364e35_6.1.7600.16385_none_6193778dc77677cc
19/2/2020 - 19:46:23.778Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:23.918Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:24.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptext-dll_31bf3856ad364e35_6.1.7600.16385_none_5b87b4622f6a278f
19/2/2020 - 19:46:24.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptext-dll_31bf3856ad364e35_6.1.7600.16385_none_5b87b4622f6a278f
19/2/2020 - 19:46:24.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptnet-dll_31bf3856ad364e35_6.1.7601.18151_none_7510e79b12988c49
19/2/2020 - 19:46:24.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptnet-dll_31bf3856ad364e35_6.1.7601.18151_none_7510e79b12988c49
19/2/2020 - 19:46:24.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptnet-dll_31bf3856ad364e35_6.1.7601.22322_none_75bbf65a2b9ceebe
19/2/2020 - 19:46:24.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptnet-dll_31bf3856ad364e35_6.1.7601.22322_none_75bbf65a2b9ceebe
19/2/2020 - 19:46:24.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptnet-dll_31bf3856ad364e35_6.1.7601.22948_none_75ac63a22ba7ad94
19/2/2020 - 19:46:24.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptnet-dll_31bf3856ad364e35_6.1.7601.22948_none_75ac63a22ba7ad94
19/2/2020 - 19:46:24.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptsp-dll_31bf3856ad364e35_6.1.7600.16385_none_85525fb4207d890f
19/2/2020 - 19:46:24.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptsp-dll_31bf3856ad364e35_6.1.7600.16385_none_85525fb4207d890f
19/2/2020 - 19:46:24.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptsp-dll_31bf3856ad364e35_6.1.7601.22948_none_87f09095369e76b8
19/2/2020 - 19:46:24.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptsp-dll_31bf3856ad364e35_6.1.7601.22948_none_87f09095369e76b8
19/2/2020 - 19:46:24.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a
19/2/2020 - 19:46:24.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a
19/2/2020 - 19:46:24.59Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:24.200Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:24.247Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:24.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_d3f63f9bb1930797
19/2/2020 - 19:46:24.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_d3f63f9bb1930797
19/2/2020 - 19:46:24.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptui-dll.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_63246a2a21acd0da
19/2/2020 - 19:46:24.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptui-dll.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_63246a2a21acd0da
19/2/2020 - 19:46:24.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptxml_31bf3856ad364e35_6.1.7600.16385_none_aaf66179c3a24222
19/2/2020 - 19:46:24.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-cryptxml_31bf3856ad364e35_6.1.7600.16385_none_aaf66179c3a24222
19/2/2020 - 19:46:24.387Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:24.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7601.18923_none_27a15d0ebc063ce1
19/2/2020 - 19:46:24.528Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7601.18923_none_27a15d0ebc063ce1
19/2/2020 - 19:46:24.528Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:24.668Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:24.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..-katakanadictionary_31bf3856ad364e35_6.1.7600.16385_none_681f2f5f67c1f073
19/2/2020 - 19:46:24.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..-katakanadictionary_31bf3856ad364e35_6.1.7600.16385_none_681f2f5f67c1f073
19/2/2020 - 19:46:24.809Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:24.950Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:25.90Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:25.184Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:25.231Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:25.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..ctshow-dv.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_75d6cf4f371e158a
19/2/2020 - 19:46:25.325Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..ctshow-dv.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_75d6cf4f371e158a
19/2/2020 - 19:46:25.372Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:25.512Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:25.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2e6edd0f17a04dc5
19/2/2020 - 19:46:25.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2e6edd0f17a04dc5
19/2/2020 - 19:46:25.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_en-us_201bcb86330412a1
19/2/2020 - 19:46:25.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_en-us_201bcb86330412a1
19/2/2020 - 19:46:25.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_es-es_1fe7286a332b0446
19/2/2020 - 19:46:25.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_es-es_1fe7286a332b0446
19/2/2020 - 19:46:25.653Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:25.747Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:25.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_ko-kr_f255f071e2bad917
19/2/2020 - 19:46:25.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_ko-kr_f255f071e2bad917
19/2/2020 - 19:46:25.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_nb-no_dae871a6bae004d3
19/2/2020 - 19:46:25.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_nb-no_dae871a6bae004d3
19/2/2020 - 19:46:25.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_pl-pl_1f641766a12e7c5c
19/2/2020 - 19:46:25.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_pl-pl_1f641766a12e7c5c
19/2/2020 - 19:46:25.887Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:26.28Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:26.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.1.7601.17514_none_fb3795fb0be32033
19/2/2020 - 19:46:26.75Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.1.7601.17514_none_fb3795fb0be32033
19/2/2020 - 19:46:26.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.1.7601.17514_none_fb3795fb0be32033
19/2/2020 - 19:46:26.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..gement-vdsinterface_31bf3856ad364e35_6.1.7600.16385_none_014cf80238b3c4e6
19/2/2020 - 19:46:26.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..gement-vdsinterface_31bf3856ad364e35_6.1.7600.16385_none_014cf80238b3c4e6
19/2/2020 - 19:46:26.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.1.7601.17514_none_1573bf06bb8baa0c
19/2/2020 - 19:46:26.122Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.1.7601.17514_none_1573bf06bb8baa0c
19/2/2020 - 19:46:26.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.1.7601.17514_none_1573bf06bb8baa0c
19/2/2020 - 19:46:26.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.1.7601.18489_none_152cf856bbc008d0
19/2/2020 - 19:46:26.168Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.1.7601.18489_none_152cf856bbc008d0
19/2/2020 - 19:46:26.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.1.7601.18489_none_152cf856bbc008d0
19/2/2020 - 19:46:26.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.1.7601.22706_none_160a176fd49f775b
19/2/2020 - 19:46:26.215Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.1.7601.22706_none_160a176fd49f775b
19/2/2020 - 19:46:26.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.1.7601.22706_none_160a176fd49f775b
19/2/2020 - 19:46:26.356Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:26.403Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:26.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.1.7601.22948_none_15e0dc1fd4be141b
19/2/2020 - 19:46:26.497Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.1.7601.22948_none_15e0dc1fd4be141b
19/2/2020 - 19:46:26.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.1.7601.22948_none_15e0dc1fd4be141b
19/2/2020 - 19:46:26.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..how-other.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d95aa3e7bb2cbc36
19/2/2020 - 19:46:26.543Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..how-other.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d95aa3e7bb2cbc36
19/2/2020 - 19:46:26.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..how-other.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d95aa3e7bb2cbc36
19/2/2020 - 19:46:26.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..ic-module.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ea13ff48808f168e
19/2/2020 - 19:46:26.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..ic-module.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ea13ff48808f168e
19/2/2020 - 19:46:26.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05
19/2/2020 - 19:46:26.543Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05
19/2/2020 - 19:46:26.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05
19/2/2020 - 19:46:26.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..ing-management-core_31bf3856ad364e35_6.1.7601.22706_none_89f083dd5a7272c4
19/2/2020 - 19:46:26.543Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..ing-management-core_31bf3856ad364e35_6.1.7601.22706_none_89f083dd5a7272c4
19/2/2020 - 19:46:26.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..ing-management-core_31bf3856ad364e35_6.1.7601.22706_none_89f083dd5a7272c4
19/2/2020 - 19:46:26.590Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:26.731Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:26.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..ingfolder.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_08688044d07b488b
19/2/2020 - 19:46:26.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..ingfolder.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_08688044d07b488b
19/2/2020 - 19:46:26.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..isplaystatusmanager_31bf3856ad364e35_6.1.7600.16385_none_57cbe90e48180f92
19/2/2020 - 19:46:26.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..isplaystatusmanager_31bf3856ad364e35_6.1.7600.16385_none_57cbe90e48180f92
19/2/2020 - 19:46:26.872Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:27.12Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:27.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..ment-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6f82db9647a0e96b
19/2/2020 - 19:46:27.106Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..ment-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6f82db9647a0e96b
19/2/2020 - 19:46:27.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..ment-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6f82db9647a0e96b
19/2/2020 - 19:46:27.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..ndwritingrecognizer_31bf3856ad364e35_6.1.7600.16385_none_87e91581545b7860
19/2/2020 - 19:46:27.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..ndwritingrecognizer_31bf3856ad364e35_6.1.7600.16385_none_87e91581545b7860
19/2/2020 - 19:46:27.153Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:27.293Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:27.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..omerfeedbackmanager_31bf3856ad364e35_6.1.7600.16385_none_3828ad3ea7e26d83
19/2/2020 - 19:46:27.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..omerfeedbackmanager_31bf3856ad364e35_6.1.7600.16385_none_3828ad3ea7e26d83
19/2/2020 - 19:46:27.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..onverters.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_45da4d437b4327de
19/2/2020 - 19:46:27.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..onverters.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_45da4d437b4327de
19/2/2020 - 19:46:27.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..oragecontexthandler_31bf3856ad364e35_6.1.7600.16385_none_2287c75248ecd1a7
19/2/2020 - 19:46:27.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..oragecontexthandler_31bf3856ad364e35_6.1.7600.16385_none_2287c75248ecd1a7
19/2/2020 - 19:46:27.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..ostic-user-resolver_31bf3856ad364e35_6.1.7600.16385_none_2129f6bd1f6002ae
19/2/2020 - 19:46:27.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..ostic-user-resolver_31bf3856ad364e35_6.1.7600.16385_none_2129f6bd1f6002ae
19/2/2020 - 19:46:27.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..owmanager.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_078a63e642356f40
19/2/2020 - 19:46:27.387Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..owmanager.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_078a63e642356f40
19/2/2020 - 19:46:27.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..owmanager.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_078a63e642356f40
19/2/2020 - 19:46:27.481Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:27.528Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:27.575Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:27.715Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:27.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..pwindowmanager-udwm_31bf3856ad364e35_6.1.7600.16385_none_e4880f65da28f3d0
19/2/2020 - 19:46:27.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..pwindowmanager-udwm_31bf3856ad364e35_6.1.7600.16385_none_e4880f65da28f3d0
19/2/2020 - 19:46:27.809Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:27.950Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:27.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..se-symboldictionary_31bf3856ad364e35_6.1.7600.16385_none_adab28f4a1e90207
19/2/2020 - 19:46:27.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..se-symboldictionary_31bf3856ad364e35_6.1.7600.16385_none_adab28f4a1e90207
19/2/2020 - 19:46:28.90Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:28.231Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:28.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.23290_none_465688e6c74e276e
19/2/2020 - 19:46:28.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.23290_none_465688e6c74e276e
19/2/2020 - 19:46:28.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..tx-xinput.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5fde56400459f485
19/2/2020 - 19:46:28.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..tx-xinput.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5fde56400459f485
19/2/2020 - 19:46:28.325Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:28.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..w-devenum.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f92e87e25cefc3e6
19/2/2020 - 19:46:28.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..w-devenum.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f92e87e25cefc3e6
19/2/2020 - 19:46:28.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..xthandler.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a7a78dec115d1be1
19/2/2020 - 19:46:28.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d..xthandler.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a7a78dec115d1be1
19/2/2020 - 19:46:28.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_de-de_3dc539e9fdc54eb8
19/2/2020 - 19:46:28.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_de-de_3dc539e9fdc54eb8
19/2/2020 - 19:46:28.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_es-es_e6816cc6ecca4c22
19/2/2020 - 19:46:28.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_es-es_e6816cc6ecca4c22
19/2/2020 - 19:46:28.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_fi-fi_859c7173e1e43e4c
19/2/2020 - 19:46:28.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_fi-fi_859c7173e1e43e4c
19/2/2020 - 19:46:28.465Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:28.512Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:28.653Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:28.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_hu-hu_d0a9630dc3fc31a0
19/2/2020 - 19:46:28.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_hu-hu_d0a9630dc3fc31a0
19/2/2020 - 19:46:28.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_sv-se_cbd2120c34d1607f
19/2/2020 - 19:46:28.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_7.1.7601.16492_sv-se_cbd2120c34d1607f
19/2/2020 - 19:46:28.793Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:28.934Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:29.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d2d_31bf3856ad364e35_7.1.7601.18327_none_f72b7ed6fd7cb38b
19/2/2020 - 19:46:29.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-d2d_31bf3856ad364e35_7.1.7601.18327_none_f72b7ed6fd7cb38b
19/2/2020 - 19:46:29.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dataclen.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1ad8e64fa36e1f3b
19/2/2020 - 19:46:29.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dataclen.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1ad8e64fa36e1f3b
19/2/2020 - 19:46:29.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ddores_31bf3856ad364e35_6.1.7600.16385_none_7abace20583d89b4
19/2/2020 - 19:46:29.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ddores_31bf3856ad364e35_6.1.7600.16385_none_7abace20583d89b4
19/2/2020 - 19:46:29.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-defrag-adminui_31bf3856ad364e35_6.1.7601.17514_none_f73c142da6e47daa
19/2/2020 - 19:46:29.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-defrag-adminui_31bf3856ad364e35_6.1.7601.17514_none_f73c142da6e47daa
19/2/2020 - 19:46:29.75Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:29.215Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:29.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.1.7600.16385_none_9c2159bf9f702069
19/2/2020 - 19:46:29.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.1.7600.16385_none_9c2159bf9f702069
19/2/2020 - 19:46:29.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-deskadp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c43330fddb95c899
19/2/2020 - 19:46:29.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-deskadp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c43330fddb95c899
19/2/2020 - 19:46:29.356Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:29.497Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:29.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-detectionandsharingapi_31bf3856ad364e35_6.1.7600.16385_none_95980881f7dcdc33
19/2/2020 - 19:46:29.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-detectionandsharingapi_31bf3856ad364e35_6.1.7600.16385_none_95980881f7dcdc33
19/2/2020 - 19:46:29.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-deviceproperties_31bf3856ad364e35_6.1.7600.16385_none_463f54aa539a0b62
19/2/2020 - 19:46:29.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-deviceproperties_31bf3856ad364e35_6.1.7600.16385_none_463f54aa539a0b62
19/2/2020 - 19:46:29.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-deviceuxres_31bf3856ad364e35_6.1.7600.16385_none_7c639e00e7a86c14
19/2/2020 - 19:46:29.543Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-deviceuxres_31bf3856ad364e35_6.1.7600.16385_none_7c639e00e7a86c14
19/2/2020 - 19:46:29.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-deviceuxres_31bf3856ad364e35_6.1.7600.16385_none_7c639e00e7a86c14
19/2/2020 - 19:46:29.684Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:29.731Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:29.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-devinst-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ae48af51a5684349
19/2/2020 - 19:46:29.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-devinst-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ae48af51a5684349
19/2/2020 - 19:46:29.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dfsclient-netapi_31bf3856ad364e35_6.1.7600.16385_none_bc912cf74a28a647
19/2/2020 - 19:46:29.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dfsclient-netapi_31bf3856ad364e35_6.1.7600.16385_none_bc912cf74a28a647
19/2/2020 - 19:46:29.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dfsui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5365355cf9425e68
19/2/2020 - 19:46:29.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dfsui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5365355cf9425e68
19/2/2020 - 19:46:29.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dfsui_31bf3856ad364e35_6.1.7600.16385_none_b5b4f44e16b3e332
19/2/2020 - 19:46:29.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dfsui_31bf3856ad364e35_6.1.7600.16385_none_b5b4f44e16b3e332
19/2/2020 - 19:46:29.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dhcpserverapi_31bf3856ad364e35_6.1.7600.16385_none_0470f747fc8c0721
19/2/2020 - 19:46:29.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dhcpserverapi_31bf3856ad364e35_6.1.7600.16385_none_0470f747fc8c0721
19/2/2020 - 19:46:29.872Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:30.12Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:30.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-difxapi_31bf3856ad364e35_6.1.7600.16385_none_64388f35afe32304
19/2/2020 - 19:46:30.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-difxapi_31bf3856ad364e35_6.1.7600.16385_none_64388f35afe32304
19/2/2020 - 19:46:30.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dims-autoenroll_31bf3856ad364e35_6.1.7600.16385_none_5004a8665487390e
19/2/2020 - 19:46:30.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dims-autoenroll_31bf3856ad364e35_6.1.7600.16385_none_5004a8665487390e
19/2/2020 - 19:46:30.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dims-keyroam_31bf3856ad364e35_6.1.7601.22616_none_ba55a4065d58c65c
19/2/2020 - 19:46:30.106Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dims-keyroam_31bf3856ad364e35_6.1.7601.22616_none_ba55a4065d58c65c
19/2/2020 - 19:46:30.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dims-keyroam_31bf3856ad364e35_6.1.7601.22616_none_ba55a4065d58c65c
19/2/2020 - 19:46:30.200Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:30.340Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:30.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-core_31bf3856ad364e35_6.1.7601.18741_none_0472b9b204a0d18a
19/2/2020 - 19:46:30.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-core_31bf3856ad364e35_6.1.7601.18741_none_0472b9b204a0d18a
19/2/2020 - 19:46:30.481Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:30.622Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:30.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-dmo_31bf3856ad364e35_6.1.7601.17514_none_78bc46bd15489e90
19/2/2020 - 19:46:30.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-dmo_31bf3856ad364e35_6.1.7601.17514_none_78bc46bd15489e90
19/2/2020 - 19:46:30.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-dvdplay_31bf3856ad364e35_6.1.7600.16385_none_5da314d233bb2676
19/2/2020 - 19:46:30.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-dvdplay_31bf3856ad364e35_6.1.7600.16385_none_5da314d233bb2676
19/2/2020 - 19:46:30.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-dvdsupport_31bf3856ad364e35_6.1.7601.17514_none_b2483040ea781d9d
19/2/2020 - 19:46:30.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-dvdsupport_31bf3856ad364e35_6.1.7601.17514_none_b2483040ea781d9d
19/2/2020 - 19:46:30.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-dvdsupport_31bf3856ad364e35_6.1.7601.18741_none_b224aca2ea93395a
19/2/2020 - 19:46:30.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-dvdsupport_31bf3856ad364e35_6.1.7601.18741_none_b224aca2ea93395a
19/2/2020 - 19:46:30.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-dvdsupport_31bf3856ad364e35_6.1.7601.21847_none_b2b461f203ab578d
19/2/2020 - 19:46:30.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-dvdsupport_31bf3856ad364e35_6.1.7601.21847_none_b2b461f203ab578d
19/2/2020 - 19:46:30.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-dvdsupport_31bf3856ad364e35_6.1.7601.23290_none_b277175c03da7639
19/2/2020 - 19:46:30.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-dvdsupport_31bf3856ad364e35_6.1.7601.23290_none_b277175c03da7639
19/2/2020 - 19:46:30.762Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:30.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-mpeg2_31bf3856ad364e35_6.1.7601.21626_none_14b5fd7fd208a2ae
19/2/2020 - 19:46:30.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directshow-mpeg2_31bf3856ad364e35_6.1.7601.21626_none_14b5fd7fd208a2ae
19/2/2020 - 19:46:30.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite-fontcache_31bf3856ad364e35_6.1.7601.19061_none_6296cc33281a408c
19/2/2020 - 19:46:30.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite-fontcache_31bf3856ad364e35_6.1.7601.19061_none_6296cc33281a408c
19/2/2020 - 19:46:30.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite-fontcache_31bf3856ad364e35_7.1.7601.23149_none_54ae876bcc071bfb
19/2/2020 - 19:46:30.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite-fontcache_31bf3856ad364e35_7.1.7601.23149_none_54ae876bcc071bfb
19/2/2020 - 19:46:30.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite-fontcache_31bf3856ad364e35_7.1.7601.23265_none_5494e851cc1aeba8
19/2/2020 - 19:46:30.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite-fontcache_31bf3856ad364e35_7.1.7601.23265_none_5494e851cc1aeba8
19/2/2020 - 19:46:30.903Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:30.950Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:31.90Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:31.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ef136fd054a1c94d
19/2/2020 - 19:46:31.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ef136fd054a1c94d
19/2/2020 - 19:46:31.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_de-de_37cf884e81278264
19/2/2020 - 19:46:31.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_de-de_37cf884e81278264
19/2/2020 - 19:46:31.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_fr-fr_8343312a62fe9630
19/2/2020 - 19:46:31.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_fr-fr_8343312a62fe9630
19/2/2020 - 19:46:31.231Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:31.372Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:31.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_pt-pt_e33e6437dc28fba4
19/2/2020 - 19:46:31.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_pt-pt_e33e6437dc28fba4
19/2/2020 - 19:46:31.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_ru-ru_29e175fbc10a89d0
19/2/2020 - 19:46:31.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_ru-ru_29e175fbc10a89d0
19/2/2020 - 19:46:31.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_zh-cn_4046c8b55727683b
19/2/2020 - 19:46:31.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_7.1.7601.16492_zh-cn_4046c8b55727683b
19/2/2020 - 19:46:31.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7601.17514_none_30c37491160e99f5
19/2/2020 - 19:46:31.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7601.17514_none_30c37491160e99f5
19/2/2020 - 19:46:31.512Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:31.653Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:31.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite_31bf3856ad364e35_7.1.7601.18946_none_22157276a10bd782
19/2/2020 - 19:46:31.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directwrite_31bf3856ad364e35_7.1.7601.18946_none_22157276a10bd782
19/2/2020 - 19:46:31.793Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:31.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_60fa9493d9b24564
19/2/2020 - 19:46:31.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_60fa9493d9b24564
19/2/2020 - 19:46:31.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directx-directinput_31bf3856ad364e35_6.1.7600.16385_none_798d0be3255fc46e
19/2/2020 - 19:46:31.903Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directx-directinput_31bf3856ad364e35_6.1.7600.16385_none_798d0be3255fc46e
19/2/2020 - 19:46:31.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directx-directinput_31bf3856ad364e35_6.1.7600.16385_none_798d0be3255fc46e
19/2/2020 - 19:46:31.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.1.7601.22150_none_d756c930eea0898c
19/2/2020 - 19:46:31.965Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.1.7601.22150_none_d756c930eea0898c
19/2/2020 - 19:46:32.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.1.7601.22150_none_d756c930eea0898c
19/2/2020 - 19:46:32.59Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:32.106Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:32.247Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:32.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-diskdump_31bf3856ad364e35_6.1.7601.17514_none_c4e43b7bade5bb1e
19/2/2020 - 19:46:32.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-diskdump_31bf3856ad364e35_6.1.7601.17514_none_c4e43b7bade5bb1e
19/2/2020 - 19:46:32.387Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:32.528Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:32.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-diskmanagement-snapin_31bf3856ad364e35_6.1.7600.16385_none_f7f84adae4544661
19/2/2020 - 19:46:32.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-diskmanagement-snapin_31bf3856ad364e35_6.1.7600.16385_none_f7f84adae4544661
19/2/2020 - 19:46:32.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11
19/2/2020 - 19:46:32.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11
19/2/2020 - 19:46:32.668Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:32.809Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:32.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5
19/2/2020 - 19:46:32.856Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5
19/2/2020 - 19:46:32.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5
19/2/2020 - 19:46:32.997Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:33.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dot3schemas_31bf3856ad364e35_6.1.7600.16385_none_d6910c3439c2e9f9
19/2/2020 - 19:46:33.90Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dot3schemas_31bf3856ad364e35_6.1.7600.16385_none_d6910c3439c2e9f9
19/2/2020 - 19:46:33.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dot3schemas_31bf3856ad364e35_6.1.7600.16385_none_d6910c3439c2e9f9
19/2/2020 - 19:46:33.184Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:33.325Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:33.372Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:33.512Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:33.653Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:33.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dssec.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2a230f28af2fd027
19/2/2020 - 19:46:33.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dssec.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2a230f28af2fd027
19/2/2020 - 19:46:33.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dui70_31bf3856ad364e35_6.1.7600.16385_none_b3a9a17817cbcd9e
19/2/2020 - 19:46:33.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dui70_31bf3856ad364e35_6.1.7600.16385_none_b3a9a17817cbcd9e
19/2/2020 - 19:46:33.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dwm-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8e779b53a9e21cf0
19/2/2020 - 19:46:33.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dwm-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8e779b53a9e21cf0
19/2/2020 - 19:46:33.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dwm-adm_31bf3856ad364e35_6.1.7600.16385_none_9fc006a1b57beb3a
19/2/2020 - 19:46:33.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-dwm-adm_31bf3856ad364e35_6.1.7600.16385_none_9fc006a1b57beb3a
19/2/2020 - 19:46:33.793Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:33.887Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:33.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..-devices-xeikaimage_31bf3856ad364e35_6.1.7600.16385_none_ccef70ff13b9d087
19/2/2020 - 19:46:33.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..-devices-xeikaimage_31bf3856ad364e35_6.1.7600.16385_none_ccef70ff13b9d087
19/2/2020 - 19:46:33.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..-mcetuningoverrides_31bf3856ad364e35_6.1.7600.16385_none_2b64302bc8dc3b49
19/2/2020 - 19:46:33.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..-mcetuningoverrides_31bf3856ad364e35_6.1.7600.16385_none_2b64302bc8dc3b49
19/2/2020 - 19:46:33.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..-mcplayer.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7181fc3be1e68539
19/2/2020 - 19:46:33.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..-mcplayer.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7181fc3be1e68539
19/2/2020 - 19:46:34.28Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:34.168Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:34.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..atibility.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e3af788c0acd3693
19/2/2020 - 19:46:34.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..atibility.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e3af788c0acd3693
19/2/2020 - 19:46:34.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..e-library.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6e5eadf52d4094a8
19/2/2020 - 19:46:34.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..e-library.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6e5eadf52d4094a8
19/2/2020 - 19:46:34.309Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:34.356Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:34.450Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:34.590Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:34.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..mcewmdrmndbootstrap_31bf3856ad364e35_6.1.7601.17514_none_916b7987c832cdee
19/2/2020 - 19:46:34.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..mcewmdrmndbootstrap_31bf3856ad364e35_6.1.7601.17514_none_916b7987c832cdee
19/2/2020 - 19:46:34.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..ngconsole.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d9e449762bc1ed54
19/2/2020 - 19:46:34.684Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..ngconsole.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d9e449762bc1ed54
19/2/2020 - 19:46:34.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..ngconsole.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d9e449762bc1ed54
19/2/2020 - 19:46:34.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..ongestioncontroller_31bf3856ad364e35_6.1.7600.16385_none_2d0d4f8fff2621f0
19/2/2020 - 19:46:34.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-e..ongestioncontroller_31bf3856ad364e35_6.1.7600.16385_none_2d0d4f8fff2621f0
19/2/2020 - 19:46:34.778Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:34.918Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:35.59Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:35.200Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:35.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eapmethods_31bf3856ad364e35_6.1.7600.16385_none_0280a5f69aef66f7
19/2/2020 - 19:46:35.247Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eapmethods_31bf3856ad364e35_6.1.7600.16385_none_0280a5f69aef66f7
19/2/2020 - 19:46:35.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eapmethods_31bf3856ad364e35_6.1.7600.16385_none_0280a5f69aef66f7
19/2/2020 - 19:46:35.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-efs-core-library_31bf3856ad364e35_6.1.7601.17514_none_b4c7e8f4ae2a1921
19/2/2020 - 19:46:35.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-efs-core-library_31bf3856ad364e35_6.1.7601.17514_none_b4c7e8f4ae2a1921
19/2/2020 - 19:46:35.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-efs-service.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_aa74371dd33694db
19/2/2020 - 19:46:35.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-efs-service.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_aa74371dd33694db
19/2/2020 - 19:46:35.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-efsadu.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1ead25341b7c8b1d
19/2/2020 - 19:46:35.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-efsadu.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1ead25341b7c8b1d
19/2/2020 - 19:46:35.387Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:35.434Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:35.575Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:35.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-mcxtask_31bf3856ad364e35_6.1.7600.16385_none_b6bc1aae9d0693c5
19/2/2020 - 19:46:35.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-mcxtask_31bf3856ad364e35_6.1.7600.16385_none_b6bc1aae9d0693c5
19/2/2020 - 19:46:35.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehchhime_31bf3856ad364e35_6.1.7600.16385_none_e1bfaf6a230a5ce7
19/2/2020 - 19:46:35.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehchhime_31bf3856ad364e35_6.1.7600.16385_none_e1bfaf6a230a5ce7
19/2/2020 - 19:46:35.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehchsime_31bf3856ad364e35_6.1.7600.16385_none_e6a07e641fe78eb4
19/2/2020 - 19:46:35.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehchsime_31bf3856ad364e35_6.1.7600.16385_none_e6a07e641fe78eb4
19/2/2020 - 19:46:35.715Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:35.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehitvhost_31bf3856ad364e35_6.1.7600.16385_none_70ce67661abe81ac
19/2/2020 - 19:46:35.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehitvhost_31bf3856ad364e35_6.1.7600.16385_none_70ce67661abe81ac
19/2/2020 - 19:46:35.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehjpnime_31bf3856ad364e35_6.1.7600.16385_none_31bb80329e6293e8
19/2/2020 - 19:46:35.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehjpnime_31bf3856ad364e35_6.1.7600.16385_none_31bb80329e6293e8
19/2/2020 - 19:46:35.856Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:35.997Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:36.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehrec.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_30ee7212fb19e601
19/2/2020 - 19:46:36.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehrec.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_30ee7212fb19e601
19/2/2020 - 19:46:36.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehres.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2033b02e948e5211
19/2/2020 - 19:46:36.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehres.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2033b02e948e5211
19/2/2020 - 19:46:36.137Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:36.278Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:36.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.1.7600.16385_none_94b1bac82d90f5d8
19/2/2020 - 19:46:36.325Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.1.7600.16385_none_94b1bac82d90f5d8
19/2/2020 - 19:46:36.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-markup_31bf3856ad364e35_6.1.7601.17514_none_6d43de9140a6e312
19/2/2020 - 19:46:36.325Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-markup_31bf3856ad364e35_6.1.7601.17514_none_6d43de9140a6e312
19/2/2020 - 19:46:36.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-mcglidhost_31bf3856ad364e35_6.1.7600.16385_none_05a2b72417ec1c6a
19/2/2020 - 19:46:36.325Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-mcglidhost_31bf3856ad364e35_6.1.7600.16385_none_05a2b72417ec1c6a
19/2/2020 - 19:46:36.418Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:36.559Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:36.606Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:36.653Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:36.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-mspbda-inf_31bf3856ad364e35_6.1.7600.16385_none_58306befc9711f47
19/2/2020 - 19:46:36.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ehome-mspbda-inf_31bf3856ad364e35_6.1.7600.16385_none_58306befc9711f47
19/2/2020 - 19:46:36.793Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:36.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-encoderapi_31bf3856ad364e35_6.1.7600.16385_none_99c3dbf3f8813085
19/2/2020 - 19:46:36.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-encoderapi_31bf3856ad364e35_6.1.7600.16385_none_99c3dbf3f8813085
19/2/2020 - 19:46:36.981Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:37.122Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:37.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-enhancedvideorenderer_31bf3856ad364e35_6.1.7601.22948_none_ee35a033fc587364
19/2/2020 - 19:46:37.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-enhancedvideorenderer_31bf3856ad364e35_6.1.7601.22948_none_ee35a033fc587364
19/2/2020 - 19:46:37.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_6.1.7600.16385_none_7c6ba3bd1f954290
19/2/2020 - 19:46:37.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_6.1.7600.16385_none_7c6ba3bd1f954290
19/2/2020 - 19:46:37.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_6.1.7601.18381_none_7e4dec9f1cbf5d0f
19/2/2020 - 19:46:37.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_6.1.7601.18381_none_7e4dec9f1cbf5d0f\wermgr.exe
19/2/2020 - 19:46:37.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_6.1.7601.18381_none_7e4dec9f1cbf5d0f\wermgr.exe
19/2/2020 - 19:46:37.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_6.1.7601.18381_none_7e4dec9f1cbf5d0f\wermgr.exe
19/2/2020 - 19:46:37.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_6.1.7601.18381_none_7e4dec9f1cbf5d0f\wermgr.exe
19/2/2020 - 19:46:37.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_6.1.7601.18381_none_7e4dec9f1cbf5d0f
19/2/2020 - 19:46:37.262Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:37.403Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:37.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-es-shellextension_31bf3856ad364e35_6.1.7600.16385_none_54f343ff0f64640f
19/2/2020 - 19:46:37.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-es-shellextension_31bf3856ad364e35_6.1.7600.16385_none_54f343ff0f64640f
19/2/2020 - 19:46:37.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eventcollector_31bf3856ad364e35_6.1.7600.16385_none_5702948e8e63fc30
19/2/2020 - 19:46:37.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eventcollector_31bf3856ad364e35_6.1.7600.16385_none_5702948e8e63fc30
19/2/2020 - 19:46:37.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eventcreate.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_76077de64da075a9
19/2/2020 - 19:46:37.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eventcreate.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_76077de64da075a9
19/2/2020 - 19:46:37.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eventforwarding-adm_31bf3856ad364e35_6.1.7600.16385_none_4c8bfafb3b879e55
19/2/2020 - 19:46:37.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eventforwarding-adm_31bf3856ad364e35_6.1.7600.16385_none_4c8bfafb3b879e55
19/2/2020 - 19:46:37.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eventlog-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f1068b41668de2f4
19/2/2020 - 19:46:37.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eventlog-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f1068b41668de2f4
19/2/2020 - 19:46:37.590Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:37.731Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:37.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eventlog.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_fb97f7be4734085b
19/2/2020 - 19:46:37.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eventlog.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_fb97f7be4734085b
19/2/2020 - 19:46:37.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eventviewer-adm_31bf3856ad364e35_6.1.7600.16385_none_72dbabfca80278e2
19/2/2020 - 19:46:37.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-eventviewer-adm_31bf3856ad364e35_6.1.7600.16385_none_72dbabfca80278e2
19/2/2020 - 19:46:37.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900
19/2/2020 - 19:46:37.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900
19/2/2020 - 19:46:37.872Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:37.918Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:38.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..-heap-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_312b65878c87eab5
19/2/2020 - 19:46:38.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..-heap-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_312b65878c87eab5
19/2/2020 - 19:46:38.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..-microsoftsansserif_31bf3856ad364e35_6.1.7600.16385_none_850ef67c61bbadb6
19/2/2020 - 19:46:38.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..-microsoftsansserif_31bf3856ad364e35_6.1.7600.16385_none_850ef67c61bbadb6
19/2/2020 - 19:46:38.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..-microsoftsansserif_31bf3856ad364e35_6.1.7601.22739_none_87b8f3c777d39e77
19/2/2020 - 19:46:38.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..-microsoftsansserif_31bf3856ad364e35_6.1.7601.22739_none_87b8f3c777d39e77
19/2/2020 - 19:46:38.12Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:38.153Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:38.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..-truetype-wingdings_31bf3856ad364e35_6.1.7600.16385_none_85208756a65ef4ea
19/2/2020 - 19:46:38.247Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..-truetype-wingdings_31bf3856ad364e35_6.1.7600.16385_none_85208756a65ef4ea
19/2/2020 - 19:46:38.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..acefilter.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_15b8ee0f93c982f4
19/2/2020 - 19:46:38.247Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..acefilter.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_15b8ee0f93c982f4
19/2/2020 - 19:46:38.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..e-arabictypesetting_31bf3856ad364e35_6.1.7600.16385_none_ac30f980e1dc3fac
19/2/2020 - 19:46:38.247Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..e-arabictypesetting_31bf3856ad364e35_6.1.7600.16385_none_ac30f980e1dc3fac
19/2/2020 - 19:46:38.293Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:38.434Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:38.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..e-microsoftjhenghei_31bf3856ad364e35_6.1.7600.16385_none_c135aa29f9c5f8da
19/2/2020 - 19:46:38.528Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..e-microsoftjhenghei_31bf3856ad364e35_6.1.7600.16385_none_c135aa29f9c5f8da
19/2/2020 - 19:46:38.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..e-sakkalmajallabold_31bf3856ad364e35_6.1.7600.16385_none_48cbf868d7b65eee
19/2/2020 - 19:46:38.528Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..e-sakkalmajallabold_31bf3856ad364e35_6.1.7600.16385_none_48cbf868d7b65eee
19/2/2020 - 19:46:38.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..e-traditionalarabic_31bf3856ad364e35_6.1.7600.16385_none_6d5a9b4c052c604d
19/2/2020 - 19:46:38.528Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..e-traditionalarabic_31bf3856ad364e35_6.1.7600.16385_none_6d5a9b4c052c604d
19/2/2020 - 19:46:38.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..k-service.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e0893582ecc10b1a
19/2/2020 - 19:46:38.528Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..k-service.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e0893582ecc10b1a
19/2/2020 - 19:46:38.528Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:38.622Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:38.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..libraries.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9175ec5b6516659b
19/2/2020 - 19:46:38.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..libraries.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9175ec5b6516659b
19/2/2020 - 19:46:38.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..overy-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ab44a9d559a8747b
19/2/2020 - 19:46:38.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..overy-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ab44a9d559a8747b
19/2/2020 - 19:46:38.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..pe-palatinolinotype_31bf3856ad364e35_6.1.7600.16385_none_ab98ceec152cad70
19/2/2020 - 19:46:38.715Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..pe-palatinolinotype_31bf3856ad364e35_6.1.7600.16385_none_ab98ceec152cad70
19/2/2020 - 19:46:38.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..pe-palatinolinotype_31bf3856ad364e35_6.1.7600.16385_none_ab98ceec152cad70
19/2/2020 - 19:46:38.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..rcluster-clientcore_31bf3856ad364e35_6.1.7601.17514_none_ef6d8ddb4eff2674
19/2/2020 - 19:46:38.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..rcluster-clientcore_31bf3856ad364e35_6.1.7601.17514_none_ef6d8ddb4eff2674
19/2/2020 - 19:46:38.809Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:38.856Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:38.997Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:39.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..ruetype-trebuchetms_31bf3856ad364e35_6.1.7600.16385_none_d9b57888a1592ef4
19/2/2020 - 19:46:39.43Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..ruetype-trebuchetms_31bf3856ad364e35_6.1.7600.16385_none_d9b57888a1592ef4
19/2/2020 - 19:46:39.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..ruetype-trebuchetms_31bf3856ad364e35_6.1.7600.16385_none_d9b57888a1592ef4
19/2/2020 - 19:46:39.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..t-tolerant-heap-adm_31bf3856ad364e35_6.1.7600.16385_none_079fe3c6d593e57b
19/2/2020 - 19:46:39.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..t-tolerant-heap-adm_31bf3856ad364e35_6.1.7600.16385_none_079fe3c6d593e57b
19/2/2020 - 19:46:39.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..truetype-angsananew_31bf3856ad364e35_6.1.7600.16385_none_bfea396e1dabb335
19/2/2020 - 19:46:39.90Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..truetype-angsananew_31bf3856ad364e35_6.1.7600.16385_none_bfea396e1dabb335
19/2/2020 - 19:46:39.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..truetype-angsananew_31bf3856ad364e35_6.1.7600.16385_none_bfea396e1dabb335
19/2/2020 - 19:46:39.184Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:39.325Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:39.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..truetype-frankruehl_31bf3856ad364e35_6.1.7600.16385_none_5a232d6cfade165e
19/2/2020 - 19:46:39.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..truetype-frankruehl_31bf3856ad364e35_6.1.7600.16385_none_5a232d6cfade165e
19/2/2020 - 19:46:39.465Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:39.606Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:39.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..uetype-browallianew_31bf3856ad364e35_6.1.7600.16385_none_8ec8f32d06b7767f
19/2/2020 - 19:46:39.653Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..uetype-browallianew_31bf3856ad364e35_6.1.7600.16385_none_8ec8f32d06b7767f
19/2/2020 - 19:46:39.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-f..uetype-browallianew_31bf3856ad364e35_6.1.7600.16385_none_8ec8f32d06b7767f
19/2/2020 - 19:46:39.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-fax-service_31bf3856ad364e35_6.1.7601.17514_none_0b499f2c96e8f6b2
19/2/2020 - 19:46:39.700Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-fax-service_31bf3856ad364e35_6.1.7601.17514_none_0b499f2c96e8f6b2
19/2/2020 - 19:46:39.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-fax-service_31bf3856ad364e35_6.1.7601.17514_none_0b499f2c96e8f6b2\FXSUNATD.exe
19/2/2020 - 19:46:39.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-fax-service_31bf3856ad364e35_6.1.7601.17514_none_0b499f2c96e8f6b2\FXSUNATD.exe
19/2/2020 - 19:46:39.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-fax-service_31bf3856ad364e35_6.1.7601.17514_none_0b499f2c96e8f6b2\FXSUNATD.exe
19/2/2020 - 19:46:39.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-fax-service_31bf3856ad364e35_6.1.7601.17514_none_0b499f2c96e8f6b2\FXSUNATD.exe
19/2/2020 - 19:46:39.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-fax-service_31bf3856ad364e35_6.1.7601.17514_none_0b499f2c96e8f6b2
19/2/2020 - 19:46:39.840Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:39.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-fdbth_31bf3856ad364e35_6.1.7600.16385_none_af471bdc4dc1a683
19/2/2020 - 19:46:39.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-fdbth_31bf3856ad364e35_6.1.7600.16385_none_af471bdc4dc1a683
19/2/2020 - 19:46:39.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-fde.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ec18a3ff7f3181fe
19/2/2020 - 19:46:39.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-fde.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ec18a3ff7f3181fe
19/2/2020 - 19:46:39.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-fdeploy-adm_31bf3856ad364e35_6.1.7600.16385_none_12a79dbfde8042f1
19/2/2020 - 19:46:39.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-fdeploy-adm_31bf3856ad364e35_6.1.7600.16385_none_12a79dbfde8042f1
19/2/2020 - 19:46:39.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-filerecovery-adm_31bf3856ad364e35_6.1.7600.16385_none_8bad7d89c330f8e7
19/2/2020 - 19:46:39.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-filerecovery-adm_31bf3856ad364e35_6.1.7600.16385_none_8bad7d89c330f8e7
19/2/2020 - 19:46:39.981Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:40.122Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:40.168Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:40.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-findstr_31bf3856ad364e35_6.1.7601.17514_none_855590d1705431c5
19/2/2020 - 19:46:40.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-findstr_31bf3856ad364e35_6.1.7601.17514_none_855590d1705431c5\findstr.exe
19/2/2020 - 19:46:40.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-findstr_31bf3856ad364e35_6.1.7601.17514_none_855590d1705431c5\findstr.exe
19/2/2020 - 19:46:40.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-findstr_31bf3856ad364e35_6.1.7601.17514_none_855590d1705431c5\findstr.exe
19/2/2020 - 19:46:40.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-findstr_31bf3856ad364e35_6.1.7601.17514_none_855590d1705431c5\findstr.exe
19/2/2020 - 19:46:40.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-findstr_31bf3856ad364e35_6.1.7601.17514_none_855590d1705431c5
19/2/2020 - 19:46:40.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-bitmap-courier_31bf3856ad364e35_6.1.7600.16385_none_5283fef09ca6fa1a
19/2/2020 - 19:46:40.309Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-bitmap-courier_31bf3856ad364e35_6.1.7600.16385_none_5283fef09ca6fa1a
19/2/2020 - 19:46:40.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-bitmap-courier_31bf3856ad364e35_6.1.7600.16385_none_5283fef09ca6fa1a
19/2/2020 - 19:46:40.403Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:40.543Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:40.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6b49e6a1a9cb1167
19/2/2020 - 19:46:40.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6b49e6a1a9cb1167
19/2/2020 - 19:46:40.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_et-ee_adbf16f58437d193
19/2/2020 - 19:46:40.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_et-ee_adbf16f58437d193
19/2/2020 - 19:46:40.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9aa28cb51f09c928
19/2/2020 - 19:46:40.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9aa28cb51f09c928
19/2/2020 - 19:46:40.684Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:40.825Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:40.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_hr-hr_ecc8398c10d3edd4
19/2/2020 - 19:46:40.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_hr-hr_ecc8398c10d3edd4
19/2/2020 - 19:46:40.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_lv-lv_809ad1b1fd87a64c
19/2/2020 - 19:46:40.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_lv-lv_809ad1b1fd87a64c
19/2/2020 - 19:46:40.965Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:41.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_sl-si_d6fbb9262d4a0b13
19/2/2020 - 19:46:41.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_sl-si_d6fbb9262d4a0b13
19/2/2020 - 19:46:41.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_eda9df32202cdb55
19/2/2020 - 19:46:41.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_eda9df32202cdb55
19/2/2020 - 19:46:41.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_uk-ua_4d2d9b4f0ad67130
19/2/2020 - 19:46:41.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_uk-ua_4d2d9b4f0ad67130
19/2/2020 - 19:46:41.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_zh-cn_ddd3dce8899a66c5
19/2/2020 - 19:46:41.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_zh-cn_ddd3dce8899a66c5
19/2/2020 - 19:46:41.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms_31bf3856ad364e35_6.1.7601.17514_none_a5f8bb0ccaefbe07
19/2/2020 - 19:46:41.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-fms_31bf3856ad364e35_6.1.7601.17514_none_a5f8bb0ccaefbe07
19/2/2020 - 19:46:41.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-registrysettings_31bf3856ad364e35_6.1.7601.17514_none_f3d758aac7bc3445
19/2/2020 - 19:46:41.59Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-registrysettings_31bf3856ad364e35_6.1.7601.17514_none_f3d758aac7bc3445
19/2/2020 - 19:46:41.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-registrysettings_31bf3856ad364e35_6.1.7601.17514_none_f3d758aac7bc3445
19/2/2020 - 19:46:41.153Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:41.293Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:41.340Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:41.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-andalus_31bf3856ad364e35_6.1.7600.16385_none_4edc66caddc48ae2
19/2/2020 - 19:46:41.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-andalus_31bf3856ad364e35_6.1.7600.16385_none_4edc66caddc48ae2
19/2/2020 - 19:46:41.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.1.7601.21733_none_d11c742ddd2959a9
19/2/2020 - 19:46:41.434Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.1.7601.21733_none_d11c742ddd2959a9
19/2/2020 - 19:46:41.481Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.1.7601.21733_none_d11c742ddd2959a9
19/2/2020 - 19:46:41.481Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.1.7601.22739_none_d1225f21dd240b54
19/2/2020 - 19:46:41.481Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.1.7601.22739_none_d1225f21dd240b54
19/2/2020 - 19:46:41.528Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.1.7601.22739_none_d1225f21dd240b54
19/2/2020 - 19:46:41.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-calibri_31bf3856ad364e35_6.1.7600.16385_none_469b1ef409759322
19/2/2020 - 19:46:41.528Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-calibri_31bf3856ad364e35_6.1.7600.16385_none_469b1ef409759322
19/2/2020 - 19:46:41.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-calibri_31bf3856ad364e35_6.1.7600.16385_none_469b1ef409759322
19/2/2020 - 19:46:41.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-calibri_31bf3856ad364e35_6.1.7601.22118_none_4959b0691f7e43c0
19/2/2020 - 19:46:41.575Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-calibri_31bf3856ad364e35_6.1.7601.22118_none_4959b0691f7e43c0
19/2/2020 - 19:46:41.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-calibri_31bf3856ad364e35_6.1.7601.22118_none_4959b0691f7e43c0
19/2/2020 - 19:46:41.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-cambria_31bf3856ad364e35_6.1.7601.17514_none_50c7a4451ab021fd
19/2/2020 - 19:46:41.622Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-cambria_31bf3856ad364e35_6.1.7601.17514_none_50c7a4451ab021fd
19/2/2020 - 19:46:41.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-cambria_31bf3856ad364e35_6.1.7601.17514_none_50c7a4451ab021fd
19/2/2020 - 19:46:41.715Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:41.856Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:41.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-candara_31bf3856ad364e35_6.1.7600.16385_none_47342bc83c01bc90
19/2/2020 - 19:46:41.903Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-candara_31bf3856ad364e35_6.1.7600.16385_none_47342bc83c01bc90
19/2/2020 - 19:46:41.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-candara_31bf3856ad364e35_6.1.7600.16385_none_47342bc83c01bc90
19/2/2020 - 19:46:41.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-consolas_31bf3856ad364e35_6.1.7600.16385_none_c5e444bbbf030bfa
19/2/2020 - 19:46:41.950Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-consolas_31bf3856ad364e35_6.1.7600.16385_none_c5e444bbbf030bfa
19/2/2020 - 19:46:41.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-consolas_31bf3856ad364e35_6.1.7600.16385_none_c5e444bbbf030bfa
19/2/2020 - 19:46:41.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-euphemia_31bf3856ad364e35_6.1.7600.16385_none_14191eff72a98c54
19/2/2020 - 19:46:41.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-euphemia_31bf3856ad364e35_6.1.7600.16385_none_14191eff72a98c54
19/2/2020 - 19:46:41.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-gisha_31bf3856ad364e35_6.1.7600.16385_none_9cb7ddca79444d70
19/2/2020 - 19:46:41.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-gisha_31bf3856ad364e35_6.1.7600.16385_none_9cb7ddca79444d70
19/2/2020 - 19:46:42.90Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:42.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-impact_31bf3856ad364e35_6.1.7601.17514_none_a7740a1a89b08d82
19/2/2020 - 19:46:42.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-impact_31bf3856ad364e35_6.1.7601.17514_none_a7740a1a89b08d82
19/2/2020 - 19:46:42.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-latha_31bf3856ad364e35_6.1.7600.16385_none_cca6b1a135d8195c
19/2/2020 - 19:46:42.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-latha_31bf3856ad364e35_6.1.7600.16385_none_cca6b1a135d8195c
19/2/2020 - 19:46:42.231Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:42.372Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:42.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-msmincho_31bf3856ad364e35_6.1.7600.16385_none_be34642396bfadae
19/2/2020 - 19:46:42.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-msmincho_31bf3856ad364e35_6.1.7600.16385_none_be34642396bfadae
19/2/2020 - 19:46:42.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-raavi_31bf3856ad364e35_6.1.7600.16385_none_a2d43ed8e3097243
19/2/2020 - 19:46:42.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-raavi_31bf3856ad364e35_6.1.7600.16385_none_a2d43ed8e3097243
19/2/2020 - 19:46:42.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_6.1.7601.18528_none_2edb239c28e0d397
19/2/2020 - 19:46:42.418Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_6.1.7601.18528_none_2edb239c28e0d397
19/2/2020 - 19:46:42.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_6.1.7601.18528_none_2edb239c28e0d397
19/2/2020 - 19:46:42.559Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:42.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-simhei_31bf3856ad364e35_6.1.7600.16385_none_501ca8058dc5e9fb
19/2/2020 - 19:46:42.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-simhei_31bf3856ad364e35_6.1.7600.16385_none_501ca8058dc5e9fb
19/2/2020 - 19:46:42.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-symbol_31bf3856ad364e35_6.1.7600.16385_none_2b1957ff6a01d63e
19/2/2020 - 19:46:42.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-symbol_31bf3856ad364e35_6.1.7600.16385_none_2b1957ff6a01d63e
19/2/2020 - 19:46:42.700Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:42.747Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:42.887Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:42.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-tahoma_31bf3856ad364e35_6.1.7601.21733_none_8e656eaaa471bd36
19/2/2020 - 19:46:42.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-tahoma_31bf3856ad364e35_6.1.7601.21733_none_8e656eaaa471bd36
19/2/2020 - 19:46:42.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-tai_le_31bf3856ad364e35_6.1.7600.16385_none_8b27023f8ebb68a4
19/2/2020 - 19:46:42.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-tai_le_31bf3856ad364e35_6.1.7600.16385_none_8b27023f8ebb68a4
19/2/2020 - 19:46:42.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-tunga_31bf3856ad364e35_6.1.7600.16385_none_e4baa884cb08804d
19/2/2020 - 19:46:42.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-font-truetype-tunga_31bf3856ad364e35_6.1.7600.16385_none_e4baa884cb08804d
19/2/2020 - 19:46:43.28Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:43.168Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:43.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-fontext_31bf3856ad364e35_6.1.7601.17514_none_fcab9df20a3cd55f
19/2/2020 - 19:46:43.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-fontext_31bf3856ad364e35_6.1.7601.17514_none_fcab9df20a3cd55f
19/2/2020 - 19:46:43.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-forfiles.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_363ff22c7096007b
19/2/2020 - 19:46:43.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-forfiles.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_363ff22c7096007b
19/2/2020 - 19:46:43.309Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:43.450Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:43.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..acheclean-lithuania_31bf3856ad364e35_6.1.7601.18713_none_3202ae2f5f4287d3
19/2/2020 - 19:46:43.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..acheclean-lithuania_31bf3856ad364e35_6.1.7601.18713_none_3202ae2f5f4287d3\cleanupusercurrency.exe
19/2/2020 - 19:46:43.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..acheclean-lithuania_31bf3856ad364e35_6.1.7601.18713_none_3202ae2f5f4287d3\cleanupusercurrency.execleanupusercurrency.exe
19/2/2020 - 19:46:43.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..acheclean-lithuania_31bf3856ad364e35_6.1.7601.18713_none_3202ae2f5f4287d3\cleanupusercurrency.exe
19/2/2020 - 19:46:43.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..acheclean-lithuania_31bf3856ad364e35_6.1.7601.18713_none_3202ae2f5f4287d3\cleanupusercurrency.exe
19/2/2020 - 19:46:43.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..acheclean-lithuania_31bf3856ad364e35_6.1.7601.18713_none_3202ae2f5f4287d3\cleanupusercurrency.exe
19/2/2020 - 19:46:43.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..acheclean-lithuania_31bf3856ad364e35_6.1.7601.18713_none_3202ae2f5f4287d3
19/2/2020 - 19:46:43.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..acheclean-lithuania_31bf3856ad364e35_6.1.7601.22919_none_32924e9c785abcce
19/2/2020 - 19:46:43.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..acheclean-lithuania_31bf3856ad364e35_6.1.7601.22919_none_32924e9c785abcce
19/2/2020 - 19:46:43.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..ation-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_14187a7f9fe61543
19/2/2020 - 19:46:43.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..ation-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_14187a7f9fe61543
19/2/2020 - 19:46:43.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..cy-gptext.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_201f9c8407b32c61
19/2/2020 - 19:46:43.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..cy-gptext.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_201f9c8407b32c61
19/2/2020 - 19:46:43.590Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:43.731Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:43.778Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:43.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..ebuild-search-index_31bf3856ad364e35_6.1.7601.17610_none_1d10224d57ce5c5e
19/2/2020 - 19:46:43.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..ebuild-search-index_31bf3856ad364e35_6.1.7601.17610_none_1d10224d57ce5c5e\rebuildSearchIndex.exe
19/2/2020 - 19:46:43.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..ebuild-search-index_31bf3856ad364e35_6.1.7601.17610_none_1d10224d57ce5c5e\rebuildSearchIndex.exerebuildSearchIndex.exe
19/2/2020 - 19:46:43.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..ebuild-search-index_31bf3856ad364e35_6.1.7601.17610_none_1d10224d57ce5c5e\rebuildSearchIndex.exe
19/2/2020 - 19:46:43.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..ebuild-search-index_31bf3856ad364e35_6.1.7601.17610_none_1d10224d57ce5c5e\rebuildSearchIndex.exe
19/2/2020 - 19:46:43.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..ebuild-search-index_31bf3856ad364e35_6.1.7601.17610_none_1d10224d57ce5c5e\rebuildSearchIndex.exe
19/2/2020 - 19:46:43.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..ebuild-search-index_31bf3856ad364e35_6.1.7601.17610_none_1d10224d57ce5c5e
19/2/2020 - 19:46:43.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_dd989f723fc773af
19/2/2020 - 19:46:43.872Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_dd989f723fc773af
19/2/2020 - 19:46:43.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_dd989f723fc773af
19/2/2020 - 19:46:44.43Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:44.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..licy-admin-scrptadm_31bf3856ad364e35_6.1.7601.17514_none_2f8f952e7b710a73
19/2/2020 - 19:46:44.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..licy-admin-scrptadm_31bf3856ad364e35_6.1.7601.17514_none_2f8f952e7b710a73
19/2/2020 - 19:46:44.184Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:44.278Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:44.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..lorer-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ab2bc47801efd405
19/2/2020 - 19:46:44.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..lorer-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ab2bc47801efd405
19/2/2020 - 19:46:44.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8
19/2/2020 - 19:46:44.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8
19/2/2020 - 19:46:44.418Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:44.559Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:44.700Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:44.840Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:44.887Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:44.934Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:44.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gadgets-cpu.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ab2575082dc4fbe5
19/2/2020 - 19:46:44.981Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gadgets-cpu.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ab2575082dc4fbe5
19/2/2020 - 19:46:45.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gadgets-cpu.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ab2575082dc4fbe5
19/2/2020 - 19:46:45.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f
19/2/2020 - 19:46:45.28Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f
19/2/2020 - 19:46:45.75Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f
19/2/2020 - 19:46:45.122Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f
19/2/2020 - 19:46:45.168Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f
19/2/2020 - 19:46:45.215Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f
19/2/2020 - 19:46:45.262Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f
19/2/2020 - 19:46:45.309Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f
19/2/2020 - 19:46:45.356Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f
19/2/2020 - 19:46:45.403Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f
19/2/2020 - 19:46:45.450Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f
19/2/2020 - 19:46:45.497Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f
19/2/2020 - 19:46:45.543Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f
19/2/2020 - 19:46:45.590Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f
19/2/2020 - 19:46:45.637Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f
19/2/2020 - 19:46:45.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f
19/2/2020 - 19:46:45.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gameexplorer-adm_31bf3856ad364e35_6.1.7600.16385_none_b2fa68403f0f1e47
19/2/2020 - 19:46:45.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gameexplorer-adm_31bf3856ad364e35_6.1.7600.16385_none_b2fa68403f0f1e47
19/2/2020 - 19:46:45.778Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:45.918Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:45.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gdi-painting_31bf3856ad364e35_6.1.7600.16385_none_d360c9c235bd1868
19/2/2020 - 19:46:45.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gdi-painting_31bf3856ad364e35_6.1.7600.16385_none_d360c9c235bd1868
19/2/2020 - 19:46:46.59Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:46.200Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:46.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gettingstarted_31bf3856ad364e35_6.1.7600.16385_none_dc7256ed0ded6c12
19/2/2020 - 19:46:46.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gettingstarted_31bf3856ad364e35_6.1.7600.16385_none_dc7256ed0ded6c12\GettingStarted.exe
19/2/2020 - 19:46:46.247Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gettingstarted_31bf3856ad364e35_6.1.7600.16385_none_dc7256ed0ded6c12\GettingStarted.exeGettingStarted.exe
19/2/2020 - 19:46:46.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gettingstarted_31bf3856ad364e35_6.1.7600.16385_none_dc7256ed0ded6c12\GettingStarted.exe
19/2/2020 - 19:46:46.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gettingstarted_31bf3856ad364e35_6.1.7600.16385_none_dc7256ed0ded6c12\GettingStarted.exe
19/2/2020 - 19:46:46.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gettingstarted_31bf3856ad364e35_6.1.7600.16385_none_dc7256ed0ded6c12\GettingStarted.exe
19/2/2020 - 19:46:46.247Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-gettingstarted_31bf3856ad364e35_6.1.7600.16385_none_dc7256ed0ded6c12
19/2/2020 - 19:46:46.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-grouppolicy-base_31bf3856ad364e35_6.1.7601.17514_none_8649674dfda23046
19/2/2020 - 19:46:46.247Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-grouppolicy-base_31bf3856ad364e35_6.1.7601.17514_none_8649674dfda23046
19/2/2020 - 19:46:46.340Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:46.434Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:46.575Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:46.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..-safemodc.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_aaf08c6c69bf6cef
19/2/2020 - 19:46:46.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..-safemodc.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_aaf08c6c69bf6cef
19/2/2020 - 19:46:46.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h...netlistmgr.interop_31bf3856ad364e35_6.1.7601.17514_none_3f569315a5a75cde
19/2/2020 - 19:46:46.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h...netlistmgr.interop_31bf3856ad364e35_6.1.7601.17514_none_3f569315a5a75cde
19/2/2020 - 19:46:46.715Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:46.762Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:46.903Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:46.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..homegroup.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_558dc4cfaecc2bae
19/2/2020 - 19:46:46.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..homegroup.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_558dc4cfaecc2bae
19/2/2020 - 19:46:46.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..ian-portuguese-main_31bf3856ad364e35_6.3.9412.0_none_c3fda1f6b7932714
19/2/2020 - 19:46:46.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..ian-portuguese-main_31bf3856ad364e35_6.3.9412.0_none_c3fda1f6b7932714
19/2/2020 - 19:46:46.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..pport-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_caaa861f400da39b
19/2/2020 - 19:46:46.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..pport-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_caaa861f400da39b
19/2/2020 - 19:46:46.997Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:47.137Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:47.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..statement.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_8ff3ae0680d65a31
19/2/2020 - 19:46:47.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-h..statement.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_8ff3ae0680d65a31
19/2/2020 - 19:46:47.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-halftone-ui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_707f038eb8a8efc1
19/2/2020 - 19:46:47.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-halftone-ui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_707f038eb8a8efc1
19/2/2020 - 19:46:47.278Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:47.418Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:47.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-access.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_09b578f92f9d140b
19/2/2020 - 19:46:47.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-access.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_09b578f92f9d140b
19/2/2020 - 19:46:47.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-app3rd.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b3bad7ed9f324d4f
19/2/2020 - 19:46:47.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-app3rd.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b3bad7ed9f324d4f
19/2/2020 - 19:46:47.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-appwin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_596fec5402b71b46
19/2/2020 - 19:46:47.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-appwin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_596fec5402b71b46
19/2/2020 - 19:46:47.559Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:47.700Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:47.747Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:47.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-artui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a864796ab2f6472e
19/2/2020 - 19:46:47.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-artui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a864796ab2f6472e
19/2/2020 - 19:46:47.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-artui4.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_731d6d543e2ad7d0
19/2/2020 - 19:46:47.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-artui4.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_731d6d543e2ad7d0
19/2/2020 - 19:46:47.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-browser.resources_31bf3856ad364e35_6.1.7601.17514_en-us_290e0dd098f0a1dc
19/2/2020 - 19:46:47.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-browser.resources_31bf3856ad364e35_6.1.7601.17514_en-us_290e0dd098f0a1dc
19/2/2020 - 19:46:47.887Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:47.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-dvdburn.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4cb1a67441faf920
19/2/2020 - 19:46:47.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-dvdburn.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4cb1a67441faf920
19/2/2020 - 19:46:47.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-efs.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7cdf1630ae0efc15
19/2/2020 - 19:46:47.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-efs.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7cdf1630ae0efc15
19/2/2020 - 19:46:47.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-errmes.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c381491851d2c1ad
19/2/2020 - 19:46:47.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-errmes.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c381491851d2c1ad
19/2/2020 - 19:46:48.28Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:48.168Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:48.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-fus.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c0e72db4b760b94d
19/2/2020 - 19:46:48.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-fus.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c0e72db4b760b94d
19/2/2020 - 19:46:48.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-games.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_33f330fffed2d37c
19/2/2020 - 19:46:48.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-games.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_33f330fffed2d37c
19/2/2020 - 19:46:48.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-gamesp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0be53f5f4084a37a
19/2/2020 - 19:46:48.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-gamesp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0be53f5f4084a37a
19/2/2020 - 19:46:48.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-helpcins_31bf3856ad364e35_6.1.7601.17514_none_ee4731f0b3e39e23
19/2/2020 - 19:46:48.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-helpcins_31bf3856ad364e35_6.1.7601.17514_none_ee4731f0b3e39e23
19/2/2020 - 19:46:48.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-helpplc.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1c46555bc85686c7
19/2/2020 - 19:46:48.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-helpplc.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1c46555bc85686c7
19/2/2020 - 19:46:48.262Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:48.403Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:48.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-legapp2.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_aeb30eba885c9112
19/2/2020 - 19:46:48.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-legapp2.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_aeb30eba885c9112
19/2/2020 - 19:46:48.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-locate.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_bad43b577461e90f
19/2/2020 - 19:46:48.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-locate.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_bad43b577461e90f
19/2/2020 - 19:46:48.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-locatep.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_26cd4ec658dea22f
19/2/2020 - 19:46:48.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-locatep.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_26cd4ec658dea22f
19/2/2020 - 19:46:48.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-medexp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c097c9180e6a979e
19/2/2020 - 19:46:48.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-medexp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c097c9180e6a979e
19/2/2020 - 19:46:48.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-mobctr.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6b54e3d2026e59aa
19/2/2020 - 19:46:48.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-mobctr.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6b54e3d2026e59aa
19/2/2020 - 19:46:48.543Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:48.590Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:48.637Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:48.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-movie.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8279ffa86fc56a67
19/2/2020 - 19:46:48.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-movie.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8279ffa86fc56a67
19/2/2020 - 19:46:48.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-netvsta.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0314760f69b6eb28
19/2/2020 - 19:46:48.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-netvsta.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0314760f69b6eb28
19/2/2020 - 19:46:48.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-netwl.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6eb9ef6c3459a2f7
19/2/2020 - 19:46:48.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-netwl.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6eb9ef6c3459a2f7
19/2/2020 - 19:46:48.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-oemhelpins_31bf3856ad364e35_6.1.7600.16385_none_5e43b70bc45d8015
19/2/2020 - 19:46:48.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-oemhelpins_31bf3856ad364e35_6.1.7600.16385_none_5e43b70bc45d8015
19/2/2020 - 19:46:48.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-offline.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8039ec6d5c746146
19/2/2020 - 19:46:48.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-offline.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8039ec6d5c746146
19/2/2020 - 19:46:48.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-parent.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_208a5f921b2e1419
19/2/2020 - 19:46:48.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-parent.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_208a5f921b2e1419
19/2/2020 - 19:46:48.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-peopcom.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_64d66e76a607d35e
19/2/2020 - 19:46:48.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-peopcom.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_64d66e76a607d35e
19/2/2020 - 19:46:48.778Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:48.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-privacy.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f289cca038118acb
19/2/2020 - 19:46:48.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-privacy.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f289cca038118acb
19/2/2020 - 19:46:48.872Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:49.12Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:49.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-shgloss.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d75f8ca0787d6df6
19/2/2020 - 19:46:49.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-shgloss.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d75f8ca0787d6df6
19/2/2020 - 19:46:49.153Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:49.293Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:49.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-touch.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_52330af13e93e5ec
19/2/2020 - 19:46:49.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-touch.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_52330af13e93e5ec
19/2/2020 - 19:46:49.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-wasw.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_80a93fe93d0da087
19/2/2020 - 19:46:49.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-wasw.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_80a93fe93d0da087
19/2/2020 - 19:46:49.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-wu.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5140a69d81b9f42f
19/2/2020 - 19:46:49.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-help-wu.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5140a69d81b9f42f
19/2/2020 - 19:46:49.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-hid-user_31bf3856ad364e35_6.1.7600.16385_none_32a13a14a11faede
19/2/2020 - 19:46:49.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-hid-user_31bf3856ad364e35_6.1.7600.16385_none_32a13a14a11faede
19/2/2020 - 19:46:49.434Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:49.575Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:49.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-homegroupdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_eebe8ae2f626d85c
19/2/2020 - 19:46:49.622Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-homegroupdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_eebe8ae2f626d85c
19/2/2020 - 19:46:49.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-homegroupdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_eebe8ae2f626d85c
19/2/2020 - 19:46:49.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-htmlhelp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_12df6ed3076ce2ef
19/2/2020 - 19:46:49.668Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-htmlhelp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_12df6ed3076ce2ef
19/2/2020 - 19:46:49.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-htmlhelp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_12df6ed3076ce2ef
19/2/2020 - 19:46:49.809Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:49.856Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:49.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79
19/2/2020 - 19:46:49.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79
19/2/2020 - 19:46:49.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..-platform.resources_31bf3856ad364e35_11.2.9600.16428_en-us_adec71edafb3cadb
19/2/2020 - 19:46:49.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..-platform.resources_31bf3856ad364e35_11.2.9600.16428_en-us_adec71edafb3cadb
19/2/2020 - 19:46:49.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..-platform.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_43e0ce42980c95f8
19/2/2020 - 19:46:49.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..-platform.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_43e0ce42980c95f8
19/2/2020 - 19:46:49.997Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:50.137Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:50.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..-windows6compat-dll_31bf3856ad364e35_6.1.7600.16385_none_a8cdf8947330268f
19/2/2020 - 19:46:50.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..-windows6compat-dll_31bf3856ad364e35_6.1.7600.16385_none_a8cdf8947330268f
19/2/2020 - 19:46:50.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..aticcontentbinaries_31bf3856ad364e35_6.1.7601.17514_none_d43ded6d302dca69
19/2/2020 - 19:46:50.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..aticcontentbinaries_31bf3856ad364e35_6.1.7601.17514_none_d43ded6d302dca69
19/2/2020 - 19:46:50.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ation-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5ae829f540f1c17c
19/2/2020 - 19:46:50.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ation-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5ae829f540f1c17c
19/2/2020 - 19:46:50.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ational-codepage-37_31bf3856ad364e35_6.1.7600.16385_none_c33c5df3a98c55e3
19/2/2020 - 19:46:50.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ational-codepage-37_31bf3856ad364e35_6.1.7600.16385_none_c33c5df3a98c55e3
19/2/2020 - 19:46:50.231Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:50.403Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:50.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..cachingbasebinaries_31bf3856ad364e35_6.1.7601.17514_none_9e27c9e59ecd6328
19/2/2020 - 19:46:50.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..cachingbasebinaries_31bf3856ad364e35_6.1.7601.17514_none_9e27c9e59ecd6328
19/2/2020 - 19:46:50.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..collector.resources_31bf3856ad364e35_11.2.9600.16428_en-us_dcab91e0bd0b23c3
19/2/2020 - 19:46:50.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..collector.resources_31bf3856ad364e35_11.2.9600.16428_en-us_dcab91e0bd0b23c3
19/2/2020 - 19:46:50.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..converter.resources_31bf3856ad364e35_11.2.9600.16428_en-us_2d659e1c6e219a91
19/2/2020 - 19:46:50.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..converter.resources_31bf3856ad364e35_11.2.9600.16428_en-us_2d659e1c6e219a91
19/2/2020 - 19:46:50.543Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:50.684Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:50.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..e-defaultcasingfile_31bf3856ad364e35_6.1.7600.16385_none_d004485fa93c407a
19/2/2020 - 19:46:50.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..e-defaultcasingfile_31bf3856ad364e35_6.1.7600.16385_none_d004485fa93c407a
19/2/2020 - 19:46:50.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ementscriptingtools_31bf3856ad364e35_6.1.7600.16385_none_5e629dbf878ead42
19/2/2020 - 19:46:50.731Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ementscriptingtools_31bf3856ad364e35_6.1.7600.16385_none_5e629dbf878ead42
19/2/2020 - 19:46:50.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ementscriptingtools_31bf3856ad364e35_6.1.7600.16385_none_5e629dbf878ead42
19/2/2020 - 19:46:50.825Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:50.872Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:51.12Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:51.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_de-de_fc571f848681e778
19/2/2020 - 19:46:51.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_de-de_fc571f848681e778
19/2/2020 - 19:46:51.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_es-es_a51352617586e4e2
19/2/2020 - 19:46:51.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_es-es_a51352617586e4e2
19/2/2020 - 19:46:51.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_fi-fi_442e570e6aa0d70c
19/2/2020 - 19:46:51.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_fi-fi_442e570e6aa0d70c
19/2/2020 - 19:46:51.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_47cac8606858fb44
19/2/2020 - 19:46:51.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_47cac8606858fb44
19/2/2020 - 19:46:51.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_he-il_8bea70024ec7fc32
19/2/2020 - 19:46:51.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_he-il_8bea70024ec7fc32
19/2/2020 - 19:46:51.153Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:51.293Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:51.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_lt-lt_1b4d466a173e8550
19/2/2020 - 19:46:51.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_lt-lt_1b4d466a173e8550
19/2/2020 - 19:46:51.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_lv-lv_1c1ab4ee16bcc640
19/2/2020 - 19:46:51.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_lv-lv_1c1ab4ee16bcc640
19/2/2020 - 19:46:51.387Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:51.528Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:51.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_zh-tw_08ca9d4159f2a9bf
19/2/2020 - 19:46:51.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_zh-tw_08ca9d4159f2a9bf
19/2/2020 - 19:46:51.668Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:51.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17691_none_7aff72f3c2dd2c7d
19/2/2020 - 19:46:51.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17691_none_7aff72f3c2dd2c7d
19/2/2020 - 19:46:51.809Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:51.856Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:51.950Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:52.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..gbinaries.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_911f1b9dc69cb0db
19/2/2020 - 19:46:52.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..gbinaries.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_911f1b9dc69cb0db
19/2/2020 - 19:46:52.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.1.7601.17514_none_9e29ed08727f054f
19/2/2020 - 19:46:52.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.1.7601.17514_none_9e29ed08727f054f
19/2/2020 - 19:46:52.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..httploggingbinaries_31bf3856ad364e35_6.1.7600.16385_none_d80e847a4e2f66d3
19/2/2020 - 19:46:52.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..httploggingbinaries_31bf3856ad364e35_6.1.7600.16385_none_d80e847a4e2f66d3
19/2/2020 - 19:46:52.90Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:52.231Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:52.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_523e72fe4adcd1e6
19/2/2020 - 19:46:52.325Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_523e72fe4adcd1e6
19/2/2020 - 19:46:52.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_523e72fe4adcd1e6
19/2/2020 - 19:46:52.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_c9f0d9da9672514c
19/2/2020 - 19:46:52.372Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_c9f0d9da9672514c
19/2/2020 - 19:46:52.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_c9f0d9da9672514c
19/2/2020 - 19:46:52.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..iextensionsbinaries_31bf3856ad364e35_6.1.7600.16385_none_c2df2f3b05167862
19/2/2020 - 19:46:52.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..iextensionsbinaries_31bf3856ad364e35_6.1.7600.16385_none_c2df2f3b05167862
19/2/2020 - 19:46:52.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ingconfig.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c8a3adb16c567736
19/2/2020 - 19:46:52.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ingconfig.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c8a3adb16c567736
19/2/2020 - 19:46:52.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1047_31bf3856ad364e35_6.1.7600.16385_none_80467ab92291d421
19/2/2020 - 19:46:52.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1047_31bf3856ad364e35_6.1.7600.16385_none_80467ab92291d421
19/2/2020 - 19:46:52.465Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:52.559Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:52.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1147_31bf3856ad364e35_6.1.7600.16385_none_80477b032290ed78
19/2/2020 - 19:46:52.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1147_31bf3856ad364e35_6.1.7600.16385_none_80477b032290ed78
19/2/2020 - 19:46:52.700Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:52.840Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:52.887Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:52.934Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:52.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1254_31bf3856ad364e35_6.1.7600.16385_none_7ef3cefb236b12db
19/2/2020 - 19:46:52.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1254_31bf3856ad364e35_6.1.7600.16385_none_7ef3cefb236b12db
19/2/2020 - 19:46:52.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1361_31bf3856ad364e35_6.1.7600.16385_none_7da022f32445383e
19/2/2020 - 19:46:52.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1361_31bf3856ad364e35_6.1.7600.16385_none_7da022f32445383e
19/2/2020 - 19:46:52.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-chinese-migration_31bf3856ad364e35_6.1.7600.16385_none_d701c6600ec6b7e1
19/2/2020 - 19:46:52.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-chinese-migration_31bf3856ad364e35_6.1.7600.16385_none_d701c6600ec6b7e1
19/2/2020 - 19:46:53.75Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:53.168Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:53.309Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:53.450Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:53.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000041c_31bf3856ad364e35_6.1.7600.16385_none_596366266fa7bc30
19/2/2020 - 19:46:53.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000041c_31bf3856ad364e35_6.1.7600.16385_none_596366266fa7bc30
19/2/2020 - 19:46:53.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000041d_31bf3856ad364e35_6.1.7600.16385_none_59d4ed546f5ec0b7
19/2/2020 - 19:46:53.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000041d_31bf3856ad364e35_6.1.7600.16385_none_59d4ed546f5ec0b7
19/2/2020 - 19:46:53.590Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:53.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000425_31bf3856ad364e35_6.1.7600.16385_none_44fd051a7cc5058f
19/2/2020 - 19:46:53.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000425_31bf3856ad364e35_6.1.7600.16385_none_44fd051a7cc5058f
19/2/2020 - 19:46:53.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000426_31bf3856ad364e35_6.1.7600.16385_none_456e8c487c7c0a16
19/2/2020 - 19:46:53.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000426_31bf3856ad364e35_6.1.7600.16385_none_456e8c487c7c0a16
19/2/2020 - 19:46:53.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000429_31bf3856ad364e35_6.1.7600.16385_none_46c321d27ba117ab
19/2/2020 - 19:46:53.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000429_31bf3856ad364e35_6.1.7600.16385_none_46c321d27ba117ab
19/2/2020 - 19:46:53.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000042a_31bf3856ad364e35_6.1.7600.16385_none_588041027039ccc3
19/2/2020 - 19:46:53.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000042a_31bf3856ad364e35_6.1.7600.16385_none_588041027039ccc3
19/2/2020 - 19:46:53.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000042c_31bf3856ad364e35_6.1.7600.16385_none_59634f5e6fa7d5d1
19/2/2020 - 19:46:53.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000042c_31bf3856ad364e35_6.1.7600.16385_none_59634f5e6fa7d5d1
19/2/2020 - 19:46:53.684Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:53.825Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:53.887Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:53.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000043b_31bf3856ad364e35_6.1.7600.16385_none_58f1b1686ff0eaeb
19/2/2020 - 19:46:53.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000043b_31bf3856ad364e35_6.1.7600.16385_none_58f1b1686ff0eaeb
19/2/2020 - 19:46:54.28Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:54.168Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:54.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000452_31bf3856ad364e35_6.1.7600.16385_none_43a82b387da044dd
19/2/2020 - 19:46:54.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000452_31bf3856ad364e35_6.1.7600.16385_none_43a82b387da044dd
19/2/2020 - 19:46:54.262Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:54.403Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:54.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000046d_31bf3856ad364e35_6.1.7601.17514_none_5c058f346c4dc476
19/2/2020 - 19:46:54.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000046d_31bf3856ad364e35_6.1.7601.17514_none_5c058f346c4dc476
19/2/2020 - 19:46:54.543Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:54.684Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:54.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000480_31bf3856ad364e35_6.1.7600.16385_none_42c4d8847e3288b2
19/2/2020 - 19:46:54.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000480_31bf3856ad364e35_6.1.7600.16385_none_42c4d8847e3288b2
19/2/2020 - 19:46:54.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000080a_31bf3856ad364e35_6.1.7600.16385_none_58846fba7035fedd
19/2/2020 - 19:46:54.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000080a_31bf3856ad364e35_6.1.7600.16385_none_58846fba7035fedd
19/2/2020 - 19:46:54.778Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:54.825Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:54.965Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:55.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000085d_31bf3856ad364e35_6.1.7600.16385_none_59d8935c6f5b8c97
19/2/2020 - 19:46:55.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0000085d_31bf3856ad364e35_6.1.7600.16385_none_59d8935c6f5b8c97
19/2/2020 - 19:46:55.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000c1a_31bf3856ad364e35_6.1.7600.16385_none_58af6560700f5a1b
19/2/2020 - 19:46:55.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00000c1a_31bf3856ad364e35_6.1.7600.16385_none_58af6560700f5a1b
19/2/2020 - 19:46:55.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010405_31bf3856ad364e35_6.1.7601.17514_none_ea4c8a7b6c447320
19/2/2020 - 19:46:55.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010405_31bf3856ad364e35_6.1.7601.17514_none_ea4c8a7b6c447320
19/2/2020 - 19:46:55.106Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:55.247Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:55.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0001040a_31bf3856ad364e35_6.1.7600.16385_none_fb9eb29b62cab6ba
19/2/2020 - 19:46:55.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0001040a_31bf3856ad364e35_6.1.7600.16385_none_fb9eb29b62cab6ba
19/2/2020 - 19:46:55.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010415_31bf3856ad364e35_6.1.7600.16385_none_e81b5feb6f560927
19/2/2020 - 19:46:55.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010415_31bf3856ad364e35_6.1.7600.16385_none_e81b5feb6f560927
19/2/2020 - 19:46:55.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010419_31bf3856ad364e35_6.1.7600.16385_none_e9e17ca36e321b43
19/2/2020 - 19:46:55.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010419_31bf3856ad364e35_6.1.7600.16385_none_e9e17ca36e321b43
19/2/2020 - 19:46:55.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010419_31bf3856ad364e35_6.1.7601.22739_none_ec8b79ee844a0c04
19/2/2020 - 19:46:55.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010419_31bf3856ad364e35_6.1.7601.22739_none_ec8b79ee844a0c04
19/2/2020 - 19:46:55.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0001041e_31bf3856ad364e35_6.1.7600.16385_none_fd64b88b61a6e277
19/2/2020 - 19:46:55.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0001041e_31bf3856ad364e35_6.1.7600.16385_none_fd64b88b61a6e277
19/2/2020 - 19:46:55.340Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:55.481Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010439_31bf3856ad364e35_6.1.7601.17514_none_ec1262db6b20d21f
19/2/2020 - 19:46:55.481Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010439_31bf3856ad364e35_6.1.7601.17514_none_ec1262db6b20d21f
19/2/2020 - 19:46:55.481Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0001043a_31bf3856ad364e35_6.1.7600.16385_none_fb9e6e4362cb039d
19/2/2020 - 19:46:55.481Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0001043a_31bf3856ad364e35_6.1.7600.16385_none_fb9e6e4362cb039d
19/2/2020 - 19:46:55.481Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0001043c_31bf3856ad364e35_6.1.7600.16385_none_fc817c9f62390cab
19/2/2020 - 19:46:55.481Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0001043c_31bf3856ad364e35_6.1.7600.16385_none_fc817c9f62390cab
19/2/2020 - 19:46:55.481Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0001045d_31bf3856ad364e35_6.1.7600.16385_none_fcf2d63d61f04474
19/2/2020 - 19:46:55.481Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0001045d_31bf3856ad364e35_6.1.7600.16385_none_fcf2d63d61f04474
19/2/2020 - 19:46:55.481Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010465_31bf3856ad364e35_6.1.7600.16385_none_e81aee036f56894c
19/2/2020 - 19:46:55.481Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010465_31bf3856ad364e35_6.1.7600.16385_none_e81aee036f56894c
19/2/2020 - 19:46:55.481Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:55.622Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:55.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00020409_31bf3856ad364e35_6.1.7600.16385_none_8cffd77460c31edb
19/2/2020 - 19:46:55.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00020409_31bf3856ad364e35_6.1.7600.16385_none_8cffd77460c31edb
19/2/2020 - 19:46:55.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00020418_31bf3856ad364e35_6.1.7600.16385_none_8c8e397e610c33f5
19/2/2020 - 19:46:55.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00020418_31bf3856ad364e35_6.1.7600.16385_none_8c8e397e610c33f5
19/2/2020 - 19:46:55.762Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:55.809Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:55.903Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:55.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0002083b_31bf3856ad364e35_6.1.7600.16385_none_9f323aa2550f8ab9
19/2/2020 - 19:46:55.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-0002083b_31bf3856ad364e35_6.1.7600.16385_none_9f323aa2550f8ab9
19/2/2020 - 19:46:55.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00050408_31bf3856ad364e35_6.1.7601.17514_none_781a302935adf599
19/2/2020 - 19:46:55.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00050408_31bf3856ad364e35_6.1.7601.17514_none_781a302935adf599
19/2/2020 - 19:46:56.43Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:56.184Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:56.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_50d1cf4f1b2e14c3
19/2/2020 - 19:46:56.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_50d1cf4f1b2e14c3
19/2/2020 - 19:46:56.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..mc-snapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cd4b1d5e359cbc89
19/2/2020 - 19:46:56.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..mc-snapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cd4b1d5e359cbc89
19/2/2020 - 19:46:56.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.7601.17514_none_59a5f34b0a142d80
19/2/2020 - 19:46:56.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.7601.17514_none_59a5f34b0a142d80
19/2/2020 - 19:46:56.325Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:56.418Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:56.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..n-support.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4d6dad8656afa430
19/2/2020 - 19:46:56.512Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..n-support.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4d6dad8656afa430
19/2/2020 - 19:46:56.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..n-support.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4d6dad8656afa430
19/2/2020 - 19:46:56.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..nal-core-locale-nls_31bf3856ad364e35_6.1.7601.22739_none_c9571fcbd90eb939
19/2/2020 - 19:46:56.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..nal-core-locale-nls_31bf3856ad364e35_6.1.7601.22739_none_c9571fcbd90eb939
19/2/2020 - 19:46:56.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..nal-core-locale-nls_31bf3856ad364e35_6.1.7601.22919_none_c96cc36fd8fe7ba5
19/2/2020 - 19:46:56.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..nal-core-locale-nls_31bf3856ad364e35_6.1.7601.22919_none_c96cc36fd8fe7ba5
19/2/2020 - 19:46:56.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..nal-keyboard-kbdfi1_31bf3856ad364e35_6.1.7600.16385_none_b8ccec90e4af243d
19/2/2020 - 19:46:56.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..nal-keyboard-kbdfi1_31bf3856ad364e35_6.1.7600.16385_none_b8ccec90e4af243d
19/2/2020 - 19:46:56.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..nal-nlsdownleveldll_31bf3856ad364e35_6.1.7600.16385_none_649df50371b42c21
19/2/2020 - 19:46:56.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..nal-nlsdownleveldll_31bf3856ad364e35_6.1.7600.16385_none_649df50371b42c21
19/2/2020 - 19:46:56.559Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:56.700Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:56.747Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:56.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..nese-domainlexicons_31bf3856ad364e35_6.1.7600.16385_none_4475ba47a78dc96f
19/2/2020 - 19:46:56.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..nese-domainlexicons_31bf3856ad364e35_6.1.7600.16385_none_4475ba47a78dc96f
19/2/2020 - 19:46:56.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ngsupport.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_1ab6abe5fd784ecd
19/2/2020 - 19:46:56.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ngsupport.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_1ab6abe5fd784ecd
19/2/2020 - 19:46:56.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18349_none_719d76a266dcecc9
19/2/2020 - 19:46:56.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18349_none_719d76a266dcecc9
19/2/2020 - 19:46:56.887Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:56.981Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:57.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-10005_31bf3856ad364e35_6.1.7600.16385_none_7ff7ea6ee276797f
19/2/2020 - 19:46:57.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-10005_31bf3856ad364e35_6.1.7600.16385_none_7ff7ea6ee276797f
19/2/2020 - 19:46:57.122Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:57.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-10017_31bf3856ad364e35_6.1.7600.16385_none_8053d1c4e23db5e8
19/2/2020 - 19:46:57.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-10017_31bf3856ad364e35_6.1.7600.16385_none_8053d1c4e23db5e8
19/2/2020 - 19:46:57.262Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:57.403Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:57.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20004_31bf3856ad364e35_6.1.7600.16385_none_ad6d8f4f005e3ddd
19/2/2020 - 19:46:57.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20004_31bf3856ad364e35_6.1.7600.16385_none_ad6d8f4f005e3ddd
19/2/2020 - 19:46:57.497Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:57.637Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:57.684Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:57.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20280_31bf3856ad364e35_6.1.7600.16385_none_b124dadefdf62593
19/2/2020 - 19:46:57.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20280_31bf3856ad364e35_6.1.7600.16385_none_b124dadefdf62593
19/2/2020 - 19:46:57.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20284_31bf3856ad364e35_6.1.7600.16385_none_b0f99b2efe169557
19/2/2020 - 19:46:57.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20284_31bf3856ad364e35_6.1.7600.16385_none_b0f99b2efe169557
19/2/2020 - 19:46:57.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20420_31bf3856ad364e35_6.1.7600.16385_none_ae7b823affac3dab
19/2/2020 - 19:46:57.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20420_31bf3856ad364e35_6.1.7600.16385_none_ae7b823affac3dab
19/2/2020 - 19:46:57.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20423_31bf3856ad364e35_6.1.7600.16385_none_ae5b1276ffc4917e
19/2/2020 - 19:46:57.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20423_31bf3856ad364e35_6.1.7600.16385_none_ae5b1276ffc4917e
19/2/2020 - 19:46:57.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20838_31bf3856ad364e35_6.1.7600.16385_none_ae962ee8ffa4883e
19/2/2020 - 19:46:57.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20838_31bf3856ad364e35_6.1.7600.16385_none_ae962ee8ffa4883e
19/2/2020 - 19:46:57.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20871_31bf3856ad364e35_6.1.7600.16385_none_b0a7fb14fe47d6c3
19/2/2020 - 19:46:57.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-20871_31bf3856ad364e35_6.1.7600.16385_none_b0a7fb14fe47d6c3
19/2/2020 - 19:46:57.825Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:57.965Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:58.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-21025_31bf3856ad364e35_6.1.7600.16385_none_ae46ce08ffd37c33
19/2/2020 - 19:46:58.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-21025_31bf3856ad364e35_6.1.7600.16385_none_ae46ce08ffd37c33
19/2/2020 - 19:46:58.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-28594_31bf3856ad364e35_6.1.7600.16385_none_b172e054fdc6b179
19/2/2020 - 19:46:58.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-28594_31bf3856ad364e35_6.1.7600.16385_none_b172e054fdc6b179
19/2/2020 - 19:46:58.59Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:58.200Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:58.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-28603_31bf3856ad364e35_6.1.7600.16385_none_ad7fd8db004f866a
19/2/2020 - 19:46:58.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-codepage-28603_31bf3856ad364e35_6.1.7600.16385_none_ad7fd8db004f866a
19/2/2020 - 19:46:58.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-keyboard-kbdbr_31bf3856ad364e35_6.1.7600.16385_none_d244d55933a62bb1
19/2/2020 - 19:46:58.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-keyboard-kbdbr_31bf3856ad364e35_6.1.7600.16385_none_d244d55933a62bb1
19/2/2020 - 19:46:58.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-keyboard-kbdsf_31bf3856ad364e35_6.1.7601.17514_none_dc81a23f2b5aacf6
19/2/2020 - 19:46:58.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..onal-keyboard-kbdsf_31bf3856ad364e35_6.1.7601.17514_none_dc81a23f2b5aacf6
19/2/2020 - 19:46:58.340Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:58.481Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:58.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.18349_pt-br_6efa416e668a8653
19/2/2020 - 19:46:58.528Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.18349_pt-br_6efa416e668a8653
19/2/2020 - 19:46:58.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..panese_ax2_keyboard_31bf3856ad364e35_6.1.7600.16385_none_189c9fd7e5b2f2f9
19/2/2020 - 19:46:58.528Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..panese_ax2_keyboard_31bf3856ad364e35_6.1.7600.16385_none_189c9fd7e5b2f2f9
19/2/2020 - 19:46:58.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..panese_dec_lk411-aj_31bf3856ad364e35_6.1.7601.17514_none_afe5eac6921f1c8c
19/2/2020 - 19:46:58.528Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..panese_dec_lk411-aj_31bf3856ad364e35_6.1.7601.17514_none_afe5eac6921f1c8c
19/2/2020 - 19:46:58.575Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:58.622Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:58.762Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:58.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ptdebugui.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_6a3528a597ac2fc5
19/2/2020 - 19:46:58.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..ptdebugui.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_6a3528a597ac2fc5
19/2/2020 - 19:46:58.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..rendering.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_f0dbb519852f553a
19/2/2020 - 19:46:58.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..rendering.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_f0dbb519852f553a
19/2/2020 - 19:46:58.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..rendering.resources_31bf3856ad364e35_11.2.9600.17691_en-us_ef31822118848a9e
19/2/2020 - 19:46:58.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..rendering.resources_31bf3856ad364e35_11.2.9600.17691_en-us_ef31822118848a9e
19/2/2020 - 19:46:58.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..rendering.resources_31bf3856ad364e35_11.2.9600.18349_pt-br_f0e8729d85257fe6
19/2/2020 - 19:46:58.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..rendering.resources_31bf3856ad364e35_11.2.9600.18349_pt-br_f0e8729d85257fe6
19/2/2020 - 19:46:58.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..resources.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_1f6079f7995b15b7
19/2/2020 - 19:46:58.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..resources.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_1f6079f7995b15b7
19/2/2020 - 19:46:58.903Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:58.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..riptedsandboxplugin_31bf3856ad364e35_11.2.9600.18349_none_3e3fae3b8061e2c9
19/2/2020 - 19:46:58.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..riptedsandboxplugin_31bf3856ad364e35_11.2.9600.18349_none_3e3fae3b8061e2c9
19/2/2020 - 19:46:58.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..rityzones.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_5275fb32633b978f
19/2/2020 - 19:46:58.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..rityzones.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_5275fb32633b978f
19/2/2020 - 19:46:59.43Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:59.137Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:59.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..rofilerui.resources_31bf3856ad364e35_11.2.9600.16428_en-us_2c22db3e194aa92a
19/2/2020 - 19:46:59.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..rofilerui.resources_31bf3856ad364e35_11.2.9600.16428_en-us_2c22db3e194aa92a
19/2/2020 - 19:46:59.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..rolviewer.resources_31bf3856ad364e35_11.2.9600.16428_en-us_84cb2bf2d1ac2be2
19/2/2020 - 19:46:59.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..rolviewer.resources_31bf3856ad364e35_11.2.9600.16428_en-us_84cb2bf2d1ac2be2
19/2/2020 - 19:46:59.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..rolviewer.resources_31bf3856ad364e35_11.2.9600.18349_pt-br_86741ffb3e56542d
19/2/2020 - 19:46:59.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..rolviewer.resources_31bf3856ad364e35_11.2.9600.18349_pt-br_86741ffb3e56542d
19/2/2020 - 19:46:59.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..rolviewer.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_1abf8847ba04f6ff
19/2/2020 - 19:46:59.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..rolviewer.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_1abf8847ba04f6ff
19/2/2020 - 19:46:59.278Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:59.418Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:59.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..sideincludebinaries_31bf3856ad364e35_6.1.7601.17514_none_5a6241db48f1e9ee
19/2/2020 - 19:46:59.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..sideincludebinaries_31bf3856ad364e35_6.1.7601.17514_none_5a6241db48f1e9ee
19/2/2020 - 19:46:59.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tbranding.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_da3202fa89023ed5
19/2/2020 - 19:46:59.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tbranding.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_da3202fa89023ed5
19/2/2020 - 19:46:59.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tbranding.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_6e8a28cb04a70c53
19/2/2020 - 19:46:59.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tbranding.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_6e8a28cb04a70c53
19/2/2020 - 19:46:59.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_b5d7e279522c6327
19/2/2020 - 19:46:59.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_b5d7e279522c6327
19/2/2020 - 19:46:59.559Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:59.606Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:59.653Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:59.700Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:59.793Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:46:59.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..timezones.resources_31bf3856ad364e35_6.1.7601.23418_pt-br_e3c4fa951e344b9a
19/2/2020 - 19:46:59.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..timezones.resources_31bf3856ad364e35_6.1.7601.23418_pt-br_e3c4fa951e344b9a
19/2/2020 - 19:46:59.934Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:0.75Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:0.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-866_31bf3856ad364e35_6.1.7600.16385_none_2adda600b4e25a37
19/2/2020 - 19:47:0.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-866_31bf3856ad364e35_6.1.7600.16385_none_2adda600b4e25a37
19/2/2020 - 19:47:0.215Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:0.309Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:0.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-870_31bf3856ad364e35_6.1.7600.16385_none_2adf2efab4e0d9c8
19/2/2020 - 19:47:0.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-870_31bf3856ad364e35_6.1.7600.16385_none_2adf2efab4e0d9c8
19/2/2020 - 19:47:0.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-932_31bf3856ad364e35_6.1.7600.16385_none_2ad03056b4ecc39f
19/2/2020 - 19:47:0.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-932_31bf3856ad364e35_6.1.7600.16385_none_2ad03056b4ecc39f
19/2/2020 - 19:47:0.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-936_31bf3856ad364e35_6.1.7600.16385_none_2acfd536b4ed2a23
19/2/2020 - 19:47:0.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-936_31bf3856ad364e35_6.1.7600.16385_none_2acfd536b4ed2a23
19/2/2020 - 19:47:0.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-949_31bf3856ad364e35_6.1.7600.16385_none_2ad09128b4ec905d
19/2/2020 - 19:47:0.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-949_31bf3856ad364e35_6.1.7600.16385_none_2ad09128b4ec905d
19/2/2020 - 19:47:0.450Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:0.590Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:0.637Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:0.778Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:0.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-icm-ui_31bf3856ad364e35_6.1.7600.16385_none_964da911ba806d45
19/2/2020 - 19:47:0.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-icm-ui_31bf3856ad364e35_6.1.7600.16385_none_964da911ba806d45
19/2/2020 - 19:47:0.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iconcodecservice_31bf3856ad364e35_6.1.7600.16385_none_832d9574a3c54749
19/2/2020 - 19:47:0.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iconcodecservice_31bf3856ad364e35_6.1.7600.16385_none_832d9574a3c54749
19/2/2020 - 19:47:0.918Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:1.59Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:1.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_11.2.9600.17691_none_dddb2cf180d5f0e2
19/2/2020 - 19:47:1.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_11.2.9600.17691_none_dddb2cf180d5f0e2
19/2/2020 - 19:47:1.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-behaviors.resources_31bf3856ad364e35_11.2.9600.16428_en-us_09ce26d2c0c6976f
19/2/2020 - 19:47:1.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-behaviors.resources_31bf3856ad364e35_11.2.9600.16428_en-us_09ce26d2c0c6976f
19/2/2020 - 19:47:1.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.7601.17514_none_b5a3d1557faf5d06
19/2/2020 - 19:47:1.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.7601.17514_none_b5a3d1557faf5d06
19/2/2020 - 19:47:1.200Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:1.340Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:1.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-controls.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_26348748b54a306f
19/2/2020 - 19:47:1.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-controls.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_26348748b54a306f
19/2/2020 - 19:47:1.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-controls_31bf3856ad364e35_8.0.7601.17514_none_42c1a490dd943b8b
19/2/2020 - 19:47:1.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-controls_31bf3856ad364e35_8.0.7601.17514_none_42c1a490dd943b8b
19/2/2020 - 19:47:1.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-d3dcompiler_31bf3856ad364e35_11.2.9600.16428_none_51f4026ee5cb0d17
19/2/2020 - 19:47:1.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-d3dcompiler_31bf3856ad364e35_11.2.9600.16428_none_51f4026ee5cb0d17
19/2/2020 - 19:47:1.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-devtools_31bf3856ad364e35_11.2.9600.17691_none_1dee236a54edc2d0
19/2/2020 - 19:47:1.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-devtools_31bf3856ad364e35_11.2.9600.17691_none_1dee236a54edc2d0
19/2/2020 - 19:47:1.481Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:1.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_11.2.9600.17691_none_7a0f65a996bb7710
19/2/2020 - 19:47:1.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_11.2.9600.17691_none_7a0f65a996bb7710
19/2/2020 - 19:47:1.622Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:1.762Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:1.809Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:1.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-f12tools.resources_31bf3856ad364e35_11.2.9600.18349_pt-br_8ea8ed4236a9730d
19/2/2020 - 19:47:1.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-f12tools.resources_31bf3856ad364e35_11.2.9600.18349_pt-br_8ea8ed4236a9730d
19/2/2020 - 19:47:1.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-f12tools_31bf3856ad364e35_11.2.9600.17691_none_6b895562a6385bde
19/2/2020 - 19:47:1.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-f12tools_31bf3856ad364e35_11.2.9600.17691_none_6b895562a6385bde
19/2/2020 - 19:47:1.981Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:2.122Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:2.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-feedsbs.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_c0c55dfed59d599b
19/2/2020 - 19:47:2.215Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-feedsbs.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_c0c55dfed59d599b
19/2/2020 - 19:47:2.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-feedsbs.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_c0c55dfed59d599b
19/2/2020 - 19:47:2.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-gc-registeriepkeys_31bf3856ad364e35_11.2.9600.16428_none_0a3fe92b38dd8c45
19/2/2020 - 19:47:2.262Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-gc-registeriepkeys_31bf3856ad364e35_11.2.9600.16428_none_0a3fe92b38dd8c45
19/2/2020 - 19:47:2.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-gc-registeriepkeys_31bf3856ad364e35_11.2.9600.16428_none_0a3fe92b38dd8c45\RegisterIEPKEYs.exe
19/2/2020 - 19:47:2.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-gc-registeriepkeys_31bf3856ad364e35_11.2.9600.16428_none_0a3fe92b38dd8c45\RegisterIEPKEYs.exeRegisterIEPKEYs.exe
19/2/2020 - 19:47:2.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-gc-registeriepkeys_31bf3856ad364e35_11.2.9600.16428_none_0a3fe92b38dd8c45\RegisterIEPKEYs.exe
19/2/2020 - 19:47:2.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-gc-registeriepkeys_31bf3856ad364e35_11.2.9600.16428_none_0a3fe92b38dd8c45\RegisterIEPKEYs.exe
19/2/2020 - 19:47:2.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-gc-registeriepkeys_31bf3856ad364e35_11.2.9600.16428_none_0a3fe92b38dd8c45\RegisterIEPKEYs.exe
19/2/2020 - 19:47:2.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-gc-registeriepkeys_31bf3856ad364e35_11.2.9600.16428_none_0a3fe92b38dd8c45
19/2/2020 - 19:47:2.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_11.2.9600.16428_none_d5c4998ecf34cde7
19/2/2020 - 19:47:2.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_11.2.9600.16428_none_d5c4998ecf34cde7
19/2/2020 - 19:47:2.403Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:2.543Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:2.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-htmlediting_31bf3856ad364e35_11.2.9600.18349_none_2a8cb9f958692146
19/2/2020 - 19:47:2.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-htmlediting_31bf3856ad364e35_11.2.9600.18349_none_2a8cb9f958692146
19/2/2020 - 19:47:2.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-htmlediting_31bf3856ad364e35_8.0.7601.17514_none_c109360dd10647b2
19/2/2020 - 19:47:2.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-htmlediting_31bf3856ad364e35_8.0.7601.17514_none_c109360dd10647b2
19/2/2020 - 19:47:2.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-ieadvpack_31bf3856ad364e35_11.2.9600.16428_none_b1495d82e39ccc79
19/2/2020 - 19:47:2.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-ieadvpack_31bf3856ad364e35_11.2.9600.16428_none_b1495d82e39ccc79
19/2/2020 - 19:47:2.637Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:2.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-ieproxy_31bf3856ad364e35_11.2.9600.17691_none_7277faf95fa8010e
19/2/2020 - 19:47:2.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-ieproxy_31bf3856ad364e35_11.2.9600.17691_none_7277faf95fa8010e
19/2/2020 - 19:47:2.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-ieshims_31bf3856ad364e35_11.2.9600.17691_none_29d6468faf50677c
19/2/2020 - 19:47:2.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-ieshims_31bf3856ad364e35_11.2.9600.17691_none_29d6468faf50677c
19/2/2020 - 19:47:2.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.7601.17514_none_c06d7c9c27da8591
19/2/2020 - 19:47:2.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.7601.17514_none_c06d7c9c27da8591
19/2/2020 - 19:47:2.778Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:2.918Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:2.965Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:3.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-infocard.resources_31bf3856ad364e35_11.2.9600.16428_en-us_5dfdcb89ba2b945a
19/2/2020 - 19:47:3.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-infocard.resources_31bf3856ad364e35_11.2.9600.16428_en-us_5dfdcb89ba2b945a
19/2/2020 - 19:47:3.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-infocard.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_5f9a020e26df91f9
19/2/2020 - 19:47:3.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-infocard.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_5f9a020e26df91f9
19/2/2020 - 19:47:3.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-infocard.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_f3f227dea2845f77
19/2/2020 - 19:47:3.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-infocard.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_f3f227dea2845f77
19/2/2020 - 19:47:3.106Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:3.247Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:3.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_11.2.9600.16428_none_9cc361ebe2b36e75
19/2/2020 - 19:47:3.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_11.2.9600.16428_none_9cc361ebe2b36e75
19/2/2020 - 19:47:3.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-jsprofilercore_31bf3856ad364e35_11.2.9600.16428_none_ecfeaf7d466d6c9c
19/2/2020 - 19:47:3.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-jsprofilercore_31bf3856ad364e35_11.2.9600.16428_none_ecfeaf7d466d6c9c
19/2/2020 - 19:47:3.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-jsprofilerui_31bf3856ad364e35_8.0.7601.17514_none_6bdf464e5bd47a4b
19/2/2020 - 19:47:3.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-jsprofilerui_31bf3856ad364e35_8.0.7601.17514_none_6bdf464e5bd47a4b
19/2/2020 - 19:47:3.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-mshtmldac_31bf3856ad364e35_11.2.9600.18349_none_baa1732e0c2228ba
19/2/2020 - 19:47:3.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-mshtmldac_31bf3856ad364e35_11.2.9600.18349_none_baa1732e0c2228ba
19/2/2020 - 19:47:3.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-networkinspection_31bf3856ad364e35_11.2.9600.17691_none_5745a10369180656
19/2/2020 - 19:47:3.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-networkinspection_31bf3856ad364e35_11.2.9600.17691_none_5745a10369180656
19/2/2020 - 19:47:3.387Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:3.528Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:3.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-ratings_31bf3856ad364e35_11.2.9600.17691_none_a9db54ee71d29f70
19/2/2020 - 19:47:3.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-ratings_31bf3856ad364e35_11.2.9600.17691_none_a9db54ee71d29f70
19/2/2020 - 19:47:3.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-ratings_31bf3856ad364e35_11.2.9600.18349_none_a9f60ee671bf9719
19/2/2020 - 19:47:3.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-ratings_31bf3856ad364e35_11.2.9600.18349_none_a9f60ee671bf9719
19/2/2020 - 19:47:3.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.17691_none_29ecc0f3a19b94ec
19/2/2020 - 19:47:3.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.17691_none_29ecc0f3a19b94ec
19/2/2020 - 19:47:3.668Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:3.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.18349_none_2a077aeba1888c95
19/2/2020 - 19:47:3.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.18349_none_2a077aeba1888c95
19/2/2020 - 19:47:3.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-setup-support_31bf3856ad364e35_11.2.9600.18349_none_a83485b6737da5c0
19/2/2020 - 19:47:3.809Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-setup-support_31bf3856ad364e35_11.2.9600.18349_none_a83485b6737da5c0
19/2/2020 - 19:47:3.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-setup-support_31bf3856ad364e35_11.2.9600.18349_none_a83485b6737da5c0\ie4uinit.exe
19/2/2020 - 19:47:3.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-setup-support_31bf3856ad364e35_11.2.9600.18349_none_a83485b6737da5c0\ie4uinit.exe
19/2/2020 - 19:47:3.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-setup-support_31bf3856ad364e35_11.2.9600.18349_none_a83485b6737da5c0\ie4uinit.exe
19/2/2020 - 19:47:3.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-setup-support_31bf3856ad364e35_11.2.9600.18349_none_a83485b6737da5c0\ie4uinit.exe
19/2/2020 - 19:47:3.856Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-setup-support_31bf3856ad364e35_11.2.9600.18349_none_a83485b6737da5c0
19/2/2020 - 19:47:3.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-setup_31bf3856ad364e35_11.2.9600.18349_none_7ba32c385ccca990
19/2/2020 - 19:47:3.856Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-setup_31bf3856ad364e35_11.2.9600.18349_none_7ba32c385ccca990
19/2/2020 - 19:47:3.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-sysprep_31bf3856ad364e35_11.2.9600.16428_none_fde92cdecf0ab7d9
19/2/2020 - 19:47:3.856Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-sysprep_31bf3856ad364e35_11.2.9600.16428_none_fde92cdecf0ab7d9
19/2/2020 - 19:47:3.856Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:3.997Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:4.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-timeline_is_31bf3856ad364e35_11.2.9600.18349_none_5c39d59bde91689d
19/2/2020 - 19:47:4.90Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-timeline_is_31bf3856ad364e35_11.2.9600.18349_none_5c39d59bde91689d
19/2/2020 - 19:47:4.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ie-timeline_is_31bf3856ad364e35_11.2.9600.18349_none_5c39d59bde91689d
19/2/2020 - 19:47:4.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iebrowsewebdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_829f3aa88408cea0
19/2/2020 - 19:47:4.137Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iebrowsewebdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_829f3aa88408cea0
19/2/2020 - 19:47:4.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iebrowsewebdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_829f3aa88408cea0
19/2/2020 - 19:47:4.231Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:4.278Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:4.418Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:4.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ieinstal.resources_31bf3856ad364e35_11.2.9600.16428_en-us_38539d441ff8acc2
19/2/2020 - 19:47:4.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ieinstal.resources_31bf3856ad364e35_11.2.9600.16428_en-us_38539d441ff8acc2
19/2/2020 - 19:47:4.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ieinstal.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_39efd3c88cacaa61
19/2/2020 - 19:47:4.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ieinstal.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_39efd3c88cacaa61
19/2/2020 - 19:47:4.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ieinstal.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_ce47f999085177df
19/2/2020 - 19:47:4.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ieinstal.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_ce47f999085177df
19/2/2020 - 19:47:4.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ieinstal_31bf3856ad364e35_11.2.9600.17691_none_cae4efb8a6b9c22a
19/2/2020 - 19:47:4.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ieinstal_31bf3856ad364e35_11.2.9600.17691_none_cae4efb8a6b9c22a
19/2/2020 - 19:47:4.559Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:4.700Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:4.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-adm_31bf3856ad364e35_6.1.7600.16385_none_b46176ef7b537beb
19/2/2020 - 19:47:4.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-adm_31bf3856ad364e35_6.1.7600.16385_none_b46176ef7b537beb
19/2/2020 - 19:47:4.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-cgibinaries_31bf3856ad364e35_6.1.7601.17514_none_12faf47f39b5895f
19/2/2020 - 19:47:4.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-cgibinaries_31bf3856ad364e35_6.1.7601.17514_none_12faf47f39b5895f
19/2/2020 - 19:47:4.840Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:4.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-logginglibraries_31bf3856ad364e35_6.1.7600.16385_none_73256757e3ceb46d
19/2/2020 - 19:47:4.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-logginglibraries_31bf3856ad364e35_6.1.7600.16385_none_73256757e3ceb46d
19/2/2020 - 19:47:4.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-netfxextensibility_31bf3856ad364e35_6.1.7601.17514_none_d815217913e520d9
19/2/2020 - 19:47:4.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-netfxextensibility_31bf3856ad364e35_6.1.7601.17514_none_d815217913e520d9
19/2/2020 - 19:47:4.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-powershellprovider_31bf3856ad364e35_6.1.7600.16385_none_f7454d6160c30219
19/2/2020 - 19:47:4.981Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-powershellprovider_31bf3856ad364e35_6.1.7600.16385_none_f7454d6160c30219
19/2/2020 - 19:47:5.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iis-powershellprovider_31bf3856ad364e35_6.1.7600.16385_none_f7454d6160c30219
19/2/2020 - 19:47:5.28Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:5.168Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:5.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ime-korean-cacpad_31bf3856ad364e35_6.1.7600.16385_none_cc7696e39c1e5e60
19/2/2020 - 19:47:5.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ime-korean-cacpad_31bf3856ad364e35_6.1.7600.16385_none_cc7696e39c1e5e60
19/2/2020 - 19:47:5.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ime-korean-commonapi_31bf3856ad364e35_6.1.7600.16385_none_358c550764e1d433
19/2/2020 - 19:47:5.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ime-korean-commonapi_31bf3856ad364e35_6.1.7600.16385_none_358c550764e1d433
19/2/2020 - 19:47:5.309Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:5.450Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:5.497Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:5.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_b84b0fbd941c03a9
19/2/2020 - 19:47:5.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_b84b0fbd941c03a9
19/2/2020 - 19:47:5.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-inetres-adm.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_53912c0eff3e37e5
19/2/2020 - 19:47:5.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-inetres-adm.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_53912c0eff3e37e5
19/2/2020 - 19:47:5.637Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:5.778Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:5.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7601.18896_none_a752ea599cf89032
19/2/2020 - 19:47:5.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7601.18896_none_a752ea599cf89032
19/2/2020 - 19:47:5.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7601.23099_none_a7df6024b613af43
19/2/2020 - 19:47:5.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7601.23099_none_a7df6024b613af43
19/2/2020 - 19:47:5.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-installer-handler_31bf3856ad364e35_6.1.7601.18896_none_3cabfea962ae3b12
19/2/2020 - 19:47:5.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-installer-handler_31bf3856ad364e35_6.1.7601.18896_none_3cabfea962ae3b12
19/2/2020 - 19:47:5.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-installer-handler_31bf3856ad364e35_6.1.7601.23099_none_3d3874747bc95a23
19/2/2020 - 19:47:5.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-installer-handler_31bf3856ad364e35_6.1.7601.23099_none_3d3874747bc95a23
19/2/2020 - 19:47:5.918Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:6.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-installer-liteconfig_31bf3856ad364e35_6.1.7600.16385_none_df7f4199aa49cef2
19/2/2020 - 19:47:6.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-installer-liteconfig_31bf3856ad364e35_6.1.7600.16385_none_df7f4199aa49cef2
19/2/2020 - 19:47:6.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-installer-sip_31bf3856ad364e35_6.1.7600.16385_none_8f24baa231f55486
19/2/2020 - 19:47:6.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-installer-sip_31bf3856ad364e35_6.1.7600.16385_none_8f24baa231f55486
19/2/2020 - 19:47:6.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-international-els-core_31bf3856ad364e35_6.1.7600.16385_none_e40beedb4e38dfc4
19/2/2020 - 19:47:6.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-international-els-core_31bf3856ad364e35_6.1.7600.16385_none_e40beedb4e38dfc4
19/2/2020 - 19:47:6.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iologgingdll.resources_31bf3856ad364e35_6.1.7601.18386_pt-br_5483a0e25d1cc098
19/2/2020 - 19:47:6.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iologgingdll.resources_31bf3856ad364e35_6.1.7601.18386_pt-br_5483a0e25d1cc098
19/2/2020 - 19:47:6.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iologgingdll_31bf3856ad364e35_6.1.7600.16385_none_12d2f7d41617efd8
19/2/2020 - 19:47:6.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-iologgingdll_31bf3856ad364e35_6.1.7600.16385_none_12d2f7d41617efd8
19/2/2020 - 19:47:6.59Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:6.200Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:6.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ipnat.resources_31bf3856ad364e35_6.1.7600.16385_en-us_403d5e98a5c3edc2
19/2/2020 - 19:47:6.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ipnat.resources_31bf3856ad364e35_6.1.7600.16385_en-us_403d5e98a5c3edc2
19/2/2020 - 19:47:6.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ipnat_31bf3856ad364e35_6.1.7600.16385_none_b70d093f950ce2cf
19/2/2020 - 19:47:6.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ipnat_31bf3856ad364e35_6.1.7600.16385_none_b70d093f950ce2cf
19/2/2020 - 19:47:6.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-irda-sys_31bf3856ad364e35_6.1.7600.16385_none_a82ec3c4b06e94ef
19/2/2020 - 19:47:6.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-irda-sys_31bf3856ad364e35_6.1.7600.16385_none_a82ec3c4b06e94ef
19/2/2020 - 19:47:6.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-irdacoreprotocol_31bf3856ad364e35_6.1.7601.17514_none_462a9e44e01787f2
19/2/2020 - 19:47:6.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-irdacoreprotocol_31bf3856ad364e35_6.1.7601.17514_none_462a9e44e01787f2
19/2/2020 - 19:47:6.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-irftp_31bf3856ad364e35_6.1.7600.16385_none_b2af329397f29f60
19/2/2020 - 19:47:6.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-irftp_31bf3856ad364e35_6.1.7600.16385_none_b2af329397f29f60
19/2/2020 - 19:47:6.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-irprops_31bf3856ad364e35_6.1.7600.16385_none_fd9849018af02144
19/2/2020 - 19:47:6.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-irprops_31bf3856ad364e35_6.1.7600.16385_none_fd9849018af02144
19/2/2020 - 19:47:6.340Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:6.481Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:6.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-js-debuggeride_31bf3856ad364e35_8.0.7600.16385_none_b1a7703a8f67d693
19/2/2020 - 19:47:6.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-js-debuggeride_31bf3856ad364e35_8.0.7600.16385_none_b1a7703a8f67d693
19/2/2020 - 19:47:6.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-k..container.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_12b2cf0ebb9eec54
19/2/2020 - 19:47:6.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-k..container.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_12b2cf0ebb9eec54
19/2/2020 - 19:47:6.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-k..er-events-container_31bf3856ad364e35_6.1.7600.16385_none_27f8f387ab3ef424
19/2/2020 - 19:47:6.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-k..er-events-container_31bf3856ad364e35_6.1.7600.16385_none_27f8f387ab3ef424
19/2/2020 - 19:47:6.622Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:6.668Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:6.809Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:6.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernel32.resources_31bf3856ad364e35_6.1.7601.22177_pt-br_9d289d4cc1e3bcca
19/2/2020 - 19:47:6.856Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernel32.resources_31bf3856ad364e35_6.1.7601.22177_pt-br_9d289d4cc1e3bcca
19/2/2020 - 19:47:6.950Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:7.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23126_none_f2648115860f42d7
19/2/2020 - 19:47:7.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23126_none_f2648115860f42d7
19/2/2020 - 19:47:7.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23136_none_f259b12986175ec8
19/2/2020 - 19:47:7.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23136_none_f259b12986175ec8
19/2/2020 - 19:47:7.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23392_none_f214d445864b9b60
19/2/2020 - 19:47:7.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23392_none_f214d445864b9b60
19/2/2020 - 19:47:7.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernelbase.resources_31bf3856ad364e35_6.1.7601.18015_pt-br_d7dfd6a739daf7aa
19/2/2020 - 19:47:7.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernelbase.resources_31bf3856ad364e35_6.1.7601.18015_pt-br_d7dfd6a739daf7aa
19/2/2020 - 19:47:7.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.17514_none_85287dc2cb339adb
19/2/2020 - 19:47:7.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.17514_none_85287dc2cb339adb
19/2/2020 - 19:47:7.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.18409_none_85383672cb271a17
19/2/2020 - 19:47:7.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.18409_none_85383672cb271a17
19/2/2020 - 19:47:7.90Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:7.231Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:7.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.23136_none_859e443be45fe6b4
19/2/2020 - 19:47:7.325Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7601.23136_none_859e443be45fe6b4
19/2/2020 - 19:47:7.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernelstreaming_31bf3856ad364e35_6.1.7601.17514_none_b5a6c7c6ac83a58e
19/2/2020 - 19:47:7.325Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-kernelstreaming_31bf3856ad364e35_6.1.7601.17514_none_b5a6c7c6ac83a58e
19/2/2020 - 19:47:7.372Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:7.512Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:7.653Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:7.747Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:7.793Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:7.840Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:8.12Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:8.153Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:8.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..fessional.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8545a59b2ad2cd21
19/2/2020 - 19:47:8.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..fessional.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8545a59b2ad2cd21
19/2/2020 - 19:47:8.293Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:8.387Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:8.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..omebasice.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a6176ac4dbade69b
19/2/2020 - 19:47:8.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..omebasice.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a6176ac4dbade69b
19/2/2020 - 19:47:8.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..omebasicn.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_72fe95cd28e97a91
19/2/2020 - 19:47:8.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..omebasicn.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_72fe95cd28e97a91
19/2/2020 - 19:47:8.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..overy-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6dd9ee918376d70a
19/2/2020 - 19:47:8.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..overy-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6dd9ee918376d70a
19/2/2020 - 19:47:8.528Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:8.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..pologydiscovery-adm_31bf3856ad364e35_6.1.7600.16385_none_e774dcd7484c8452
19/2/2020 - 19:47:8.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..pologydiscovery-adm_31bf3856ad364e35_6.1.7600.16385_none_e774dcd7484c8452
19/2/2020 - 19:47:8.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..terprisen.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9c264012c6baf196
19/2/2020 - 19:47:8.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..terprisen.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9c264012c6baf196
19/2/2020 - 19:47:8.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..ultimatee.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_be4c5dfb4213dffc
19/2/2020 - 19:47:8.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..ultimatee.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_be4c5dfb4213dffc
19/2/2020 - 19:47:8.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..ultimatee.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_db73baca21909d1d
19/2/2020 - 19:47:8.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..ultimatee.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_db73baca21909d1d
19/2/2020 - 19:47:8.668Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:8.809Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:8.856Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:8.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..ultimaten.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5fb6ead07af81ca2
19/2/2020 - 19:47:8.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-l..ultimaten.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5fb6ead07af81ca2
19/2/2020 - 19:47:8.997Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:9.137Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:9.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lddmcore.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f6fa3ea22fbb772e
19/2/2020 - 19:47:9.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lddmcore.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f6fa3ea22fbb772e
19/2/2020 - 19:47:9.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lddmcore_31bf3856ad364e35_6.1.7601.23418_none_0a7c0aa513468dd7
19/2/2020 - 19:47:9.231Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lddmcore_31bf3856ad364e35_6.1.7601.23418_none_0a7c0aa513468dd7
19/2/2020 - 19:47:9.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lddmcore_31bf3856ad364e35_6.1.7601.23418_none_0a7c0aa513468dd7
19/2/2020 - 19:47:9.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-legacyhwui_31bf3856ad364e35_6.1.7600.16385_none_3e69140a61f1eff5
19/2/2020 - 19:47:9.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-legacyhwui_31bf3856ad364e35_6.1.7600.16385_none_3e69140a61f1eff5
19/2/2020 - 19:47:9.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_945a23c3bf051859
19/2/2020 - 19:47:9.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_945a23c3bf051859
19/2/2020 - 19:47:9.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-live-services_31bf3856ad364e35_6.1.7600.16385_none_31a075c6a5802364
19/2/2020 - 19:47:9.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-live-services_31bf3856ad364e35_6.1.7600.16385_none_31a075c6a5802364
19/2/2020 - 19:47:9.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lmhsvc.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_424589de9206f986
19/2/2020 - 19:47:9.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lmhsvc.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_424589de9206f986
19/2/2020 - 19:47:9.325Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:9.465Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:9.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa-license_31bf3856ad364e35_6.1.7600.16385_none_fd5fdc812da09ddb
19/2/2020 - 19:47:9.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa-license_31bf3856ad364e35_6.1.7600.16385_none_fd5fdc812da09ddb
19/2/2020 - 19:47:9.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c353202412a1eaf7
19/2/2020 - 19:47:9.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c353202412a1eaf7
19/2/2020 - 19:47:9.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_hu-hu_ad46734ee9fac21a
19/2/2020 - 19:47:9.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_hu-hu_ad46734ee9fac21a
19/2/2020 - 19:47:9.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4ffde94ddcccd87c
19/2/2020 - 19:47:9.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4ffde94ddcccd87c
19/2/2020 - 19:47:9.559Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:9.700Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:9.840Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:9.887Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:10.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.18741_pt-br_e6468ca71a09fac4
19/2/2020 - 19:47:10.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.18741_pt-br_e6468ca71a09fac4
19/2/2020 - 19:47:10.28Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:10.168Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:10.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.22807_pt-br_e7016ade3301c2d4
19/2/2020 - 19:47:10.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.22807_pt-br_e7016ade3301c2d4
19/2/2020 - 19:47:10.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.22814_pt-br_e6f39a14330c92c0
19/2/2020 - 19:47:10.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.22814_pt-br_e6f39a14330c92c0
19/2/2020 - 19:47:10.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.23136_pt-br_e6dfd6be331b2ae0
19/2/2020 - 19:47:10.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.23136_pt-br_e6dfd6be331b2ae0
19/2/2020 - 19:47:10.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.23390_pt-br_e698f946335134ca
19/2/2020 - 19:47:10.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.1.7601.23390_pt-br_e698f946335134ca
19/2/2020 - 19:47:10.309Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:10.450Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:10.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277
19/2/2020 - 19:47:10.543Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277
19/2/2020 - 19:47:10.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
19/2/2020 - 19:47:10.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
19/2/2020 - 19:47:10.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
19/2/2020 - 19:47:10.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
19/2/2020 - 19:47:10.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277
19/2/2020 - 19:47:10.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_044f07757384196d
19/2/2020 - 19:47:10.637Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_044f07757384196d
19/2/2020 - 19:47:10.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_044f07757384196d
19/2/2020 - 19:47:10.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18496_none_041bf8b773a9f127
19/2/2020 - 19:47:10.684Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18496_none_041bf8b773a9f127
19/2/2020 - 19:47:10.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18496_none_041bf8b773a9f127
19/2/2020 - 19:47:10.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18526_none_0467aa1173712ab7
19/2/2020 - 19:47:10.731Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18526_none_0467aa1173712ab7
19/2/2020 - 19:47:10.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18526_none_0467aa1173712ab7
19/2/2020 - 19:47:10.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18923_none_0464b0cb7373d34e
19/2/2020 - 19:47:10.778Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18923_none_0464b0cb7373d34e
19/2/2020 - 19:47:10.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18923_none_0464b0cb7373d34e
19/2/2020 - 19:47:10.918Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:11.59Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:11.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19135_none_045bbb7b737a5256
19/2/2020 - 19:47:11.106Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19135_none_045bbb7b737a5256
19/2/2020 - 19:47:11.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19135_none_045bbb7b737a5256
19/2/2020 - 19:47:11.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22814_none_04fa1a008c887630
19/2/2020 - 19:47:11.153Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22814_none_04fa1a008c887630
19/2/2020 - 19:47:11.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22814_none_04fa1a008c887630
19/2/2020 - 19:47:11.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22923_none_04ee4bb08c9175f1
19/2/2020 - 19:47:11.200Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22923_none_04ee4bb08c9175f1
19/2/2020 - 19:47:11.247Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22923_none_04ee4bb08c9175f1
19/2/2020 - 19:47:11.340Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:11.481Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23392_none_04a179c68ccb4ae8
19/2/2020 - 19:47:11.481Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23392_none_04a179c68ccb4ae8
19/2/2020 - 19:47:11.528Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23392_none_04a179c68ccb4ae8
19/2/2020 - 19:47:11.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-autoplay.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d0beba4d3235c0be
19/2/2020 - 19:47:11.528Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-autoplay.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d0beba4d3235c0be
19/2/2020 - 19:47:11.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-br-links-component_31bf3856ad364e35_6.1.7601.17514_none_fab53445b3fdae8f
19/2/2020 - 19:47:11.528Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-br-links-component_31bf3856ad364e35_6.1.7601.17514_none_fab53445b3fdae8f
19/2/2020 - 19:47:11.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-br-links-component_31bf3856ad364e35_6.1.7601.17514_none_fab53445b3fdae8f
19/2/2020 - 19:47:11.575Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:11.622Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:11.762Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:11.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-driver-thunking-32_31bf3856ad364e35_6.1.7600.16385_none_8043cdd7733b9536
19/2/2020 - 19:47:11.856Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-driver-thunking-32_31bf3856ad364e35_6.1.7600.16385_none_8043cdd7733b9536
19/2/2020 - 19:47:11.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_6.1.7600.16385_none_a044d905576812d4
19/2/2020 - 19:47:11.856Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_6.1.7600.16385_none_a044d905576812d4
19/2/2020 - 19:47:11.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-odbc-installer-dll_31bf3856ad364e35_6.1.7601.17514_none_eb5109e36bd44af6
19/2/2020 - 19:47:11.856Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-odbc-installer-dll_31bf3856ad364e35_6.1.7601.17514_none_eb5109e36bd44af6
19/2/2020 - 19:47:11.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-odbc-installer-dll_31bf3856ad364e35_6.1.7601.17632_none_eb396b5d6be64d51
19/2/2020 - 19:47:11.856Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-odbc-installer-dll_31bf3856ad364e35_6.1.7601.17632_none_eb396b5d6be64d51
19/2/2020 - 19:47:11.856Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:11.997Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:12.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-r-backcompat-tlb28_31bf3856ad364e35_6.1.7600.21227_none_de6b9abdac0702e7
19/2/2020 - 19:47:12.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-r-backcompat-tlb28_31bf3856ad364e35_6.1.7600.21227_none_de6b9abdac0702e7
19/2/2020 - 19:47:12.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-r-backcompat-tlb28_31bf3856ad364e35_6.1.7601.22012_none_e057c63da929d42f
19/2/2020 - 19:47:12.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..-r-backcompat-tlb28_31bf3856ad364e35_6.1.7601.22012_none_e057c63da929d42f
19/2/2020 - 19:47:12.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ac-ado-ddl-security_31bf3856ad364e35_6.1.7601.17514_none_10549c4b57020e7c
19/2/2020 - 19:47:12.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ac-ado-ddl-security_31bf3856ad364e35_6.1.7601.17514_none_10549c4b57020e7c
19/2/2020 - 19:47:12.137Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:12.278Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:12.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..aultlocationpremium_31bf3856ad364e35_6.1.7601.17514_none_bd8dd0d1118eca96
19/2/2020 - 19:47:12.325Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..aultlocationpremium_31bf3856ad364e35_6.1.7601.17514_none_bd8dd0d1118eca96
19/2/2020 - 19:47:12.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..cationnotifications_31bf3856ad364e35_6.1.7600.16385_none_737951ab23cf8ea0
19/2/2020 - 19:47:12.325Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..cationnotifications_31bf3856ad364e35_6.1.7600.16385_none_737951ab23cf8ea0
19/2/2020 - 19:47:12.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..cationnotifications_31bf3856ad364e35_6.1.7600.16385_none_737951ab23cf8ea0
19/2/2020 - 19:47:12.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..cconf-exe.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c6d4f2cc3e867c53
19/2/2020 - 19:47:12.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..cconf-exe.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c6d4f2cc3e867c53
19/2/2020 - 19:47:12.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..cess-control-driver_31bf3856ad364e35_6.1.7600.16385_none_22f4887244c226bd
19/2/2020 - 19:47:12.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..cess-control-driver_31bf3856ad364e35_6.1.7600.16385_none_22f4887244c226bd
19/2/2020 - 19:47:12.418Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:12.559Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:12.606Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:12.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..console-nodemanager_31bf3856ad364e35_6.1.7601.17514_none_de55c2c637a7dc61
19/2/2020 - 19:47:12.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..console-nodemanager_31bf3856ad364e35_6.1.7601.17514_none_de55c2c637a7dc61
19/2/2020 - 19:47:12.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..corruptedfilerepair_31bf3856ad364e35_6.1.7600.16385_none_5cd4e58f34e57306
19/2/2020 - 19:47:12.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..corruptedfilerepair_31bf3856ad364e35_6.1.7600.16385_none_5cd4e58f34e57306
19/2/2020 - 19:47:12.747Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:12.887Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:12.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b796cc1ee0416b13
19/2/2020 - 19:47:12.965Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b796cc1ee0416b13
19/2/2020 - 19:47:13.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b796cc1ee0416b13
19/2/2020 - 19:47:13.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.18812_pt-br_b9c5ce3cdd31cd15
19/2/2020 - 19:47:13.12Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.18812_pt-br_b9c5ce3cdd31cd15
19/2/2020 - 19:47:13.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.18812_pt-br_b9c5ce3cdd31cd15
19/2/2020 - 19:47:13.106Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:13.247Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:13.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.22843_pt-br_ba2ff9a7f666dce2
19/2/2020 - 19:47:13.293Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.22843_pt-br_ba2ff9a7f666dce2
19/2/2020 - 19:47:13.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.22843_pt-br_ba2ff9a7f666dce2
19/2/2020 - 19:47:13.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.22865_pt-br_ba1c5a63f6754772
19/2/2020 - 19:47:13.340Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.22865_pt-br_ba1c5a63f6754772
19/2/2020 - 19:47:13.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.22865_pt-br_ba1c5a63f6754772
19/2/2020 - 19:47:13.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.23017_pt-br_ba54449bf64b1ed4
19/2/2020 - 19:47:13.387Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.23017_pt-br_ba54449bf64b1ed4
19/2/2020 - 19:47:13.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.23017_pt-br_ba54449bf64b1ed4
19/2/2020 - 19:47:13.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.23126_pt-br_ba48764bf6541e95
19/2/2020 - 19:47:13.434Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.23126_pt-br_ba48764bf6541e95
19/2/2020 - 19:47:13.481Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.1.7601.23126_pt-br_ba48764bf6541e95
19/2/2020 - 19:47:13.575Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:13.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..do-backcompat-tlb20_31bf3856ad364e35_6.1.7601.17514_none_493d316208b5513f
19/2/2020 - 19:47:13.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..do-backcompat-tlb20_31bf3856ad364e35_6.1.7601.17514_none_493d316208b5513f
19/2/2020 - 19:47:13.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..do-backcompat-tlb21_31bf3856ad364e35_6.1.7601.22012_none_49b9db8121dd0503
19/2/2020 - 19:47:13.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..do-backcompat-tlb21_31bf3856ad364e35_6.1.7601.22012_none_49b9db8121dd0503
19/2/2020 - 19:47:13.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..do-backcompat-tlb25_31bf3856ad364e35_6.1.7601.22012_none_498e9bd121fd74c7
19/2/2020 - 19:47:13.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..do-backcompat-tlb25_31bf3856ad364e35_6.1.7601.22012_none_498e9bd121fd74c7
19/2/2020 - 19:47:13.715Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:13.809Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:13.856Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:13.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..do-backcompat-tlb28_31bf3856ad364e35_6.1.7601.22012_none_496e2c0d2215c89a
19/2/2020 - 19:47:13.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..do-backcompat-tlb28_31bf3856ad364e35_6.1.7601.22012_none_496e2c0d2215c89a
19/2/2020 - 19:47:13.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..do-backcompat-tlb60_31bf3856ad364e35_6.1.7601.17857_none_4adb14fa07af1699
19/2/2020 - 19:47:13.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..do-backcompat-tlb60_31bf3856ad364e35_6.1.7601.17857_none_4adb14fa07af1699
19/2/2020 - 19:47:13.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..do-backcompat-tlb60_31bf3856ad364e35_6.1.7601.22012_none_4b8ac82520b0fb2e
19/2/2020 - 19:47:13.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..do-backcompat-tlb60_31bf3856ad364e35_6.1.7601.22012_none_4b8ac82520b0fb2e
19/2/2020 - 19:47:13.997Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:14.137Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:14.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ents-mdac-ado15-dll_31bf3856ad364e35_6.1.7601.22012_none_6ade6200a065d2ea
19/2/2020 - 19:47:14.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ents-mdac-ado15-dll_31bf3856ad364e35_6.1.7601.22012_none_6ade6200a065d2ea
19/2/2020 - 19:47:14.278Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:14.372Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:14.512Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:14.653Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:14.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ilerepair.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a06faa45e015ccba
19/2/2020 - 19:47:14.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ilerepair.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a06faa45e015ccba
19/2/2020 - 19:47:14.793Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:14.840Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:14.934Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:15.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..nager-rll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8d6e73ddd9d44bf3
19/2/2020 - 19:47:15.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..nager-rll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8d6e73ddd9d44bf3
19/2/2020 - 19:47:15.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ntmanager.resources_31bf3856ad364e35_6.1.7601.18933_pt-br_9cb8bd6ac2abbe33
19/2/2020 - 19:47:15.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ntmanager.resources_31bf3856ad364e35_6.1.7601.18933_pt-br_9cb8bd6ac2abbe33
19/2/2020 - 19:47:15.75Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:15.215Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:15.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ntrol-rll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5d58a9a9b92f34ae
19/2/2020 - 19:47:15.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ntrol-rll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5d58a9a9b92f34ae
19/2/2020 - 19:47:15.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..oledb-rll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d509f524801c5219
19/2/2020 - 19:47:15.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..oledb-rll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d509f524801c5219
19/2/2020 - 19:47:15.356Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:15.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ow-gadget.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e5fc2c1f3b926222
19/2/2020 - 19:47:15.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ow-gadget.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e5fc2c1f3b926222
19/2/2020 - 19:47:15.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..owfilters.kstvtuner_31bf3856ad364e35_6.1.7601.17514_none_8d3b6ca8a0917ca2
19/2/2020 - 19:47:15.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..owfilters.kstvtuner_31bf3856ad364e35_6.1.7601.17514_none_8d3b6ca8a0917ca2
19/2/2020 - 19:47:15.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_6.1.7600.16385_none_1c92c4d88ce86757
19/2/2020 - 19:47:15.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_6.1.7600.16385_none_1c92c4d88ce86757
19/2/2020 - 19:47:15.450Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:15.590Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:15.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..qlserver-driver-dll_31bf3856ad364e35_6.1.7601.17514_none_c34a8be7153171f2
19/2/2020 - 19:47:15.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..qlserver-driver-dll_31bf3856ad364e35_6.1.7601.17514_none_c34a8be7153171f2
19/2/2020 - 19:47:15.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..r-wmerror.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a626d632765932f3
19/2/2020 - 19:47:15.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..r-wmerror.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a626d632765932f3
19/2/2020 - 19:47:15.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..rds-datacontrol-dll_31bf3856ad364e35_6.1.7601.17857_none_220843834c900eb2
19/2/2020 - 19:47:15.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..rds-datacontrol-dll_31bf3856ad364e35_6.1.7601.17857_none_220843834c900eb2
19/2/2020 - 19:47:15.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..rds-datacontrol-rll_31bf3856ad364e35_6.1.7600.16385_none_200d6ce74f773a9c
19/2/2020 - 19:47:15.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..rds-datacontrol-rll_31bf3856ad364e35_6.1.7600.16385_none_200d6ce74f773a9c
19/2/2020 - 19:47:15.731Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:15.778Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:15.825Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:15.965Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:16.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..remote-provider-rll_31bf3856ad364e35_6.1.7600.16385_none_0426fb6cb9193b19
19/2/2020 - 19:47:16.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..remote-provider-rll_31bf3856ad364e35_6.1.7600.16385_none_0426fb6cb9193b19
19/2/2020 - 19:47:16.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..s-mdac-simpdata_tlb_31bf3856ad364e35_6.1.7600.16385_none_e9b8547eaeba507c
19/2/2020 - 19:47:16.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..s-mdac-simpdata_tlb_31bf3856ad364e35_6.1.7600.16385_none_e9b8547eaeba507c
19/2/2020 - 19:47:16.59Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:16.200Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:16.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..sql-netlibs-winsock_31bf3856ad364e35_6.1.7600.16385_none_ffb9e6a58a7c18ed
19/2/2020 - 19:47:16.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..sql-netlibs-winsock_31bf3856ad364e35_6.1.7600.16385_none_ffb9e6a58a7c18ed
19/2/2020 - 19:47:16.340Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:16.481Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:16.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ty-backcompat-tlb28_31bf3856ad364e35_6.1.7600.16385_none_0dbc842397c12a93
19/2/2020 - 19:47:16.528Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-m..ty-backcompat-tlb28_31bf3856ad364e35_6.1.7600.16385_none_0dbc842397c12a93
19/2/2020 - 19:47:16.575Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:16.715Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:16.762Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:16.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-magnification_31bf3856ad364e35_6.1.7600.16385_none_537dafcd9f940b98
19/2/2020 - 19:47:16.856Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-magnification_31bf3856ad364e35_6.1.7600.16385_none_537dafcd9f940b98
19/2/2020 - 19:47:16.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mail-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d23b6921726396bd
19/2/2020 - 19:47:16.856Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mail-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d23b6921726396bd
19/2/2020 - 19:47:16.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mail-app.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3ffd5c6f92487ade
19/2/2020 - 19:47:16.856Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mail-app.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3ffd5c6f92487ade
19/2/2020 - 19:47:16.903Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:17.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mail-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e448e4ee0869bffe
19/2/2020 - 19:47:17.43Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mail-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e448e4ee0869bffe
19/2/2020 - 19:47:17.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mail-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e448e4ee0869bffe
19/2/2020 - 19:47:17.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-makecab_31bf3856ad364e35_6.1.7600.16385_none_4cc4738d82efdf85
19/2/2020 - 19:47:17.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-makecab_31bf3856ad364e35_6.1.7600.16385_none_4cc4738d82efdf85
19/2/2020 - 19:47:17.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mapi_31bf3856ad364e35_6.1.7601.19073_none_09312fde30910934
19/2/2020 - 19:47:17.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mapi_31bf3856ad364e35_6.1.7601.19073_none_09312fde30910934
19/2/2020 - 19:47:17.90Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:17.231Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:17.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.22948_none_faf251c43c939ed3
19/2/2020 - 19:47:17.372Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.22948_none_faf251c43c939ed3
19/2/2020 - 19:47:17.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.22948_none_faf251c43c939ed3
19/2/2020 - 19:47:17.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.23290_none_fab41bc63cc38d60
19/2/2020 - 19:47:17.418Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.23290_none_fab41bc63cc38d60
19/2/2020 - 19:47:17.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.23290_none_fab41bc63cc38d60
19/2/2020 - 19:47:17.465Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:17.606Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:17.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-drm_31bf3856ad364e35_6.1.7601.18741_none_cc309d13db879447
19/2/2020 - 19:47:17.700Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-drm_31bf3856ad364e35_6.1.7601.18741_none_cc309d13db879447
19/2/2020 - 19:47:17.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-drm_31bf3856ad364e35_6.1.7601.18741_none_cc309d13db879447
19/2/2020 - 19:47:17.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-drm_31bf3856ad364e35_6.1.7601.22948_none_ccc13dcaf49ee299
19/2/2020 - 19:47:17.747Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-drm_31bf3856ad364e35_6.1.7601.22948_none_ccc13dcaf49ee299
19/2/2020 - 19:47:17.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-drm_31bf3856ad364e35_6.1.7601.22948_none_ccc13dcaf49ee299
19/2/2020 - 19:47:17.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_6.1.7600.16385_none_47357ddedbb9dec6
19/2/2020 - 19:47:17.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_6.1.7600.16385_none_47357ddedbb9dec6
19/2/2020 - 19:47:17.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-wmerror_31bf3856ad364e35_6.1.7600.16385_none_9349e494d0a77439
19/2/2020 - 19:47:17.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-wmerror_31bf3856ad364e35_6.1.7600.16385_none_9349e494d0a77439
19/2/2020 - 19:47:17.840Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:18.28Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:18.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-wmpenc_31bf3856ad364e35_6.1.7600.16385_none_00192601418cadff
19/2/2020 - 19:47:18.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-wmpenc_31bf3856ad364e35_6.1.7600.16385_none_00192601418cadff
19/2/2020 - 19:47:18.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-wmpps_31bf3856ad364e35_6.1.7601.17514_none_0cb05547529cd10e
19/2/2020 - 19:47:18.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-wmpps_31bf3856ad364e35_6.1.7601.17514_none_0cb05547529cd10e
19/2/2020 - 19:47:18.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-wmpshell_31bf3856ad364e35_6.1.7601.17514_none_69ed5f275bee5af5
19/2/2020 - 19:47:18.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mediaplayer-wmpshell_31bf3856ad364e35_6.1.7601.17514_none_69ed5f275bee5af5
19/2/2020 - 19:47:18.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mfc42x_31bf3856ad364e35_6.1.7600.16385_none_4f09bfe86f3fbfc1
19/2/2020 - 19:47:18.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mfc42x_31bf3856ad364e35_6.1.7600.16385_none_4f09bfe86f3fbfc1
19/2/2020 - 19:47:18.168Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:18.215Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:18.356Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:18.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mfds_31bf3856ad364e35_6.1.7601.23346_none_041f59cf4d50fcb9
19/2/2020 - 19:47:18.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mfds_31bf3856ad364e35_6.1.7601.23346_none_041f59cf4d50fcb9
19/2/2020 - 19:47:18.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mfmjpegdec_31bf3856ad364e35_6.1.7600.16385_none_7552e9686da05f53
19/2/2020 - 19:47:18.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mfmjpegdec_31bf3856ad364e35_6.1.7600.16385_none_7552e9686da05f53
19/2/2020 - 19:47:18.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mfplat_31bf3856ad364e35_6.1.7601.23290_none_54ff8537837733ff
19/2/2020 - 19:47:18.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mfplat_31bf3856ad364e35_6.1.7601.23290_none_54ff8537837733ff
19/2/2020 - 19:47:18.497Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:18.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mfwmaaec_31bf3856ad364e35_6.1.7601.19091_none_f212d00f4b471d68
19/2/2020 - 19:47:18.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mfwmaaec_31bf3856ad364e35_6.1.7601.19091_none_f212d00f4b471d68
19/2/2020 - 19:47:18.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18923_none_68cc15ff92788e54
19/2/2020 - 19:47:18.637Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18923_none_68cc15ff92788e54
19/2/2020 - 19:47:18.684Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18923_none_68cc15ff92788e54
19/2/2020 - 19:47:18.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18923_none_68cc15ff92788e54
19/2/2020 - 19:47:18.731Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:18.872Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:18.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_69353b6eabae8d55
19/2/2020 - 19:47:18.965Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_69353b6eabae8d55
19/2/2020 - 19:47:19.12Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_69353b6eabae8d55
19/2/2020 - 19:47:19.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_69353b6eabae8d55
19/2/2020 - 19:47:19.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_de-de_3946be823da1aac0
19/2/2020 - 19:47:19.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_de-de_3946be823da1aac0
19/2/2020 - 19:47:19.106Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:19.247Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:19.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_hu-hu_cc2ae7a603d88da8
19/2/2020 - 19:47:19.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_hu-hu_cc2ae7a603d88da8
19/2/2020 - 19:47:19.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_lt-lt_583ce567ce5e4898
19/2/2020 - 19:47:19.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_lt-lt_583ce567ce5e4898
19/2/2020 - 19:47:19.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_lv-lv_590a53ebcddc8988
19/2/2020 - 19:47:19.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_lv-lv_590a53ebcddc8988
19/2/2020 - 19:47:19.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_nl-nl_9b4385d9b587b28c
19/2/2020 - 19:47:19.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_nl-nl_9b4385d9b587b28c
19/2/2020 - 19:47:19.387Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:19.528Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:19.575Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:19.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_ca73b0dc729ea456
19/2/2020 - 19:47:19.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_ca73b0dc729ea456
19/2/2020 - 19:47:19.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_sl-si_c985d2947338b739
19/2/2020 - 19:47:19.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_sl-si_c985d2947338b739
19/2/2020 - 19:47:19.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_tr-tr_7060e0eb6369be78
19/2/2020 - 19:47:19.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_tr-tr_7060e0eb6369be78
19/2/2020 - 19:47:19.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_zh-hk_4068f777147d0327
19/2/2020 - 19:47:19.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_zh-hk_4068f777147d0327
19/2/2020 - 19:47:19.715Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:19.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mmc-adm_31bf3856ad364e35_6.1.7600.16385_none_296b12551d57d47b
19/2/2020 - 19:47:19.856Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mmc-adm_31bf3856ad364e35_6.1.7600.16385_none_296b12551d57d47b
19/2/2020 - 19:47:19.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mmdeviceapi.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_257556818b57a5a1
19/2/2020 - 19:47:19.856Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mmdeviceapi.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_257556818b57a5a1
19/2/2020 - 19:47:19.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mmres.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_55ba8bba8b07fd89
19/2/2020 - 19:47:19.856Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mmres.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_55ba8bba8b07fd89
19/2/2020 - 19:47:19.856Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:19.997Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:20.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mobsyncexe_31bf3856ad364e35_6.1.7601.17514_none_4d76defd6af4a83e
19/2/2020 - 19:47:20.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mobsyncexe_31bf3856ad364e35_6.1.7601.17514_none_4d76defd6af4a83e
19/2/2020 - 19:47:20.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-moricons_31bf3856ad364e35_6.1.7600.16385_none_410fda20fe51f655
19/2/2020 - 19:47:20.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-moricons_31bf3856ad364e35_6.1.7600.16385_none_410fda20fe51f655
19/2/2020 - 19:47:20.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.1.7601.18933_none_50a77ae31db67a9d
19/2/2020 - 19:47:20.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.1.7601.18933_none_50a77ae31db67a9d
19/2/2020 - 19:47:20.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.1.7601.23136_none_5133f0ae36d199ae
19/2/2020 - 19:47:20.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.1.7601.23136_none_5133f0ae36d199ae
19/2/2020 - 19:47:20.137Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:20.278Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:20.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mp4sdecd.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d93e5edf44b9e18
19/2/2020 - 19:47:20.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mp4sdecd.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d93e5edf44b9e18
19/2/2020 - 19:47:20.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mp4sdecd_31bf3856ad364e35_6.1.7600.16385_none_6add5a3b86da385d
19/2/2020 - 19:47:20.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mp4sdecd_31bf3856ad364e35_6.1.7600.16385_none_6add5a3b86da385d
19/2/2020 - 19:47:20.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mpg4decd_31bf3856ad364e35_6.1.7600.16385_none_bc9a7ff07bbad747
19/2/2020 - 19:47:20.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mpg4decd_31bf3856ad364e35_6.1.7600.16385_none_bc9a7ff07bbad747
19/2/2020 - 19:47:20.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mprapi_31bf3856ad364e35_6.1.7601.17514_none_72328a5b69a4257a
19/2/2020 - 19:47:20.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mprapi_31bf3856ad364e35_6.1.7601.17514_none_72328a5b69a4257a
19/2/2020 - 19:47:20.418Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:20.559Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:20.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msaatext_31bf3856ad364e35_6.1.7600.16385_none_a9f6a1a256eb3544
19/2/2020 - 19:47:20.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msaatext_31bf3856ad364e35_6.1.7600.16385_none_a9f6a1a256eb3544
19/2/2020 - 19:47:20.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msac3enc_31bf3856ad364e35_6.1.7601.17514_none_0304d3689244021e
19/2/2020 - 19:47:20.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msac3enc_31bf3856ad364e35_6.1.7601.17514_none_0304d3689244021e
19/2/2020 - 19:47:20.700Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:20.747Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:20.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.22843_none_25d0997ea843ed32
19/2/2020 - 19:47:20.887Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.22843_none_25d0997ea843ed32
19/2/2020 - 19:47:20.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.22843_none_25d0997ea843ed32
19/2/2020 - 19:47:20.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.22865_none_25bcfa3aa85257c2
19/2/2020 - 19:47:20.934Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.22865_none_25bcfa3aa85257c2
19/2/2020 - 19:47:20.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.22865_none_25bcfa3aa85257c2
19/2/2020 - 19:47:20.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.22923_none_25e63b3ca833b277
19/2/2020 - 19:47:20.981Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.22923_none_25e63b3ca833b277
19/2/2020 - 19:47:21.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.22923_none_25e63b3ca833b277
19/2/2020 - 19:47:21.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.23136_none_25de4636a8394ad6
19/2/2020 - 19:47:21.28Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.23136_none_25de4636a8394ad6
19/2/2020 - 19:47:21.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.23136_none_25de4636a8394ad6\auditpol.exe
19/2/2020 - 19:47:21.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.23136_none_25de4636a8394ad6\auditpol.exe
19/2/2020 - 19:47:21.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.23136_none_25de4636a8394ad6\auditpol.exe
19/2/2020 - 19:47:21.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.23136_none_25de4636a8394ad6\auditpol.exe
19/2/2020 - 19:47:21.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.23136_none_25de4636a8394ad6
19/2/2020 - 19:47:21.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.23154_none_25c6a5caa84b500a
19/2/2020 - 19:47:21.122Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.23154_none_25c6a5caa84b500a
19/2/2020 - 19:47:21.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.23154_none_25c6a5caa84b500a\auditpol.exe
19/2/2020 - 19:47:21.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.23154_none_25c6a5caa84b500a\auditpol.exe
19/2/2020 - 19:47:21.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.23154_none_25c6a5caa84b500a\auditpol.exe
19/2/2020 - 19:47:21.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.23154_none_25c6a5caa84b500a\auditpol.exe
19/2/2020 - 19:47:21.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.23154_none_25c6a5caa84b500a
19/2/2020 - 19:47:21.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.23392_none_25996952a86d876e
19/2/2020 - 19:47:21.168Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.23392_none_25996952a86d876e
19/2/2020 - 19:47:21.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.23392_none_25996952a86d876e
19/2/2020 - 19:47:21.215Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:21.356Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:21.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msdt-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_55a385d5f375f728
19/2/2020 - 19:47:21.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msdt-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_55a385d5f375f728
19/2/2020 - 19:47:21.497Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:21.637Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:21.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msidntld.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_43f42ce1b2a79ab6
19/2/2020 - 19:47:21.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msidntld.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_43f42ce1b2a79ab6
19/2/2020 - 19:47:21.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msieftp_31bf3856ad364e35_6.1.7601.17514_none_747ac9df64812235
19/2/2020 - 19:47:21.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msieftp_31bf3856ad364e35_6.1.7601.17514_none_747ac9df64812235
19/2/2020 - 19:47:21.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msieftp_31bf3856ad364e35_6.1.7601.22496_none_74afcd4a7dddf388
19/2/2020 - 19:47:21.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msieftp_31bf3856ad364e35_6.1.7601.22496_none_74afcd4a7dddf388
19/2/2020 - 19:47:21.778Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:21.918Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:22.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msls31_31bf3856ad364e35_11.2.9600.16428_none_ae56e6c4b781ef91
19/2/2020 - 19:47:22.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msls31_31bf3856ad364e35_11.2.9600.16428_none_ae56e6c4b781ef91
19/2/2020 - 19:47:22.59Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:22.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msmq-queuemanager-core_31bf3856ad364e35_6.1.7601.17514_none_dddde91376392f6c
19/2/2020 - 19:47:22.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msmq-queuemanager-core_31bf3856ad364e35_6.1.7601.17514_none_dddde91376392f6c
19/2/2020 - 19:47:22.200Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:22.247Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:22.387Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:22.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msports.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3894053e666fe7a9
19/2/2020 - 19:47:22.528Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msports.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3894053e666fe7a9
19/2/2020 - 19:47:22.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msvcp60_31bf3856ad364e35_6.1.7600.16385_none_9e968637cb108946
19/2/2020 - 19:47:22.528Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msvcp60_31bf3856ad364e35_6.1.7600.16385_none_9e968637cb108946
19/2/2020 - 19:47:22.528Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:22.668Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:22.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7601.23373_none_e6dbcfc0c6c51663
19/2/2020 - 19:47:22.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7601.23373_none_e6dbcfc0c6c51663
19/2/2020 - 19:47:22.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-muicachebuilder_31bf3856ad364e35_6.1.7601.17514_none_7832a1aacb77df29
19/2/2020 - 19:47:22.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-muicachebuilder_31bf3856ad364e35_6.1.7601.17514_none_7832a1aacb77df29\mcbuilder.exe
19/2/2020 - 19:47:22.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-muicachebuilder_31bf3856ad364e35_6.1.7601.17514_none_7832a1aacb77df29\mcbuilder.exemcbuilder.exe
19/2/2020 - 19:47:22.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-muicachebuilder_31bf3856ad364e35_6.1.7601.17514_none_7832a1aacb77df29\mcbuilder.exe
19/2/2020 - 19:47:22.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-muicachebuilder_31bf3856ad364e35_6.1.7601.17514_none_7832a1aacb77df29\mcbuilder.exe
19/2/2020 - 19:47:22.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-muicachebuilder_31bf3856ad364e35_6.1.7601.17514_none_7832a1aacb77df29\mcbuilder.exe
19/2/2020 - 19:47:22.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-muicachebuilder_31bf3856ad364e35_6.1.7601.17514_none_7832a1aacb77df29
19/2/2020 - 19:47:22.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mulanttsvoicecommon_31bf3856ad364e35_6.1.7600.16385_none_3dde63977b9c6a62
19/2/2020 - 19:47:22.903Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mulanttsvoicecommon_31bf3856ad364e35_6.1.7600.16385_none_3dde63977b9c6a62
19/2/2020 - 19:47:22.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mulanttsvoicecommon_31bf3856ad364e35_6.1.7600.16385_none_3dde63977b9c6a62
19/2/2020 - 19:47:22.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mup-mof_31bf3856ad364e35_6.1.7600.16385_none_b87803a83de5efa6
19/2/2020 - 19:47:22.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mup-mof_31bf3856ad364e35_6.1.7600.16385_none_b87803a83de5efa6
19/2/2020 - 19:47:22.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mup_31bf3856ad364e35_6.1.7600.16385_none_08e73ad57234cf5f
19/2/2020 - 19:47:22.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-mup_31bf3856ad364e35_6.1.7600.16385_none_08e73ad57234cf5f
19/2/2020 - 19:47:22.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b
19/2/2020 - 19:47:22.950Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b
19/2/2020 - 19:47:22.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b
19/2/2020 - 19:47:22.997Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:23.137Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:23.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.1.7601.23452_none_a290a86c1be4de81
19/2/2020 - 19:47:23.231Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.1.7601.23452_none_a290a86c1be4de81
19/2/2020 - 19:47:23.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.1.7601.23452_none_a290a86c1be4de81
19/2/2020 - 19:47:23.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..-statusui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a1a97498082db83d
19/2/2020 - 19:47:23.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..-statusui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a1a97498082db83d
19/2/2020 - 19:47:23.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..ce_iassdo.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_48586688bc3f6a26
19/2/2020 - 19:47:23.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..ce_iassdo.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_48586688bc3f6a26
19/2/2020 - 19:47:23.325Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:23.465Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:23.559Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:23.606Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:23.747Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:23.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..icysnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_420ec51706232e10
19/2/2020 - 19:47:23.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..icysnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_420ec51706232e10
19/2/2020 - 19:47:23.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..ion-netsh.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_281191c161ac3c2d
19/2/2020 - 19:47:23.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..ion-netsh.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_281191c161ac3c2d
19/2/2020 - 19:47:23.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..kexplorer.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e5642adaae20a3e6
19/2/2020 - 19:47:23.793Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..kexplorer.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e5642adaae20a3e6
19/2/2020 - 19:47:23.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..kexplorer.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e5642adaae20a3e6
19/2/2020 - 19:47:23.934Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:24.75Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:24.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f11af8cfa458d02f
19/2/2020 - 19:47:24.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f11af8cfa458d02f
19/2/2020 - 19:47:24.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..n-shvhost.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_15df1ca9f942daf2
19/2/2020 - 19:47:24.122Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..n-shvhost.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_15df1ca9f942daf2
19/2/2020 - 19:47:24.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..n-shvhost.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_15df1ca9f942daf2
19/2/2020 - 19:47:24.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..n_service_licensing_31bf3856ad364e35_6.1.7600.16385_none_6e4d66798d098a3d
19/2/2020 - 19:47:24.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..n_service_licensing_31bf3856ad364e35_6.1.7600.16385_none_6e4d66798d098a3d
19/2/2020 - 19:47:24.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..n_service_migplugin_31bf3856ad364e35_6.1.7600.16385_none_ba4380f063fe255f
19/2/2020 - 19:47:24.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..n_service_migplugin_31bf3856ad364e35_6.1.7600.16385_none_ba4380f063fe255f
19/2/2020 - 19:47:24.215Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:24.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..orkcenter.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_10ba6ff89250eba6
19/2/2020 - 19:47:24.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..orkcenter.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_10ba6ff89250eba6
19/2/2020 - 19:47:24.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..s-directaccessentry_31bf3856ad364e35_6.1.7600.16385_none_52b3ba1508e42ec5
19/2/2020 - 19:47:24.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..s-directaccessentry_31bf3856ad364e35_6.1.7600.16385_none_52b3ba1508e42ec5
19/2/2020 - 19:47:24.356Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:24.497Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:24.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..ssprotection-hkmsvc_31bf3856ad364e35_6.1.7601.17514_none_70367407ace652fb
19/2/2020 - 19:47:24.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..ssprotection-hkmsvc_31bf3856ad364e35_6.1.7601.17514_none_70367407ace652fb
19/2/2020 - 19:47:24.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..structure.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4bcb6c9e160f117b
19/2/2020 - 19:47:24.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..structure.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4bcb6c9e160f117b
19/2/2020 - 19:47:24.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..tconfigui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9fe245a34fdbf916
19/2/2020 - 19:47:24.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..tconfigui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9fe245a34fdbf916
19/2/2020 - 19:47:24.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..tion_service_iassdo_31bf3856ad364e35_6.1.7600.16385_none_d785e6096d81d0ae
19/2/2020 - 19:47:24.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..tion_service_iassdo_31bf3856ad364e35_6.1.7600.16385_none_d785e6096d81d0ae
19/2/2020 - 19:47:24.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..tshellext.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b4f8846e12b89219
19/2/2020 - 19:47:24.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n..tshellext.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b4f8846e12b89219
19/2/2020 - 19:47:24.637Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:24.684Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:24.825Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:24.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n.._service_runtimeapi_31bf3856ad364e35_6.1.7600.16385_none_e789f0e67a8cb67d
19/2/2020 - 19:47:24.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-n.._service_runtimeapi_31bf3856ad364e35_6.1.7600.16385_none_e789f0e67a8cb67d
19/2/2020 - 19:47:24.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-native-80211_31bf3856ad364e35_6.1.7600.16385_none_aafd9ab7a8a38ce7
19/2/2020 - 19:47:24.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-native-80211_31bf3856ad364e35_6.1.7600.16385_none_aafd9ab7a8a38ce7
19/2/2020 - 19:47:24.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nbtstat.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1901e762a1fb666b
19/2/2020 - 19:47:24.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nbtstat.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1901e762a1fb666b
19/2/2020 - 19:47:24.965Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:25.106Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:25.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7600.16385_none_b9d347390b4d154a
19/2/2020 - 19:47:25.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7600.16385_none_b9d347390b4d154a
19/2/2020 - 19:47:25.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.19135_none_bbef864b084b28c3
19/2/2020 - 19:47:25.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.19135_none_bbef864b084b28c3
19/2/2020 - 19:47:25.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.22099_none_bc3c57b22195c1a0
19/2/2020 - 19:47:25.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.22099_none_bc3c57b22195c1a0
19/2/2020 - 19:47:25.247Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:25.387Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:25.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.22843_none_bc6c74c221728719
19/2/2020 - 19:47:25.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.22843_none_bc6c74c221728719
19/2/2020 - 19:47:25.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.22865_none_bc58d57e2180f1a9
19/2/2020 - 19:47:25.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.22865_none_bc58d57e2180f1a9
19/2/2020 - 19:47:25.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.22923_none_bc82168021624c5e
19/2/2020 - 19:47:25.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.22923_none_bc82168021624c5e
19/2/2020 - 19:47:25.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.22948_none_bc71781a216e02f3
19/2/2020 - 19:47:25.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.22948_none_bc71781a216e02f3
19/2/2020 - 19:47:25.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.23126_none_bc84f166215fc8cc
19/2/2020 - 19:47:25.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.1.7601.23126_none_bc84f166215fc8cc
19/2/2020 - 19:47:25.528Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:25.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncsi.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cdd036cd7b32db68
19/2/2020 - 19:47:25.622Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncsi.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cdd036cd7b32db68
19/2/2020 - 19:47:25.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ncsi.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cdd036cd7b32db68
19/2/2020 - 19:47:25.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nddeapi_31bf3856ad364e35_6.1.7600.16385_none_962833d24510a8ae
19/2/2020 - 19:47:25.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nddeapi_31bf3856ad364e35_6.1.7600.16385_none_962833d24510a8ae
19/2/2020 - 19:47:25.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ndis.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d3abbe597a169a0d
19/2/2020 - 19:47:25.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ndis.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d3abbe597a169a0d
19/2/2020 - 19:47:25.715Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:25.856Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:25.903Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:25.950Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:26.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ndisuio_31bf3856ad364e35_6.1.7601.17514_none_ca170d32fd7da822
19/2/2020 - 19:47:26.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ndisuio_31bf3856ad364e35_6.1.7601.17514_none_ca170d32fd7da822
19/2/2020 - 19:47:26.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a
19/2/2020 - 19:47:26.43Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a
19/2/2020 - 19:47:26.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a
19/2/2020 - 19:47:26.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netapi32_31bf3856ad364e35_6.1.7601.17514_none_eb5a2082182f6873
19/2/2020 - 19:47:26.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netapi32_31bf3856ad364e35_6.1.7601.17514_none_eb5a2082182f6873
19/2/2020 - 19:47:26.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6
19/2/2020 - 19:47:26.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6
19/2/2020 - 19:47:26.137Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:26.278Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:26.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netcorehelperclasses_31bf3856ad364e35_6.1.7600.16385_none_3e1d2f9e9732c693
19/2/2020 - 19:47:26.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netcorehelperclasses_31bf3856ad364e35_6.1.7600.16385_none_3e1d2f9e9732c693
19/2/2020 - 19:47:26.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netcorehelperclasses_31bf3856ad364e35_6.1.7601.17964_none_40183b629449ca7e
19/2/2020 - 19:47:26.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netcorehelperclasses_31bf3856ad364e35_6.1.7601.17964_none_40183b629449ca7e
19/2/2020 - 19:47:26.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netevent_31bf3856ad364e35_6.1.7600.16385_none_b63b4a28843fd6da
19/2/2020 - 19:47:26.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netevent_31bf3856ad364e35_6.1.7600.16385_none_b63b4a28843fd6da
19/2/2020 - 19:47:26.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netfx3-core_31bf3856ad364e35_6.1.7601.17514_none_c5c6d478f0c06fa1
19/2/2020 - 19:47:26.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netfx3-core_31bf3856ad364e35_6.1.7601.17514_none_c5c6d478f0c06fa1
19/2/2020 - 19:47:26.418Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:26.559Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:26.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netjoin_31bf3856ad364e35_6.1.7601.17514_none_b58024bf8366a02a
19/2/2020 - 19:47:26.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netjoin_31bf3856ad364e35_6.1.7601.17514_none_b58024bf8366a02a
19/2/2020 - 19:47:26.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5ab02335561b3a2a
19/2/2020 - 19:47:26.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5ab02335561b3a2a
19/2/2020 - 19:47:26.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da
19/2/2020 - 19:47:26.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da
19/2/2020 - 19:47:26.700Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:26.840Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:26.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netplwiz.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8cefd01b419fee7a
19/2/2020 - 19:47:26.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netplwiz.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8cefd01b419fee7a
19/2/2020 - 19:47:26.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netutils_31bf3856ad364e35_6.1.7601.17514_none_8e3f130e60b86e3b
19/2/2020 - 19:47:26.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-netutils_31bf3856ad364e35_6.1.7601.17514_none_8e3f130e60b86e3b
19/2/2020 - 19:47:26.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.1.7601.17514_none_2b4a7558412a624a
19/2/2020 - 19:47:26.887Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.1.7601.17514_none_2b4a7558412a624a
19/2/2020 - 19:47:26.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.1.7601.17514_none_2b4a7558412a624a
19/2/2020 - 19:47:27.28Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:27.75Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:27.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.1.7601.18283_none_2afda92041642eb6
19/2/2020 - 19:47:27.168Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.1.7601.18283_none_2afda92041642eb6
19/2/2020 - 19:47:27.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.1.7601.18283_none_2afda92041642eb6
19/2/2020 - 19:47:27.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-networkexplorer_31bf3856ad364e35_6.1.7601.17514_none_9e7866815c7fe5da
19/2/2020 - 19:47:27.215Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-networkexplorer_31bf3856ad364e35_6.1.7601.17514_none_9e7866815c7fe5da
19/2/2020 - 19:47:27.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-networkexplorer_31bf3856ad364e35_6.1.7601.17514_none_9e7866815c7fe5da
19/2/2020 - 19:47:27.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-networkprojection-adm_31bf3856ad364e35_6.1.7600.16385_none_f05570c11bc2ffef
19/2/2020 - 19:47:27.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-networkprojection-adm_31bf3856ad364e35_6.1.7600.16385_none_f05570c11bc2ffef
19/2/2020 - 19:47:27.309Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:27.450Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:27.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nlasvc-mof_31bf3856ad364e35_6.1.7600.16385_none_6474f288b40fe46f
19/2/2020 - 19:47:27.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nlasvc-mof_31bf3856ad364e35_6.1.7600.16385_none_6474f288b40fe46f
19/2/2020 - 19:47:27.590Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:27.731Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:27.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.18685_none_c561372a21c1c35c
19/2/2020 - 19:47:27.778Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.18685_none_c561372a21c1c35c
19/2/2020 - 19:47:27.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.18685_none_c561372a21c1c35c
19/2/2020 - 19:47:27.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-notepadwin_31bf3856ad364e35_6.1.7601.23120_none_a16a66f72ad62fe8
19/2/2020 - 19:47:27.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-notepadwin_31bf3856ad364e35_6.1.7601.23120_none_a16a66f72ad62fe8\notepad.exe
19/2/2020 - 19:47:27.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-notepadwin_31bf3856ad364e35_6.1.7601.23120_none_a16a66f72ad62fe8\notepad.exe
19/2/2020 - 19:47:27.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-notepadwin_31bf3856ad364e35_6.1.7601.23120_none_a16a66f72ad62fe8\notepad.exe
19/2/2020 - 19:47:27.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-notepadwin_31bf3856ad364e35_6.1.7601.23120_none_a16a66f72ad62fe8\notepad.exe
19/2/2020 - 19:47:27.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-notepadwin_31bf3856ad364e35_6.1.7601.23120_none_a16a66f72ad62fe8
19/2/2020 - 19:47:27.997Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:28.137Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:28.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nslookup.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d763185efb4e34d2
19/2/2020 - 19:47:28.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nslookup.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d763185efb4e34d2
19/2/2020 - 19:47:28.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nslookup_31bf3856ad364e35_6.1.7601.17514_none_29a6795f7d1218c6
19/2/2020 - 19:47:28.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nslookup_31bf3856ad364e35_6.1.7601.17514_none_29a6795f7d1218c6\nslookup.exe
19/2/2020 - 19:47:28.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nslookup_31bf3856ad364e35_6.1.7601.17514_none_29a6795f7d1218c6\nslookup.exe
19/2/2020 - 19:47:28.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nslookup_31bf3856ad364e35_6.1.7601.17514_none_29a6795f7d1218c6\nslookup.exe
19/2/2020 - 19:47:28.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nslookup_31bf3856ad364e35_6.1.7601.17514_none_29a6795f7d1218c6\nslookup.exe
19/2/2020 - 19:47:28.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-nslookup_31bf3856ad364e35_6.1.7601.17514_none_29a6795f7d1218c6
19/2/2020 - 19:47:28.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7601.19135_none_b6e80efb12dcc636
19/2/2020 - 19:47:28.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7601.19135_none_b6e80efb12dcc636
19/2/2020 - 19:47:28.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7601.23126_none_b77d7a162bf1663f
19/2/2020 - 19:47:28.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7601.23126_none_b77d7a162bf1663f
19/2/2020 - 19:47:28.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7601.23392_none_b72dcd462c2dbec8
19/2/2020 - 19:47:28.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7601.23392_none_b72dcd462c2dbec8
19/2/2020 - 19:47:28.278Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:28.418Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:28.465Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:28.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.18378_none_045a363833b85029
19/2/2020 - 19:47:28.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.18378_none_045a363833b85029
19/2/2020 - 19:47:28.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ntlanman.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9952af7ecec24aec
19/2/2020 - 19:47:28.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ntlanman.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9952af7ecec24aec
19/2/2020 - 19:47:28.606Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:28.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..adisc-api.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_953ad3a927e4e135
19/2/2020 - 19:47:28.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..adisc-api.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_953ad3a927e4e135
19/2/2020 - 19:47:28.747Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:28.840Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:28.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-pets_31bf3856ad364e35_6.1.7600.16385_none_d0d7ee773d711005
19/2/2020 - 19:47:28.934Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-pets_31bf3856ad364e35_6.1.7600.16385_none_d0d7ee773d711005
19/2/2020 - 19:47:28.981Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-pets_31bf3856ad364e35_6.1.7600.16385_none_d0d7ee773d711005
19/2/2020 - 19:47:29.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-pets_31bf3856ad364e35_6.1.7600.16385_none_d0d7ee773d711005
19/2/2020 - 19:47:29.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..files-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_df682956e81bcf8c
19/2/2020 - 19:47:29.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..files-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_df682956e81bcf8c
19/2/2020 - 19:47:29.75Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:29.215Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:29.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..mation-asyncfilters_31bf3856ad364e35_6.1.7601.19144_none_d4cecaa8cfd94756
19/2/2020 - 19:47:29.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..mation-asyncfilters_31bf3856ad364e35_6.1.7601.19144_none_d4cecaa8cfd94756
19/2/2020 - 19:47:29.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..nefiles-extend-apis_31bf3856ad364e35_6.1.7601.17514_none_eb18c2a64aeb3fb2
19/2/2020 - 19:47:29.309Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..nefiles-extend-apis_31bf3856ad364e35_6.1.7601.17514_none_eb18c2a64aeb3fb2
19/2/2020 - 19:47:29.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..nefiles-extend-apis_31bf3856ad364e35_6.1.7601.17514_none_eb18c2a64aeb3fb2
19/2/2020 - 19:47:29.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..s-shellui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5c8d1dad0285f2fe
19/2/2020 - 19:47:29.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..s-shellui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5c8d1dad0285f2fe
19/2/2020 - 19:47:29.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..sc-style-rectangles_31bf3856ad364e35_6.1.7600.16385_none_258f1924c482b7a1
19/2/2020 - 19:47:29.356Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..sc-style-rectangles_31bf3856ad364e35_6.1.7600.16385_none_258f1924c482b7a1
19/2/2020 - 19:47:29.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..sc-style-rectangles_31bf3856ad364e35_6.1.7600.16385_none_258f1924c482b7a1
19/2/2020 - 19:47:29.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..style-layeredtitles_31bf3856ad364e35_6.1.7600.16385_none_4ad2978b8b3ac8b2
19/2/2020 - 19:47:29.403Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..style-layeredtitles_31bf3856ad364e35_6.1.7600.16385_none_4ad2978b8b3ac8b2
19/2/2020 - 19:47:29.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-o..style-layeredtitles_31bf3856ad364e35_6.1.7600.16385_none_4ad2978b8b3ac8b2
19/2/2020 - 19:47:29.497Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:29.637Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:29.684Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:29.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-object-picker_31bf3856ad364e35_6.1.7600.16385_none_6b8acc3d2645838d
19/2/2020 - 19:47:29.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-object-picker_31bf3856ad364e35_6.1.7600.16385_none_6b8acc3d2645838d
19/2/2020 - 19:47:29.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ocsetup.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0391369280366f70
19/2/2020 - 19:47:29.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-ocsetup.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0391369280366f70
19/2/2020 - 19:47:29.825Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:29.965Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:30.106Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:30.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-oobe-machine_31bf3856ad364e35_6.1.7601.17514_none_6ba44fa419d13382
19/2/2020 - 19:47:30.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-oobe-machine_31bf3856ad364e35_6.1.7601.17514_none_6ba44fa419d13382
19/2/2020 - 19:47:30.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-openfiles_31bf3856ad364e35_6.1.7600.16385_none_431b58a8041530aa
19/2/2020 - 19:47:30.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-openfiles_31bf3856ad364e35_6.1.7600.16385_none_431b58a8041530aa\openfiles.exe
19/2/2020 - 19:47:30.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-openfiles_31bf3856ad364e35_6.1.7600.16385_none_431b58a8041530aa\openfiles.exeopenfiles.exe
19/2/2020 - 19:47:30.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-openfiles_31bf3856ad364e35_6.1.7600.16385_none_431b58a8041530aa\openfiles.exe
19/2/2020 - 19:47:30.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-openfiles_31bf3856ad364e35_6.1.7600.16385_none_431b58a8041530aa\openfiles.exe
19/2/2020 - 19:47:30.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-openfiles_31bf3856ad364e35_6.1.7600.16385_none_431b58a8041530aa\openfiles.exe
19/2/2020 - 19:47:30.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-openfiles_31bf3856ad364e35_6.1.7600.16385_none_431b58a8041530aa
19/2/2020 - 19:47:30.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-opengl.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_fcd8a9385b3ef484
19/2/2020 - 19:47:30.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-opengl.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_fcd8a9385b3ef484
19/2/2020 - 19:47:30.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-opengl_31bf3856ad364e35_6.1.7600.16385_none_6ab9e7b9a318b3e8
19/2/2020 - 19:47:30.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-opengl_31bf3856ad364e35_6.1.7600.16385_none_6ab9e7b9a318b3e8
19/2/2020 - 19:47:30.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-opticalmediadisc-api_31bf3856ad364e35_6.1.7601.17514_none_14133f190e6d86a7
19/2/2020 - 19:47:30.200Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-opticalmediadisc-api_31bf3856ad364e35_6.1.7601.17514_none_14133f190e6d86a7
19/2/2020 - 19:47:30.247Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-opticalmediadisc-api_31bf3856ad364e35_6.1.7601.17514_none_14133f190e6d86a7
19/2/2020 - 19:47:30.293Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:30.434Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:30.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.19135_none_ca419259cad22c88
19/2/2020 - 19:47:30.528Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.19135_none_ca419259cad22c88
19/2/2020 - 19:47:30.575Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:30.715Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:30.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7601.22183_none_8847f74e1e54bae3
19/2/2020 - 19:47:30.762Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7601.22183_none_8847f74e1e54bae3
19/2/2020 - 19:47:30.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_6.1.7601.22183_none_8847f74e1e54bae3
19/2/2020 - 19:47:30.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..-localspl.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c518ace520a51bd2
19/2/2020 - 19:47:30.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..-localspl.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c518ace520a51bd2
19/2/2020 - 19:47:30.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..-policy-definitions_31bf3856ad364e35_6.1.7601.17514_none_0f925206e4fa8c1c
19/2/2020 - 19:47:30.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..-policy-definitions_31bf3856ad364e35_6.1.7601.17514_none_0f925206e4fa8c1c
19/2/2020 - 19:47:30.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..-wsman-pluginworker_31bf3856ad364e35_6.1.7601.17514_none_be20a62e960b86ef
19/2/2020 - 19:47:30.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..-wsman-pluginworker_31bf3856ad364e35_6.1.7601.17514_none_be20a62e960b86ef
19/2/2020 - 19:47:30.903Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:30.950Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:31.43Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:31.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ab-client.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1bb8322be347a4cf
19/2/2020 - 19:47:31.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ab-client.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1bb8322be347a4cf
19/2/2020 - 19:47:31.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0d116db5b5a434a8
19/2/2020 - 19:47:31.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0d116db5b5a434a8
19/2/2020 - 19:47:31.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_en-us_febe5c2cd107f984
19/2/2020 - 19:47:31.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_en-us_febe5c2cd107f984
19/2/2020 - 19:47:31.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_fi-fi_9da4bdbdc648dd53
19/2/2020 - 19:47:31.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_fi-fi_9da4bdbdc648dd53
19/2/2020 - 19:47:31.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_ja-jp_2d8ea4638e4df8e4
19/2/2020 - 19:47:31.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_ja-jp_2d8ea4638e4df8e4
19/2/2020 - 19:47:31.184Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:31.325Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:31.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_pt-pt_013c621d3d2b66ff
19/2/2020 - 19:47:31.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_pt-pt_013c621d3d2b66ff
19/2/2020 - 19:47:31.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_zh-tw_624103f0b59ab006
19/2/2020 - 19:47:31.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..age-codec.resources_31bf3856ad364e35_7.1.7601.16492_zh-tw_624103f0b59ab006
19/2/2020 - 19:47:31.465Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:31.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..an-plugin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6ca93c0924797001
19/2/2020 - 19:47:31.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..an-plugin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6ca93c0924797001
19/2/2020 - 19:47:31.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ancediagnostics-adm_31bf3856ad364e35_6.1.7600.16385_none_bbee9da8b0773714
19/2/2020 - 19:47:31.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ancediagnostics-adm_31bf3856ad364e35_6.1.7600.16385_none_bbee9da8b0773714
19/2/2020 - 19:47:31.559Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:31.700Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:31.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..g-printticket-win32_31bf3856ad364e35_6.1.7601.17514_none_7180ae1eb5ce8062
19/2/2020 - 19:47:31.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..g-printticket-win32_31bf3856ad364e35_6.1.7601.17514_none_7180ae1eb5ce8062
19/2/2020 - 19:47:31.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..gssystems.resources_31bf3856ad364e35_6.1.7601.22183_pt-br_bc00947b75a5a45f
19/2/2020 - 19:47:31.793Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..gssystems.resources_31bf3856ad364e35_6.1.7601.22183_pt-br_bc00947b75a5a45f
19/2/2020 - 19:47:31.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..gssystems.resources_31bf3856ad364e35_6.1.7601.22183_pt-br_bc00947b75a5a45f
19/2/2020 - 19:47:31.887Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:31.934Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:32.75Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:32.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..idmanager.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_aa17a829fe1669be
19/2/2020 - 19:47:32.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..idmanager.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_aa17a829fe1669be
19/2/2020 - 19:47:32.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ification.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_bb519e5d7fc75429
19/2/2020 - 19:47:32.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ification.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_bb519e5d7fc75429
19/2/2020 - 19:47:32.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ing-lpdprintservice_31bf3856ad364e35_6.1.7600.16385_none_e792d2b08af68cc9
19/2/2020 - 19:47:32.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ing-lpdprintservice_31bf3856ad364e35_6.1.7600.16385_none_e792d2b08af68cc9
19/2/2020 - 19:47:32.168Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:32.309Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:32.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..lprinting.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cd7d72fdf4fa00f7
19/2/2020 - 19:47:32.403Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..lprinting.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cd7d72fdf4fa00f7
19/2/2020 - 19:47:32.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..lprinting.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cd7d72fdf4fa00f7
19/2/2020 - 19:47:32.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ndservice.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_36a63762e655409b
19/2/2020 - 19:47:32.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ndservice.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_36a63762e655409b
19/2/2020 - 19:47:32.497Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:32.637Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:32.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..noverride.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f405526cba7e4549
19/2/2020 - 19:47:32.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..noverride.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f405526cba7e4549
19/2/2020 - 19:47:32.731Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:32.872Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:32.965Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:33.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..onmanager.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5bbcedced10b5598
19/2/2020 - 19:47:33.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..onmanager.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5bbcedced10b5598
19/2/2020 - 19:47:33.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.1.7601.17777_none_8e03888ca97b9115
19/2/2020 - 19:47:33.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.1.7601.17777_none_8e03888ca97b9115
19/2/2020 - 19:47:33.247Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:33.528Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:33.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ooler-pmc-licensing_31bf3856ad364e35_6.1.7600.16385_none_2b649c48e57d3779
19/2/2020 - 19:47:33.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ooler-pmc-licensing_31bf3856ad364e35_6.1.7600.16385_none_2b649c48e57d3779
19/2/2020 - 19:47:33.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.1.7600.16385_none_8d682f6a76cad93f
19/2/2020 - 19:47:33.622Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.1.7600.16385_none_8d682f6a76cad93f
19/2/2020 - 19:47:33.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.1.7600.16385_none_8d682f6a76cad93f
19/2/2020 - 19:47:33.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..peeradmin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_733a26dc73e5dc59
19/2/2020 - 19:47:33.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..peeradmin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_733a26dc73e5dc59
19/2/2020 - 19:47:33.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.1.7601.17514_none_4e297fab940bc0e5
19/2/2020 - 19:47:33.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.1.7601.17514_none_4e297fab940bc0e5
19/2/2020 - 19:47:33.809Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:34.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..rgraphing.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7476276345b431fa
19/2/2020 - 19:47:34.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..rgraphing.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7476276345b431fa
19/2/2020 - 19:47:34.28Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:34.168Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:34.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b2cbe1f1a399110d
19/2/2020 - 19:47:34.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b2cbe1f1a399110d
19/2/2020 - 19:47:34.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..st-common.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c822cec662035a29
19/2/2020 - 19:47:34.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-p..st-common.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c822cec662035a29
19/2/2020 - 19:47:34.309Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:34.403Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:34.450Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:34.497Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:34.637Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:34.778Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:34.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pantherengine_31bf3856ad364e35_6.1.7600.16385_none_0a066137bf87be7b
19/2/2020 - 19:47:34.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pantherengine_31bf3856ad364e35_6.1.7600.16385_none_0a066137bf87be7b
19/2/2020 - 19:47:34.918Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:35.59Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:35.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-parentalcontrols_31bf3856ad364e35_6.1.7600.16385_none_f732d85db6595fac
19/2/2020 - 19:47:35.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-parentalcontrols_31bf3856ad364e35_6.1.7600.16385_none_f732d85db6595fac
19/2/2020 - 19:47:35.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-peerdist-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d0fc2456bfe1b6c8
19/2/2020 - 19:47:35.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-peerdist-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d0fc2456bfe1b6c8
19/2/2020 - 19:47:35.200Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:35.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-peerdist_31bf3856ad364e35_6.1.7600.16385_none_7919860403cdb261
19/2/2020 - 19:47:35.340Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-peerdist_31bf3856ad364e35_6.1.7600.16385_none_7919860403cdb261
19/2/2020 - 19:47:35.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-peerdist_31bf3856ad364e35_6.1.7600.16385_none_7919860403cdb261
19/2/2020 - 19:47:35.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrpautoreg_31bf3856ad364e35_6.1.7600.16385_none_3ed59563383363e7
19/2/2020 - 19:47:35.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrpautoreg_31bf3856ad364e35_6.1.7600.16385_none_3ed59563383363e7
19/2/2020 - 19:47:35.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0
19/2/2020 - 19:47:35.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0
19/2/2020 - 19:47:35.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-perfcentercpl-adm_31bf3856ad364e35_6.1.7600.16385_none_8c6369e7fc1e6e9d
19/2/2020 - 19:47:35.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-perfcentercpl-adm_31bf3856ad364e35_6.1.7600.16385_none_8c6369e7fc1e6e9d
19/2/2020 - 19:47:35.387Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:35.528Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:35.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-performance.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a44498449e27562b
19/2/2020 - 19:47:35.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-performance.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a44498449e27562b
19/2/2020 - 19:47:35.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-photo-image-codec_31bf3856ad364e35_6.1.7601.17514_none_fd5fb3a45c5e60ba
19/2/2020 - 19:47:35.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-photo-image-codec_31bf3856ad364e35_6.1.7601.17514_none_fd5fb3a45c5e60ba
19/2/2020 - 19:47:35.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-photo-image-codec_31bf3856ad364e35_7.1.7601.16492_none_ee77c4d7e7879f9b
19/2/2020 - 19:47:35.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-photo-image-codec_31bf3856ad364e35_7.1.7601.16492_none_ee77c4d7e7879f9b
19/2/2020 - 19:47:35.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-photo-image-codec_31bf3856ad364e35_7.1.7601.22949_none_ef3e4d4d00768cef
19/2/2020 - 19:47:35.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-photo-image-codec_31bf3856ad364e35_7.1.7601.22949_none_ef3e4d4d00768cef
19/2/2020 - 19:47:35.668Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:35.715Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:35.856Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:35.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnphotplugui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_90b74eb198345b34
19/2/2020 - 19:47:35.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnphotplugui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_90b74eb198345b34
19/2/2020 - 19:47:35.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnpibs.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_591e6ee822d6b205
19/2/2020 - 19:47:35.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnpibs.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_591e6ee822d6b205
19/2/2020 - 19:47:35.997Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:36.137Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:36.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnpibs_31bf3856ad364e35_6.1.7600.16385_none_9def6e0a85a22ddf
19/2/2020 - 19:47:36.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnpibs_31bf3856ad364e35_6.1.7600.16385_none_9def6e0a85a22ddf
19/2/2020 - 19:47:36.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnpplugininstaller_1122334455667788_6.1.7600.16385_none_d122c7135d4aee8d
19/2/2020 - 19:47:36.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnpplugininstaller_1122334455667788_6.1.7600.16385_none_d122c7135d4aee8d
19/2/2020 - 19:47:36.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnpui_31bf3856ad364e35_6.1.7600.16385_none_bacc830144fa7791
19/2/2020 - 19:47:36.184Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnpui_31bf3856ad364e35_6.1.7600.16385_none_bacc830144fa7791\dinotify.exe
19/2/2020 - 19:47:36.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnpui_31bf3856ad364e35_6.1.7600.16385_none_bacc830144fa7791\dinotify.exe
19/2/2020 - 19:47:36.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnpui_31bf3856ad364e35_6.1.7600.16385_none_bacc830144fa7791\dinotify.exe
19/2/2020 - 19:47:36.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnpui_31bf3856ad364e35_6.1.7600.16385_none_bacc830144fa7791\dinotify.exe
19/2/2020 - 19:47:36.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnpui_31bf3856ad364e35_6.1.7600.16385_none_bacc830144fa7791
19/2/2020 - 19:47:36.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnputil_31bf3856ad364e35_6.1.7600.16385_none_5958b438d6388d15
19/2/2020 - 19:47:36.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnputil_31bf3856ad364e35_6.1.7600.16385_none_5958b438d6388d15\PnPutil.exe
19/2/2020 - 19:47:36.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnputil_31bf3856ad364e35_6.1.7600.16385_none_5958b438d6388d15\PnPutil.exe
19/2/2020 - 19:47:36.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnputil_31bf3856ad364e35_6.1.7600.16385_none_5958b438d6388d15\PnPutil.exe
19/2/2020 - 19:47:36.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnputil_31bf3856ad364e35_6.1.7600.16385_none_5958b438d6388d15\PnPutil.exe
19/2/2020 - 19:47:36.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pnputil_31bf3856ad364e35_6.1.7600.16385_none_5958b438d6388d15
19/2/2020 - 19:47:36.372Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:36.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-powershell-message_31bf3856ad364e35_6.1.7600.16385_none_8939e9ad5215eab4
19/2/2020 - 19:47:36.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-powershell-message_31bf3856ad364e35_6.1.7600.16385_none_8939e9ad5215eab4
19/2/2020 - 19:47:36.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-previousversions-adm_31bf3856ad364e35_6.1.7600.16385_none_41d785d4f443b620
19/2/2020 - 19:47:36.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-previousversions-adm_31bf3856ad364e35_6.1.7600.16385_none_41d785d4f443b620
19/2/2020 - 19:47:36.512Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:36.653Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:36.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.21921_none_34ed7a43f150b682
19/2/2020 - 19:47:36.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.21921_none_34ed7a43f150b682
19/2/2020 - 19:47:36.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.1.7601.17514_none_38c26240c181e54e
19/2/2020 - 19:47:36.747Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.1.7601.17514_none_38c26240c181e54e
19/2/2020 - 19:47:36.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.1.7601.17514_none_38c26240c181e54e
19/2/2020 - 19:47:36.840Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:36.981Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:37.28Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:37.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-profapi_31bf3856ad364e35_6.1.7600.16385_none_5a3df7a44ab7cb96
19/2/2020 - 19:47:37.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-profapi_31bf3856ad364e35_6.1.7600.16385_none_5a3df7a44ab7cb96
19/2/2020 - 19:47:37.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-profsvc_31bf3856ad364e35_6.1.7601.18706_none_59e41a604942c096
19/2/2020 - 19:47:37.122Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-profsvc_31bf3856ad364e35_6.1.7601.18706_none_59e41a604942c096
19/2/2020 - 19:47:37.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-profsvc_31bf3856ad364e35_6.1.7601.18706_none_59e41a604942c096
19/2/2020 - 19:47:37.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-profsvc_31bf3856ad364e35_6.1.7601.22913_none_5a5fe847626b2d73
19/2/2020 - 19:47:37.168Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-profsvc_31bf3856ad364e35_6.1.7601.22913_none_5a5fe847626b2d73
19/2/2020 - 19:47:37.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-profsvc_31bf3856ad364e35_6.1.7601.22913_none_5a5fe847626b2d73
19/2/2020 - 19:47:37.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-proquota.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5c6a64ae013274a0
19/2/2020 - 19:47:37.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-proquota.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5c6a64ae013274a0
19/2/2020 - 19:47:37.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pshed.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f1256cc7ff8964d7
19/2/2020 - 19:47:37.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-pshed.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f1256cc7ff8964d7
19/2/2020 - 19:47:37.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-qedit.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7a2f5f219b521418
19/2/2020 - 19:47:37.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-qedit.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7a2f5f219b521418
19/2/2020 - 19:47:37.262Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:37.403Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:37.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-qedit_31bf3856ad364e35_6.1.7601.23290_none_b8f0c93777693aa4
19/2/2020 - 19:47:37.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-qedit_31bf3856ad364e35_6.1.7601.23290_none_b8f0c93777693aa4
19/2/2020 - 19:47:37.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-qos-adm_31bf3856ad364e35_6.1.7600.16385_none_2fd86548de3136ed
19/2/2020 - 19:47:37.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-qos-adm_31bf3856ad364e35_6.1.7600.16385_none_2fd86548de3136ed
19/2/2020 - 19:47:37.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..-agilevpn.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7cdc44ff67c7d315
19/2/2020 - 19:47:37.450Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..-agilevpn.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7cdc44ff67c7d315
19/2/2020 - 19:47:37.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..-agilevpn.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7cdc44ff67c7d315
19/2/2020 - 19:47:37.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..-detector.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cdb21e4b928d2db7
19/2/2020 - 19:47:37.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..-detector.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cdb21e4b928d2db7
19/2/2020 - 19:47:37.590Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:37.731Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:37.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..-provider.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e709e90a616594e0
19/2/2020 - 19:47:37.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..-provider.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e709e90a616594e0
19/2/2020 - 19:47:37.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..bilityanalysisrules_31bf3856ad364e35_6.1.7601.17514_none_85194071b6440c78
19/2/2020 - 19:47:37.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..bilityanalysisrules_31bf3856ad364e35_6.1.7601.17514_none_85194071b6440c78
19/2/2020 - 19:47:37.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..dle-agent.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5b2eed839b480190
19/2/2020 - 19:47:37.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..dle-agent.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5b2eed839b480190
19/2/2020 - 19:47:37.825Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:37.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..erycenter.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e542c5b508c2205b
19/2/2020 - 19:47:37.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..erycenter.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e542c5b508c2205b
19/2/2020 - 19:47:37.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..etrics-wmi-provider_31bf3856ad364e35_6.1.7600.16385_none_c00e60da692e49de
19/2/2020 - 19:47:37.965Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..etrics-wmi-provider_31bf3856ad364e35_6.1.7600.16385_none_c00e60da692e49de
19/2/2020 - 19:47:38.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..etrics-wmi-provider_31bf3856ad364e35_6.1.7600.16385_none_c00e60da692e49de
19/2/2020 - 19:47:38.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8bd35606a4829433
19/2/2020 - 19:47:38.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8bd35606a4829433
19/2/2020 - 19:47:38.12Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:38.153Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:38.200Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:38.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..lelevated.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2bdaed9c2f8edd7a
19/2/2020 - 19:47:38.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..lelevated.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2bdaed9c2f8edd7a
19/2/2020 - 19:47:38.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..ne-editor.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_112dc96785b932a0
19/2/2020 - 19:47:38.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..ne-editor.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_112dc96785b932a0
19/2/2020 - 19:47:38.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..nt-v1-api.resources_31bf3856ad364e35_6.1.7601.18332_pt-br_8dd99fb82581c19a
19/2/2020 - 19:47:38.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..nt-v1-api.resources_31bf3856ad364e35_6.1.7601.18332_pt-br_8dd99fb82581c19a
19/2/2020 - 19:47:38.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..rovider-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_b66f27da44d832be
19/2/2020 - 19:47:38.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..rovider-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_b66f27da44d832be
19/2/2020 - 19:47:38.340Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:38.434Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:38.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.17514_none_8db430131e6eb6d2
19/2/2020 - 19:47:38.528Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.17514_none_8db430131e6eb6d2
19/2/2020 - 19:47:38.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.17514_none_8db430131e6eb6d2
19/2/2020 - 19:47:38.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.17779_none_8d7855c91e9ad779
19/2/2020 - 19:47:38.575Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.17779_none_8d7855c91e9ad779
19/2/2020 - 19:47:38.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.17779_none_8d7855c91e9ad779
19/2/2020 - 19:47:38.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.18540_none_8d8fa85f1e8abeea
19/2/2020 - 19:47:38.622Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.18540_none_8d8fa85f1e8abeea
19/2/2020 - 19:47:38.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.18540_none_8d8fa85f1e8abeea
19/2/2020 - 19:47:38.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_7.1.7601.19107_none_7f3247faa94ace5b
19/2/2020 - 19:47:38.668Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_7.1.7601.19107_none_7f3247faa94ace5b
19/2/2020 - 19:47:38.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_7.1.7601.19107_none_7f3247faa94ace5b
19/2/2020 - 19:47:38.762Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:38.903Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:38.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_7.2.7601.16415_none_3791aa0f3a45ec6b
19/2/2020 - 19:47:38.997Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_7.2.7601.16415_none_3791aa0f3a45ec6b
19/2/2020 - 19:47:39.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_7.2.7601.16415_none_3791aa0f3a45ec6b\TsUsbRedirectionGroupPolicyControl.exe
19/2/2020 - 19:47:39.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_7.2.7601.16415_none_3791aa0f3a45ec6b\TsUsbRedirectionGroupPolicyControl.exeTsUsbRedirectionGroupPolicyControl.exe
19/2/2020 - 19:47:39.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_7.2.7601.16415_none_3791aa0f3a45ec6b\TsUsbRedirectionGroupPolicyControl.exe
19/2/2020 - 19:47:39.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_7.2.7601.16415_none_3791aa0f3a45ec6b\TsUsbRedirectionGroupPolicyControl.exe
19/2/2020 - 19:47:39.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_7.2.7601.16415_none_3791aa0f3a45ec6b\TsUsbRedirectionGroupPolicyControl.exe
19/2/2020 - 19:47:39.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_7.2.7601.16415_none_3791aa0f3a45ec6b
19/2/2020 - 19:47:39.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..stion-resolver-core_31bf3856ad364e35_6.1.7600.16385_none_fcf27d7d89ee8e4b
19/2/2020 - 19:47:39.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-r..stion-resolver-core_31bf3856ad364e35_6.1.7600.16385_none_fcf27d7d89ee8e4b
19/2/2020 - 19:47:39.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-radar-adm_31bf3856ad364e35_6.1.7600.16385_none_4506fd9c7c9a9b0a
19/2/2020 - 19:47:39.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-radar-adm_31bf3856ad364e35_6.1.7600.16385_none_4506fd9c7c9a9b0a
19/2/2020 - 19:47:39.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasapi_31bf3856ad364e35_6.1.7601.17514_none_cb5d84d96624bcbd
19/2/2020 - 19:47:39.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasapi_31bf3856ad364e35_6.1.7601.17514_none_cb5d84d96624bcbd
19/2/2020 - 19:47:39.137Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:39.278Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:39.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasbase-agilevpn_31bf3856ad364e35_6.1.7601.17514_none_0d986093aec115a9
19/2/2020 - 19:47:39.325Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasbase-agilevpn_31bf3856ad364e35_6.1.7601.17514_none_0d986093aec115a9
19/2/2020 - 19:47:39.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasbase-agilevpn_31bf3856ad364e35_6.1.7601.17514_none_0d986093aec115a9
19/2/2020 - 19:47:39.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasbase-rasl2tp_31bf3856ad364e35_6.1.7601.17514_none_f802520bfe8dd487
19/2/2020 - 19:47:39.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasbase-rasl2tp_31bf3856ad364e35_6.1.7601.17514_none_f802520bfe8dd487
19/2/2020 - 19:47:39.465Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:39.512Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:39.653Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:39.793Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:39.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasmprddm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_92bec8fb6ae09f7b
19/2/2020 - 19:47:39.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasmprddm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_92bec8fb6ae09f7b
19/2/2020 - 19:47:39.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasserver_31bf3856ad364e35_6.1.7601.17514_none_09cf3ec67e6c6b50
19/2/2020 - 19:47:39.887Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasserver_31bf3856ad364e35_6.1.7601.17514_none_09cf3ec67e6c6b50
19/2/2020 - 19:47:39.934Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasserver_31bf3856ad364e35_6.1.7601.17514_none_09cf3ec67e6c6b50
19/2/2020 - 19:47:39.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rasserver_31bf3856ad364e35_6.1.7601.17514_none_09cf3ec67e6c6b50
19/2/2020 - 19:47:39.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rastapi_31bf3856ad364e35_6.1.7600.16385_none_6ad91c00938e07eb
19/2/2020 - 19:47:39.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rastapi_31bf3856ad364e35_6.1.7600.16385_none_6ad91c00938e07eb
19/2/2020 - 19:47:40.28Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:40.168Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:40.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rastls_31bf3856ad364e35_6.1.7601.18584_none_ca3f6b2166fc47c6
19/2/2020 - 19:47:40.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rastls_31bf3856ad364e35_6.1.7601.18584_none_ca3f6b2166fc47c6
19/2/2020 - 19:47:40.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-recdisc-main_31bf3856ad364e35_6.1.7601.17514_none_e2a1ffe0ca40cff2
19/2/2020 - 19:47:40.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-recdisc-main_31bf3856ad364e35_6.1.7601.17514_none_e2a1ffe0ca40cff2
19/2/2020 - 19:47:40.309Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:40.450Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:40.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-remoteassistance-diag_31bf3856ad364e35_6.1.7600.16385_none_0f7601a1f6f55d23
19/2/2020 - 19:47:40.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-remoteassistance-diag_31bf3856ad364e35_6.1.7600.16385_none_0f7601a1f6f55d23
19/2/2020 - 19:47:40.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-removablestorage-adm_31bf3856ad364e35_6.1.7600.16385_none_e338abd12c63dcf0
19/2/2020 - 19:47:40.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-removablestorage-adm_31bf3856ad364e35_6.1.7600.16385_none_e338abd12c63dcf0
19/2/2020 - 19:47:40.590Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:40.731Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:40.778Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:40.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-resampledmo_31bf3856ad364e35_6.1.7601.23290_none_fdc0e23b0872cfb4
19/2/2020 - 19:47:40.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-resampledmo_31bf3856ad364e35_6.1.7601.23290_none_fdc0e23b0872cfb4
19/2/2020 - 19:47:40.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rndis-miniport_31bf3856ad364e35_6.1.7601.17887_none_3f0c0c38a2baee0b
19/2/2020 - 19:47:40.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rndis-miniport_31bf3856ad364e35_6.1.7601.17887_none_3f0c0c38a2baee0b
19/2/2020 - 19:47:40.918Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:41.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rndis-usb-microport_31bf3856ad364e35_6.1.7600.16385_none_20e1b69f6c5c4250
19/2/2020 - 19:47:41.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rndis-usb-microport_31bf3856ad364e35_6.1.7600.16385_none_20e1b69f6c5c4250
19/2/2020 - 19:47:41.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a3b02531d3e36fc9
19/2/2020 - 19:47:41.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a3b02531d3e36fc9
19/2/2020 - 19:47:41.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-http_31bf3856ad364e35_6.1.7601.23338_none_fe96bd386f1decc4
19/2/2020 - 19:47:41.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-http_31bf3856ad364e35_6.1.7601.23338_none_fe96bd386f1decc4
19/2/2020 - 19:47:41.59Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:41.200Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:41.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-local_31bf3856ad364e35_6.1.7601.18951_none_11f254c85bd70b9c
19/2/2020 - 19:47:41.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-local_31bf3856ad364e35_6.1.7601.18951_none_11f254c85bd70b9c
19/2/2020 - 19:47:41.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-local_31bf3856ad364e35_6.1.7601.23126_none_12a13aeb74d80988
19/2/2020 - 19:47:41.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-local_31bf3856ad364e35_6.1.7601.23126_none_12a13aeb74d80988
19/2/2020 - 19:47:41.340Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:41.481Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:41.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-locator.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7c3aa57f99585cdf
19/2/2020 - 19:47:41.528Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-rpc-locator.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7c3aa57f99585cdf
19/2/2020 - 19:47:41.622Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:41.762Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:41.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-runas_31bf3856ad364e35_6.1.7600.16385_none_bbdd3aeb771e694e
19/2/2020 - 19:47:41.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-runas_31bf3856ad364e35_6.1.7600.16385_none_bbdd3aeb771e694e
19/2/2020 - 19:47:41.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-runlegacycplelevated_31bf3856ad364e35_6.1.7600.16385_none_6d0100c50efddc3c
19/2/2020 - 19:47:41.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-runlegacycplelevated_31bf3856ad364e35_6.1.7600.16385_none_6d0100c50efddc3c
19/2/2020 - 19:47:41.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-checkers.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5cf9afea013f00f2
19/2/2020 - 19:47:41.809Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-checkers.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5cf9afea013f00f2
19/2/2020 - 19:47:41.856Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-checkers.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5cf9afea013f00f2
19/2/2020 - 19:47:41.950Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:41.997Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:42.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-jscript9.resources_31bf3856ad364e35_11.2.9600.18349_pt-br_c5bb34d1f9c8ea6c
19/2/2020 - 19:47:42.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-jscript9.resources_31bf3856ad364e35_11.2.9600.18349_pt-br_c5bb34d1f9c8ea6c
19/2/2020 - 19:47:42.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-netlogon.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8d54ad15a5352e16
19/2/2020 - 19:47:42.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-netlogon.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_8d54ad15a5352e16
19/2/2020 - 19:47:42.90Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:42.231Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:42.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-usermode.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_72366db85b50a0b9
19/2/2020 - 19:47:42.325Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..-usermode.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_72366db85b50a0b9
19/2/2020 - 19:47:42.372Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:42.512Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:42.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ator-base.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f59db6b443268b52
19/2/2020 - 19:47:42.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ator-base.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f59db6b443268b52
19/2/2020 - 19:47:42.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..audiodepthconverter_31bf3856ad364e35_6.1.7601.17514_none_db147a3bd314ad01
19/2/2020 - 19:47:42.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..audiodepthconverter_31bf3856ad364e35_6.1.7601.17514_none_db147a3bd314ad01
19/2/2020 - 19:47:42.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..boxgames-backgammon_31bf3856ad364e35_6.1.7600.16385_none_668d031845881638
19/2/2020 - 19:47:42.606Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..boxgames-backgammon_31bf3856ad364e35_6.1.7600.16385_none_668d031845881638
19/2/2020 - 19:47:42.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..boxgames-backgammon_31bf3856ad364e35_6.1.7600.16385_none_668d031845881638
19/2/2020 - 19:47:42.653Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:42.793Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:42.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..cingstack.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ea4ae2ed1b282a9f
19/2/2020 - 19:47:42.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..cingstack.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ea4ae2ed1b282a9f
19/2/2020 - 19:47:42.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..cy-engine.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_235bbd2bbbc43dc1
19/2/2020 - 19:47:42.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..cy-engine.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_235bbd2bbbc43dc1
19/2/2020 - 19:47:42.934Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:42.981Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:43.122Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:43.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..docs-main.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c159e75ee5796bff
19/2/2020 - 19:47:43.168Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..docs-main.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c159e75ee5796bff
19/2/2020 - 19:47:43.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..docs-main.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c159e75ee5796bff
19/2/2020 - 19:47:43.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..downlevel.resources_31bf3856ad364e35_6.3.9600.16428_pt-br_af70698048fc8c69
19/2/2020 - 19:47:43.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..downlevel.resources_31bf3856ad364e35_6.3.9600.16428_pt-br_af70698048fc8c69
19/2/2020 - 19:47:43.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ect-instrumentation_31bf3856ad364e35_6.1.7600.16385_none_ad0104c087b7e1f0
19/2/2020 - 19:47:43.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ect-instrumentation_31bf3856ad364e35_6.1.7600.16385_none_ad0104c087b7e1f0
19/2/2020 - 19:47:43.262Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:43.403Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:43.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..engine-nativeengine_31bf3856ad364e35_6.1.7600.16385_none_5064a7d08ea0882d
19/2/2020 - 19:47:43.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..engine-nativeengine_31bf3856ad364e35_6.1.7600.16385_none_5064a7d08ea0882d
19/2/2020 - 19:47:43.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ent-accountidentity_31bf3856ad364e35_6.1.7600.16385_none_44d0906fc7b835f3
19/2/2020 - 19:47:43.450Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ent-accountidentity_31bf3856ad364e35_6.1.7600.16385_none_44d0906fc7b835f3
19/2/2020 - 19:47:43.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ent-accountidentity_31bf3856ad364e35_6.1.7600.16385_none_44d0906fc7b835f3
19/2/2020 - 19:47:43.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..eparation.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a61144da3a739c07
19/2/2020 - 19:47:43.497Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..eparation.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a61144da3a739c07
19/2/2020 - 19:47:43.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..eparation.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a61144da3a739c07
19/2/2020 - 19:47:43.637Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:43.778Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:43.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..es-spades.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b554c7d639a4eb44
19/2/2020 - 19:47:43.825Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..es-spades.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b554c7d639a4eb44
19/2/2020 - 19:47:43.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..es-spades.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_b554c7d639a4eb44
19/2/2020 - 19:47:43.918Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:44.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..gevolumewmiprovider_31bf3856ad364e35_6.1.7600.16385_none_73c8b7ae239db6b0
19/2/2020 - 19:47:44.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..gevolumewmiprovider_31bf3856ad364e35_6.1.7600.16385_none_73c8b7ae239db6b0
19/2/2020 - 19:47:44.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..gtool-app.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0737ccdc069b3a3d
19/2/2020 - 19:47:44.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..gtool-app.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0737ccdc069b3a3d
19/2/2020 - 19:47:44.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..guration-engine-mof_31bf3856ad364e35_6.1.7600.16385_none_a427a89798f038da
19/2/2020 - 19:47:44.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..guration-engine-mof_31bf3856ad364e35_6.1.7600.16385_none_a427a89798f038da
19/2/2020 - 19:47:44.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ib2-extension-agent_31bf3856ad364e35_6.1.7600.16385_none_ecd128472ca9887b
19/2/2020 - 19:47:44.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ib2-extension-agent_31bf3856ad364e35_6.1.7600.16385_none_ecd128472ca9887b
19/2/2020 - 19:47:44.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..icsprovider-library_31bf3856ad364e35_6.1.7600.16385_none_adb6e8740a39ba16
19/2/2020 - 19:47:44.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..icsprovider-library_31bf3856ad364e35_6.1.7600.16385_none_adb6e8740a39ba16
19/2/2020 - 19:47:44.59Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:44.106Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:44.153Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:44.293Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:44.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ini-maintenanceuser_31bf3856ad364e35_6.1.7600.16385_none_61fc91b36f901b87
19/2/2020 - 19:47:44.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ini-maintenanceuser_31bf3856ad364e35_6.1.7600.16385_none_61fc91b36f901b87
19/2/2020 - 19:47:44.434Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:44.528Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:44.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..iprovider.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_341cc36424739de6
19/2/2020 - 19:47:44.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..iprovider.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_341cc36424739de6
19/2/2020 - 19:47:44.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ity-vault.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5020f30290aa88f4
19/2/2020 - 19:47:44.622Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ity-vault.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5020f30290aa88f4
19/2/2020 - 19:47:44.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ity-vault.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5020f30290aa88f4
19/2/2020 - 19:47:44.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.1.7600.16385_none_656773dac187bca2
19/2/2020 - 19:47:44.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.1.7600.16385_none_656773dac187bca2
19/2/2020 - 19:47:44.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59
19/2/2020 - 19:47:44.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59
19/2/2020 - 19:47:44.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ktopini-maintenance_31bf3856ad364e35_6.1.7600.16385_none_ba8f25a3b6d81a68
19/2/2020 - 19:47:44.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ktopini-maintenance_31bf3856ad364e35_6.1.7600.16385_none_ba8f25a3b6d81a68
19/2/2020 - 19:47:44.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..l-inboxgames-hearts_31bf3856ad364e35_6.1.7600.16385_none_4ffeefd67d89d45b
19/2/2020 - 19:47:44.668Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..l-inboxgames-hearts_31bf3856ad364e35_6.1.7600.16385_none_4ffeefd67d89d45b
19/2/2020 - 19:47:44.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..l-inboxgames-hearts_31bf3856ad364e35_6.1.7600.16385_none_4ffeefd67d89d45b
19/2/2020 - 19:47:44.762Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:44.903Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:44.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..l-soundthemes-delta_31bf3856ad364e35_6.1.7600.16385_none_fbf7e0678b64a4b8
19/2/2020 - 19:47:44.997Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..l-soundthemes-delta_31bf3856ad364e35_6.1.7600.16385_none_fbf7e0678b64a4b8
19/2/2020 - 19:47:45.43Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..l-soundthemes-delta_31bf3856ad364e35_6.1.7600.16385_none_fbf7e0678b64a4b8
19/2/2020 - 19:47:45.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..l-soundthemes-delta_31bf3856ad364e35_6.1.7600.16385_none_fbf7e0678b64a4b8
19/2/2020 - 19:47:45.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..line-user-interface_31bf3856ad364e35_6.1.7600.16385_none_38dc646bf68909f4
19/2/2020 - 19:47:45.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..line-user-interface_31bf3856ad364e35_6.1.7600.16385_none_38dc646bf68909f4
19/2/2020 - 19:47:45.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..lpaper-architecture_31bf3856ad364e35_6.1.7600.16385_none_d99106b927aa7782
19/2/2020 - 19:47:45.90Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..lpaper-architecture_31bf3856ad364e35_6.1.7600.16385_none_d99106b927aa7782
19/2/2020 - 19:47:45.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..lpaper-architecture_31bf3856ad364e35_6.1.7600.16385_none_d99106b927aa7782
19/2/2020 - 19:47:45.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..madvanced.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0cd688ee12658ad3
19/2/2020 - 19:47:45.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..madvanced.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0cd688ee12658ad3
19/2/2020 - 19:47:45.184Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:45.278Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:45.325Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:45.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mib-extension-agent_31bf3856ad364e35_6.1.7600.16385_none_d4706cf73480781c
19/2/2020 - 19:47:45.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mib-extension-agent_31bf3856ad364e35_6.1.7600.16385_none_d4706cf73480781c
19/2/2020 - 19:47:45.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mmaintenanceservice_31bf3856ad364e35_6.1.7601.18933_none_9b5d4867f6e809e0
19/2/2020 - 19:47:45.418Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mmaintenanceservice_31bf3856ad364e35_6.1.7601.18933_none_9b5d4867f6e809e0
19/2/2020 - 19:47:45.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..mmaintenanceservice_31bf3856ad364e35_6.1.7601.18933_none_9b5d4867f6e809e0
19/2/2020 - 19:47:45.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..monnoia64.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b10571bddd69c23e
19/2/2020 - 19:47:45.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..monnoia64.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b10571bddd69c23e
19/2/2020 - 19:47:45.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..moregames.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2c6e20cf370f2c72
19/2/2020 - 19:47:45.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..moregames.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2c6e20cf370f2c72
19/2/2020 - 19:47:45.512Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:45.653Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:45.793Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:45.887Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:45.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..on-wizard-framework_31bf3856ad364e35_6.1.7601.17514_none_1478eaa56818c3c0
19/2/2020 - 19:47:45.934Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..on-wizard-framework_31bf3856ad364e35_6.1.7601.17514_none_1478eaa56818c3c0
19/2/2020 - 19:47:45.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..on-wizard-framework_31bf3856ad364e35_6.1.7601.17514_none_1478eaa56818c3c0
19/2/2020 - 19:47:45.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..onfiguration-client_31bf3856ad364e35_6.1.7600.16385_none_1da87e1aea354aa8
19/2/2020 - 19:47:45.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..onfiguration-client_31bf3856ad364e35_6.1.7600.16385_none_1da87e1aea354aa8
19/2/2020 - 19:47:45.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.1.7601.17514_none_cde4c4fd7ab159cb
19/2/2020 - 19:47:45.981Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.1.7601.17514_none_cde4c4fd7ab159cb
19/2/2020 - 19:47:46.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.1.7601.17514_none_cde4c4fd7ab159cb\RMActivate_ssp.exe
19/2/2020 - 19:47:46.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.1.7601.17514_none_cde4c4fd7ab159cb\RMActivate_ssp.exeRMActivate_ssp.exe
19/2/2020 - 19:47:46.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.1.7601.17514_none_cde4c4fd7ab159cb\RMActivate_ssp.exe
19/2/2020 - 19:47:46.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.1.7601.17514_none_cde4c4fd7ab159cb\RMActivate_ssp.exe
19/2/2020 - 19:47:46.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.1.7601.17514_none_cde4c4fd7ab159cb\RMActivate_ssp.exe
19/2/2020 - 19:47:46.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.1.7601.17514_none_cde4c4fd7ab159cb
19/2/2020 - 19:47:46.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.1.7601.22530_none_ce54a81a93e2e895
19/2/2020 - 19:47:46.28Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.1.7601.22530_none_ce54a81a93e2e895
19/2/2020 - 19:47:46.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.1.7601.22530_none_ce54a81a93e2e895
19/2/2020 - 19:47:46.168Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:46.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..otservicing-utility_31bf3856ad364e35_6.1.7600.16385_none_d139a2cea567ce3f
19/2/2020 - 19:47:46.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..otservicing-utility_31bf3856ad364e35_6.1.7600.16385_none_d139a2cea567ce3f\fveupdate.exe
19/2/2020 - 19:47:46.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..otservicing-utility_31bf3856ad364e35_6.1.7600.16385_none_d139a2cea567ce3f\fveupdate.exefveupdate.exe
19/2/2020 - 19:47:46.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..otservicing-utility_31bf3856ad364e35_6.1.7600.16385_none_d139a2cea567ce3f\fveupdate.exe
19/2/2020 - 19:47:46.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..otservicing-utility_31bf3856ad364e35_6.1.7600.16385_none_d139a2cea567ce3f\fveupdate.exe
19/2/2020 - 19:47:46.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..otservicing-utility_31bf3856ad364e35_6.1.7600.16385_none_d139a2cea567ce3f\fveupdate.exe
19/2/2020 - 19:47:46.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..otservicing-utility_31bf3856ad364e35_6.1.7600.16385_none_d139a2cea567ce3f
19/2/2020 - 19:47:46.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..oxy-extension-agent_31bf3856ad364e35_6.1.7600.16385_none_d49e1c71aba3c7ed
19/2/2020 - 19:47:46.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..oxy-extension-agent_31bf3856ad364e35_6.1.7600.16385_none_d49e1c71aba3c7ed
19/2/2020 - 19:47:46.356Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:46.497Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:46.543Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:46.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..pt-regedittools-adm_31bf3856ad364e35_6.1.7600.16385_none_c67266ca1f0e89f8
19/2/2020 - 19:47:46.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..pt-regedittools-adm_31bf3856ad364e35_6.1.7600.16385_none_c67266ca1f0e89f8
19/2/2020 - 19:47:46.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..rbleplace.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0b58643c7e708f5d
19/2/2020 - 19:47:46.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..rbleplace.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_0b58643c7e708f5d
19/2/2020 - 19:47:46.637Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:46.778Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:46.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..rtup-core.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b11647bd474cce12
19/2/2020 - 19:47:46.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..rtup-core.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b11647bd474cce12
19/2/2020 - 19:47:46.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1
19/2/2020 - 19:47:46.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
19/2/2020 - 19:47:46.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
19/2/2020 - 19:47:46.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
19/2/2020 - 19:47:46.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
19/2/2020 - 19:47:46.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1
19/2/2020 - 19:47:46.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.18829_none_2d7fe646e3ec3705
19/2/2020 - 19:47:46.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.18829_none_2d7fe646e3ec3705
19/2/2020 - 19:47:46.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_aeda19052ddea7b6
19/2/2020 - 19:47:46.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_aeda19052ddea7b6
19/2/2020 - 19:47:46.918Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:47.59Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:47.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.1.7601.17514_none_ff1b74d24817a82b
19/2/2020 - 19:47:47.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.1.7601.17514_none_ff1b74d24817a82b
19/2/2020 - 19:47:47.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..soundthemes-savanna_31bf3856ad364e35_6.1.7600.16385_none_8501e89d0b011992
19/2/2020 - 19:47:47.106Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..soundthemes-savanna_31bf3856ad364e35_6.1.7600.16385_none_8501e89d0b011992
19/2/2020 - 19:47:47.153Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..soundthemes-savanna_31bf3856ad364e35_6.1.7600.16385_none_8501e89d0b011992
19/2/2020 - 19:47:47.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..soundthemes-savanna_31bf3856ad364e35_6.1.7600.16385_none_8501e89d0b011992
19/2/2020 - 19:47:47.247Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:47.387Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:47.481Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..tcard-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_749618285c4c8a31
19/2/2020 - 19:47:47.481Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..tcard-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_749618285c4c8a31
19/2/2020 - 19:47:47.528Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:47.575Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:47.715Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:47.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..tings-adm.resources_31bf3856ad364e35_6.1.7601.22923_pt-br_08e0a609956a8b50
19/2/2020 - 19:47:47.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..tings-adm.resources_31bf3856ad364e35_6.1.7601.22923_pt-br_08e0a609956a8b50
19/2/2020 - 19:47:47.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..tools-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e4f79d5fcf69d0c2
19/2/2020 - 19:47:47.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..tools-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e4f79d5fcf69d0c2
19/2/2020 - 19:47:47.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_6fa6b9c88f2a3ba1
19/2/2020 - 19:47:47.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_6fa6b9c88f2a3ba1
19/2/2020 - 19:47:47.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4decf63779e29aaa
19/2/2020 - 19:47:47.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4decf63779e29aaa
19/2/2020 - 19:47:47.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.1.7600.16385_none_a43e06414a0fcb4b
19/2/2020 - 19:47:47.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.1.7600.16385_none_a43e06414a0fcb4b
19/2/2020 - 19:47:47.809Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:47.950Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:47.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953
19/2/2020 - 19:47:47.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953
19/2/2020 - 19:47:47.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..vider-dll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5b85aad8e52158f9
19/2/2020 - 19:47:47.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..vider-dll.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5b85aad8e52158f9
19/2/2020 - 19:47:47.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..y-secedit.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_868cb73f3c912659
19/2/2020 - 19:47:47.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..y-secedit.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_868cb73f3c912659
19/2/2020 - 19:47:47.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..y-spp-plugin-common_31bf3856ad364e35_6.1.7601.17514_none_2136d8ac9cfcea8b
19/2/2020 - 19:47:47.997Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..y-spp-plugin-common_31bf3856ad364e35_6.1.7601.17514_none_2136d8ac9cfcea8b
19/2/2020 - 19:47:48.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..y-spp-plugin-common_31bf3856ad364e35_6.1.7601.17514_none_2136d8ac9cfcea8b
19/2/2020 - 19:47:48.137Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:48.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ytools-ex.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_63456ceb0d600508
19/2/2020 - 19:47:48.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-s..ytools-ex.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_63456ceb0d600508
19/2/2020 - 19:47:48.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_6.1.7601.17514_none_832fc1bb7d681e0d
19/2/2020 - 19:47:48.278Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_6.1.7601.17514_none_832fc1bb7d681e0d
19/2/2020 - 19:47:48.325Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_6.1.7601.17514_none_832fc1bb7d681e0d
19/2/2020 - 19:47:48.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-scanprofiles_31bf3856ad364e35_6.1.7601.17514_none_a58d39c869c1728e
19/2/2020 - 19:47:48.325Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-scanprofiles_31bf3856ad364e35_6.1.7601.17514_none_a58d39c869c1728e
19/2/2020 - 19:47:48.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-scanprofiles_31bf3856ad364e35_6.1.7601.17514_none_a58d39c869c1728e
19/2/2020 - 19:47:48.372Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:48.512Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:48.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-scripting-vbscript_31bf3856ad364e35_11.2.9600.17691_none_2aa319e942fe67f2
19/2/2020 - 19:47:48.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-scripting-vbscript_31bf3856ad364e35_11.2.9600.17691_none_2aa319e942fe67f2
19/2/2020 - 19:47:48.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-scripting.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e8bdc93addd8aae2
19/2/2020 - 19:47:48.606Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-scripting.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e8bdc93addd8aae2
19/2/2020 - 19:47:48.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-scripting.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e8bdc93addd8aae2
19/2/2020 - 19:47:48.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-scrnsave_31bf3856ad364e35_6.1.7600.16385_none_3d3492aaf415de8e
19/2/2020 - 19:47:48.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-scrnsave_31bf3856ad364e35_6.1.7600.16385_none_3d3492aaf415de8e
19/2/2020 - 19:47:48.700Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:48.840Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:48.887Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:48.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sctasks.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_80a94effcf4842dd
19/2/2020 - 19:47:48.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sctasks.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_80a94effcf4842dd
19/2/2020 - 19:47:48.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-secinit.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_da5c1d171c023610
19/2/2020 - 19:47:48.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-secinit.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_da5c1d171c023610
19/2/2020 - 19:47:49.28Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:49.168Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:49.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-securestartup-cpl_31bf3856ad364e35_6.1.7601.17514_none_b5ac5cc3a1b7e9ef
19/2/2020 - 19:47:49.215Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-securestartup-cpl_31bf3856ad364e35_6.1.7601.17514_none_b5ac5cc3a1b7e9ef
19/2/2020 - 19:47:49.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-securestartup-cpl_31bf3856ad364e35_6.1.7601.17514_none_b5ac5cc3a1b7e9ef
19/2/2020 - 19:47:49.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-securestartup-wmi_31bf3856ad364e35_6.1.7600.16385_none_bc7747799f002109
19/2/2020 - 19:47:49.262Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-securestartup-wmi_31bf3856ad364e35_6.1.7600.16385_none_bc7747799f002109
19/2/2020 - 19:47:49.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-securestartup-wmi_31bf3856ad364e35_6.1.7600.16385_none_bc7747799f002109
19/2/2020 - 19:47:49.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.17514_none_21de36deb82f8f12
19/2/2020 - 19:47:49.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.17514_none_21de36deb82f8f12
19/2/2020 - 19:47:49.403Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:49.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.18923_none_21d25778b8389fe9
19/2/2020 - 19:47:49.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.18923_none_21d25778b8389fe9
19/2/2020 - 19:47:49.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.18933_none_21c7878cb840bbda
19/2/2020 - 19:47:49.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.18933_none_21c7878cb840bbda
19/2/2020 - 19:47:49.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.22814_none_2267c0add14d42cb
19/2/2020 - 19:47:49.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.22814_none_2267c0add14d42cb
19/2/2020 - 19:47:49.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.22843_none_2246509fd1667d47
19/2/2020 - 19:47:49.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.22843_none_2246509fd1667d47
19/2/2020 - 19:47:49.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.22923_none_225bf25dd156428c
19/2/2020 - 19:47:49.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.22923_none_225bf25dd156428c
19/2/2020 - 19:47:49.543Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:49.684Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:49.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.23017_none_226a9b93d14abf39
19/2/2020 - 19:47:49.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.23017_none_226a9b93d14abf39
19/2/2020 - 19:47:49.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.23452_none_223a6209d16fa4e6
19/2/2020 - 19:47:49.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.23452_none_223a6209d16fa4e6
19/2/2020 - 19:47:49.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7600.16385_none_96c23cbe96661a70
19/2/2020 - 19:47:49.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7600.16385_none_96c23cbe96661a70
19/2/2020 - 19:47:49.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18409_none_9903093693481d46
19/2/2020 - 19:47:49.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18409_none_9903093693481d46
19/2/2020 - 19:47:49.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18489_none_98ac89d69388fcce
19/2/2020 - 19:47:49.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18489_none_98ac89d69388fcce
19/2/2020 - 19:47:49.825Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:49.965Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:50.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18606_none_99000c24934acb8f
19/2/2020 - 19:47:50.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18606_none_99000c24934acb8f
19/2/2020 - 19:47:50.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18741_none_98cfcce8936fb9c7
19/2/2020 - 19:47:50.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18741_none_98cfcce8936fb9c7
19/2/2020 - 19:47:50.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18923_none_98e77120935daee1
19/2/2020 - 19:47:50.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18923_none_98e77120935daee1
19/2/2020 - 19:47:50.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.19135_none_98de7bd093642de9
19/2/2020 - 19:47:50.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.19135_none_98de7bd093642de9
19/2/2020 - 19:47:50.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.22616_none_997ed71dac708a23
19/2/2020 - 19:47:50.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.22616_none_997ed71dac708a23
19/2/2020 - 19:47:50.106Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:50.153Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:50.293Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:50.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.23126_none_9973e6ebac78cdf2
19/2/2020 - 19:47:50.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.23126_none_9973e6ebac78cdf2
19/2/2020 - 19:47:50.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.23136_none_996916ffac80e9e3
19/2/2020 - 19:47:50.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.23136_none_996916ffac80e9e3
19/2/2020 - 19:47:50.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.23154_none_99517693ac92ef17
19/2/2020 - 19:47:50.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.23154_none_99517693ac92ef17
19/2/2020 - 19:47:50.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-identitystore_31bf3856ad364e35_6.1.7600.16385_none_9db90861bb86ed41
19/2/2020 - 19:47:50.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-identitystore_31bf3856ad364e35_6.1.7600.16385_none_9db90861bb86ed41
19/2/2020 - 19:47:50.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos-mof_31bf3856ad364e35_6.1.7600.16385_none_3f75858ebf65ff56
19/2/2020 - 19:47:50.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos-mof_31bf3856ad364e35_6.1.7600.16385_none_3f75858ebf65ff56
19/2/2020 - 19:47:50.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.18409_none_450c9b4ac7609975
19/2/2020 - 19:47:50.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.18409_none_450c9b4ac7609975
19/2/2020 - 19:47:50.434Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:50.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.18923_none_44f10334c7762b10
19/2/2020 - 19:47:50.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.18923_none_44f10334c7762b10
19/2/2020 - 19:47:50.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.22807_none_45943d33e07ffe06
19/2/2020 - 19:47:50.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.22807_none_45943d33e07ffe06
19/2/2020 - 19:47:50.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.22843_none_4564fc5be0a4086e
19/2/2020 - 19:47:50.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.22843_none_4564fc5be0a4086e
19/2/2020 - 19:47:50.575Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:50.715Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:50.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.23017_none_4589474fe0884a60
19/2/2020 - 19:47:50.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.23017_none_4589474fe0884a60
19/2/2020 - 19:47:50.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.23136_none_4572a913e0996612
19/2/2020 - 19:47:50.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.23136_none_4572a913e0996612
19/2/2020 - 19:47:50.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.23338_none_4574ad73e097930e
19/2/2020 - 19:47:50.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.23338_none_4574ad73e097930e
19/2/2020 - 19:47:50.809Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.23418_none_458a4f31e0875853
19/2/2020 - 19:47:50.809Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.1.7601.23418_none_458a4f31e0875853
19/2/2020 - 19:47:50.856Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:50.997Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:51.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.1.7601.18409_none_dae8aaf2791dcc95
19/2/2020 - 19:47:51.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.1.7601.18409_none_dae8aaf2791dcc95
19/2/2020 - 19:47:51.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.1.7601.22807_none_db704cdb923d3126
19/2/2020 - 19:47:51.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.1.7601.22807_none_db704cdb923d3126
19/2/2020 - 19:47:51.137Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:51.278Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:51.325Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:51.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.1.7601.22923_none_db56adc1925100d3
19/2/2020 - 19:47:51.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.1.7601.22923_none_db56adc1925100d3
19/2/2020 - 19:47:51.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.1.7601.23017_none_db6556f792457d80
19/2/2020 - 19:47:51.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.1.7601.23017_none_db6556f792457d80
19/2/2020 - 19:47:51.465Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:51.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-pku2u_31bf3856ad364e35_6.1.7600.16385_none_da64c5edb828c76f
19/2/2020 - 19:47:51.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-pku2u_31bf3856ad364e35_6.1.7600.16385_none_da64c5edb828c76f
19/2/2020 - 19:47:51.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.17725_none_803284a76be99098
19/2/2020 - 19:47:51.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.17725_none_803284a76be99098
19/2/2020 - 19:47:51.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.17940_none_8017e7296bfe4415
19/2/2020 - 19:47:51.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.17940_none_8017e7296bfe4415
19/2/2020 - 19:47:51.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18923_none_803071176beb71d9
19/2/2020 - 19:47:51.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18923_none_803071176beb71d9
19/2/2020 - 19:47:51.606Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:51.747Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:51.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18951_none_800e00bf6c0592fe
19/2/2020 - 19:47:51.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18951_none_800e00bf6c0592fe
19/2/2020 - 19:47:51.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.19135_none_80277bc76bf1f0e1
19/2/2020 - 19:47:51.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.19135_none_80277bc76bf1f0e1
19/2/2020 - 19:47:51.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22712_none_80c3d7d28501e4e6
19/2/2020 - 19:47:51.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22712_none_80c3d7d28501e4e6
19/2/2020 - 19:47:51.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22814_none_80c5da4c850014bb
19/2/2020 - 19:47:51.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22814_none_80c5da4c850014bb
19/2/2020 - 19:47:51.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22948_none_80a96d968514cb11
19/2/2020 - 19:47:51.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22948_none_80a96d968514cb11
19/2/2020 - 19:47:51.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.23126_none_80bce6e2850690ea
19/2/2020 - 19:47:51.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.23126_none_80bce6e2850690ea
19/2/2020 - 19:47:51.887Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:52.28Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:52.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.23338_none_80b41b56850cd9d7
19/2/2020 - 19:47:52.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.23338_none_80b41b56850cd9d7
19/2/2020 - 19:47:52.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.23418_none_80c9bd1484fc9f1c
19/2/2020 - 19:47:52.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.23418_none_80c9bd1484fc9f1c
19/2/2020 - 19:47:52.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-settings-adm_31bf3856ad364e35_6.1.7601.22923_none_d727acb47bbc0a44
19/2/2020 - 19:47:52.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-settings-adm_31bf3856ad364e35_6.1.7601.22923_none_d727acb47bbc0a44
19/2/2020 - 19:47:52.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-spp-clientext_31bf3856ad364e35_6.1.7600.16385_none_28bbe77bcacffbe4
19/2/2020 - 19:47:52.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-spp-clientext_31bf3856ad364e35_6.1.7600.16385_none_28bbe77bcacffbe4
19/2/2020 - 19:47:52.168Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:52.309Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:52.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-spp-tools_31bf3856ad364e35_6.1.7600.16385_none_a18e37c5d8d164ed
19/2/2020 - 19:47:52.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-spp-tools_31bf3856ad364e35_6.1.7600.16385_none_a18e37c5d8d164ed
19/2/2020 - 19:47:52.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-spp-ux-sppcc_31bf3856ad364e35_6.1.7600.16385_none_ee126e948f0f7b95
19/2/2020 - 19:47:52.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-spp-ux-sppcc_31bf3856ad364e35_6.1.7600.16385_none_ee126e948f0f7b95
19/2/2020 - 19:47:52.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_5d778f71b9f4fd55
19/2/2020 - 19:47:52.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_5d778f71b9f4fd55
19/2/2020 - 19:47:52.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-syskey_31bf3856ad364e35_6.1.7600.16385_none_74578a893f33207c
19/2/2020 - 19:47:52.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-syskey_31bf3856ad364e35_6.1.7600.16385_none_74578a893f33207c
19/2/2020 - 19:47:52.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-tools-setspn_31bf3856ad364e35_6.1.7600.16385_none_dbfa9310f7d4d925
19/2/2020 - 19:47:52.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-tools-setspn_31bf3856ad364e35_6.1.7600.16385_none_dbfa9310f7d4d925
19/2/2020 - 19:47:52.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-vault-cpl_31bf3856ad364e35_6.1.7601.17514_none_5598e07f522cb4d0
19/2/2020 - 19:47:52.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-security-vault-cpl_31bf3856ad364e35_6.1.7601.17514_none_5598e07f522cb4d0
19/2/2020 - 19:47:52.450Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:52.497Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:52.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_78666321c8b86082
19/2/2020 - 19:47:52.637Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_78666321c8b86082
19/2/2020 - 19:47:52.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_78666321c8b86082
19/2/2020 - 19:47:52.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sendmail.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4d03eb6608b44ff0
19/2/2020 - 19:47:52.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sendmail.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4d03eb6608b44ff0
19/2/2020 - 19:47:52.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sens-service_31bf3856ad364e35_6.1.7600.16385_none_17ae1ea8d8a86ab0
19/2/2020 - 19:47:52.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sens-service_31bf3856ad364e35_6.1.7600.16385_none_17ae1ea8d8a86ab0
19/2/2020 - 19:47:52.684Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:52.825Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:52.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5
19/2/2020 - 19:47:52.918Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5
19/2/2020 - 19:47:52.965Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5
19/2/2020 - 19:47:53.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\PkgMgr.exe
19/2/2020 - 19:47:53.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\PkgMgr.exe
19/2/2020 - 19:47:53.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\PkgMgr.exe
19/2/2020 - 19:47:53.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\PkgMgr.exe
19/2/2020 - 19:47:53.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5
19/2/2020 - 19:47:53.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-session0viewer_31bf3856ad364e35_6.1.7600.16385_none_3ddbd9a9605f0519
19/2/2020 - 19:47:53.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-session0viewer_31bf3856ad364e35_6.1.7600.16385_none_3ddbd9a9605f0519
19/2/2020 - 19:47:53.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_905283bdc3e1d2d8
19/2/2020 - 19:47:53.59Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_905283bdc3e1d2d8
19/2/2020 - 19:47:53.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_905283bdc3e1d2d8\Setup.exe
19/2/2020 - 19:47:53.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_905283bdc3e1d2d8\Setup.exe
19/2/2020 - 19:47:53.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_905283bdc3e1d2d8\Setup.exe
19/2/2020 - 19:47:53.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_905283bdc3e1d2d8\Setup.exe
19/2/2020 - 19:47:53.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_905283bdc3e1d2d8
19/2/2020 - 19:47:53.200Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:53.340Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:53.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-setup-events.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d00bd524311a1ad8
19/2/2020 - 19:47:53.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-setup-events.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d00bd524311a1ad8
19/2/2020 - 19:47:53.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-setup-unattend_31bf3856ad364e35_6.1.7600.16385_none_f1a9dbb58f680982
19/2/2020 - 19:47:53.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-setup-unattend_31bf3856ad364e35_6.1.7600.16385_none_f1a9dbb58f680982
19/2/2020 - 19:47:53.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-setupcl_31bf3856ad364e35_6.1.7601.17514_none_b6d50b4301e77815
19/2/2020 - 19:47:53.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-setupcl_31bf3856ad364e35_6.1.7601.17514_none_b6d50b4301e77815
19/2/2020 - 19:47:53.481Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:53.622Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:53.762Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:53.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-previewhost_31bf3856ad364e35_6.1.7601.17514_none_a1636a92177e3020
19/2/2020 - 19:47:53.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-previewhost_31bf3856ad364e35_6.1.7601.17514_none_a1636a92177e3020
19/2/2020 - 19:47:53.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-setup_31bf3856ad364e35_6.1.7601.17514_none_3080d81b003fb8dd
19/2/2020 - 19:47:53.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-setup_31bf3856ad364e35_6.1.7601.17514_none_3080d81b003fb8dd
19/2/2020 - 19:47:53.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_6.1.7600.16385_none_73076dd9cf3a9dce
19/2/2020 - 19:47:53.903Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_6.1.7600.16385_none_73076dd9cf3a9dce
19/2/2020 - 19:47:53.950Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_6.1.7600.16385_none_73076dd9cf3a9dce
19/2/2020 - 19:47:53.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_6.1.7600.16385_none_73076dd9cf3a9dce
19/2/2020 - 19:47:53.997Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:54.43Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:54.90Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:54.231Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:54.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shgina_31bf3856ad364e35_6.1.7601.17514_none_269d38ab3683c8fd
19/2/2020 - 19:47:54.325Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shgina_31bf3856ad364e35_6.1.7601.17514_none_269d38ab3683c8fd
19/2/2020 - 19:47:54.372Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:54.512Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:54.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shwebsvc_31bf3856ad364e35_6.1.7601.17514_none_643a76d120b08142
19/2/2020 - 19:47:54.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-shwebsvc_31bf3856ad364e35_6.1.7601.17514_none_643a76d120b08142
19/2/2020 - 19:47:54.653Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:54.793Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:54.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-simpletcp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_caea94538e0550f4
19/2/2020 - 19:47:54.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-simpletcp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_caea94538e0550f4
19/2/2020 - 19:47:54.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smartcard-adm_31bf3856ad364e35_6.1.7600.16385_none_eedd94bcedc87017
19/2/2020 - 19:47:54.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smartcard-adm_31bf3856ad364e35_6.1.7600.16385_none_eedd94bcedc87017
19/2/2020 - 19:47:54.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smartcardksp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_64a5b56bc1f2cd96
19/2/2020 - 19:47:54.840Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smartcardksp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_64a5b56bc1f2cd96
19/2/2020 - 19:47:54.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smartcardksp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_64a5b56bc1f2cd96
19/2/2020 - 19:47:54.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.17514_none_e6ca90f8620e37c6
19/2/2020 - 19:47:54.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.17514_none_e6ca90f8620e37c6
19/2/2020 - 19:47:54.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.17565_none_e69581a66235dcd2
19/2/2020 - 19:47:54.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.17565_none_e69581a66235dcd2
19/2/2020 - 19:47:54.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.18923_none_e6beb1926217489d
19/2/2020 - 19:47:54.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.18923_none_e6beb1926217489d
19/2/2020 - 19:47:54.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.18951_none_e69c413a623169c2
19/2/2020 - 19:47:54.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.18951_none_e69c413a623169c2
19/2/2020 - 19:47:54.981Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:55.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23126_none_e74b275d7b3267ae
19/2/2020 - 19:47:55.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23126_none_e74b275d7b3267ae
19/2/2020 - 19:47:55.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23338_none_e7425bd17b38b09b
19/2/2020 - 19:47:55.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23338_none_e7425bd17b38b09b
19/2/2020 - 19:47:55.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23390_none_e6f979f97b708d89
19/2/2020 - 19:47:55.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23390_none_e6f979f97b708d89
19/2/2020 - 19:47:55.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23392_none_e6fb7a8d7b6ec037
19/2/2020 - 19:47:55.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23392_none_e6fb7a8d7b6ec037
19/2/2020 - 19:47:55.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23418_none_e757fd8f7b2875e0
19/2/2020 - 19:47:55.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23418_none_e757fd8f7b2875e0
19/2/2020 - 19:47:55.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.17565_none_e8cbebb8a08d1043
19/2/2020 - 19:47:55.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.17565_none_e8cbebb8a08d1043
19/2/2020 - 19:47:55.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.18923_none_e8f51ba4a06e7c0e
19/2/2020 - 19:47:55.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.18923_none_e8f51ba4a06e7c0e
19/2/2020 - 19:47:55.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.18933_none_e8ea4bb8a07697ff
19/2/2020 - 19:47:55.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.18933_none_e8ea4bb8a07697ff
19/2/2020 - 19:47:55.122Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:55.262Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:55.309Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:55.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.18951_none_e8d2ab4ca0889d33
19/2/2020 - 19:47:55.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.18951_none_e8d2ab4ca0889d33
19/2/2020 - 19:47:55.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.23126_none_e981916fb9899b1f
19/2/2020 - 19:47:55.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.23126_none_e981916fb9899b1f
19/2/2020 - 19:47:55.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.23418_none_e98e67a1b97fa951
19/2/2020 - 19:47:55.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.23418_none_e98e67a1b97fa951
19/2/2020 - 19:47:55.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.17514_none_ddb772a467bcf964
19/2/2020 - 19:47:55.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.17514_none_ddb772a467bcf964
19/2/2020 - 19:47:55.450Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:55.590Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:55.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23390_none_dde65ba5811f4f27
19/2/2020 - 19:47:55.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23390_none_dde65ba5811f4f27
19/2/2020 - 19:47:55.731Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:55.872Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:55.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7601.21717_none_389f3e6d263626fd
19/2/2020 - 19:47:55.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.1.7601.21717_none_389f3e6d263626fd
19/2/2020 - 19:47:55.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbserver.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_de9881601a322cca
19/2/2020 - 19:47:55.918Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbserver.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_de9881601a322cca
19/2/2020 - 19:47:55.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smbserver.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_de9881601a322cca
19/2/2020 - 19:47:56.59Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:56.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smss.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_41fb608ee59a00d3
19/2/2020 - 19:47:56.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-smss.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_41fb608ee59a00d3
19/2/2020 - 19:47:56.200Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:56.340Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:56.481Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-snmp-evntcmd_31bf3856ad364e35_6.1.7600.16385_none_14f9b9481db6293b
19/2/2020 - 19:47:56.481Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-snmp-evntcmd_31bf3856ad364e35_6.1.7600.16385_none_14f9b9481db6293b
19/2/2020 - 19:47:56.481Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:56.528Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:56.668Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:56.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-snmp-trap-service_31bf3856ad364e35_6.1.7600.16385_none_2b7ff0845918e12f
19/2/2020 - 19:47:56.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-snmp-trap-service_31bf3856ad364e35_6.1.7600.16385_none_2b7ff0845918e12f
19/2/2020 - 19:47:56.809Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:56.950Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:57.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-tables-1cb0_31bf3856ad364e35_6.1.7600.16385_none_c4662e307e0c342e
19/2/2020 - 19:47:57.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-tables-1cb0_31bf3856ad364e35_6.1.7600.16385_none_c4662e307e0c342e
19/2/2020 - 19:47:57.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-tables-2cb2_31bf3856ad364e35_6.1.7600.16385_none_c46817fc7e0a807d
19/2/2020 - 19:47:57.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-tables-2cb2_31bf3856ad364e35_6.1.7600.16385_none_c46817fc7e0a807d
19/2/2020 - 19:47:57.90Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:57.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-tables-2th2_31bf3856ad364e35_6.1.7600.16385_none_cbb132827962751a
19/2/2020 - 19:47:57.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-tables-2th2_31bf3856ad364e35_6.1.7600.16385_none_cbb132827962751a
19/2/2020 - 19:47:57.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-tables-alloc_0_31bf3856ad364e35_6.1.7600.16385_none_aa70146e4305f280
19/2/2020 - 19:47:57.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-tables-alloc_0_31bf3856ad364e35_6.1.7600.16385_none_aa70146e4305f280
19/2/2020 - 19:47:57.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-tables-alloc_3_31bf3856ad364e35_6.1.7600.16385_none_aa4fa4aa431e4653
19/2/2020 - 19:47:57.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-tables-alloc_3_31bf3856ad364e35_6.1.7600.16385_none_aa4fa4aa431e4653
19/2/2020 - 19:47:57.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-tables-enwindow_31bf3856ad364e35_6.1.7600.16385_none_df2402e53df7e10b
19/2/2020 - 19:47:57.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sonic-tables-enwindow_31bf3856ad364e35_6.1.7600.16385_none_df2402e53df7e10b
19/2/2020 - 19:47:57.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-soundrec-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c8077405f63cce97
19/2/2020 - 19:47:57.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-soundrec-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c8077405f63cce97
19/2/2020 - 19:47:57.231Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:57.372Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:57.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-soundrecorder_31bf3856ad364e35_6.1.7601.17514_none_fd2f4b124982e400
19/2/2020 - 19:47:57.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-soundrecorder_31bf3856ad364e35_6.1.7601.17514_none_fd2f4b124982e400
19/2/2020 - 19:47:57.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-spinf_31bf3856ad364e35_6.1.7600.16385_none_b9958864921e30c1
19/2/2020 - 19:47:57.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-spinf_31bf3856ad364e35_6.1.7600.16385_none_b9958864921e30c1
19/2/2020 - 19:47:57.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-spp-main.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1e4662ace02c26fa
19/2/2020 - 19:47:57.512Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-spp-main.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1e4662ace02c26fa
19/2/2020 - 19:47:57.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-spp-main.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1e4662ace02c26fa
19/2/2020 - 19:47:57.559Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:57.700Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:57.747Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:57.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-standardvga_31bf3856ad364e35_6.1.7600.16385_none_f881232cf3b0c322
19/2/2020 - 19:47:57.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-standardvga_31bf3856ad364e35_6.1.7600.16385_none_f881232cf3b0c322
19/2/2020 - 19:47:57.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-storport_31bf3856ad364e35_6.1.7601.17577_none_8564756e46fc63bf
19/2/2020 - 19:47:57.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-storport_31bf3856ad364e35_6.1.7601.17577_none_8564756e46fc63bf
19/2/2020 - 19:47:57.887Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:58.28Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:58.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-streambufferengineres_31bf3856ad364e35_6.1.7600.16385_none_47a5409b2cf5c5ef
19/2/2020 - 19:47:58.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-streambufferengineres_31bf3856ad364e35_6.1.7600.16385_none_47a5409b2cf5c5ef
19/2/2020 - 19:47:58.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-streamclass_31bf3856ad364e35_6.1.7600.16385_none_ba5987585153b623
19/2/2020 - 19:47:58.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-streamclass_31bf3856ad364e35_6.1.7600.16385_none_ba5987585153b623
19/2/2020 - 19:47:58.168Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:58.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sxs-store_31bf3856ad364e35_6.1.7600.16385_none_c7ab05686ce4035d
19/2/2020 - 19:47:58.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sxs-store_31bf3856ad364e35_6.1.7600.16385_none_c7ab05686ce4035d
19/2/2020 - 19:47:58.309Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:58.450Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:58.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sysdmremote.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_1020a2c36be3a299
19/2/2020 - 19:47:58.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sysdmremote.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_1020a2c36be3a299
19/2/2020 - 19:47:58.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sysprep-spnet_31bf3856ad364e35_6.1.7600.16385_none_73b510f667011352
19/2/2020 - 19:47:58.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sysprep-spnet_31bf3856ad364e35_6.1.7600.16385_none_73b510f667011352
19/2/2020 - 19:47:58.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sysprep-spopk_31bf3856ad364e35_6.1.7601.17514_none_75d7ba2e6407eabf
19/2/2020 - 19:47:58.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-sysprep-spopk_31bf3856ad364e35_6.1.7601.17514_none_75d7ba2e6407eabf
19/2/2020 - 19:47:58.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-syssetup_31bf3856ad364e35_6.1.7601.17514_none_cef6913cae56559b
19/2/2020 - 19:47:58.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-syssetup_31bf3856ad364e35_6.1.7601.17514_none_cef6913cae56559b
19/2/2020 - 19:47:58.590Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:58.731Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:58.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-systemindexer_31bf3856ad364e35_6.1.7600.16385_none_319108f33cd99029
19/2/2020 - 19:47:58.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-systemindexer_31bf3856ad364e35_6.1.7600.16385_none_319108f33cd99029
19/2/2020 - 19:47:58.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.17514_none_a505d556c9de886a
19/2/2020 - 19:47:58.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.17514_none_a505d556c9de886a
19/2/2020 - 19:47:58.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.18741_none_a4e251b8c9f9a427
19/2/2020 - 19:47:58.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.18741_none_a4e251b8c9f9a427\rstrui.exe
19/2/2020 - 19:47:58.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.18741_none_a4e251b8c9f9a427\rstrui.exe
19/2/2020 - 19:47:58.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.18741_none_a4e251b8c9f9a427\rstrui.exe
19/2/2020 - 19:47:58.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.18741_none_a4e251b8c9f9a427\rstrui.exe
19/2/2020 - 19:47:58.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.18741_none_a4e251b8c9f9a427
19/2/2020 - 19:47:58.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.23126_none_a5866bbbe302b852
19/2/2020 - 19:47:58.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.23126_none_a5866bbbe302b852
19/2/2020 - 19:47:58.918Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:58.965Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:59.106Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:59.247Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:59.387Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:59.481Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:59.622Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:59.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7601.23415_none_a11560927cc1f982
19/2/2020 - 19:47:59.668Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7601.23415_none_a11560927cc1f982
19/2/2020 - 19:47:59.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7601.23415_none_a11560927cc1f982\PDIALOG.exe
19/2/2020 - 19:47:59.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7601.23415_none_a11560927cc1f982\PDIALOG.exe
19/2/2020 - 19:47:59.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7601.23415_none_a11560927cc1f982\PDIALOG.exe
19/2/2020 - 19:47:59.762Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7601.23415_none_a11560927cc1f982\PDIALOG.exe
19/2/2020 - 19:47:59.762Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7601.23415_none_a11560927cc1f982
19/2/2020 - 19:47:59.856Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:47:59.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..cesclient.resources_31bf3856ad364e35_6.1.7601.18540_pt-br_d43b68f6f18dee27
19/2/2020 - 19:47:59.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..cesclient.resources_31bf3856ad364e35_6.1.7601.18540_pt-br_d43b68f6f18dee27
19/2/2020 - 19:47:59.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..cesclient.resources_31bf3856ad364e35_7.1.7601.16398_pt-br_c57e01b47c95bfd3
19/2/2020 - 19:47:59.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..cesclient.resources_31bf3856ad364e35_7.1.7601.16398_pt-br_c57e01b47c95bfd3
19/2/2020 - 19:47:59.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce
19/2/2020 - 19:47:59.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce
19/2/2020 - 19:47:59.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-msctfp_31bf3856ad364e35_6.1.7600.16385_none_26d2511408a24b3e
19/2/2020 - 19:47:59.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-msctfp_31bf3856ad364e35_6.1.7600.16385_none_26d2511408a24b3e
19/2/2020 - 19:47:59.997Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:0.43Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:0.137Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:0.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..cognition.en-au.ale_31bf3856ad364e35_6.1.7600.16385_en-au_08cbf9359cd20cb7
19/2/2020 - 19:48:0.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..cognition.en-au.ale_31bf3856ad364e35_6.1.7600.16385_en-au_08cbf9359cd20cb7
19/2/2020 - 19:48:0.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..cognition.pt-br.ale_31bf3856ad364e35_6.1.7600.16385_pt-br_3fee1af1e7501e79
19/2/2020 - 19:48:0.278Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..cognition.pt-br.ale_31bf3856ad364e35_6.1.7600.16385_pt-br_3fee1af1e7501e79
19/2/2020 - 19:48:0.278Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..cognition.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3b6ff1cfac9dfedb
19/2/2020 - 19:48:0.278Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..cognition.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3b6ff1cfac9dfedb
19/2/2020 - 19:48:0.325Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..cognition.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3b6ff1cfac9dfedb
19/2/2020 - 19:48:0.325Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:0.465Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:0.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.18540_none_a9770602ebbe1ab3
19/2/2020 - 19:48:0.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.18540_none_a9770602ebbe1ab3
19/2/2020 - 19:48:0.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.22750_none_a9f5d4c804e3d395
19/2/2020 - 19:48:0.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.22750_none_a9f5d4c804e3d395
19/2/2020 - 19:48:0.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..dpsounddriver-winip_31bf3856ad364e35_7.1.7601.16398_none_4c5b1ffe1e2a6f4d
19/2/2020 - 19:48:0.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..dpsounddriver-winip_31bf3856ad364e35_7.1.7601.16398_none_4c5b1ffe1e2a6f4d
19/2/2020 - 19:48:0.606Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:0.700Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:0.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..emotepage.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_14a8be44b82a51ab
19/2/2020 - 19:48:0.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..emotepage.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_14a8be44b82a51ab
19/2/2020 - 19:48:0.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ervices-wmiprovider_31bf3856ad364e35_6.1.7601.17514_none_4957978495a0d0c0
19/2/2020 - 19:48:0.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ervices-wmiprovider_31bf3856ad364e35_6.1.7601.17514_none_4957978495a0d0c0
19/2/2020 - 19:48:0.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..es-drprov.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c22d1f31ad4b9eb5
19/2/2020 - 19:48:0.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..es-drprov.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c22d1f31ad4b9eb5
19/2/2020 - 19:48:0.793Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..es-workspaceruntime_31bf3856ad364e35_6.1.7601.17514_none_848b402bf3e1c3b1
19/2/2020 - 19:48:0.793Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..es-workspaceruntime_31bf3856ad364e35_6.1.7601.17514_none_848b402bf3e1c3b1
19/2/2020 - 19:48:0.840Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:0.981Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:1.28Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:1.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..es-workspaceruntime_31bf3856ad364e35_6.1.7601.23154_none_84e966390d2014be
19/2/2020 - 19:48:1.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..es-workspaceruntime_31bf3856ad364e35_6.1.7601.23154_none_84e966390d2014be
19/2/2020 - 19:48:1.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..es-workspaceruntime_31bf3856ad364e35_7.2.7601.18934_none_3e14daae1da40bc0
19/2/2020 - 19:48:1.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..es-workspaceruntime_31bf3856ad364e35_7.2.7601.18934_none_3e14daae1da40bc0
19/2/2020 - 19:48:1.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..et-client.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_da8ece2756ce851b
19/2/2020 - 19:48:1.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..et-client.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_da8ece2756ce851b
19/2/2020 - 19:48:1.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..etoolsmqq.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7d8baf5e615aa64b
19/2/2020 - 19:48:1.75Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..etoolsmqq.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7d8baf5e615aa64b
19/2/2020 - 19:48:1.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..etoolsmqq.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7d8baf5e615aa64b
19/2/2020 - 19:48:1.215Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:1.309Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:1.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..etpc-mathrecognizer_31bf3856ad364e35_6.1.7600.16385_none_14416949695504c9
19/2/2020 - 19:48:1.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..etpc-mathrecognizer_31bf3856ad364e35_6.1.7600.16385_none_14416949695504c9
19/2/2020 - 19:48:1.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..flicklearningwizard_31bf3856ad364e35_6.1.7600.16385_none_69769fd78b751ad3
19/2/2020 - 19:48:1.403Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..flicklearningwizard_31bf3856ad364e35_6.1.7600.16385_none_69769fd78b751ad3
19/2/2020 - 19:48:1.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..flicklearningwizard_31bf3856ad364e35_6.1.7600.16385_none_69769fd78b751ad3
19/2/2020 - 19:48:1.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ices-msrdpwebaccess_31bf3856ad364e35_7.1.7601.16398_none_d6ce7acbed52f6d0
19/2/2020 - 19:48:1.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ices-msrdpwebaccess_31bf3856ad364e35_7.1.7601.16398_none_d6ce7acbed52f6d0
19/2/2020 - 19:48:1.450Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..icesframework-msctf_31bf3856ad364e35_6.1.7600.16385_none_d1b8a1c108762040
19/2/2020 - 19:48:1.450Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..icesframework-msctf_31bf3856ad364e35_6.1.7600.16385_none_d1b8a1c108762040
19/2/2020 - 19:48:1.497Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:1.637Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:1.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ied-chinese-zhengma_31bf3856ad364e35_6.1.7600.16385_none_bf4b6db34317721d
19/2/2020 - 19:48:1.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ied-chinese-zhengma_31bf3856ad364e35_6.1.7600.16385_none_bf4b6db34317721d
19/2/2020 - 19:48:1.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.17514_none_f8373ee981acd109
19/2/2020 - 19:48:1.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.17514_none_f8373ee981acd109
19/2/2020 - 19:48:1.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.17828_none_f83075d781b149cb
19/2/2020 - 19:48:1.684Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.17828_none_f83075d781b149cb
19/2/2020 - 19:48:1.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.17828_none_f83075d781b149cb\rdrmemptylst.exe
19/2/2020 - 19:48:1.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.17828_none_f83075d781b149cb\rdrmemptylst.exerdrmemptylst.exe
19/2/2020 - 19:48:1.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.17828_none_f83075d781b149cb\rdrmemptylst.exe
19/2/2020 - 19:48:1.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.17828_none_f83075d781b149cb\rdrmemptylst.exe
19/2/2020 - 19:48:1.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.17828_none_f83075d781b149cb\rdrmemptylst.exe
19/2/2020 - 19:48:1.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.17828_none_f83075d781b149cb
19/2/2020 - 19:48:1.825Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:1.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ional-chinese-array_31bf3856ad364e35_6.1.7600.16385_none_c0cebfe77b9f6973
19/2/2020 - 19:48:1.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ional-chinese-array_31bf3856ad364e35_6.1.7600.16385_none_c0cebfe77b9f6973
19/2/2020 - 19:48:1.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..iprovider.resources_31bf3856ad364e35_6.1.7601.17514_en-us_1a5dc897f38ca68b
19/2/2020 - 19:48:1.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..iprovider.resources_31bf3856ad364e35_6.1.7601.17514_en-us_1a5dc897f38ca68b
19/2/2020 - 19:48:1.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..k-msctfui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_16ec4991fe479102
19/2/2020 - 19:48:1.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..k-msctfui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_16ec4991fe479102
19/2/2020 - 19:48:1.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_ar-sa_7c636ced4a5a933c
19/2/2020 - 19:48:1.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_ar-sa_7c636ced4a5a933c
19/2/2020 - 19:48:1.918Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:2.59Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:2.106Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:2.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_cdacc5112862c0be
19/2/2020 - 19:48:2.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_cdacc5112862c0be
19/2/2020 - 19:48:2.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_de-de_68123a74207f1157
19/2/2020 - 19:48:2.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_de-de_68123a74207f1157
19/2/2020 - 19:48:2.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_et-ee_0a8e38e11389eb50
19/2/2020 - 19:48:2.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_et-ee_0a8e38e11389eb50
19/2/2020 - 19:48:2.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_it-it_9dadd996d9880aa1
19/2/2020 - 19:48:2.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_it-it_9dadd996d9880aa1
19/2/2020 - 19:48:2.247Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:2.387Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:2.481Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_nb-no_cbcfb68d97390f4e
19/2/2020 - 19:48:2.481Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_nb-no_cbcfb68d97390f4e
19/2/2020 - 19:48:2.481Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:2.622Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:2.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..lipboardredirection_31bf3856ad364e35_6.1.7601.17514_none_5ffc161221c1b4f6
19/2/2020 - 19:48:2.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..lipboardredirection_31bf3856ad364e35_6.1.7601.17514_none_5ffc161221c1b4f6
19/2/2020 - 19:48:2.762Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:2.903Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:2.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..lishing-wmiprovider_31bf3856ad364e35_6.1.7601.17514_none_935e5e07aa28aa00
19/2/2020 - 19:48:2.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..lishing-wmiprovider_31bf3856ad364e35_6.1.7601.17514_none_935e5e07aa28aa00\rdpsign.exe
19/2/2020 - 19:48:2.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..lishing-wmiprovider_31bf3856ad364e35_6.1.7601.17514_none_935e5e07aa28aa00\rdpsign.exe
19/2/2020 - 19:48:2.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..lishing-wmiprovider_31bf3856ad364e35_6.1.7601.17514_none_935e5e07aa28aa00\rdpsign.exe
19/2/2020 - 19:48:2.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..lishing-wmiprovider_31bf3856ad364e35_6.1.7601.17514_none_935e5e07aa28aa00\rdpsign.exe
19/2/2020 - 19:48:2.950Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..lishing-wmiprovider_31bf3856ad364e35_6.1.7601.17514_none_935e5e07aa28aa00
19/2/2020 - 19:48:2.950Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..lservices-workspace_31bf3856ad364e35_6.1.7601.22465_none_2f6978be8a03b8bc
19/2/2020 - 19:48:2.950Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..lservices-workspace_31bf3856ad364e35_6.1.7601.22465_none_2f6978be8a03b8bc
19/2/2020 - 19:48:2.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..lservices-workspace_31bf3856ad364e35_6.1.7601.22465_none_2f6978be8a03b8bc
19/2/2020 - 19:48:2.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..lservices-workspace_31bf3856ad364e35_6.1.7601.22757_none_2f764ef089f9c6ee
19/2/2020 - 19:48:2.997Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..lservices-workspace_31bf3856ad364e35_6.1.7601.22757_none_2f764ef089f9c6ee
19/2/2020 - 19:48:3.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..lservices-workspace_31bf3856ad364e35_6.1.7601.22757_none_2f764ef089f9c6ee
19/2/2020 - 19:48:3.90Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:3.137Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:3.184Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:3.325Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:3.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7601.22750_none_ac5c9a1550f8db39
19/2/2020 - 19:48:3.372Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7601.22750_none_ac5c9a1550f8db39\mstsc.exe
19/2/2020 - 19:48:3.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7601.22750_none_ac5c9a1550f8db39\mstsc.exe
19/2/2020 - 19:48:3.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7601.22750_none_ac5c9a1550f8db39\mstsc.exe
19/2/2020 - 19:48:3.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7601.22750_none_ac5c9a1550f8db39\mstsc.exe
19/2/2020 - 19:48:3.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7601.22750_none_ac5c9a1550f8db39
19/2/2020 - 19:48:3.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..nalservices-drivers_31bf3856ad364e35_6.1.7601.23154_none_afd443c22658255c
19/2/2020 - 19:48:3.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..nalservices-drivers_31bf3856ad364e35_6.1.7601.23154_none_afd443c22658255c
19/2/2020 - 19:48:3.512Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:3.653Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:3.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..nput-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_17fbe09f0e309057
19/2/2020 - 19:48:3.700Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..nput-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_17fbe09f0e309057
19/2/2020 - 19:48:3.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..nput-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_17fbe09f0e309057
19/2/2020 - 19:48:3.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..nputpanel-languages_31bf3856ad364e35_6.1.7600.16385_none_1b58698c1652f99f
19/2/2020 - 19:48:3.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..nputpanel-languages_31bf3856ad364e35_6.1.7600.16385_none_1b58698c1652f99f
19/2/2020 - 19:48:3.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..omruntime.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_326599457ad40d7c
19/2/2020 - 19:48:3.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..omruntime.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_326599457ad40d7c
19/2/2020 - 19:48:3.793Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:3.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ork-msctf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_04f656f83faa61d2
19/2/2020 - 19:48:3.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ork-msctf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_04f656f83faa61d2
19/2/2020 - 19:48:3.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..otewriter.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_48a55477f9b956e3
19/2/2020 - 19:48:3.934Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..otewriter.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_48a55477f9b956e3
19/2/2020 - 19:48:3.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..otewriter.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_48a55477f9b956e3
19/2/2020 - 19:48:3.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7600.16385_none_a98d2bb89855d54d
19/2/2020 - 19:48:3.981Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7600.16385_none_a98d2bb89855d54d
19/2/2020 - 19:48:4.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7600.16385_none_a98d2bb89855d54d
19/2/2020 - 19:48:4.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7601.19112_none_abbc09c4954664df
19/2/2020 - 19:48:4.28Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7601.19112_none_abbc09c4954664df
19/2/2020 - 19:48:4.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7601.19112_none_abbc09c4954664df
19/2/2020 - 19:48:4.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7601.23415_none_ac48ab39ae614afc
19/2/2020 - 19:48:4.75Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7601.23415_none_ac48ab39ae614afc
19/2/2020 - 19:48:4.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.1.7601.23415_none_ac48ab39ae614afc
19/2/2020 - 19:48:4.122Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:4.262Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:4.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..platform-input-core_31bf3856ad364e35_6.1.7601.17514_none_2f3651e7f36d703f
19/2/2020 - 19:48:4.356Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..platform-input-core_31bf3856ad364e35_6.1.7601.17514_none_2f3651e7f36d703f
19/2/2020 - 19:48:4.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..platform-input-core_31bf3856ad364e35_6.1.7601.17514_none_2f3651e7f36d703f
19/2/2020 - 19:48:4.403Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..rk-ctfmon.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f40abd54bc898022
19/2/2020 - 19:48:4.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..rk-ctfmon.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f40abd54bc898022
19/2/2020 - 19:48:4.450Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:4.497Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:4.590Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:4.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.1.7601.17514_none_8e140d2bdc47c0be
19/2/2020 - 19:48:4.684Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.1.7601.17514_none_8e140d2bdc47c0be
19/2/2020 - 19:48:4.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.1.7601.17514_none_8e140d2bdc47c0be
19/2/2020 - 19:48:4.731Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.1.7601.18951_none_8de5bd6ddc6af2ba
19/2/2020 - 19:48:4.731Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.1.7601.18951_none_8de5bd6ddc6af2ba
19/2/2020 - 19:48:4.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.1.7601.18951_none_8de5bd6ddc6af2ba
19/2/2020 - 19:48:4.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.1.7601.22750_none_8e6e543cf58981b8
19/2/2020 - 19:48:4.778Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.1.7601.22750_none_8e6e543cf58981b8
19/2/2020 - 19:48:4.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.1.7601.22750_none_8e6e543cf58981b8
19/2/2020 - 19:48:4.872Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:5.12Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:5.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..s-collaboration-api_31bf3856ad364e35_6.1.7601.17514_none_a39735a9b3e58f7a
19/2/2020 - 19:48:5.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..s-collaboration-api_31bf3856ad364e35_6.1.7601.17514_none_a39735a9b3e58f7a
19/2/2020 - 19:48:5.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..s-rdp-displaydriver_31bf3856ad364e35_6.1.7601.17514_none_42b1da626b987aed
19/2/2020 - 19:48:5.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..s-rdp-displaydriver_31bf3856ad364e35_6.1.7601.17514_none_42b1da626b987aed
19/2/2020 - 19:48:5.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..s-sessionenvservice_31bf3856ad364e35_6.1.7601.17514_none_3d045afcfe4692fe
19/2/2020 - 19:48:5.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..s-sessionenvservice_31bf3856ad364e35_6.1.7601.17514_none_3d045afcfe4692fe
19/2/2020 - 19:48:5.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..sframework-mscandui_31bf3856ad364e35_6.1.7600.16385_none_e6956cccf90c97d9
19/2/2020 - 19:48:5.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..sframework-mscandui_31bf3856ad364e35_6.1.7600.16385_none_e6956cccf90c97d9
19/2/2020 - 19:48:5.153Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:5.247Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:5.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..tfmonitor.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6cdd9e020b264849
19/2/2020 - 19:48:5.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..tfmonitor.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6cdd9e020b264849
19/2/2020 - 19:48:5.387Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:5.528Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:5.575Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:5.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..torserver.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_1a36063c9dd267a4
19/2/2020 - 19:48:5.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..torserver.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_1a36063c9dd267a4
19/2/2020 - 19:48:5.715Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:5.809Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:5.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2f43c61d93e2fa58
19/2/2020 - 19:48:5.856Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2f43c61d93e2fa58
19/2/2020 - 19:48:5.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2f43c61d93e2fa58
19/2/2020 - 19:48:5.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..usbredirectorclient_31bf3856ad364e35_7.1.7601.16398_none_f642bcff6c8b2640
19/2/2020 - 19:48:5.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..usbredirectorclient_31bf3856ad364e35_7.1.7601.16398_none_f642bcff6c8b2640
19/2/2020 - 19:48:5.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..usbredirectorclient_31bf3856ad364e35_7.2.7601.16415_none_bec50aac0b1850fb
19/2/2020 - 19:48:5.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..usbredirectorclient_31bf3856ad364e35_7.2.7601.16415_none_bec50aac0b1850fb
19/2/2020 - 19:48:5.997Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:6.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..workspace.resources_31bf3856ad364e35_6.1.7601.22465_pt-br_710242e12dd878f0
19/2/2020 - 19:48:6.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-t..workspace.resources_31bf3856ad364e35_6.1.7601.22465_pt-br_710242e12dd878f0
19/2/2020 - 19:48:6.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-controlpanel_31bf3856ad364e35_6.1.7601.17514_none_3d9977977190cdc4
19/2/2020 - 19:48:6.137Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-controlpanel_31bf3856ad364e35_6.1.7601.17514_none_3d9977977190cdc4
19/2/2020 - 19:48:6.184Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-controlpanel_31bf3856ad364e35_6.1.7601.17514_none_3d9977977190cdc4
19/2/2020 - 19:48:6.184Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:6.325Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:6.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.18984_none_6f695c918e5aa933
19/2/2020 - 19:48:6.418Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.18984_none_6f695c918e5aa933
19/2/2020 - 19:48:6.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.18984_none_6f695c918e5aa933
19/2/2020 - 19:48:6.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.23316_none_7662f7ddd453ce6b
19/2/2020 - 19:48:6.465Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.23316_none_7662f7ddd453ce6b
19/2/2020 - 19:48:6.512Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.23316_none_7662f7ddd453ce6b
19/2/2020 - 19:48:6.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.23316_none_7662f7ddd453ce6b
19/2/2020 - 19:48:6.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_6.1.7601.22722_none_30546cd28123fc4b
19/2/2020 - 19:48:6.559Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_6.1.7601.22722_none_30546cd28123fc4b
19/2/2020 - 19:48:6.606Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_6.1.7601.22722_none_30546cd28123fc4b
19/2/2020 - 19:48:6.653Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_6.1.7601.22722_none_30546cd28123fc4b
19/2/2020 - 19:48:6.653Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-tabbtn_31bf3856ad364e35_6.1.7600.16385_none_cf4a4bb05b04c2aa
19/2/2020 - 19:48:6.653Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-tabbtn_31bf3856ad364e35_6.1.7600.16385_none_cf4a4bb05b04c2aa
19/2/2020 - 19:48:6.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpc-tabbtn_31bf3856ad364e35_6.1.7600.16385_none_cf4a4bb05b04c2aa
19/2/2020 - 19:48:6.747Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:6.887Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:6.934Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:7.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpcinputpanel-adm_31bf3856ad364e35_6.1.7600.16385_none_8a63cafcc4cc9d99
19/2/2020 - 19:48:7.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tabletpcinputpanel-adm_31bf3856ad364e35_6.1.7600.16385_none_8a63cafcc4cc9d99
19/2/2020 - 19:48:7.75Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:7.215Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:7.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.17514_none_8664adc870f5633a
19/2/2020 - 19:48:7.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.17514_none_8664adc870f5633a
19/2/2020 - 19:48:7.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.22172_none_86ab4a318a459fda
19/2/2020 - 19:48:7.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.22172_none_86ab4a318a459fda\taskhost.exe
19/2/2020 - 19:48:7.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.22172_none_86ab4a318a459fda\taskhost.exe
19/2/2020 - 19:48:7.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.22172_none_86ab4a318a459fda\taskhost.exe
19/2/2020 - 19:48:7.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.22172_none_86ab4a318a459fda\taskhost.exe
19/2/2020 - 19:48:7.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.22172_none_86ab4a318a459fda
19/2/2020 - 19:48:7.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-taskkill.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5dd9ecf9a4a017fc
19/2/2020 - 19:48:7.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-taskkill.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5dd9ecf9a4a017fc
19/2/2020 - 19:48:7.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-taskmanager-events_31bf3856ad364e35_6.1.7600.16385_none_e0ac3efe41cead57
19/2/2020 - 19:48:7.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-taskmanager-events_31bf3856ad364e35_6.1.7600.16385_none_e0ac3efe41cead57
19/2/2020 - 19:48:7.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-taskmgr_31bf3856ad364e35_6.1.7601.17514_none_7288349cbfd37b08
19/2/2020 - 19:48:7.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-taskmgr_31bf3856ad364e35_6.1.7601.17514_none_7288349cbfd37b08
19/2/2020 - 19:48:7.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-client_31bf3856ad364e35_6.1.7601.17514_none_a2204d83b4ef6bd1
19/2/2020 - 19:48:7.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-client_31bf3856ad364e35_6.1.7601.17514_none_a2204d83b4ef6bd1
19/2/2020 - 19:48:7.356Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:7.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-netapi_31bf3856ad364e35_6.1.7601.17514_none_67e6c3074ea71107
19/2/2020 - 19:48:7.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-netapi_31bf3856ad364e35_6.1.7601.17514_none_67e6c3074ea71107
19/2/2020 - 19:48:7.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7601.17514_none_8d272400ada202f9
19/2/2020 - 19:48:7.497Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7601.17514_none_8d272400ada202f9
19/2/2020 - 19:48:7.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7601.17514_none_8d272400ada202f9
19/2/2020 - 19:48:7.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tcpip-adm_31bf3856ad364e35_6.1.7601.22124_none_91ae30e0b7c1437b
19/2/2020 - 19:48:7.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tcpip-adm_31bf3856ad364e35_6.1.7601.22124_none_91ae30e0b7c1437b
19/2/2020 - 19:48:7.543Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:7.684Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:7.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_11b12f2896383dd1
19/2/2020 - 19:48:7.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_11b12f2896383dd1
19/2/2020 - 19:48:7.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tcpip.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_29d3a184538902e3
19/2/2020 - 19:48:7.778Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tcpip.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_29d3a184538902e3
19/2/2020 - 19:48:7.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tcpip.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_29d3a184538902e3
19/2/2020 - 19:48:7.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.1.7601.17514_none_bfab9b4ba5f934f9
19/2/2020 - 19:48:7.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.1.7601.17514_none_bfab9b4ba5f934f9\netiougc.exe
19/2/2020 - 19:48:7.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.1.7601.17514_none_bfab9b4ba5f934f9\netiougc.exe
19/2/2020 - 19:48:7.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.1.7601.17514_none_bfab9b4ba5f934f9\netiougc.exe
19/2/2020 - 19:48:7.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.1.7601.17514_none_bfab9b4ba5f934f9\netiougc.exe
19/2/2020 - 19:48:7.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.1.7601.17514_none_bfab9b4ba5f934f9
19/2/2020 - 19:48:7.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.19031_none_484af5f6f2c86054
19/2/2020 - 19:48:7.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.19031_none_484af5f6f2c86054
19/2/2020 - 19:48:7.872Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:8.12Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:8.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-telnet-client_31bf3856ad364e35_6.1.7600.16385_none_1426830c3ebb712d
19/2/2020 - 19:48:8.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-telnet-client_31bf3856ad364e35_6.1.7600.16385_none_1426830c3ebb712d
19/2/2020 - 19:48:8.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-telnet-server-tlntsess_31bf3856ad364e35_6.1.7600.16385_none_05ebf19ca2304436
19/2/2020 - 19:48:8.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-telnet-server-tlntsess_31bf3856ad364e35_6.1.7600.16385_none_05ebf19ca2304436
19/2/2020 - 19:48:8.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-terminalserver-adm_31bf3856ad364e35_6.1.7601.17514_none_e09a4d44afffdbed
19/2/2020 - 19:48:8.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-terminalserver-adm_31bf3856ad364e35_6.1.7601.17514_none_e09a4d44afffdbed
19/2/2020 - 19:48:8.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-themecpl_31bf3856ad364e35_6.1.7601.17514_none_54f35b041d144465
19/2/2020 - 19:48:8.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-themecpl_31bf3856ad364e35_6.1.7601.17514_none_54f35b041d144465
19/2/2020 - 19:48:8.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-themefile-aero_31bf3856ad364e35_6.1.7600.16385_none_d5e81742635a7176
19/2/2020 - 19:48:8.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-themefile-aero_31bf3856ad364e35_6.1.7600.16385_none_d5e81742635a7176
19/2/2020 - 19:48:8.153Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:8.200Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:8.340Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:8.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-timedate-mui-callback_31bf3856ad364e35_6.1.7600.16385_none_506354f04ec77b5e
19/2/2020 - 19:48:8.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-timedate-mui-callback_31bf3856ad364e35_6.1.7600.16385_none_506354f04ec77b5e
19/2/2020 - 19:48:8.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-timedate_31bf3856ad364e35_6.1.7601.21888_none_ee14242ff3bc3f4b
19/2/2020 - 19:48:8.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-timedate_31bf3856ad364e35_6.1.7601.21888_none_ee14242ff3bc3f4b
19/2/2020 - 19:48:8.481Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:8.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tpm-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_683819fc00daa4a1
19/2/2020 - 19:48:8.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tpm-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_683819fc00daa4a1
19/2/2020 - 19:48:8.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.1.7600.16385_none_cb820007d9f4cd19
19/2/2020 - 19:48:8.622Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.1.7600.16385_none_cb820007d9f4cd19
19/2/2020 - 19:48:8.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.1.7600.16385_none_cb820007d9f4cd19
19/2/2020 - 19:48:8.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-trapi_31bf3856ad364e35_6.1.7601.17514_none_b8b0a867aa8083b5
19/2/2020 - 19:48:8.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-trapi_31bf3856ad364e35_6.1.7601.17514_none_b8b0a867aa8083b5
19/2/2020 - 19:48:8.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-trkwks_31bf3856ad364e35_6.1.7600.16385_none_421749cb528eae99
19/2/2020 - 19:48:8.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-trkwks_31bf3856ad364e35_6.1.7600.16385_none_421749cb528eae99
19/2/2020 - 19:48:8.668Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:8.809Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:8.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..ackup-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5b0686eb74382acb
19/2/2020 - 19:48:8.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..ackup-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5b0686eb74382acb
19/2/2020 - 19:48:8.950Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:9.90Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:9.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..assdriver.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e787ba3f130cd1c2
19/2/2020 - 19:48:9.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..assdriver.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_e787ba3f130cd1c2
19/2/2020 - 19:48:9.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..ationcore.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_681316ebaf5a445d
19/2/2020 - 19:48:9.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..ationcore.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_681316ebaf5a445d
19/2/2020 - 19:48:9.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..dem-voice.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4b89c9d13b150580
19/2/2020 - 19:48:9.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..dem-voice.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4b89c9d13b150580
19/2/2020 - 19:48:9.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..em-core-classdriver_31bf3856ad364e35_6.1.7600.16385_none_8bf97498085ce154
19/2/2020 - 19:48:9.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..em-core-classdriver_31bf3856ad364e35_6.1.7600.16385_none_8bf97498085ce154
19/2/2020 - 19:48:9.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..em-core-classdriver_31bf3856ad364e35_6.1.7601.21818_none_8eb82a1f1e656462
19/2/2020 - 19:48:9.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..em-core-classdriver_31bf3856ad364e35_6.1.7601.21818_none_8eb82a1f1e656462
19/2/2020 - 19:48:9.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..endedjoin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f6daf163cb4d5fa3
19/2/2020 - 19:48:9.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..endedjoin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f6daf163cb4d5fa3
19/2/2020 - 19:48:9.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..evicehost.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_dea5ac54ce42c6e0
19/2/2020 - 19:48:9.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..evicehost.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_dea5ac54ce42c6e0
19/2/2020 - 19:48:9.231Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:9.278Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:9.418Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:9.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..re-atmini.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4f5a717a96789720
19/2/2020 - 19:48:9.465Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..re-atmini.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_4f5a717a96789720
19/2/2020 - 19:48:9.465Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..rvice-mof.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_52aaa401928f8abe
19/2/2020 - 19:48:9.465Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..rvice-mof.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_52aaa401928f8abe
19/2/2020 - 19:48:9.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-u..rvice-mof.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_52aaa401928f8abe
19/2/2020 - 19:48:9.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-uianimation.resources_31bf3856ad364e35_7.1.7601.16492_en-us_26c646437cfad63b
19/2/2020 - 19:48:9.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-uianimation.resources_31bf3856ad364e35_7.1.7601.16492_en-us_26c646437cfad63b
19/2/2020 - 19:48:9.606Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:9.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-uianimation.resources_31bf3856ad364e35_7.1.7601.16492_nl-nl_dfd237a20602d242
19/2/2020 - 19:48:9.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-uianimation.resources_31bf3856ad364e35_7.1.7601.16492_nl-nl_dfd237a20602d242
19/2/2020 - 19:48:9.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-unattendedjoin_31bf3856ad364e35_6.1.7601.17514_none_113aea0e8374286d
19/2/2020 - 19:48:9.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-unattendedjoin_31bf3856ad364e35_6.1.7601.17514_none_113aea0e8374286d\djoin.exe
19/2/2020 - 19:48:9.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-unattendedjoin_31bf3856ad364e35_6.1.7601.17514_none_113aea0e8374286d\djoin.exe
19/2/2020 - 19:48:9.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-unattendedjoin_31bf3856ad364e35_6.1.7601.17514_none_113aea0e8374286d\djoin.exe
19/2/2020 - 19:48:9.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-unattendedjoin_31bf3856ad364e35_6.1.7601.17514_none_113aea0e8374286d\djoin.exe
19/2/2020 - 19:48:9.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-unattendedjoin_31bf3856ad364e35_6.1.7601.17514_none_113aea0e8374286d
19/2/2020 - 19:48:9.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-unimodem-core-tsp_31bf3856ad364e35_6.1.7601.17514_none_0bfff799e6368cd9
19/2/2020 - 19:48:9.700Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-unimodem-core-tsp_31bf3856ad364e35_6.1.7601.17514_none_0bfff799e6368cd9
19/2/2020 - 19:48:9.747Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:9.887Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:9.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-unimodem-core_31bf3856ad364e35_6.1.7600.16385_none_f08d2472ee3ef611
19/2/2020 - 19:48:9.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-unimodem-core_31bf3856ad364e35_6.1.7600.16385_none_f08d2472ee3ef611
19/2/2020 - 19:48:9.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-unimodem-voice_31bf3856ad364e35_6.1.7600.16385_none_a07f9fa9687232e6
19/2/2020 - 19:48:9.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-unimodem-voice_31bf3856ad364e35_6.1.7600.16385_none_a07f9fa9687232e6
19/2/2020 - 19:48:9.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_1ddd261c4e350476
19/2/2020 - 19:48:9.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_1ddd261c4e350476
19/2/2020 - 19:48:9.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-usbcamd_31bf3856ad364e35_6.1.7601.17514_none_fdae66ff8eda989e
19/2/2020 - 19:48:9.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-usbcamd_31bf3856ad364e35_6.1.7601.17514_none_fdae66ff8eda989e
19/2/2020 - 19:48:9.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-usbceip.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f97826e6a0bac290
19/2/2020 - 19:48:9.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-usbceip.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_f97826e6a0bac290
19/2/2020 - 19:48:10.28Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:10.168Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:10.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-usbui_31bf3856ad364e35_6.1.7600.16385_none_b744079ec68fe661
19/2/2020 - 19:48:10.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-usbui_31bf3856ad364e35_6.1.7600.16385_none_b744079ec68fe661
19/2/2020 - 19:48:10.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-userdatabackup-adm_31bf3856ad364e35_6.1.7600.16385_none_2dc05a8484480773
19/2/2020 - 19:48:10.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-userdatabackup-adm_31bf3856ad364e35_6.1.7600.16385_none_2dc05a8484480773
19/2/2020 - 19:48:10.309Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:10.450Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:10.497Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:10.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-userinit.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ed81ce5758b7970c
19/2/2020 - 19:48:10.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-userinit.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ed81ce5758b7970c
19/2/2020 - 19:48:10.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c
19/2/2020 - 19:48:10.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c
19/2/2020 - 19:48:10.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.23259_none_0b83a7e28855b756
19/2/2020 - 19:48:10.543Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.23259_none_0b83a7e28855b756
19/2/2020 - 19:48:10.637Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:10.731Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:10.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-uxinit_31bf3856ad364e35_6.1.7600.16385_none_b94ae24505e3a528
19/2/2020 - 19:48:10.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-uxinit_31bf3856ad364e35_6.1.7600.16385_none_b94ae24505e3a528
19/2/2020 - 19:48:10.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..cprovider.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_81ea0821631ef733
19/2/2020 - 19:48:10.778Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..cprovider.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_81ea0821631ef733
19/2/2020 - 19:48:10.778Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17514_none_3a233d996daf2ebe
19/2/2020 - 19:48:10.778Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17514_none_3a233d996daf2ebe
19/2/2020 - 19:48:10.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17514_none_3a233d996daf2ebe
19/2/2020 - 19:48:10.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..ice-dynamicprovider_31bf3856ad364e35_6.1.7600.16385_none_b9ee1de1ca498be1
19/2/2020 - 19:48:10.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..ice-dynamicprovider_31bf3856ad364e35_6.1.7600.16385_none_b9ee1de1ca498be1
19/2/2020 - 19:48:10.918Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:11.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..ption-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6fb6663ea0783377
19/2/2020 - 19:48:11.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..ption-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6fb6663ea0783377
19/2/2020 - 19:48:11.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..r-windows.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_76f117c97b2652b2
19/2/2020 - 19:48:11.59Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..r-windows.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_76f117c97b2652b2
19/2/2020 - 19:48:11.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..r-windows.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_76f117c97b2652b2
19/2/2020 - 19:48:11.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..ure-filter-tvanalog_31bf3856ad364e35_6.1.7601.17514_none_c166a52b4e10314f
19/2/2020 - 19:48:11.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..ure-filter-tvanalog_31bf3856ad364e35_6.1.7601.17514_none_c166a52b4e10314f
19/2/2020 - 19:48:11.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..virtualdiskprovider_31bf3856ad364e35_6.1.7600.16385_none_59631737001e424e
19/2/2020 - 19:48:11.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-v..virtualdiskprovider_31bf3856ad364e35_6.1.7600.16385_none_59631737001e424e
19/2/2020 - 19:48:11.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-verifier_31bf3856ad364e35_6.1.7600.16385_none_25fa2709e25e715f
19/2/2020 - 19:48:11.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-verifier_31bf3856ad364e35_6.1.7600.16385_none_25fa2709e25e715f
19/2/2020 - 19:48:11.106Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:11.247Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:11.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_6.1.7601.17514_none_c910d80f114e267a
19/2/2020 - 19:48:11.340Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_6.1.7601.17514_none_c910d80f114e267a
19/2/2020 - 19:48:11.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_6.1.7601.17514_none_c910d80f114e267a\vds.exe
19/2/2020 - 19:48:11.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_6.1.7601.17514_none_c910d80f114e267a\vds.exe
19/2/2020 - 19:48:11.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_6.1.7601.17514_none_c910d80f114e267a\vds.exe
19/2/2020 - 19:48:11.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_6.1.7601.17514_none_c910d80f114e267a\vds.exe
19/2/2020 - 19:48:11.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_6.1.7601.17514_none_c910d80f114e267a\vdsldr.exe
19/2/2020 - 19:48:11.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_6.1.7601.17514_none_c910d80f114e267a\vdsldr.exe
19/2/2020 - 19:48:11.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_6.1.7601.17514_none_c910d80f114e267a\vdsldr.exe
19/2/2020 - 19:48:11.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_6.1.7601.17514_none_c910d80f114e267a\vdsldr.exe
19/2/2020 - 19:48:11.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_6.1.7601.17514_none_c910d80f114e267a
19/2/2020 - 19:48:11.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-volumeencryption-adm_31bf3856ad364e35_6.1.7600.16385_none_02760d9722bab7e7
19/2/2020 - 19:48:11.387Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-volumeencryption-adm_31bf3856ad364e35_6.1.7600.16385_none_02760d9722bab7e7
19/2/2020 - 19:48:11.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-vssadmin_31bf3856ad364e35_6.1.7600.16385_none_207247174b54af00
19/2/2020 - 19:48:11.387Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-vssadmin_31bf3856ad364e35_6.1.7600.16385_none_207247174b54af00\vssadmin.exe
19/2/2020 - 19:48:11.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-vssadmin_31bf3856ad364e35_6.1.7600.16385_none_207247174b54af00\vssadmin.exe
19/2/2020 - 19:48:11.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-vssadmin_31bf3856ad364e35_6.1.7600.16385_none_207247174b54af00\vssadmin.exe
19/2/2020 - 19:48:11.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-vssadmin_31bf3856ad364e35_6.1.7600.16385_none_207247174b54af00\vssadmin.exe
19/2/2020 - 19:48:11.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-vssadmin_31bf3856ad364e35_6.1.7600.16385_none_207247174b54af00
19/2/2020 - 19:48:11.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-vssproxystub_31bf3856ad364e35_6.1.7601.17514_none_8ee225c94090e933
19/2/2020 - 19:48:11.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-vssproxystub_31bf3856ad364e35_6.1.7601.17514_none_8ee225c94090e933
19/2/2020 - 19:48:11.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-vssservice.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2acde632f15331f6
19/2/2020 - 19:48:11.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-vssservice.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2acde632f15331f6
19/2/2020 - 19:48:11.481Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:11.622Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:11.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-chinesetraditional_31bf3856ad364e35_7.0.7600.16385_none_72e2ed435bc16317
19/2/2020 - 19:48:11.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-chinesetraditional_31bf3856ad364e35_7.0.7600.16385_none_72e2ed435bc16317
19/2/2020 - 19:48:11.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf
19/2/2020 - 19:48:11.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf
19/2/2020 - 19:48:11.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.23451_none_16d487565d2c454c
19/2/2020 - 19:48:11.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.23451_none_16d487565d2c454c
19/2/2020 - 19:48:11.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3bface4fab5785a1
19/2/2020 - 19:48:11.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3bface4fab5785a1
19/2/2020 - 19:48:11.762Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:11.809Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:11.903Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:11.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5eda1b8ca39ab0f9
19/2/2020 - 19:48:11.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5eda1b8ca39ab0f9
19/2/2020 - 19:48:11.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cb68ee94138ca128
19/2/2020 - 19:48:11.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cb68ee94138ca128
19/2/2020 - 19:48:11.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-wiaextensionhost64_31bf3856ad364e35_6.1.7600.16385_none_a1a9c1704858f885
19/2/2020 - 19:48:11.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..-wiaextensionhost64_31bf3856ad364e35_6.1.7600.16385_none_a1a9c1704858f885
19/2/2020 - 19:48:11.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..akerstemmer-neutral_31bf3856ad364e35_7.0.7600.16385_none_e5375903a41baace
19/2/2020 - 19:48:11.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..akerstemmer-neutral_31bf3856ad364e35_7.0.7600.16385_none_e5375903a41baace
19/2/2020 - 19:48:11.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..breakerstemmer-thai_31bf3856ad364e35_7.0.7600.16385_none_67c71546419fa0f9
19/2/2020 - 19:48:11.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..breakerstemmer-thai_31bf3856ad364e35_7.0.7600.16385_none_67c71546419fa0f9
19/2/2020 - 19:48:12.43Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:12.184Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:12.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..cationcompatibility_31bf3856ad364e35_6.1.7601.17514_none_cc50331bf521b518
19/2/2020 - 19:48:12.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..cationcompatibility_31bf3856ad364e35_6.1.7601.17514_none_cc50331bf521b518
19/2/2020 - 19:48:12.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..client-ui.resources_31bf3856ad364e35_7.6.7601.18804_pt-br_4fd64ae0940c03f2
19/2/2020 - 19:48:12.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..client-ui.resources_31bf3856ad364e35_7.6.7601.18804_pt-br_4fd64ae0940c03f2
19/2/2020 - 19:48:12.231Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..client-ui.resources_31bf3856ad364e35_7.6.7601.19046_pt-br_4face5cc942ad6cd
19/2/2020 - 19:48:12.231Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..client-ui.resources_31bf3856ad364e35_7.6.7601.19046_pt-br_4face5cc942ad6cd
19/2/2020 - 19:48:12.325Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:12.418Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:12.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..deviceapi.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_539b359f9862f854
19/2/2020 - 19:48:12.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..deviceapi.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_539b359f9862f854
19/2/2020 - 19:48:12.559Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:12.700Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:12.747Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:12.793Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:12.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ellibrary.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7b179d9b81a776c5
19/2/2020 - 19:48:12.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ellibrary.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_7b179d9b81a776c5
19/2/2020 - 19:48:12.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ellibrary.resources_31bf3856ad364e35_6.1.7601.17803_pt-br_7d5286b77e8ebc8c
19/2/2020 - 19:48:12.840Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ellibrary.resources_31bf3856ad364e35_6.1.7601.17803_pt-br_7d5286b77e8ebc8c
19/2/2020 - 19:48:12.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ellibrary.resources_31bf3856ad364e35_6.1.7601.17803_pt-br_7d5286b77e8ebc8c
19/2/2020 - 19:48:12.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ent-internalupgrade_31bf3856ad364e35_7.6.7601.19046_none_2b7d5e9a8880c9aa
19/2/2020 - 19:48:12.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ent-internalupgrade_31bf3856ad364e35_7.6.7601.19046_none_2b7d5e9a8880c9aa
19/2/2020 - 19:48:12.981Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:13.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..eprovider.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c0df15d49718b800
19/2/2020 - 19:48:13.75Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..eprovider.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c0df15d49718b800
19/2/2020 - 19:48:13.75Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ewmdrmcompatibility_31bf3856ad364e35_6.1.7600.16385_none_090727b340445c97
19/2/2020 - 19:48:13.75Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ewmdrmcompatibility_31bf3856ad364e35_6.1.7600.16385_none_090727b340445c97
19/2/2020 - 19:48:13.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ewmdrmcompatibility_31bf3856ad364e35_6.1.7600.16385_none_090727b340445c97
19/2/2020 - 19:48:13.122Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..extension.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9c0599c70696251d
19/2/2020 - 19:48:13.122Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..extension.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9c0599c70696251d
19/2/2020 - 19:48:13.122Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:13.262Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:13.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.18619_none_2890675ec3a2ec11
19/2/2020 - 19:48:13.356Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.18619_none_2890675ec3a2ec11
19/2/2020 - 19:48:13.403Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.18619_none_2890675ec3a2ec11
19/2/2020 - 19:48:13.450Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:13.590Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:13.684Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:13.825Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:13.872Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:13.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..lient-aux.resources_31bf3856ad364e35_7.6.7601.18804_pt-br_e8aba3848105c576
19/2/2020 - 19:48:13.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..lient-aux.resources_31bf3856ad364e35_7.6.7601.18804_pt-br_e8aba3848105c576
19/2/2020 - 19:48:13.965Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..lient-aux.resources_31bf3856ad364e35_7.6.7601.18937_pt-br_e88e3684811b6275
19/2/2020 - 19:48:13.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..lient-aux.resources_31bf3856ad364e35_7.6.7601.18937_pt-br_e88e3684811b6275
19/2/2020 - 19:48:14.12Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:14.153Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:14.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_83a61ecf5d7486de
19/2/2020 - 19:48:14.200Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_83a61ecf5d7486de
19/2/2020 - 19:48:14.247Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_83a61ecf5d7486de
19/2/2020 - 19:48:14.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..lorer-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_212eb036292a4c44
19/2/2020 - 19:48:14.247Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..lorer-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_212eb036292a4c44
19/2/2020 - 19:48:14.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ment-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_21ce315183a3a86c
19/2/2020 - 19:48:14.247Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ment-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_21ce315183a3a86c
19/2/2020 - 19:48:14.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ment-core.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_21ce315183a3a86c
19/2/2020 - 19:48:14.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210
19/2/2020 - 19:48:14.293Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210
19/2/2020 - 19:48:14.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210
19/2/2020 - 19:48:14.387Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:14.528Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:14.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ompositeclassdriver_31bf3856ad364e35_6.1.7600.16385_none_5d5d32a7d4c7eb92
19/2/2020 - 19:48:14.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ompositeclassdriver_31bf3856ad364e35_6.1.7600.16385_none_5d5d32a7d4c7eb92
19/2/2020 - 19:48:14.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..oradapter.resources_31bf3856ad364e35_6.1.7600.16385_en-us_688bce682bc4b24c
19/2/2020 - 19:48:14.575Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..oradapter.resources_31bf3856ad364e35_6.1.7600.16385_en-us_688bce682bc4b24c
19/2/2020 - 19:48:14.668Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:14.809Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:14.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..pdate-adm.resources_31bf3856ad364e35_7.6.7601.19046_pt-br_980c0f49eb0ba5b2
19/2/2020 - 19:48:14.856Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..pdate-adm.resources_31bf3856ad364e35_7.6.7601.19046_pt-br_980c0f49eb0ba5b2
19/2/2020 - 19:48:14.903Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:14.950Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:15.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.6.7601.18937_none_776c2d571e9d8709
19/2/2020 - 19:48:15.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.6.7601.18937_none_776c2d571e9d8709
19/2/2020 - 19:48:15.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.6.7601.19077_none_7740c5c91ebe2a0f
19/2/2020 - 19:48:15.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.6.7601.19077_none_7740c5c91ebe2a0f
19/2/2020 - 19:48:15.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..r-chinesesimplified_31bf3856ad364e35_7.0.7600.16385_none_e080a37b30fde6d2
19/2/2020 - 19:48:15.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..r-chinesesimplified_31bf3856ad364e35_7.0.7600.16385_none_e080a37b30fde6d2
19/2/2020 - 19:48:15.90Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-upgrade_31bf3856ad364e35_6.1.7600.16385_none_b096a84b9ca231ac
19/2/2020 - 19:48:15.90Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-upgrade_31bf3856ad364e35_6.1.7600.16385_none_b096a84b9ca231ac
19/2/2020 - 19:48:15.90Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:15.231Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:15.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..sh-helper.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5a90a72f3e00239e
19/2/2020 - 19:48:15.325Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..sh-helper.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_5a90a72f3e00239e
19/2/2020 - 19:48:15.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..t-snapins.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3671eacbcf68ba63
19/2/2020 - 19:48:15.325Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..t-snapins.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3671eacbcf68ba63
19/2/2020 - 19:48:15.372Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..t-snapins.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_3671eacbcf68ba63
19/2/2020 - 19:48:15.418Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:15.512Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:15.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..umservice.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c9bc37fa68121291
19/2/2020 - 19:48:15.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..umservice.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c9bc37fa68121291
19/2/2020 - 19:48:15.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..up-wizard.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_16fd487ed437939a
19/2/2020 - 19:48:15.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..up-wizard.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_16fd487ed437939a
19/2/2020 - 19:48:15.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..utomation.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_58c59dcaab4a2348
19/2/2020 - 19:48:15.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..utomation.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_58c59dcaab4a2348
19/2/2020 - 19:48:15.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..win32-dll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ff9b39093356167f
19/2/2020 - 19:48:15.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..win32-dll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ff9b39093356167f
19/2/2020 - 19:48:15.606Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7601.18804_none_e76d9fca65105f0b
19/2/2020 - 19:48:15.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7601.18804_none_e76d9fca65105f0b
19/2/2020 - 19:48:15.653Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:15.793Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:15.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7601.18937_none_e75032ca6525fc0a
19/2/2020 - 19:48:15.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7601.18937_none_e75032ca6525fc0a
19/2/2020 - 19:48:15.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ywmdmcesp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9fab7661da8a0640
19/2/2020 - 19:48:15.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-w..ywmdmcesp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9fab7661da8a0640
19/2/2020 - 19:48:15.934Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:15.981Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:16.122Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:16.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7601.21830_none_b3b9727b799a1acf
19/2/2020 - 19:48:16.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7601.21830_none_b3b9727b799a1acf
19/2/2020 - 19:48:16.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wbiosrvc_31bf3856ad364e35_6.1.7600.16385_none_c79503ead5aed6b0
19/2/2020 - 19:48:16.168Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wbiosrvc_31bf3856ad364e35_6.1.7600.16385_none_c79503ead5aed6b0
19/2/2020 - 19:48:16.168Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.22733_pt-br_00ff81a7d5fb92b6
19/2/2020 - 19:48:16.168Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.22733_pt-br_00ff81a7d5fb92b6
19/2/2020 - 19:48:16.215Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.22733_pt-br_00ff81a7d5fb92b6
19/2/2020 - 19:48:16.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.22733_pt-br_00ff81a7d5fb92b6
19/2/2020 - 19:48:16.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wcn-config-registrar_31bf3856ad364e35_6.1.7601.17514_none_8b42b93fd88950e6
19/2/2020 - 19:48:16.262Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wcn-config-registrar_31bf3856ad364e35_6.1.7601.17514_none_8b42b93fd88950e6
19/2/2020 - 19:48:16.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wcn-config-registrar_31bf3856ad364e35_6.1.7601.17514_none_8b42b93fd88950e6
19/2/2020 - 19:48:16.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7600.16385_none_d24809e1379d1f91
19/2/2020 - 19:48:16.309Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7600.16385_none_d24809e1379d1f91
19/2/2020 - 19:48:16.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7600.16385_none_d24809e1379d1f91
19/2/2020 - 19:48:16.450Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:16.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wdi-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_650ab5d2ca2d808c
19/2/2020 - 19:48:16.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wdi-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_650ab5d2ca2d808c
19/2/2020 - 19:48:16.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-webdavredir-davclient_31bf3856ad364e35_6.1.7601.23115_none_f27dd4b581fbbf65
19/2/2020 - 19:48:16.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-webdavredir-davclient_31bf3856ad364e35_6.1.7601.23115_none_f27dd4b581fbbf65
19/2/2020 - 19:48:16.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-webdavredir-mrxdav_31bf3856ad364e35_6.1.7601.23317_none_735d550df5765677
19/2/2020 - 19:48:16.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-webdavredir-mrxdav_31bf3856ad364e35_6.1.7601.23317_none_735d550df5765677
19/2/2020 - 19:48:16.590Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:16.731Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:16.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-webdavredir-webclient_31bf3856ad364e35_6.1.7601.23317_none_b3d83992e36c555e
19/2/2020 - 19:48:16.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-webdavredir-webclient_31bf3856ad364e35_6.1.7601.23317_none_b3d83992e36c555e
19/2/2020 - 19:48:16.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wfpipsechelperclasses_31bf3856ad364e35_6.1.7601.17514_none_d0c392d2129a680a
19/2/2020 - 19:48:16.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wfpipsechelperclasses_31bf3856ad364e35_6.1.7601.17514_none_d0c392d2129a680a
19/2/2020 - 19:48:16.872Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:17.12Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:17.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-whhelper.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9fd32fff0bf98376
19/2/2020 - 19:48:17.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-whhelper.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9fd32fff0bf98376
19/2/2020 - 19:48:17.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17514_none_17197f29b1265401
19/2/2020 - 19:48:17.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17514_none_17197f29b1265401
19/2/2020 - 19:48:17.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18528_none_1712999db12aeeef
19/2/2020 - 19:48:17.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18528_none_1712999db12aeeef
19/2/2020 - 19:48:17.106Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.19061_none_16e037a1b151d530
19/2/2020 - 19:48:17.106Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.19061_none_16e037a1b151d530
19/2/2020 - 19:48:17.153Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:17.293Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:17.340Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:17.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22739_none_179268acca4fc128
19/2/2020 - 19:48:17.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22739_none_179268acca4fc128
19/2/2020 - 19:48:17.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.23418_none_17a6ebc0ca40921b
19/2/2020 - 19:48:17.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.23418_none_17a6ebc0ca40921b
19/2/2020 - 19:48:17.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-windowscodecext_31bf3856ad364e35_6.1.7600.16385_none_ef86be13d2568109
19/2/2020 - 19:48:17.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-windowscodecext_31bf3856ad364e35_6.1.7600.16385_none_ef86be13d2568109
19/2/2020 - 19:48:17.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-windowscodecext_31bf3856ad364e35_7.1.7601.16492_none_e2cfe30f5a6e4384
19/2/2020 - 19:48:17.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-windowscodecext_31bf3856ad364e35_7.1.7601.16492_none_e2cfe30f5a6e4384
19/2/2020 - 19:48:17.481Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:17.622Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:17.762Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:17.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.5.7601.17514_none_9ce1375a66515376
19/2/2020 - 19:48:17.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.5.7601.17514_none_9ce1375a66515376
19/2/2020 - 19:48:17.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.6.7601.18937_none_64fd5675052a3ebb
19/2/2020 - 19:48:17.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.6.7601.18937_none_64fd5675052a3ebb
19/2/2020 - 19:48:17.903Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:18.43Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:18.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wininit-mof.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c5b96d62d974570a
19/2/2020 - 19:48:18.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wininit-mof.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c5b96d62d974570a
19/2/2020 - 19:48:18.184Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:18.325Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:18.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_2abacd7e8769fa1a
19/2/2020 - 19:48:18.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_2abacd7e8769fa1a
19/2/2020 - 19:48:18.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e
19/2/2020 - 19:48:18.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
19/2/2020 - 19:48:18.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
19/2/2020 - 19:48:18.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
19/2/2020 - 19:48:18.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
19/2/2020 - 19:48:18.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e
19/2/2020 - 19:48:18.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winocr-tifffilter_31bf3856ad364e35_6.1.7600.16385_none_8f17e9d40553824d
19/2/2020 - 19:48:18.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winocr-tifffilter_31bf3856ad364e35_6.1.7600.16385_none_8f17e9d40553824d
19/2/2020 - 19:48:18.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winrs-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_96135d8f2383b963
19/2/2020 - 19:48:18.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winrs-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_96135d8f2383b963
19/2/2020 - 19:48:18.465Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:18.512Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:18.653Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:18.700Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winrsplugins_31bf3856ad364e35_6.1.7600.16385_none_722b680e4b585656
19/2/2020 - 19:48:18.700Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winrsplugins_31bf3856ad364e35_6.1.7600.16385_none_722b680e4b585656
19/2/2020 - 19:48:18.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winrsplugins_31bf3856ad364e35_6.1.7600.16385_none_722b680e4b585656\winrshost.exe
19/2/2020 - 19:48:18.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winrsplugins_31bf3856ad364e35_6.1.7600.16385_none_722b680e4b585656\winrshost.exewinrshost.exe
19/2/2020 - 19:48:18.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winrsplugins_31bf3856ad364e35_6.1.7600.16385_none_722b680e4b585656\winrshost.exe
19/2/2020 - 19:48:18.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winrsplugins_31bf3856ad364e35_6.1.7600.16385_none_722b680e4b585656\winrshost.exe
19/2/2020 - 19:48:18.747Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winrsplugins_31bf3856ad364e35_6.1.7600.16385_none_722b680e4b585656\winrshost.exe
19/2/2020 - 19:48:18.747Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winrsplugins_31bf3856ad364e35_6.1.7600.16385_none_722b680e4b585656
19/2/2020 - 19:48:18.840Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:18.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.23237_none_368510aa8e380be8
19/2/2020 - 19:48:18.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.23237_none_368510aa8e380be8
19/2/2020 - 19:48:18.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.1.7600.16385_none_27a7f7694b388c01
19/2/2020 - 19:48:18.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.1.7600.16385_none_27a7f7694b388c01
19/2/2020 - 19:48:18.981Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:19.122Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:19.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22653_none_1501e21acc33cfc4
19/2/2020 - 19:48:19.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22653_none_1501e21acc33cfc4
19/2/2020 - 19:48:19.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23136_none_151a628acc210bc5
19/2/2020 - 19:48:19.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23136_none_151a628acc210bc5
19/2/2020 - 19:48:19.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23338_none_151c66eacc1f38c1
19/2/2020 - 19:48:19.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23338_none_151c66eacc1f38c1
19/2/2020 - 19:48:19.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23418_none_153208a8cc0efe06
19/2/2020 - 19:48:19.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23418_none_153208a8cc0efe06
19/2/2020 - 19:48:19.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.1.7601.18741_none_4db0bb96b0cb8b01
19/2/2020 - 19:48:19.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.1.7601.18741_none_4db0bb96b0cb8b01
19/2/2020 - 19:48:19.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winusb_31bf3856ad364e35_6.1.7600.16385_none_1260b05bb6138cf7
19/2/2020 - 19:48:19.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winusb_31bf3856ad364e35_6.1.7600.16385_none_1260b05bb6138cf7
19/2/2020 - 19:48:19.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036
19/2/2020 - 19:48:19.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036
19/2/2020 - 19:48:19.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wirelesslanhelperclass_31bf3856ad364e35_6.1.7600.16385_none_f6a5ba29c98b1358
19/2/2020 - 19:48:19.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wirelesslanhelperclass_31bf3856ad364e35_6.1.7600.16385_none_f6a5ba29c98b1358
19/2/2020 - 19:48:19.262Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:19.403Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:19.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlan-extension_31bf3856ad364e35_6.1.7600.16385_none_55d820d53d0a8fa3
19/2/2020 - 19:48:19.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlan-extension_31bf3856ad364e35_6.1.7600.16385_none_55d820d53d0a8fa3
19/2/2020 - 19:48:19.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlancoinstaller_31bf3856ad364e35_6.1.7600.16385_none_aab0e8a1758f24f7
19/2/2020 - 19:48:19.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlancoinstaller_31bf3856ad364e35_6.1.7600.16385_none_aab0e8a1758f24f7
19/2/2020 - 19:48:19.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlanpref.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_525d16106dd54794
19/2/2020 - 19:48:19.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlanpref.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_525d16106dd54794
19/2/2020 - 19:48:19.497Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlanpref_31bf3856ad364e35_6.1.7601.17514_none_97b3a79825a15d40
19/2/2020 - 19:48:19.497Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wlanpref_31bf3856ad364e35_6.1.7601.17514_none_97b3a79825a15d40
19/2/2020 - 19:48:19.543Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:19.684Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:19.731Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:19.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmadmod_31bf3856ad364e35_6.1.7601.19091_none_e41b396034db70c6
19/2/2020 - 19:48:19.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmadmod_31bf3856ad364e35_6.1.7601.19091_none_e41b396034db70c6
19/2/2020 - 19:48:19.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-cmiplugin_31bf3856ad364e35_6.1.7601.17514_none_1b28925642a756f7
19/2/2020 - 19:48:19.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-cmiplugin_31bf3856ad364e35_6.1.7601.17514_none_1b28925642a756f7
19/2/2020 - 19:48:19.825Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-consumers_31bf3856ad364e35_6.1.7600.16385_none_a6c7190f7292676c
19/2/2020 - 19:48:19.825Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-consumers_31bf3856ad364e35_6.1.7600.16385_none_a6c7190f7292676c
19/2/2020 - 19:48:19.872Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:20.12Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:20.59Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-core-wbemcomn-dll_31bf3856ad364e35_6.1.7601.17514_none_61a1336c39d1f6dc
19/2/2020 - 19:48:20.59Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-core-wbemcomn-dll_31bf3856ad364e35_6.1.7601.17514_none_61a1336c39d1f6dc
19/2/2020 - 19:48:20.153Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:20.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-jobobject-provider_31bf3856ad364e35_6.1.7600.16385_none_c0e48a4441b3f2e7
19/2/2020 - 19:48:20.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-jobobject-provider_31bf3856ad364e35_6.1.7600.16385_none_c0e48a4441b3f2e7
19/2/2020 - 19:48:20.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-mof_31bf3856ad364e35_6.1.7600.16385_none_fe6bb73bc9e20a39
19/2/2020 - 19:48:20.293Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-mof_31bf3856ad364e35_6.1.7600.16385_none_fe6bb73bc9e20a39
19/2/2020 - 19:48:20.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-mof_31bf3856ad364e35_6.1.7600.16385_none_fe6bb73bc9e20a39
19/2/2020 - 19:48:20.340Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-provider-common_31bf3856ad364e35_6.1.7600.16385_none_0434b662f2d183a0
19/2/2020 - 19:48:20.340Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-provider-common_31bf3856ad364e35_6.1.7600.16385_none_0434b662f2d183a0
19/2/2020 - 19:48:20.340Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:20.481Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:20.575Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-win32-provider_31bf3856ad364e35_6.1.7600.16385_none_22bff75d90022b80
19/2/2020 - 19:48:20.575Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-win32-provider_31bf3856ad364e35_6.1.7600.16385_none_22bff75d90022b80
19/2/2020 - 19:48:20.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmi-win32-provider_31bf3856ad364e35_6.1.7600.16385_none_22bff75d90022b80
19/2/2020 - 19:48:20.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmiperf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ca5b335b95a51040
19/2/2020 - 19:48:20.622Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmiperf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ca5b335b95a51040
19/2/2020 - 19:48:20.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmiperf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ca5b335b95a51040
19/2/2020 - 19:48:20.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmiperf_31bf3856ad364e35_6.1.7600.16385_none_fb8f05cfcc08dc77
19/2/2020 - 19:48:20.668Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmiperf_31bf3856ad364e35_6.1.7600.16385_none_fb8f05cfcc08dc77
19/2/2020 - 19:48:20.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmiperf_31bf3856ad364e35_6.1.7600.16385_none_fb8f05cfcc08dc77
19/2/2020 - 19:48:20.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmpdmccore-api_31bf3856ad364e35_6.1.7600.16385_none_50e753e6cb762285
19/2/2020 - 19:48:20.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmpdmccore-api_31bf3856ad364e35_6.1.7600.16385_none_50e753e6cb762285
19/2/2020 - 19:48:20.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmpdui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d72d9018a4328b25
19/2/2020 - 19:48:20.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmpdui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d72d9018a4328b25
19/2/2020 - 19:48:20.762Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:20.903Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:20.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmpnss-publicapi_31bf3856ad364e35_6.1.7600.16385_none_dced72f14bf0da01
19/2/2020 - 19:48:20.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmpnss-publicapi_31bf3856ad364e35_6.1.7600.16385_none_dced72f14bf0da01
19/2/2020 - 19:48:20.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmpnss-ux_31bf3856ad364e35_6.1.7600.16385_none_13b9b4b7d327a721
19/2/2020 - 19:48:20.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmpnss-ux_31bf3856ad364e35_6.1.7600.16385_none_13b9b4b7d327a721
19/2/2020 - 19:48:20.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmspdmod_31bf3856ad364e35_6.1.7601.17514_none_5855d4fd867cbfaa
19/2/2020 - 19:48:20.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmspdmod_31bf3856ad364e35_6.1.7601.17514_none_5855d4fd867cbfaa
19/2/2020 - 19:48:20.997Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmspdmoe_31bf3856ad364e35_6.1.7600.16385_none_5619f14989965801
19/2/2020 - 19:48:20.997Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wmspdmoe_31bf3856ad364e35_6.1.7600.16385_none_5619f14989965801
19/2/2020 - 19:48:21.43Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:21.90Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:21.231Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:21.372Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:21.512Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:21.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-workstationservice_31bf3856ad364e35_6.1.7601.17514_none_2a601d5ced714bb5
19/2/2020 - 19:48:21.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-workstationservice_31bf3856ad364e35_6.1.7601.17514_none_2a601d5ced714bb5
19/2/2020 - 19:48:21.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.18015_none_c64cad7cededfd3f
19/2/2020 - 19:48:21.559Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.18015_none_c64cad7cededfd3f
19/2/2020 - 19:48:21.606Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.18015_none_c64cad7cededfd3f
19/2/2020 - 19:48:21.700Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:21.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.23136_none_c6c193f2071b07e3
19/2/2020 - 19:48:21.840Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.23136_none_c6c193f2071b07e3
19/2/2020 - 19:48:21.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.23136_none_c6c193f2071b07e3
19/2/2020 - 19:48:21.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.23338_none_c6c39852071934df
19/2/2020 - 19:48:21.887Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.23338_none_c6c39852071934df
19/2/2020 - 19:48:21.934Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.23338_none_c6c39852071934df
19/2/2020 - 19:48:21.934Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.23392_none_c67cb70e074f447b
19/2/2020 - 19:48:21.934Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.23392_none_c67cb70e074f447b
19/2/2020 - 19:48:21.981Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.23392_none_c67cb70e074f447b
19/2/2020 - 19:48:21.981Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.23418_none_c6d93a100708fa24
19/2/2020 - 19:48:21.981Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.23418_none_c6d93a100708fa24
19/2/2020 - 19:48:22.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.23418_none_c6d93a100708fa24
19/2/2020 - 19:48:22.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpd-legacywmdmcesp_31bf3856ad364e35_6.1.7601.18872_none_1a80fa6617c73a30
19/2/2020 - 19:48:22.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpd-legacywmdmcesp_31bf3856ad364e35_6.1.7601.18872_none_1a80fa6617c73a30
19/2/2020 - 19:48:22.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpd-mtpclassdriver_31bf3856ad364e35_6.1.7600.16385_none_2dae763db3dd7996
19/2/2020 - 19:48:22.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpd-mtpclassdriver_31bf3856ad364e35_6.1.7600.16385_none_2dae763db3dd7996
19/2/2020 - 19:48:22.28Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:22.168Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:22.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_11d6340413a3bc04
19/2/2020 - 19:48:22.262Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_11d6340413a3bc04
19/2/2020 - 19:48:22.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_11d6340413a3bc04
19/2/2020 - 19:48:22.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpt-addins-perfnt_31bf3856ad364e35_6.3.9600.16428_none_2328ab3591b21460
19/2/2020 - 19:48:22.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wpt-addins-perfnt_31bf3856ad364e35_6.3.9600.16428_none_2328ab3591b21460
19/2/2020 - 19:48:22.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-write_31bf3856ad364e35_6.1.7600.16385_none_bb77c3d6f6c8e3f6
19/2/2020 - 19:48:22.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-write_31bf3856ad364e35_6.1.7600.16385_none_bb77c3d6f6c8e3f6\write.exe
19/2/2020 - 19:48:22.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-write_31bf3856ad364e35_6.1.7600.16385_none_bb77c3d6f6c8e3f6\write.exe
19/2/2020 - 19:48:22.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-write_31bf3856ad364e35_6.1.7600.16385_none_bb77c3d6f6c8e3f6\write.exe
19/2/2020 - 19:48:22.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-write_31bf3856ad364e35_6.1.7600.16385_none_bb77c3d6f6c8e3f6\write.exe
19/2/2020 - 19:48:22.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-write_31bf3856ad364e35_6.1.7600.16385_none_bb77c3d6f6c8e3f6
19/2/2020 - 19:48:22.403Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:22.543Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:22.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wwanapi_31bf3856ad364e35_6.1.7600.16385_none_fffb3723372141fa
19/2/2020 - 19:48:22.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wwanapi_31bf3856ad364e35_6.1.7600.16385_none_fffb3723372141fa
19/2/2020 - 19:48:22.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wwanui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6d6cf5cb30edf308
19/2/2020 - 19:48:22.637Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wwanui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6d6cf5cb30edf308
19/2/2020 - 19:48:22.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-wwanui.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6d6cf5cb30edf308
19/2/2020 - 19:48:22.731Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:22.872Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:22.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-x..ificateenrollmentui_31bf3856ad364e35_6.1.7600.16385_none_86663b85e279cca2
19/2/2020 - 19:48:22.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-x..ificateenrollmentui_31bf3856ad364e35_6.1.7600.16385_none_86663b85e279cca2
19/2/2020 - 19:48:23.12Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:23.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-xpsreachviewer_31bf3856ad364e35_6.1.7600.16385_none_7110452767e88835
19/2/2020 - 19:48:23.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-xpsreachviewer_31bf3856ad364e35_6.1.7600.16385_none_7110452767e88835
19/2/2020 - 19:48:23.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-xwizard-host-process_31bf3856ad364e35_6.1.7600.16385_none_b4e9027a5234f127
19/2/2020 - 19:48:23.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-xwizard-host-process_31bf3856ad364e35_6.1.7600.16385_none_b4e9027a5234f127
19/2/2020 - 19:48:23.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-xwizards-registration_31bf3856ad364e35_6.1.7600.16385_none_750dbfac02518b59
19/2/2020 - 19:48:23.153Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windows-xwizards-registration_31bf3856ad364e35_6.1.7600.16385_none_750dbfac02518b59
19/2/2020 - 19:48:23.153Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windowsdx..xperience.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_498b148ea4ba40ad
19/2/2020 - 19:48:23.153Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windowsdx..xperience.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_498b148ea4ba40ad
19/2/2020 - 19:48:23.200Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft-windowsdx..xperience.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_498b148ea4ba40ad
19/2/2020 - 19:48:23.200Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.backgroun..r.management.module_31bf3856ad364e35_6.1.7601.17514_none_37732539b17f6579
19/2/2020 - 19:48:23.200Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.backgroun..r.management.module_31bf3856ad364e35_6.1.7601.17514_none_37732539b17f6579
19/2/2020 - 19:48:23.247Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.backgroun..r.management.module_31bf3856ad364e35_6.1.7601.17514_none_37732539b17f6579
19/2/2020 - 19:48:23.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47
19/2/2020 - 19:48:23.247Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47
19/2/2020 - 19:48:23.247Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:23.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.mediacenter.interop_31bf3856ad364e35_6.1.7601.17514_none_3e47e8989128e5a8
19/2/2020 - 19:48:23.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.mediacenter.interop_31bf3856ad364e35_6.1.7601.17514_none_3e47e8989128e5a8
19/2/2020 - 19:48:23.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.mediacenter.interop_31bf3856ad364e35_6.1.7601.17669_none_3e16dc54914ced37
19/2/2020 - 19:48:23.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.mediacenter.interop_31bf3856ad364e35_6.1.7601.17669_none_3e16dc54914ced37
19/2/2020 - 19:48:23.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.mediacenter.itv.media_31bf3856ad364e35_6.1.7601.17514_none_d1ce91acb3723e8a
19/2/2020 - 19:48:23.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.mediacenter.itv.media_31bf3856ad364e35_6.1.7601.17514_none_d1ce91acb3723e8a
19/2/2020 - 19:48:23.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.mediacenter.playback_31bf3856ad364e35_6.1.7601.17514_none_ead17d7ddb78651c
19/2/2020 - 19:48:23.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.mediacenter.playback_31bf3856ad364e35_6.1.7601.17514_none_ead17d7ddb78651c
19/2/2020 - 19:48:23.434Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.powershel..ershell.composition_31bf3856ad364e35_6.1.7600.16385_none_ba655d23c4e8149d
19/2/2020 - 19:48:23.434Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.powershel..ershell.composition_31bf3856ad364e35_6.1.7600.16385_none_ba655d23c4e8149d
19/2/2020 - 19:48:23.434Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:23.575Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:23.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
19/2/2020 - 19:48:23.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
19/2/2020 - 19:48:23.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_da-dk_1439d69c93eb335d
19/2/2020 - 19:48:23.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_da-dk_1439d69c93eb335d
19/2/2020 - 19:48:23.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_de-de_11656bd895c187f7
19/2/2020 - 19:48:23.668Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_de-de_11656bd895c187f7
19/2/2020 - 19:48:23.715Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:23.856Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:23.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_es-es_ba219eb584c68561
19/2/2020 - 19:48:23.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_es-es_ba219eb584c68561
19/2/2020 - 19:48:23.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_fi-fi_593ca36279e0778b
19/2/2020 - 19:48:23.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_fi-fi_593ca36279e0778b
19/2/2020 - 19:48:23.903Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_lt-lt_305b92be267e25cf
19/2/2020 - 19:48:23.903Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_lt-lt_305b92be267e25cf
19/2/2020 - 19:48:23.950Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:24.90Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:24.231Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:24.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_de-de_677ec5ef54cba91e
19/2/2020 - 19:48:24.325Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_de-de_677ec5ef54cba91e
19/2/2020 - 19:48:24.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_es-es_103af8cc43d0a688
19/2/2020 - 19:48:24.325Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_es-es_103af8cc43d0a688
19/2/2020 - 19:48:24.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_et-ee_09fac45c47d68317
19/2/2020 - 19:48:24.325Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_et-ee_09fac45c47d68317
19/2/2020 - 19:48:24.372Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:24.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_he-il_f712166d1d11bdd8
19/2/2020 - 19:48:24.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_he-il_f712166d1d11bdd8
19/2/2020 - 19:48:24.512Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_lt-lt_8674ecd4e58846f6
19/2/2020 - 19:48:24.512Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_lt-lt_8674ecd4e58846f6
19/2/2020 - 19:48:24.512Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:24.653Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:24.793Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:24.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..ration.online.setup_31bf3856ad364e35_6.1.7600.16385_none_0dbedb7c5ac04a7d
19/2/2020 - 19:48:24.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..ration.online.setup_31bf3856ad364e35_6.1.7600.16385_none_0dbedb7c5ac04a7d
19/2/2020 - 19:48:24.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
19/2/2020 - 19:48:24.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
19/2/2020 - 19:48:24.981Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:25.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.7601.23407_none_2503fd39f28ff711
19/2/2020 - 19:48:25.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.7601.23407_none_2503fd39f28ff711
19/2/2020 - 19:48:25.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23149_none_145940228b926863
19/2/2020 - 19:48:25.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23149_none_145940228b926863
19/2/2020 - 19:48:25.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.h...sdhost-driverclass_31bf3856ad364e35_6.1.7600.16385_none_1ee66a1fe1e08c96
19/2/2020 - 19:48:25.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.h...sdhost-driverclass_31bf3856ad364e35_6.1.7600.16385_none_1ee66a1fe1e08c96
19/2/2020 - 19:48:25.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.h..battery-driverclass_31bf3856ad364e35_6.1.7600.16385_none_75d2cb6f608a261c
19/2/2020 - 19:48:25.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.h..battery-driverclass_31bf3856ad364e35_6.1.7600.16385_none_75d2cb6f608a261c
19/2/2020 - 19:48:25.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.h..display-driverclass_31bf3856ad364e35_6.1.7600.16385_none_9f85a871aa07355f
19/2/2020 - 19:48:25.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.h..display-driverclass_31bf3856ad364e35_6.1.7600.16385_none_9f85a871aa07355f
19/2/2020 - 19:48:25.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.h..ideshow-driverclass_31bf3856ad364e35_6.1.7600.16385_none_793412353cedf013
19/2/2020 - 19:48:25.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.h..ideshow-driverclass_31bf3856ad364e35_6.1.7600.16385_none_793412353cedf013
19/2/2020 - 19:48:25.75Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:25.215Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:25.262Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:25.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cb20ca97a0e434dd
19/2/2020 - 19:48:25.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_cb20ca97a0e434dd
19/2/2020 - 19:48:25.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d7f2001de4617cc8
19/2/2020 - 19:48:25.309Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d7f2001de4617cc8
19/2/2020 - 19:48:25.309Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_c1e74365af232e4d
19/2/2020 - 19:48:25.309Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_c1e74365af232e4d
19/2/2020 - 19:48:25.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_c1e74365af232e4d
19/2/2020 - 19:48:25.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.h..ler.wpd-driverclass_31bf3856ad364e35_6.1.7601.17514_none_c6d433b37ea91ac2
19/2/2020 - 19:48:25.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.h..ler.wpd-driverclass_31bf3856ad364e35_6.1.7601.17514_none_c6d433b37ea91ac2
19/2/2020 - 19:48:25.450Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:25.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.isolationautomation_6595b64144ccf1df_1.0.0.0_none_ee2620cf57bc84de
19/2/2020 - 19:48:25.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.isolationautomation_6595b64144ccf1df_1.0.0.0_none_ee2620cf57bc84de
19/2/2020 - 19:48:25.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.s..rt_driver.resources_31bf3856ad364e35_6.1.7600.16385_en-us_acf42a5e0a4e888e
19/2/2020 - 19:48:25.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.s..rt_driver.resources_31bf3856ad364e35_6.1.7600.16385_en-us_acf42a5e0a4e888e
19/2/2020 - 19:48:25.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.winhttp_31bf3856ad364e35_5.1.7601.23451_none_bb205c7a53389197
19/2/2020 - 19:48:25.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.winhttp_31bf3856ad364e35_5.1.7601.23451_none_bb205c7a53389197
19/2/2020 - 19:48:25.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_modemcsa.inf_31bf3856ad364e35_6.1.7601.17514_none_78520ca36170c34f
19/2/2020 - 19:48:25.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_modemcsa.inf_31bf3856ad364e35_6.1.7601.17514_none_78520ca36170c34f
19/2/2020 - 19:48:25.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_monitor.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ac79e4c7dfd4dad7
19/2/2020 - 19:48:25.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_monitor.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ac79e4c7dfd4dad7
19/2/2020 - 19:48:25.590Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:25.778Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:25.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_monitor.inf_31bf3856ad364e35_6.1.7600.16385_none_9ef8332099f534f8
19/2/2020 - 19:48:25.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_monitor.inf_31bf3856ad364e35_6.1.7600.16385_none_9ef8332099f534f8
19/2/2020 - 19:48:25.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_mpio.inf_31bf3856ad364e35_6.1.7601.17514_none_7b58e20aa5f3c9af
19/2/2020 - 19:48:25.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mpio.inf_31bf3856ad364e35_6.1.7601.17514_none_7b58e20aa5f3c9af
19/2/2020 - 19:48:25.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_msbuild_b03f5f7f11d50a3a_6.1.7601.18523_none_0de356a7595e53ee
19/2/2020 - 19:48:25.872Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_msbuild_b03f5f7f11d50a3a_6.1.7601.18523_none_0de356a7595e53ee
19/2/2020 - 19:48:25.872Open1480C:\malware.exeC:\Windows\winsxs\amd64_mscorlib_b77a5c561934e089_6.1.7601.18523_none_5466c37069819ecf
19/2/2020 - 19:48:25.872Read1480C:\malware.exeC:\Windows\winsxs\amd64_mscorlib_b77a5c561934e089_6.1.7601.18523_none_5466c37069819ecf
19/2/2020 - 19:48:25.918Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mscorlib_b77a5c561934e089_6.1.7601.18523_none_5466c37069819ecf
19/2/2020 - 19:48:25.918Open1480C:\malware.exeC:\Windows\winsxs\amd64_mscorlib_b77a5c561934e089_6.1.7601.22733_none_3d9a1cd68328187d
19/2/2020 - 19:48:25.918Read1480C:\malware.exeC:\Windows\winsxs\amd64_mscorlib_b77a5c561934e089_6.1.7601.22733_none_3d9a1cd68328187d
19/2/2020 - 19:48:25.965Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mscorlib_b77a5c561934e089_6.1.7601.22733_none_3d9a1cd68328187d
19/2/2020 - 19:48:26.12Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:26.153Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:26.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_msdv.inf_31bf3856ad364e35_6.1.7600.16385_none_832bf10c9adce314
19/2/2020 - 19:48:26.247Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_msdv.inf_31bf3856ad364e35_6.1.7600.16385_none_832bf10c9adce314
19/2/2020 - 19:48:26.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_mstape.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_31181f88c2e81487
19/2/2020 - 19:48:26.247Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mstape.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_31181f88c2e81487
19/2/2020 - 19:48:26.247Open1480C:\malware.exeC:\Windows\winsxs\amd64_mstape.inf_31bf3856ad364e35_6.1.7600.16385_none_89fe250f2f057e08
19/2/2020 - 19:48:26.247Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_mstape.inf_31bf3856ad364e35_6.1.7600.16385_none_89fe250f2f057e08
19/2/2020 - 19:48:26.293Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:26.481Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:26.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_multiprt.inf_31bf3856ad364e35_6.1.7600.16385_none_889a2679a0b03465
19/2/2020 - 19:48:26.528Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_multiprt.inf_31bf3856ad364e35_6.1.7600.16385_none_889a2679a0b03465
19/2/2020 - 19:48:26.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_narrator.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_ad76241ba6a2d181
19/2/2020 - 19:48:26.528Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_narrator.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_ad76241ba6a2d181
19/2/2020 - 19:48:26.528Open1480C:\malware.exeC:\Windows\winsxs\amd64_net1kx64.inf_31bf3856ad364e35_6.1.7600.16385_none_088b3679a19625fb
19/2/2020 - 19:48:26.528Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_net1kx64.inf_31bf3856ad364e35_6.1.7600.16385_none_088b3679a19625fb
19/2/2020 - 19:48:26.528Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:26.668Open1480C:\malware.exeC:\Windows\winsxs\amd64_net8187se64.inf_31bf3856ad364e35_6.1.7600.16385_none_6a1eccb666dcecad
19/2/2020 - 19:48:26.668Read1480C:\malware.exeC:\Windows\winsxs\amd64_net8187se64.inf_31bf3856ad364e35_6.1.7600.16385_none_6a1eccb666dcecad
19/2/2020 - 19:48:26.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_net8187se64.inf_31bf3856ad364e35_6.1.7600.16385_none_6a1eccb666dcecad
19/2/2020 - 19:48:26.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_netb57va.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_34d49458ec5c88d7
19/2/2020 - 19:48:26.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netb57va.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_34d49458ec5c88d7
19/2/2020 - 19:48:26.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_netbc664.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_36a0f534143cc349
19/2/2020 - 19:48:26.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netbc664.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_36a0f534143cc349
19/2/2020 - 19:48:26.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_netbc664.inf_31bf3856ad364e35_6.1.7600.16385_none_a3677e8bc4b04b78
19/2/2020 - 19:48:26.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netbc664.inf_31bf3856ad364e35_6.1.7600.16385_none_a3677e8bc4b04b78
19/2/2020 - 19:48:26.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_netbxnda.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_407fb5b74b61754d
19/2/2020 - 19:48:26.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netbxnda.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_407fb5b74b61754d
19/2/2020 - 19:48:26.715Open1480C:\malware.exeC:\Windows\winsxs\amd64_netbxnda.inf_31bf3856ad364e35_6.1.7600.16385_none_f1c768728ab70982
19/2/2020 - 19:48:26.715Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netbxnda.inf_31bf3856ad364e35_6.1.7600.16385_none_f1c768728ab70982
19/2/2020 - 19:48:26.715Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:26.762Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:26.903Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:27.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_nete1g3e.inf_31bf3856ad364e35_6.1.7600.16385_none_04871f8f4b13ca44
19/2/2020 - 19:48:27.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_nete1g3e.inf_31bf3856ad364e35_6.1.7600.16385_none_04871f8f4b13ca44
19/2/2020 - 19:48:27.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_netefe3e.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ab02d8c6329f5206
19/2/2020 - 19:48:27.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netefe3e.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ab02d8c6329f5206
19/2/2020 - 19:48:27.43Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7600.16385_none_fa35325c8fbaaa77
19/2/2020 - 19:48:27.43Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7600.16385_none_fa35325c8fbaaa77
19/2/2020 - 19:48:27.90Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:27.231Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:27.325Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_config_b03f5f7f11d50a3a_6.1.7600.16385_none_5dc13828242ac03d
19/2/2020 - 19:48:27.325Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_config_b03f5f7f11d50a3a_6.1.7600.16385_none_5dc13828242ac03d
19/2/2020 - 19:48:27.372Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:27.512Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:27.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_perf_dll_b03f5f7f11d50a3a_6.1.7601.22617_none_538b8392be87c701
19/2/2020 - 19:48:27.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_perf_dll_b03f5f7f11d50a3a_6.1.7601.22617_none_538b8392be87c701
19/2/2020 - 19:48:27.559Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_perf_h_b03f5f7f11d50a3a_6.1.7601.18410_none_488a8da36a8aad3b
19/2/2020 - 19:48:27.559Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_perf_h_b03f5f7f11d50a3a_6.1.7601.18410_none_488a8da36a8aad3b
19/2/2020 - 19:48:27.653Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:27.793Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:27.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_rc_dll_res_b03f5f7f11d50a3a_6.1.7601.18410_none_bcc96041a5ec3660
19/2/2020 - 19:48:27.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_rc_dll_res_b03f5f7f11d50a3a_6.1.7601.18410_none_bcc96041a5ec3660
19/2/2020 - 19:48:27.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_rc_dll_res_b03f5f7f11d50a3a_6.1.7601.22733_none_a5fd7575bf921699
19/2/2020 - 19:48:27.840Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_rc_dll_res_b03f5f7f11d50a3a_6.1.7601.22733_none_a5fd7575bf921699
19/2/2020 - 19:48:27.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_state_exe_b03f5f7f11d50a3a_6.1.7601.18410_none_0dcc6ea16b030c1b
19/2/2020 - 19:48:27.840Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_state_exe_b03f5f7f11d50a3a_6.1.7601.18410_none_0dcc6ea16b030c1b\aspnet_state.exe
19/2/2020 - 19:48:27.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_state_exe_b03f5f7f11d50a3a_6.1.7601.18410_none_0dcc6ea16b030c1b\aspnet_state.exeaspnet_state.exe
19/2/2020 - 19:48:27.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_state_exe_b03f5f7f11d50a3a_6.1.7601.18410_none_0dcc6ea16b030c1b\aspnet_state.exe
19/2/2020 - 19:48:27.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_state_exe_b03f5f7f11d50a3a_6.1.7601.18410_none_0dcc6ea16b030c1b\aspnet_state.exe
19/2/2020 - 19:48:27.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_state_exe_b03f5f7f11d50a3a_6.1.7601.18410_none_0dcc6ea16b030c1b\aspnet_state.exe
19/2/2020 - 19:48:27.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_state_exe_b03f5f7f11d50a3a_6.1.7601.18410_none_0dcc6ea16b030c1b
19/2/2020 - 19:48:27.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_state_exe_b03f5f7f11d50a3a_6.1.7601.22617_none_f6fe284584ab1fd9
19/2/2020 - 19:48:27.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_state_exe_b03f5f7f11d50a3a_6.1.7601.22617_none_f6fe284584ab1fd9\aspnet_state.exe
19/2/2020 - 19:48:27.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_state_exe_b03f5f7f11d50a3a_6.1.7601.22617_none_f6fe284584ab1fd9\aspnet_state.exeaspnet_state.exe
19/2/2020 - 19:48:27.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_state_exe_b03f5f7f11d50a3a_6.1.7601.22617_none_f6fe284584ab1fd9\aspnet_state.exe
19/2/2020 - 19:48:27.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_state_exe_b03f5f7f11d50a3a_6.1.7601.22617_none_f6fe284584ab1fd9\aspnet_state.exe
19/2/2020 - 19:48:27.887Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_state_exe_b03f5f7f11d50a3a_6.1.7601.22617_none_f6fe284584ab1fd9\aspnet_state.exe
19/2/2020 - 19:48:27.887Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_state_exe_b03f5f7f11d50a3a_6.1.7601.22617_none_f6fe284584ab1fd9
19/2/2020 - 19:48:27.981Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:28.28Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:28.168Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:28.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_state_perf_h_b03f5f7f11d50a3a_6.1.7601.22617_none_5c13b71fe7f2e5c7
19/2/2020 - 19:48:28.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_state_perf_h_b03f5f7f11d50a3a_6.1.7601.22617_none_5c13b71fe7f2e5c7
19/2/2020 - 19:48:28.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_state_perf_ini_b03f5f7f11d50a3a_6.1.7600.16385_none_fb6fde4753d9adab
19/2/2020 - 19:48:28.215Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_state_perf_ini_b03f5f7f11d50a3a_6.1.7600.16385_none_fb6fde4753d9adab
19/2/2020 - 19:48:28.215Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.1.7600.16385_none_094460616193b3f6
19/2/2020 - 19:48:28.215Read1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.1.7600.16385_none_094460616193b3f6
19/2/2020 - 19:48:28.262Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.1.7600.16385_none_094460616193b3f6
19/2/2020 - 19:48:28.262Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_3b995fcfc0e586ab
19/2/2020 - 19:48:28.262Read1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_3b995fcfc0e586ab
19/2/2020 - 19:48:28.309Read1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_3b995fcfc0e586ab
19/2/2020 - 19:48:28.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_3b995fcfc0e586ab
19/2/2020 - 19:48:28.450Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:28.543Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.1.7600.16385_none_6db55c2fd0300a34
19/2/2020 - 19:48:28.543Read1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.1.7600.16385_none_6db55c2fd0300a34
19/2/2020 - 19:48:28.590Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.1.7600.16385_none_6db55c2fd0300a34
19/2/2020 - 19:48:28.590Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_roles_b03f5f7f11d50a3a_6.1.7600.16385_none_02a1a2d949085578
19/2/2020 - 19:48:28.590Read1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_roles_b03f5f7f11d50a3a_6.1.7600.16385_none_02a1a2d949085578
19/2/2020 - 19:48:28.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_roles_b03f5f7f11d50a3a_6.1.7600.16385_none_02a1a2d949085578
19/2/2020 - 19:48:28.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.1.7600.16385_none_1487ae3ac19b400f
19/2/2020 - 19:48:28.637Read1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.1.7600.16385_none_1487ae3ac19b400f
19/2/2020 - 19:48:28.684Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.1.7600.16385_none_1487ae3ac19b400f
19/2/2020 - 19:48:28.684Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.1.7600.16385_none_3db80e7607906d02
19/2/2020 - 19:48:28.684Read1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.1.7600.16385_none_3db80e7607906d02
19/2/2020 - 19:48:28.731Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.1.7600.16385_none_3db80e7607906d02
19/2/2020 - 19:48:28.778Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:28.918Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:29.12Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webmedtrust_cfg_dflt_b03f5f7f11d50a3a_6.1.7600.16385_none_fdc4e077981f868b
19/2/2020 - 19:48:29.12Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-aspnet_webmedtrust_cfg_dflt_b03f5f7f11d50a3a_6.1.7600.16385_none_fdc4e077981f868b
19/2/2020 - 19:48:29.59Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:29.200Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:29.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-clr_ilasm_exe_b03f5f7f11d50a3a_6.1.7601.18523_none_8fc063ff35f4970f
19/2/2020 - 19:48:29.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-clr_ilasm_exe_b03f5f7f11d50a3a_6.1.7601.18523_none_8fc063ff35f4970f
19/2/2020 - 19:48:29.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-clr_ilasm_exe_b03f5f7f11d50a3a_6.1.7601.22733_none_78f3bd654f9b10bd
19/2/2020 - 19:48:29.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-clr_ilasm_exe_b03f5f7f11d50a3a_6.1.7601.22733_none_78f3bd654f9b10bd
19/2/2020 - 19:48:29.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-clr_sys_entservcs_thunk_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_df104676600087c7
19/2/2020 - 19:48:29.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-clr_sys_entservcs_thunk_dll_b03f5f7f11d50a3a_6.1.7601.18523_none_df104676600087c7
19/2/2020 - 19:48:29.293Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-cscompmgd_b03f5f7f11d50a3a_6.1.7601.22733_none_0bb6668899dfffbb
19/2/2020 - 19:48:29.293Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-cscompmgd_b03f5f7f11d50a3a_6.1.7601.22733_none_0bb6668899dfffbb
19/2/2020 - 19:48:29.340Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:29.528Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:29.575Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:29.622Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-culture_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_6787eb2ff80c8b56
19/2/2020 - 19:48:29.622Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-culture_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_6787eb2ff80c8b56
19/2/2020 - 19:48:29.715Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:29.856Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-dfshim_dll_31bf3856ad364e35_6.2.7601.22724_none_9f5381212b8aa0d2
19/2/2020 - 19:48:29.856Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-dfshim_dll_31bf3856ad364e35_6.2.7601.22724_none_9f5381212b8aa0d2
19/2/2020 - 19:48:29.856Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:29.997Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:30.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-fw_netfxperf_dll_31bf3856ad364e35_6.2.7601.17514_none_bae87b3630a3f232
19/2/2020 - 19:48:30.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-fw_netfxperf_dll_31bf3856ad364e35_6.2.7601.17514_none_bae87b3630a3f232
19/2/2020 - 19:48:30.137Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-ieexecremote_b03f5f7f11d50a3a_6.1.7600.16385_none_986ffe2f993df792
19/2/2020 - 19:48:30.137Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-ieexecremote_b03f5f7f11d50a3a_6.1.7600.16385_none_986ffe2f993df792
19/2/2020 - 19:48:30.184Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:30.325Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:30.418Open1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-ieexecremote_b03f5f7f11d50a3a_6.1.7601.18523_none_984624ab99943b25
19/2/2020 - 19:48:30.418Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_netfx-ieexecremote_b03f5f7f11d50a3a_6.1.7601.18523_none_984624ab99943b25
19/2/2020 - 19:48:30.465Read1480C:\malware.exeC:\Windows\winsxs
19/2/2020 - 19:48:30.606Read1480C:\malware.exeC:\Windows\winsxs