Report #696 check_circle

  • Creation Date: Oct. 19, 2019, 2:23 a.m.
  • Last Update: Oct. 19, 2019, 6:17 a.m.
  • File: 044
  • Results:
Binary
DLL
False cancel
Size
1.14MB
trid
35.0% InstallShield setup
33.8% Win32 EXE PECompact compressed
22.4% Win64 Executable
3.6% Win32 Executable
1.6% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows CLI
Hashes
md5
3b7e22e97a6856fb6843704c9452ad87
sha1
c721ec219a9d6836bf12ac24cf4e22aa822fcb67
crc32
0x924e52ec
sha224
9625529e902294429a0dead35c7847d9266ee36b3959b34fc27ca9a1
sha256
cac61bfaf19636a4db63b11eca87a84e79e37b0d230354a11a37878927faaae5
sha384
841860d393635b6659eb8dedb5fb4990db1623a8f12d007758cb2c796a65eb8cd15d7f1731b86c47470781542450f2a3
sha512
4d588d389c4117033cbf9b4807d212389507c974983a8e0bcb56c0303c5872830460f409547521e72348968fd90a87adab345ef8e51381b6410061431b960164
ssdeep
24576:Fp+6k/gxr/nIiYWMf9dQnPoY20k0XgBq/bPEUpPhOZy+hz7FFUj9SD+sw4LOTc:qFgxr/nIiYWMf9dQnPoY20k0XgBq/bPg
Community
Google
True check_circle
HashLib
False cancel
YARA
Matches
maldoc_getEIP_method_1, domain, IP, win_private_profile, Dropper_Strings, Intel_Virtualization_Wizard_exe, HasDebugData, network_dropper, Antivirus, BASE64_table, escalate_priv, HasRichSignature, possible_includes_base64_packed_functions, VM_Generic_Detection, VC8_Microsoft_Corporation, DebuggerException__SetConsoleCtrl, spreading_share, IsConsole, create_service, network_dns, cred_local, network_http, win_files_operation, IsPE32, win_hook, disable_dep, contentis_base64, network_tcp_socket, SEH__vectored, screenshot, win_token, win_mutex, keylogger, Misc_Suspicious_Strings, maldoc_find_kernel32_base_method_1, migrate_apc, antisb_threatExpert, DebuggerHiding__Thread, anti_dbg, network_tcp_listen, DebuggerCheck__QueryInfo, url, Microsoft_Visual_Cpp_8, win_registry, Typical_Malware_String_Transforms, HasOverlay, network_dga, Advapi_Hash_API, Big_Numbers5, Crypt32_CryptBinaryToString_API, create_com_service, Big_Numbers0

Suspicious
True check_circle

Strings
List
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
</dc:rights></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:tiff="http://ns.adobe.com/tiff/1.0/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:exif="http://ns.adobe.com/exif/1.0/"/></rdf:RDF></x:xmpmeta>
</dc:rights></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:tiff="http://ns.adobe.com/tiff/1.0/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:exif="http://ns.adobe.com/exif/1.0/"/></rdf:RDF></x:xmpmeta>
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
1. Visit https://tox.chat/download.html
qhttp://ns.adobe.com/xap/1.0/
qhttp://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
1. Download Tor browser - https://www.torproject.org/
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:dc="http://purl.org/dc/elements/1.1/">
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>

Foremost
Matches
0.exe, 94 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: True check_circle
Suspicious: http://gdcbghvjyqy7jclk.onion/3a23db8448d3b2b, https://tox.chat/download.html, https://www.torproject.org/
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: 2ntdll.dll, WININET.dll, shlwapi.dll, MSVCR110.dll, CRYPT32.dll, SHELL32.dll, user32.dll, ADVAPI32.dll, PSAPI.DLL, kernel32.dll, GDI32.dll, msvcrt.dll, urlmon.dll, encryption.dll
hasFiles: True check_circle
Suspicious: GDCB-DECRYPT.txt, %s\GDCB-DECRYPT.txt, ntuser.dat, ntuser.dat.log, thumbs.db, iconcache.db
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 93696
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rdata, .data, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 6
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 6
Linker
Version: 11.0
Suspicious: False cancel
Subsystem
Version: 6.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 4951
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: wininet.dll, shlwapi.dll, crypt32.dll, shell32.dll, user32.dll, advapi32.dll, psapi.dll, kernel32.dll, gdi32.dll, msvcrt.dll, urlmon.dll
hasLibs: True check_circle
Suspicious: 2ntdll.dll, msvcr110.dll, encryption.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2019-08-28 13:35:58
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: True check_circle
Fuzzing: False cancel

PEDetector
Matches
6304, 78097
Suspicious
True check_circle
Disassembly
hasTricks
True check_circle
Tricks
ldr
.rsrc: 2

pushret
.rsrc: 11
.text: 1

nopsequence
.rsrc: 2

pushpopmath
.rsrc: 13

sizeofimage
.rsrc: 2

garbagebytes
.rsrc: 4
.text: 1

hookdetection
.rsrc: 1

programcontrolflowchange
.rsrc: 4
.text: 1

cpuinstructionsresultscomparison
.rdata: 1

AVclass
wapomi
1
VirusTotal
md5
3b7e22e97a6856fb6843704c9452ad87
sha1
c721ec219a9d6836bf12ac24cf4e22aa822fcb67
SCANS
AVG
result: Win32:Rootkit-gen [Rtk]
update: 20190910
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=82)
update: 20190910
version: 2018.9.12.1
detected: True check_circle

APEX
result: Malicious
update: 20190910
version: 5.62
detected: True check_circle

Bkav
update: 20190910
version: 1.3.0.10239
detected: False cancel

K7GW
update: 20190910
version: 11.66.31967
detected: False cancel

ALYac
result: Win32.VJadtre.3
update: 20190910
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Rootkit-gen [Rtk]
update: 20190910
version: 18.4.3895.0
detected: True check_circle

Avira
result: W32/Jadtre.B
update: 20190910
version: 8.3.3.8
detected: True check_circle

Baidu
result: Win32.Virus.Otwycal.d
update: 20190318
version: 1.0.0.2
detected: True check_circle

Cyren
result: W32/PatchLoad.E
update: 20190910
version: 6.2.0.1
detected: True check_circle

DrWeb
result: Trojan.Encoder.24384
update: 20190910
version: 7.0.41.7240
detected: True check_circle

GData
result: Win32.VJadtre.3
update: 20190910
version: A:25.23339B:26.15997
detected: True check_circle

Panda
result: Generic Suspicious
update: 20190910
version: 4.6.4.2
detected: True check_circle

VBA32
result: Virus.Nimnul.19209
update: 20190910
version: 4.0.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20190910
version: 77768
detected: True check_circle

Zoner
update: 20190910
version: 1.0.0.1
detected: False cancel

ClamAV
result: Win.Ransomware.Gandcrab-6502432-0
update: 20190910
version: 0.101.4.0
detected: True check_circle

Comodo
update: 20190910
version: 31455
detected: False cancel

F-Prot
result: W32/PatchLoad.E
update: 20190910
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Virus.Win32.Wapomi
update: 20190910
version: 0.1.5.2
detected: True check_circle

McAfee
result: Artemis!3B7E22E97A68
update: 20190910
version: 6.0.6.653
detected: True check_circle

Rising
result: Ransom.GandCrab!1.B8D6 (CLASSIC)
update: 20190910
version: 25.0.0.24
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20190910
version: 4.98.0
detected: True check_circle

Yandex
update: 20190910
version: 5.5.2.24
detected: False cancel

Zillya
update: 20190910
version: 2.0.0.3897
detected: False cancel

Acronis
update: 20190904
version: 1.1.1.56
detected: False cancel

Alibaba
result: Virus:Win32/Nimnul.e04fd7e6
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Win32.VJadtre.3
update: 20190910
version: 1.0.0.856
detected: True check_circle

Cylance
update: 20190910
version: 2.3.1.101
detected: False cancel

Endgame
result: malicious (high confidence)
update: 20190819
version: 3.0.14
detected: True check_circle

FireEye
result: Generic.mg.3b7e22e97a6856fb
update: 20190910
version: 29.7.0.0
detected: True check_circle

TACHYON
update: 20190910
version: 2019-09-10.02
detected: False cancel

Tencent
result: Virus.Win32.Loader.aab
update: 20190910
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20190910
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20190910
version: 1.0.0.403
detected: False cancel

eGambit
result: Trojan.Generic
update: 20190910
version: v5.0.5
detected: True check_circle

Ad-Aware
result: Win32.VJadtre.3
update: 20190910
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Virus.Win32.Nimnul.n!c
update: 20190910
version: 4.2
detected: True check_circle

Emsisoft
result: Win32.VJadtre.3 (B)
update: 20190910
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Malware.W32/Jadtre.B
update: 20190910
version: 12.0.86.52
detected: True check_circle

Fortinet
result: W32/Wapomi.BA!tr
update: 20190910
version: 5.4.247.0
detected: True check_circle

Invincea
update: 20190904
version: 6.3.6.26157
detected: False cancel

Jiangmin
update: 20190910
version: 16.0.100
detected: False cancel

Kingsoft
update: 20190910
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20190910
version: 1.0
detected: True check_circle

Symantec
result: ML.Attribute.HighConfidence
update: 20190910
version: 1.10.0.0
detected: True check_circle

Trapmine
update: 20190826
version: 3.1.81.800
detected: False cancel

AhnLab-V3
result: Trojan/Win32.Xtrat.C3450632
update: 20190910
version: 3.16.1.25089
detected: True check_circle

Antiy-AVL
result: Virus/Win32.Nimnul.f
update: 20190910
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Virus.Win32.Nimnul.f
update: 20190910
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Ransom:Win32/GandCrab.AE
update: 20190910
version: 1.1.16300.1
detected: True check_circle

Qihoo-360
result: Win32/Virus.IM.01a
update: 20190910
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: Virus.Win32.Nimnul.f
update: 20190910
version: 1.0
detected: True check_circle

Cybereason
result: malicious.97a685
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: Win32/Wapomi.BA
update: 20190910
version: 19995
detected: True check_circle

TrendMicro
result: PE_WAPOMI.BM
update: 20190910
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Win32.VJadtre.3
update: 20190910
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_60% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
update: 20190910
version: 11.66.31969
detected: False cancel

SentinelOne
result: DFI - Malicious PE
update: 20190807
version: 1.0.31.22
detected: True check_circle

Avast-Mobile
update: 20190910
version: 190910-00
detected: False cancel

Malwarebytes
result: Virus.Wapomi
update: 20190910
version: 2.1.1.1115
detected: True check_circle

TotalDefense
result: Win32/Nimnul.A
update: 20190910
version: 37.1.62.1
detected: True check_circle

CAT-QuickHeal
update: 20190909
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Win32.Banload.cstqaj
update: 20190910
version: 1.0.134.24859
detected: True check_circle

MicroWorld-eScan
result: Win32.VJadtre.3
update: 20190910
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20190906
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Ramnit.tm
update: 20190910
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: PE_WAPOMI.BM
update: 20190910
version: 10.0.0.1040
detected: True check_circle

total
70
sha256
cac61bfaf19636a4db63b11eca87a84e79e37b0d230354a11a37878927faaae5
scan_id
cac61bfaf19636a4db63b11eca87a84e79e37b0d230354a11a37878927faaae5-1568144177
resource
3b7e22e97a6856fb6843704c9452ad87
positives
50
scan_date
2019-09-10 19:36:17
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
19/10/2019 - 5:45:43.700Unknown1480C:\malware.exeC:\Monitor\proc.exe
19/10/2019 - 5:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:43.700Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:43.700Open1480C:\malware.exeC:\Monitor
19/10/2019 - 5:45:43.700Unknown1480C:\malware.exeC:\Monitor
19/10/2019 - 5:45:43.700Open1480C:\malware.exeC:\Monitor\proc.exe
19/10/2019 - 5:45:43.700Unknown1480C:\malware.exeC:\Monitor\proc.exe
19/10/2019 - 5:45:43.700Open1480C:\malware.exeC:\
19/10/2019 - 5:45:43.700Unknown1480C:\malware.exeC:\
19/10/2019 - 5:45:43.700Open1480C:\malware.exeC:\Monitor
19/10/2019 - 5:45:43.700Unknown1480C:\malware.exeC:\Monitor
19/10/2019 - 5:45:43.700Open1480C:\malware.exeC:\Monitor
19/10/2019 - 5:45:43.700Unknown1480C:\malware.exeC:\Monitor
19/10/2019 - 5:45:43.700Open1480C:\malware.exeC:\Monitor\proc.exe
19/10/2019 - 5:45:43.700Read1480C:\malware.exeC:\Monitor\proc.exe
19/10/2019 - 5:45:43.700Open1480C:\malware.exeC:\Monitor\ui\SwDRM.dll
19/10/2019 - 5:45:43.700Open1480C:\malware.exeC:\Monitor\proc.exe
19/10/2019 - 5:45:43.700Open1480C:\malware.exeC:\Monitor\proc.exe
19/10/2019 - 5:45:43.700Unknown1480C:\malware.exeC:\Monitor\proc.exe
19/10/2019 - 5:45:43.700Open1480C:\malware.exeC:\Monitor\proc.exe
19/10/2019 - 5:45:43.700Unknown1480C:\malware.exeC:\Monitor\proc.exe
19/10/2019 - 5:45:43.700Unknown1480C:\malware.exeC:\Monitor\proc.exe
19/10/2019 - 5:45:43.700Unknown1480C:\malware.exeC:\Monitor\proc.exe
19/10/2019 - 5:45:43.700Unknown1480C:\malware.exeC:\Windows
19/10/2019 - 5:45:43.700Unknown1480C:\malware.exeC:\Monitor
19/10/2019 - 5:45:43.715Open1488C:\Monitor\proc.exeC:\Windows\Prefetch\PROC.EXE-5509F567.pf
19/10/2019 - 5:45:43.715Open1488C:\Monitor\proc.exeC:\Windows
19/10/2019 - 5:45:43.715Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:43.715Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:43.715Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:43.715Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:43.715Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:43.715Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:43.715Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 5:45:43.715Open1488C:\Monitor\proc.exeC:\Windows
19/10/2019 - 5:45:43.715Unknown1488C:\Monitor\proc.exeC:\Windows
19/10/2019 - 5:45:43.715Open1488C:\Monitor\proc.exeC:\Monitor
19/10/2019 - 5:45:43.715Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
19/10/2019 - 5:45:43.715Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
19/10/2019 - 5:45:43.715Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:43.715Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:43.715Open1488C:\Monitor\proc.exeC:\Monitor\version.DLL
19/10/2019 - 5:45:43.715Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\version.dll
19/10/2019 - 5:45:43.715Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\version.dll
19/10/2019 - 5:45:43.715Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:43.731Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:43.731Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:43.731Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:43.731Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:43.731Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:43.731Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:45:43.731Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:45:43.731Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:45:43.731Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:45:43.731Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:45:43.731Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:45:43.731Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:45:43.731Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:45:43.731Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:45:43.731Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:45:43.731Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:43.731Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:43.731Open1488C:\Monitor\proc.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:43.731Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:45:43.731Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:45:43.731Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:45:43.731Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:45:43.731Open1488C:\Monitor\proc.exeC:\
19/10/2019 - 5:45:43.731Unknown1488C:\Monitor\proc.exeC:\
19/10/2019 - 5:45:43.731Open1488C:\Monitor\proc.exeC:\Users
19/10/2019 - 5:45:43.731Unknown1488C:\Monitor\proc.exeC:\Users
19/10/2019 - 5:45:43.731Open1488C:\Monitor\proc.exeC:\Users\Behemot
19/10/2019 - 5:45:43.731Unknown1488C:\Monitor\proc.exeC:\Users\Behemot
19/10/2019 - 5:45:43.731Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData
19/10/2019 - 5:45:43.731Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData
19/10/2019 - 5:45:43.731Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
19/10/2019 - 5:45:43.747Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
19/10/2019 - 5:45:43.747Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:45:43.747Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:45:43.747Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:45:43.747Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:45:43.747Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:45:43.747Read1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:45:43.747Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\ui\SwDRM.dll
19/10/2019 - 5:45:43.747Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:45:43.747Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:45:43.747Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:45:43.747Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:45:43.747Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:45:43.747Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:45:43.747Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:45:43.840Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\Prefetch\VSQSHX.EXE-1464A4CE.pf
19/10/2019 - 5:45:43.840Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows
19/10/2019 - 5:45:43.840Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:43.840Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:45:43.840Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:43.840Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:45:43.840Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:43.840Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:45:43.840Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 5:45:43.840Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows
19/10/2019 - 5:45:43.840Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows
19/10/2019 - 5:45:43.840Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor
19/10/2019 - 5:45:43.840Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:43.840Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:45:43.856Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\version.DLL
19/10/2019 - 5:45:43.856Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\version.dll
19/10/2019 - 5:45:43.856Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\version.dll
19/10/2019 - 5:45:43.856Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:43.856Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:43.856Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:43.856Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:43.856Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:43.856Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:45:43.856Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:45:43.856Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:45:43.856Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:45:43.856Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:45:43.918Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 5:45:43.918Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:43.918Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\uxtheme.dll
19/10/2019 - 5:45:43.918Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\uxtheme.dll
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\api-ms-win-downlevel-shlwapi-l2-1-0.dll
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
19/10/2019 - 5:45:43.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
19/10/2019 - 5:45:43.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\Secur32.dll
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\secur32.dll
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\secur32.dll
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
19/10/2019 - 5:45:43.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\api-ms-win-downlevel-advapi32-l2-1-0.dll
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
19/10/2019 - 5:45:43.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
19/10/2019 - 5:45:43.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\$Recycle.Bin
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\$Recycle.Bin\S-1-5-21-2148495166-3420019059-1286093062-1001
19/10/2019 - 5:45:43.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\$Recycle.Bin\S-1-5-21-2148495166-3420019059-1286093062-1001
19/10/2019 - 5:45:43.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\$Recycle.Bin
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Arquivos de Programas
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Arquivos de Programas
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\Files
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\Files\DeletedFiles
19/10/2019 - 5:45:43.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\Files\DeletedFiles
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\Files\Logs
19/10/2019 - 5:45:43.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\Files\Logs
19/10/2019 - 5:45:43.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\Files
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\Malware
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\malware.exe
19/10/2019 - 5:45:43.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\malware.exe
19/10/2019 - 5:45:43.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\malware.exe
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\malware.exe
19/10/2019 - 5:45:43.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\malware.exe
19/10/2019 - 5:45:43.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\malware.exe
19/10/2019 - 5:45:43.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\Malware
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\proc.exe
19/10/2019 - 5:45:43.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\proc.exe
19/10/2019 - 5:45:43.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\proc.exe
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\proc.exe
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\WindowsKernelCaptureDriver Package
19/10/2019 - 5:45:43.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\WindowsKernelCaptureDriver Package
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\WKCDController.exe
19/10/2019 - 5:45:43.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\WKCDController.exeWKCDController.exe
19/10/2019 - 5:45:43.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\WKCDController.exeWKCDController.exe
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\WKCDController.exe
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\WKCD_Load_Use.exe
19/10/2019 - 5:45:43.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/10/2019 - 5:45:43.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\WKCD_Load_Use.exe
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\zip.exe
19/10/2019 - 5:45:43.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\zip.exe
19/10/2019 - 5:45:43.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\zip.exe
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\zip.exe
19/10/2019 - 5:45:43.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\zip.exe
19/10/2019 - 5:45:43.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\zip.exe
19/10/2019 - 5:45:43.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\zip.exe
19/10/2019 - 5:45:43.965Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\zip.exe
19/10/2019 - 5:45:43.965Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\zip.exe
19/10/2019 - 5:45:43.965Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\zip.exe
19/10/2019 - 5:45:43.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\zip.exe
19/10/2019 - 5:45:43.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor\zip.exe
19/10/2019 - 5:45:43.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\PerfLogs
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\PerfLogs\Admin
19/10/2019 - 5:45:43.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\PerfLogs\Admin
19/10/2019 - 5:45:43.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\PerfLogs
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Arquivos Comuns
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Arquivos Comuns
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\DVDMaker.exe
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\DVDMaker.exe
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\pt-BR
19/10/2019 - 5:45:43.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\pt-BR
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles
19/10/2019 - 5:45:43.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy
19/10/2019 - 5:45:43.965Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy
19/10/2019 - 5:45:44.28Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
19/10/2019 - 5:45:44.28Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\winhttp.dll
19/10/2019 - 5:45:44.28Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\winhttp.dll
19/10/2019 - 5:45:44.28Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\webio.dll
19/10/2019 - 5:45:44.28Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\webio.dll
19/10/2019 - 5:45:44.28Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy
19/10/2019 - 5:45:44.28Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\IPHLPAPI.DLL
19/10/2019 - 5:45:44.28Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
19/10/2019 - 5:45:44.28Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
19/10/2019 - 5:45:44.28Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\WINNSI.DLL
19/10/2019 - 5:45:44.28Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\winnsi.dll
19/10/2019 - 5:45:44.28Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\winnsi.dll
19/10/2019 - 5:45:44.28Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\DNSAPI.dll
19/10/2019 - 5:45:44.28Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\dnsapi.dll
19/10/2019 - 5:45:44.28Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\dnsapi.dll
19/10/2019 - 5:45:44.28Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl
19/10/2019 - 5:45:44.28Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl
19/10/2019 - 5:45:44.90Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\mswsock.dll
19/10/2019 - 5:45:44.90Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\mswsock.dll
19/10/2019 - 5:45:44.90Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\wship6.dll
19/10/2019 - 5:45:44.90Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\wship6.dll
19/10/2019 - 5:45:44.90Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:45:44.90Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:45:44.90Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:45:44.90Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local
19/10/2019 - 5:45:44.90Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local
19/10/2019 - 5:45:44.90Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local
19/10/2019 - 5:45:44.90Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
19/10/2019 - 5:45:44.90Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
19/10/2019 - 5:45:44.90Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
19/10/2019 - 5:45:44.90Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
19/10/2019 - 5:45:44.90Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
19/10/2019 - 5:45:44.90Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:45:44.90Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:45:44.90Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:45:44.90Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:44.90Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:44.90Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 5:45:44.90Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
19/10/2019 - 5:45:44.90Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
19/10/2019 - 5:45:44.90Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
19/10/2019 - 5:45:44.90Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
19/10/2019 - 5:45:44.90Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
19/10/2019 - 5:45:44.90Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:45:44.90Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:45:44.90Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:45:44.90Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local
19/10/2019 - 5:45:44.90Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local
19/10/2019 - 5:45:44.90Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local
19/10/2019 - 5:45:44.90Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
19/10/2019 - 5:45:44.90Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
19/10/2019 - 5:45:44.90Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
19/10/2019 - 5:45:44.90Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
19/10/2019 - 5:45:44.90Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
19/10/2019 - 5:45:44.90Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl
19/10/2019 - 5:45:44.90Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage
19/10/2019 - 5:45:44.90Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage
19/10/2019 - 5:45:44.137Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\rpcss.dll
19/10/2019 - 5:45:44.137Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\rpcss.dll
19/10/2019 - 5:45:44.137Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage
19/10/2019 - 5:45:44.137Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\Full
19/10/2019 - 5:45:44.137Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\Full
19/10/2019 - 5:45:44.184Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\netprofm.dll
19/10/2019 - 5:45:44.184Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\netprofm.dll
19/10/2019 - 5:45:44.184Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\nlaapi.dll
19/10/2019 - 5:45:44.184Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\nlaapi.dll
19/10/2019 - 5:45:44.184Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\Full
19/10/2019 - 5:45:44.184Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle
19/10/2019 - 5:45:44.184Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle
19/10/2019 - 5:45:44.231Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\dhcpcsvc6.DLL
19/10/2019 - 5:45:44.231Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
19/10/2019 - 5:45:44.231Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
19/10/2019 - 5:45:44.231Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
19/10/2019 - 5:45:44.231Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
19/10/2019 - 5:45:44.231Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle
19/10/2019 - 5:45:44.231Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles
19/10/2019 - 5:45:44.231Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles
19/10/2019 - 5:45:44.278Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
19/10/2019 - 5:45:44.278Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
19/10/2019 - 5:45:44.278Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\dhcpcsvc.DLL
19/10/2019 - 5:45:44.278Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\dhcpcsvc.dll
19/10/2019 - 5:45:44.278Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\dhcpcsvc.dll
19/10/2019 - 5:45:44.278Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\CRYPTSP.dll
19/10/2019 - 5:45:44.278Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\cryptsp.dll
19/10/2019 - 5:45:44.278Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\cryptsp.dll
19/10/2019 - 5:45:44.278Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:44.278Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:44.278Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:44.278Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:44.278Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:44.278Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:44.278Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:44.278Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:44.278Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:44.278Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:44.278Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:44.278Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:44.278Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\RpcRtRemote.dll
19/10/2019 - 5:45:44.278Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\RpcRtRemote.dll
19/10/2019 - 5:45:44.278Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
19/10/2019 - 5:45:44.278Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\RpcRtRemote.dll
19/10/2019 - 5:45:44.278Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
19/10/2019 - 5:45:44.278Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles
19/10/2019 - 5:45:44.278Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\Memories
19/10/2019 - 5:45:44.278Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\Memories
19/10/2019 - 5:45:44.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\rasadhlp.dll
19/10/2019 - 5:45:44.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\rasadhlp.dll
19/10/2019 - 5:45:44.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\rasadhlp.dll
19/10/2019 - 5:45:44.340Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\Memories
19/10/2019 - 5:45:44.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\OldAge
19/10/2019 - 5:45:44.340Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\OldAge
19/10/2019 - 5:45:44.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\npmproxy.dll
19/10/2019 - 5:45:44.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\npmproxy.dll
19/10/2019 - 5:45:44.387Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\OldAge
19/10/2019 - 5:45:44.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\Performance
19/10/2019 - 5:45:44.387Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\Performance
19/10/2019 - 5:45:44.434Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\Performance
19/10/2019 - 5:45:44.434Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\Pets
19/10/2019 - 5:45:44.434Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\Pets
19/10/2019 - 5:45:44.481Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\Pets
19/10/2019 - 5:45:44.481Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\Push
19/10/2019 - 5:45:44.481Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\Push
19/10/2019 - 5:45:44.528Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\Push
19/10/2019 - 5:45:44.528Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles
19/10/2019 - 5:45:44.528Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles
19/10/2019 - 5:45:44.575Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles
19/10/2019 - 5:45:44.575Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels
19/10/2019 - 5:45:44.575Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels
19/10/2019 - 5:45:44.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels
19/10/2019 - 5:45:44.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\Shatter
19/10/2019 - 5:45:44.622Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\Shatter
19/10/2019 - 5:45:44.668Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\Shatter
19/10/2019 - 5:45:44.668Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion
19/10/2019 - 5:45:44.668Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion
19/10/2019 - 5:45:44.715Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion
19/10/2019 - 5:45:44.715Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\Sports
19/10/2019 - 5:45:44.715Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\Sports
19/10/2019 - 5:45:44.762Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\Sports
19/10/2019 - 5:45:44.762Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\Stacking
19/10/2019 - 5:45:44.762Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\Stacking
19/10/2019 - 5:45:44.809Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\Stacking
19/10/2019 - 5:45:44.809Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\Travel
19/10/2019 - 5:45:44.809Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\Travel
19/10/2019 - 5:45:44.872Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\Travel
19/10/2019 - 5:45:44.872Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall
19/10/2019 - 5:45:44.872Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall
19/10/2019 - 5:45:44.872Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\Vignette
19/10/2019 - 5:45:44.872Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\Vignette
19/10/2019 - 5:45:44.934Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles\Vignette
19/10/2019 - 5:45:44.934Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared\DvdStyles
19/10/2019 - 5:45:44.934Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker\Shared
19/10/2019 - 5:45:44.934Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\DVD Maker
19/10/2019 - 5:45:44.934Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games
19/10/2019 - 5:45:44.934Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Chess
19/10/2019 - 5:45:44.934Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Chess\Chess.exe
19/10/2019 - 5:45:44.981Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Chess\Chess.exe
19/10/2019 - 5:45:44.981Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Chess\Chess.exe
19/10/2019 - 5:45:44.981Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Chess\Chess.exe
19/10/2019 - 5:45:45.28Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Chess\pt-BR
19/10/2019 - 5:45:45.28Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Chess\pt-BR
19/10/2019 - 5:45:45.28Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Chess
19/10/2019 - 5:45:45.28Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\FreeCell
19/10/2019 - 5:45:45.28Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\FreeCell\FreeCell.exe
19/10/2019 - 5:45:45.75Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
19/10/2019 - 5:45:45.75Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
19/10/2019 - 5:45:45.75Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\FreeCell\FreeCell.exe
19/10/2019 - 5:45:45.75Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\FreeCell\FreeCell.exe
19/10/2019 - 5:45:45.75Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\FreeCell\FreeCell.exe
19/10/2019 - 5:45:45.122Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\FreeCell\pt-BR
19/10/2019 - 5:45:45.122Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\FreeCell\pt-BR
19/10/2019 - 5:45:45.122Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\FreeCell
19/10/2019 - 5:45:45.122Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Hearts
19/10/2019 - 5:45:45.122Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Hearts\Hearts.exe
19/10/2019 - 5:45:45.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\wininet.dll
19/10/2019 - 5:45:45.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe.Local
19/10/2019 - 5:45:45.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:45.168Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:45.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:45.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
19/10/2019 - 5:45:45.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
19/10/2019 - 5:45:45.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\WindowsShell.Manifest
19/10/2019 - 5:45:45.168Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
19/10/2019 - 5:45:45.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\ws2_32.dll
19/10/2019 - 5:45:45.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\ws2_32.dll
19/10/2019 - 5:45:45.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
19/10/2019 - 5:45:45.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
19/10/2019 - 5:45:45.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
19/10/2019 - 5:45:45.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\wship6.dll
19/10/2019 - 5:45:45.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\wship6.dll
19/10/2019 - 5:45:45.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\wship6.dll
19/10/2019 - 5:45:45.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\wshqos.dll
19/10/2019 - 5:45:45.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\wshqos.dll
19/10/2019 - 5:45:45.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\wshqos.dll
19/10/2019 - 5:45:45.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\wshqos.dll
19/10/2019 - 5:45:45.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\wshqos.dll
19/10/2019 - 5:45:45.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\wshqos.dll
19/10/2019 - 5:45:45.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\wshqos.dll
19/10/2019 - 5:45:45.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\wshqos.dll
19/10/2019 - 5:45:45.168Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Hearts\Hearts.exe
19/10/2019 - 5:45:45.168Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Hearts\Hearts.exe
19/10/2019 - 5:45:45.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Hearts\Hearts.exe
19/10/2019 - 5:45:45.215Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Hearts\pt-BR
19/10/2019 - 5:45:45.215Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Hearts\pt-BR
19/10/2019 - 5:45:45.215Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Hearts
19/10/2019 - 5:45:45.215Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Mahjong
19/10/2019 - 5:45:45.215Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Mahjong\Mahjong.exe
19/10/2019 - 5:45:45.215Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Mahjong\Mahjong.exe
19/10/2019 - 5:45:45.215Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Mahjong\Mahjong.exe
19/10/2019 - 5:45:45.215Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Mahjong\Mahjong.exe
19/10/2019 - 5:45:45.262Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Mahjong\pt-BR
19/10/2019 - 5:45:45.262Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Mahjong\pt-BR
19/10/2019 - 5:45:45.262Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Mahjong
19/10/2019 - 5:45:45.262Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Minesweeper
19/10/2019 - 5:45:45.262Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe
19/10/2019 - 5:45:45.309Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exeMineSweeper.exe
19/10/2019 - 5:45:45.309Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exeMineSweeper.exe
19/10/2019 - 5:45:45.309Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe
19/10/2019 - 5:45:45.309Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exeMineSweeper.exe
19/10/2019 - 5:45:45.309Open1488C:\Monitor\proc.exeC:\
19/10/2019 - 5:45:45.309Unknown1488C:\Monitor\proc.exeC:\
19/10/2019 - 5:45:45.356Open1488C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 5:45:45.356Unknown1488C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:45:45.387Open1488C:\Monitor\proc.exeC:\Monitor\CRYPTSP.dll
19/10/2019 - 5:45:45.387Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptsp.dll
19/10/2019 - 5:45:45.387Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptsp.dll
19/10/2019 - 5:45:45.387Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:45.387Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:45.387Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:45.387Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:45.387Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:45.387Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:45.387Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:45.387Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:45.387Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:45.387Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:45.387Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:45.387Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 5:45:45.387Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
19/10/2019 - 5:45:45.403Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Minesweeper\pt-BR
19/10/2019 - 5:45:45.403Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Minesweeper\pt-BR
19/10/2019 - 5:45:45.403Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Minesweeper
19/10/2019 - 5:45:45.403Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\More Games
19/10/2019 - 5:45:45.403Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\More Games\pt-BR
19/10/2019 - 5:45:45.403Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\More Games\pt-BR
19/10/2019 - 5:45:45.403Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\More Games
19/10/2019 - 5:45:45.403Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Multiplayer
19/10/2019 - 5:45:45.403Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Multiplayer\Backgammon
19/10/2019 - 5:45:45.403Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe
19/10/2019 - 5:45:45.465Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\refewp.exe
19/10/2019 - 5:45:45.465Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\refewp.exe
19/10/2019 - 5:45:45.465Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\refewp.exe
19/10/2019 - 5:45:45.465Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
19/10/2019 - 5:45:45.465Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe
19/10/2019 - 5:45:45.465Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe
19/10/2019 - 5:45:45.465Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe
19/10/2019 - 5:45:45.512Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 5:45:45.512Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
19/10/2019 - 5:45:45.512Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
19/10/2019 - 5:45:45.512Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
19/10/2019 - 5:45:45.512Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
19/10/2019 - 5:45:45.512Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
19/10/2019 - 5:45:45.512Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
19/10/2019 - 5:45:45.512Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\883369258f3eede52e0da11e02ceddd7_fa25e266-6d0f-4de2-813a-bf4374e0628c
19/10/2019 - 5:45:45.512Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
19/10/2019 - 5:45:45.512Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
19/10/2019 - 5:45:45.512Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
19/10/2019 - 5:45:45.512Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
19/10/2019 - 5:45:45.512Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 5:45:45.512Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
19/10/2019 - 5:45:45.512Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
19/10/2019 - 5:45:45.512Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
19/10/2019 - 5:45:45.512Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\883369258f3eede52e0da11e02ceddd7_fa25e266-6d0f-4de2-813a-bf4374e0628c
19/10/2019 - 5:45:45.512Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
19/10/2019 - 5:45:45.512Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
19/10/2019 - 5:45:45.512Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
19/10/2019 - 5:45:45.512Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
19/10/2019 - 5:45:45.512Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Multiplayer\Backgammon\pt-BR
19/10/2019 - 5:45:45.512Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Multiplayer\Backgammon\pt-BR
19/10/2019 - 5:45:45.512Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Multiplayer\Backgammon
19/10/2019 - 5:45:45.512Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Multiplayer\Checkers
19/10/2019 - 5:45:45.512Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe
19/10/2019 - 5:45:45.559Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft
19/10/2019 - 5:45:45.559Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
19/10/2019 - 5:45:45.559Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
19/10/2019 - 5:45:45.559Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
19/10/2019 - 5:45:45.559Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\883369258f3eede52e0da11e02ceddd7_fa25e266-6d0f-4de2-813a-bf4374e0628c
19/10/2019 - 5:45:45.559Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\883369258f3eede52e0da11e02ceddd7_fa25e266-6d0f-4de2-813a-bf4374e0628c883369258f3eede52e0da11e02ceddd7_fa25e266-6d0f-4de2-813a-bf4374e0628c
19/10/2019 - 5:45:45.606Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe
19/10/2019 - 5:45:45.606Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe
19/10/2019 - 5:45:45.606Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe
19/10/2019 - 5:45:45.653Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\wininet.dll
19/10/2019 - 5:45:45.653Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\wininet.dll
19/10/2019 - 5:45:45.700Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Multiplayer\Checkers\pt-BR
19/10/2019 - 5:45:45.700Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Multiplayer\Checkers\pt-BR
19/10/2019 - 5:45:45.700Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Multiplayer\Checkers
19/10/2019 - 5:45:45.700Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Multiplayer\Spades
19/10/2019 - 5:45:45.700Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Multiplayer\Spades\pt-BR
19/10/2019 - 5:45:45.700Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Multiplayer\Spades\pt-BR
19/10/2019 - 5:45:45.700Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe
19/10/2019 - 5:45:45.700Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe
19/10/2019 - 5:45:45.700Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe
19/10/2019 - 5:45:45.700Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe
19/10/2019 - 5:45:45.793Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Multiplayer\Spades
19/10/2019 - 5:45:45.793Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Multiplayer
19/10/2019 - 5:45:45.793Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Purble Place
19/10/2019 - 5:45:45.793Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Purble Place\pt-BR
19/10/2019 - 5:45:45.793Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Purble Place\pt-BR
19/10/2019 - 5:45:45.793Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe
19/10/2019 - 5:45:45.887Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Purble Place\PurblePlace.exePurblePlace.exe
19/10/2019 - 5:45:45.887Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Purble Place\PurblePlace.exePurblePlace.exe
19/10/2019 - 5:45:45.887Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe
19/10/2019 - 5:45:45.887Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Purble Place\PurblePlace.exePurblePlace.exe
19/10/2019 - 5:45:45.981Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Purble Place
19/10/2019 - 5:45:45.981Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Solitaire
19/10/2019 - 5:45:45.981Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Solitaire\pt-BR
19/10/2019 - 5:45:45.981Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Solitaire\pt-BR
19/10/2019 - 5:45:45.981Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
19/10/2019 - 5:45:45.981Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Solitaire\Solitaire.exeSolitaire.exe
19/10/2019 - 5:45:45.981Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Solitaire\Solitaire.exeSolitaire.exe
19/10/2019 - 5:45:45.981Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
19/10/2019 - 5:45:45.981Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Solitaire\Solitaire.exeSolitaire.exe
19/10/2019 - 5:45:46.75Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\Solitaire
19/10/2019 - 5:45:46.75Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\SpiderSolitaire
19/10/2019 - 5:45:46.75Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\SpiderSolitaire\pt-BR
19/10/2019 - 5:45:46.75Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\SpiderSolitaire\pt-BR
19/10/2019 - 5:45:46.75Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
19/10/2019 - 5:45:46.168Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exeSpiderSolitaire.exe
19/10/2019 - 5:45:46.168Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exeSpiderSolitaire.exe
19/10/2019 - 5:45:46.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
19/10/2019 - 5:45:46.168Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exeSpiderSolitaire.exe
19/10/2019 - 5:45:46.262Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games\SpiderSolitaire
19/10/2019 - 5:45:46.262Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Microsoft Games
19/10/2019 - 5:45:46.262Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\MSBuild
19/10/2019 - 5:45:46.262Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\MSBuild
19/10/2019 - 5:45:46.262Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Reference Assemblies
19/10/2019 - 5:45:46.262Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Reference Assemblies
19/10/2019 - 5:45:46.262Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Uninstall Information
19/10/2019 - 5:45:46.262Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Uninstall Information
19/10/2019 - 5:45:46.262Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Defender
19/10/2019 - 5:45:46.262Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Defender\MpCmdRun.exe
19/10/2019 - 5:45:46.356Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Defender\MpCmdRun.exe
19/10/2019 - 5:45:46.356Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Defender\MSASCui.exe
19/10/2019 - 5:45:46.450Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Defender\MSASCui.exe
19/10/2019 - 5:45:46.450Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Defender\pt-BR
19/10/2019 - 5:45:46.450Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Defender\pt-BR
19/10/2019 - 5:45:46.450Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Defender
19/10/2019 - 5:45:46.450Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Journal
19/10/2019 - 5:45:46.450Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Journal\Journal.exe
19/10/2019 - 5:45:46.450Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Journal\Journal.exe
19/10/2019 - 5:45:46.450Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Journal\PDIALOG.exe
19/10/2019 - 5:45:46.543Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Journal\PDIALOG.exe
19/10/2019 - 5:45:46.543Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Journal\pt-BR
19/10/2019 - 5:45:46.543Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Journal\pt-BR
19/10/2019 - 5:45:46.637Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Journal\pt-BR
19/10/2019 - 5:45:46.637Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Journal\Templates
19/10/2019 - 5:45:46.637Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Journal\Templates
19/10/2019 - 5:45:46.731Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Journal\Templates
19/10/2019 - 5:45:46.731Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Journal
19/10/2019 - 5:45:46.731Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Mail
19/10/2019 - 5:45:46.731Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Mail\pt-BR
19/10/2019 - 5:45:46.731Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Mail\pt-BR
19/10/2019 - 5:45:46.731Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Mail\wab.exe
19/10/2019 - 5:45:46.825Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Mail\wab.exe
19/10/2019 - 5:45:46.825Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Mail\wabmig.exe
19/10/2019 - 5:45:46.918Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Mail\wabmig.exe
19/10/2019 - 5:45:46.918Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Mail\WinMail.exe
19/10/2019 - 5:45:46.918Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Mail\WinMail.exe
19/10/2019 - 5:45:46.918Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Mail\WinMail.exe
19/10/2019 - 5:45:46.918Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Mail\WinMail.exe
19/10/2019 - 5:45:46.918Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Mail
19/10/2019 - 5:45:46.918Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Photo Viewer
19/10/2019 - 5:45:46.918Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Photo Viewer\ImagingDevices.exe
19/10/2019 - 5:45:47.12Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Photo Viewer\ImagingDevices.exe
19/10/2019 - 5:45:47.12Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Photo Viewer\pt-BR
19/10/2019 - 5:45:47.12Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Photo Viewer\pt-BR
19/10/2019 - 5:45:47.12Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Photo Viewer
19/10/2019 - 5:45:47.12Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Portable Devices
19/10/2019 - 5:45:47.12Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Portable Devices
19/10/2019 - 5:45:47.12Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar
19/10/2019 - 5:45:47.12Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets
19/10/2019 - 5:45:47.12Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget
19/10/2019 - 5:45:47.12Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images
19/10/2019 - 5:45:47.12Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images
19/10/2019 - 5:45:47.106Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images
19/10/2019 - 5:45:47.106Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\pt-BR
19/10/2019 - 5:45:47.106Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\pt-BR\css
19/10/2019 - 5:45:47.106Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\pt-BR\css
19/10/2019 - 5:45:47.106Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\pt-BR\js
19/10/2019 - 5:45:47.106Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\pt-BR\js
19/10/2019 - 5:45:47.106Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\pt-BR
19/10/2019 - 5:45:47.106Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget
19/10/2019 - 5:45:47.106Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget
19/10/2019 - 5:45:47.106Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images
19/10/2019 - 5:45:47.106Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images
19/10/2019 - 5:45:47.200Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images
19/10/2019 - 5:45:47.325Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images
19/10/2019 - 5:45:47.450Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images
19/10/2019 - 5:45:47.497Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images
19/10/2019 - 5:45:47.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\pt-BR
19/10/2019 - 5:45:47.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\pt-BR\css
19/10/2019 - 5:45:47.497Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\pt-BR\css
19/10/2019 - 5:45:47.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\pt-BR\js
19/10/2019 - 5:45:47.497Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\pt-BR\js
19/10/2019 - 5:45:47.497Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\pt-BR
19/10/2019 - 5:45:47.497Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget
19/10/2019 - 5:45:47.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget
19/10/2019 - 5:45:47.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images
19/10/2019 - 5:45:47.497Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images
19/10/2019 - 5:45:47.590Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images
19/10/2019 - 5:45:47.590Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\pt-BR
19/10/2019 - 5:45:47.590Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\pt-BR\css
19/10/2019 - 5:45:47.590Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\pt-BR\css
19/10/2019 - 5:45:47.590Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\pt-BR\js
19/10/2019 - 5:45:47.590Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\pt-BR\js
19/10/2019 - 5:45:47.590Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\pt-BR
19/10/2019 - 5:45:47.590Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget
19/10/2019 - 5:45:47.590Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget
19/10/2019 - 5:45:47.590Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images
19/10/2019 - 5:45:47.590Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images
19/10/2019 - 5:45:47.684Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images
19/10/2019 - 5:45:47.684Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\pt-BR
19/10/2019 - 5:45:47.684Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\pt-BR\css
19/10/2019 - 5:45:47.684Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\pt-BR\css
19/10/2019 - 5:45:47.684Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\pt-BR\js
19/10/2019 - 5:45:47.684Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\pt-BR\js
19/10/2019 - 5:45:47.684Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\pt-BR
19/10/2019 - 5:45:47.684Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget
19/10/2019 - 5:45:47.684Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget
19/10/2019 - 5:45:47.684Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css
19/10/2019 - 5:45:47.684Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css
19/10/2019 - 5:45:47.684Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images
19/10/2019 - 5:45:47.684Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images
19/10/2019 - 5:45:47.778Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images
19/10/2019 - 5:45:47.778Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js
19/10/2019 - 5:45:47.778Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js
19/10/2019 - 5:45:47.778Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\pt-BR
19/10/2019 - 5:45:47.778Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\pt-BR
19/10/2019 - 5:45:47.778Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget
19/10/2019 - 5:45:47.778Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget
19/10/2019 - 5:45:47.778Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images
19/10/2019 - 5:45:47.778Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images
19/10/2019 - 5:45:47.825Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images
19/10/2019 - 5:45:47.872Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images
19/10/2019 - 5:45:47.872Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\pt-BR
19/10/2019 - 5:45:47.872Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\pt-BR\css
19/10/2019 - 5:45:47.872Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\pt-BR\css
19/10/2019 - 5:45:47.872Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\pt-BR\js
19/10/2019 - 5:45:47.872Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\pt-BR\js
19/10/2019 - 5:45:47.872Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\pt-BR
19/10/2019 - 5:45:47.872Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget
19/10/2019 - 5:45:47.872Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget
19/10/2019 - 5:45:47.872Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images
19/10/2019 - 5:45:47.872Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images
19/10/2019 - 5:45:47.918Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images
19/10/2019 - 5:45:47.918Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\pt-BR
19/10/2019 - 5:45:47.918Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\pt-BR\css
19/10/2019 - 5:45:47.918Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\pt-BR\css
19/10/2019 - 5:45:47.918Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\pt-BR\js
19/10/2019 - 5:45:47.918Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\pt-BR\js
19/10/2019 - 5:45:47.918Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\pt-BR
19/10/2019 - 5:45:47.918Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget
19/10/2019 - 5:45:47.918Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget
19/10/2019 - 5:45:47.918Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images
19/10/2019 - 5:45:47.918Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar
19/10/2019 - 5:45:47.918Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar
19/10/2019 - 5:45:47.918Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop
19/10/2019 - 5:45:47.918Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop
19/10/2019 - 5:45:47.918Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images
19/10/2019 - 5:45:47.918Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\pt-BR
19/10/2019 - 5:45:47.918Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\pt-BR\css
19/10/2019 - 5:45:47.918Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\pt-BR\css
19/10/2019 - 5:45:47.918Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\pt-BR\js
19/10/2019 - 5:45:47.918Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\pt-BR\js
19/10/2019 - 5:45:47.918Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\pt-BR
19/10/2019 - 5:45:47.918Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget
19/10/2019 - 5:45:47.918Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget
19/10/2019 - 5:45:47.918Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images
19/10/2019 - 5:45:47.918Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images
19/10/2019 - 5:45:47.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI
19/10/2019 - 5:45:47.965Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI
19/10/2019 - 5:45:48.12Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI
19/10/2019 - 5:45:48.12Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI
19/10/2019 - 5:45:48.12Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI
19/10/2019 - 5:45:48.59Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI
19/10/2019 - 5:45:48.59Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images
19/10/2019 - 5:45:48.106Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images
19/10/2019 - 5:45:48.153Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images
19/10/2019 - 5:45:48.200Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images
19/10/2019 - 5:45:48.247Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images
19/10/2019 - 5:45:48.293Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images
19/10/2019 - 5:45:48.340Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images
19/10/2019 - 5:45:48.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\pt-BR
19/10/2019 - 5:45:48.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\pt-BR\css
19/10/2019 - 5:45:48.340Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\pt-BR\css
19/10/2019 - 5:45:48.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\pt-BR\js
19/10/2019 - 5:45:48.340Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\pt-BR\js
19/10/2019 - 5:45:48.340Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\pt-BR
19/10/2019 - 5:45:48.340Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget
19/10/2019 - 5:45:48.340Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Gadgets
19/10/2019 - 5:45:48.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\pt-BR
19/10/2019 - 5:45:48.340Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\pt-BR
19/10/2019 - 5:45:48.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Shared Gadgets
19/10/2019 - 5:45:48.340Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\Shared Gadgets
19/10/2019 - 5:45:48.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\sidebar.exe
19/10/2019 - 5:45:48.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar\sidebar.exe
19/10/2019 - 5:45:48.340Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files\Windows Sidebar
19/10/2019 - 5:45:48.340Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files
19/10/2019 - 5:45:48.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)
19/10/2019 - 5:45:48.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\MSBuild
19/10/2019 - 5:45:48.340Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\MSBuild
19/10/2019 - 5:45:48.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Reference Assemblies
19/10/2019 - 5:45:48.340Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Reference Assemblies
19/10/2019 - 5:45:48.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Uninstall Information
19/10/2019 - 5:45:48.340Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Uninstall Information
19/10/2019 - 5:45:48.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Defender
19/10/2019 - 5:45:48.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Defender\pt-BR
19/10/2019 - 5:45:48.340Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Defender\pt-BR
19/10/2019 - 5:45:48.340Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Defender
19/10/2019 - 5:45:48.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Mail
19/10/2019 - 5:45:48.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Mail\pt-BR
19/10/2019 - 5:45:48.340Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Mail\pt-BR
19/10/2019 - 5:45:48.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Mail\wab.exe
19/10/2019 - 5:45:48.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Mail\wab.exe
19/10/2019 - 5:45:48.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Mail\wabmig.exe
19/10/2019 - 5:45:48.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Mail\wabmig.exe
19/10/2019 - 5:45:48.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Mail\WinMail.exe
19/10/2019 - 5:45:48.340Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Mail\WinMail.exe
19/10/2019 - 5:45:48.340Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Mail\WinMail.exe
19/10/2019 - 5:45:48.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Mail\WinMail.exe
19/10/2019 - 5:45:48.340Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Mail
19/10/2019 - 5:45:48.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Photo Viewer
19/10/2019 - 5:45:48.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe
19/10/2019 - 5:45:48.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe
19/10/2019 - 5:45:48.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Photo Viewer\pt-BR
19/10/2019 - 5:45:48.340Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Photo Viewer\pt-BR
19/10/2019 - 5:45:48.340Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Photo Viewer
19/10/2019 - 5:45:48.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Portable Devices
19/10/2019 - 5:45:48.340Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Portable Devices
19/10/2019 - 5:45:48.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar
19/10/2019 - 5:45:48.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets
19/10/2019 - 5:45:48.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget
19/10/2019 - 5:45:48.340Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images
19/10/2019 - 5:45:48.340Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images
19/10/2019 - 5:45:48.387Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images
19/10/2019 - 5:45:48.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\pt-BR
19/10/2019 - 5:45:48.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\pt-BR\css
19/10/2019 - 5:45:48.387Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\pt-BR\css
19/10/2019 - 5:45:48.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\pt-BR\js
19/10/2019 - 5:45:48.387Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\pt-BR\js
19/10/2019 - 5:45:48.387Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\pt-BR
19/10/2019 - 5:45:48.387Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget
19/10/2019 - 5:45:48.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget
19/10/2019 - 5:45:48.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images
19/10/2019 - 5:45:48.387Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images
19/10/2019 - 5:45:48.434Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images
19/10/2019 - 5:45:48.481Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images
19/10/2019 - 5:45:48.528Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images
19/10/2019 - 5:45:48.575Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images
19/10/2019 - 5:45:48.575Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\pt-BR
19/10/2019 - 5:45:48.575Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\pt-BR\css
19/10/2019 - 5:45:48.575Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\pt-BR\css
19/10/2019 - 5:45:48.575Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\pt-BR\js
19/10/2019 - 5:45:48.575Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\pt-BR\js
19/10/2019 - 5:45:48.575Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\pt-BR
19/10/2019 - 5:45:48.575Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget
19/10/2019 - 5:45:48.575Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget
19/10/2019 - 5:45:48.575Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images
19/10/2019 - 5:45:48.575Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images
19/10/2019 - 5:45:48.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images
19/10/2019 - 5:45:48.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\pt-BR
19/10/2019 - 5:45:48.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\pt-BR\css
19/10/2019 - 5:45:48.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\pt-BR\css
19/10/2019 - 5:45:48.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\pt-BR\js
19/10/2019 - 5:45:48.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\pt-BR\js
19/10/2019 - 5:45:48.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\pt-BR
19/10/2019 - 5:45:48.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget
19/10/2019 - 5:45:48.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget
19/10/2019 - 5:45:48.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images
19/10/2019 - 5:45:48.622Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images
19/10/2019 - 5:45:48.668Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images
19/10/2019 - 5:45:48.668Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\pt-BR
19/10/2019 - 5:45:48.668Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\pt-BR\css
19/10/2019 - 5:45:48.668Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\pt-BR\css
19/10/2019 - 5:45:48.668Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\pt-BR\js
19/10/2019 - 5:45:48.668Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\pt-BR\js
19/10/2019 - 5:45:48.668Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\pt-BR
19/10/2019 - 5:45:48.668Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget
19/10/2019 - 5:45:48.668Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget
19/10/2019 - 5:45:48.668Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images
19/10/2019 - 5:45:48.668Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images
19/10/2019 - 5:45:48.715Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images
19/10/2019 - 5:45:48.762Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images
19/10/2019 - 5:45:48.762Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\pt-BR
19/10/2019 - 5:45:48.762Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\pt-BR\css
19/10/2019 - 5:45:48.762Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\pt-BR\css
19/10/2019 - 5:45:48.762Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\pt-BR\js
19/10/2019 - 5:45:48.762Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\pt-BR\js
19/10/2019 - 5:45:48.762Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\pt-BR
19/10/2019 - 5:45:48.762Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget
19/10/2019 - 5:45:48.762Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget
19/10/2019 - 5:45:48.762Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images
19/10/2019 - 5:45:48.762Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images
19/10/2019 - 5:45:48.809Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images
19/10/2019 - 5:45:48.809Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\pt-BR
19/10/2019 - 5:45:48.809Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\pt-BR\css
19/10/2019 - 5:45:48.809Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\pt-BR\css
19/10/2019 - 5:45:48.809Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\pt-BR\js
19/10/2019 - 5:45:48.809Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\pt-BR\js
19/10/2019 - 5:45:48.809Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\pt-BR
19/10/2019 - 5:45:48.809Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget
19/10/2019 - 5:45:48.809Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget
19/10/2019 - 5:45:48.809Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images
19/10/2019 - 5:45:48.809Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar
19/10/2019 - 5:45:48.809Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar
19/10/2019 - 5:45:48.809Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop
19/10/2019 - 5:45:48.809Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop
19/10/2019 - 5:45:48.809Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images
19/10/2019 - 5:45:48.809Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\pt-BR
19/10/2019 - 5:45:48.809Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\pt-BR\css
19/10/2019 - 5:45:48.809Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\pt-BR\css
19/10/2019 - 5:45:48.809Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\pt-BR\js
19/10/2019 - 5:45:48.809Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\pt-BR\js
19/10/2019 - 5:45:48.809Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\pt-BR
19/10/2019 - 5:45:48.809Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget
19/10/2019 - 5:45:48.809Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget
19/10/2019 - 5:45:48.809Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images
19/10/2019 - 5:45:48.809Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images
19/10/2019 - 5:45:48.872Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI
19/10/2019 - 5:45:48.872Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI
19/10/2019 - 5:45:48.918Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI
19/10/2019 - 5:45:48.918Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI
19/10/2019 - 5:45:48.918Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI
19/10/2019 - 5:45:48.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI
19/10/2019 - 5:45:48.965Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images
19/10/2019 - 5:45:49.12Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images
19/10/2019 - 5:45:49.59Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images
19/10/2019 - 5:45:49.106Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images
19/10/2019 - 5:45:49.153Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images
19/10/2019 - 5:45:49.200Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images
19/10/2019 - 5:45:49.247Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images
19/10/2019 - 5:45:49.247Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\pt-BR
19/10/2019 - 5:45:49.247Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\pt-BR\css
19/10/2019 - 5:45:49.247Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\pt-BR\css
19/10/2019 - 5:45:49.247Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\pt-BR\js
19/10/2019 - 5:45:49.247Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\pt-BR\js
19/10/2019 - 5:45:49.247Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\pt-BR
19/10/2019 - 5:45:49.293Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget
19/10/2019 - 5:45:49.293Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Gadgets
19/10/2019 - 5:45:49.293Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\pt-BR
19/10/2019 - 5:45:49.293Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\pt-BR
19/10/2019 - 5:45:49.293Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Shared Gadgets
19/10/2019 - 5:45:49.293Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\Shared Gadgets
19/10/2019 - 5:45:49.293Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\sidebar.exe
19/10/2019 - 5:45:49.293Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar\sidebar.exe
19/10/2019 - 5:45:49.293Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\Windows Sidebar
19/10/2019 - 5:45:49.293Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)
19/10/2019 - 5:45:49.293Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData
19/10/2019 - 5:45:49.293Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Application Data
19/10/2019 - 5:45:49.293Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Application Data
19/10/2019 - 5:45:49.293Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Dados de aplicativos
19/10/2019 - 5:45:49.293Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Dados de aplicativos
19/10/2019 - 5:45:49.293Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Desktop
19/10/2019 - 5:45:49.293Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Desktop
19/10/2019 - 5:45:49.293Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Documentos
19/10/2019 - 5:45:49.293Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Documentos
19/10/2019 - 5:45:49.293Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Documents
19/10/2019 - 5:45:49.293Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Documents
19/10/2019 - 5:45:49.293Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Favorites
19/10/2019 - 5:45:49.293Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Favorites
19/10/2019 - 5:45:49.293Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Favoritos
19/10/2019 - 5:45:49.293Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Favoritos
19/10/2019 - 5:45:49.293Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Menu Iniciar
19/10/2019 - 5:45:49.293Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Menu Iniciar
19/10/2019 - 5:45:49.293Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Modelos
19/10/2019 - 5:45:49.293Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Modelos
19/10/2019 - 5:45:49.293Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache
19/10/2019 - 5:45:49.293Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
19/10/2019 - 5:45:49.293Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
19/10/2019 - 5:45:49.293Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exevcredist_x86.exe
19/10/2019 - 5:45:49.293Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exevcredist_x86.exe
19/10/2019 - 5:45:49.309Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
19/10/2019 - 5:45:49.309Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exevcredist_x86.exe
19/10/2019 - 5:45:49.309Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
19/10/2019 - 5:45:49.309Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030
19/10/2019 - 5:45:49.309Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages
19/10/2019 - 5:45:49.309Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64
19/10/2019 - 5:45:49.309Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64
19/10/2019 - 5:45:49.309Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages
19/10/2019 - 5:45:49.309Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030
19/10/2019 - 5:45:49.309Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030
19/10/2019 - 5:45:49.309Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages
19/10/2019 - 5:45:49.309Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86
19/10/2019 - 5:45:49.309Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86
19/10/2019 - 5:45:49.309Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages
19/10/2019 - 5:45:49.309Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030
19/10/2019 - 5:45:49.309Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030
19/10/2019 - 5:45:49.309Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages
19/10/2019 - 5:45:49.309Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86
19/10/2019 - 5:45:49.309Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86
19/10/2019 - 5:45:49.309Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages
19/10/2019 - 5:45:49.309Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030
19/10/2019 - 5:45:49.309Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
19/10/2019 - 5:45:49.309Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
19/10/2019 - 5:45:49.309Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exevcredist_x64.exe
19/10/2019 - 5:45:49.309Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exevcredist_x64.exe
19/10/2019 - 5:45:49.309Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
19/10/2019 - 5:45:49.309Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exevcredist_x64.exe
19/10/2019 - 5:45:49.309Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
19/10/2019 - 5:45:49.309Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030
19/10/2019 - 5:45:49.309Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages
19/10/2019 - 5:45:49.309Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64
19/10/2019 - 5:45:49.309Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64
19/10/2019 - 5:45:49.309Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages
19/10/2019 - 5:45:49.309Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030
19/10/2019 - 5:45:49.309Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache
19/10/2019 - 5:45:49.309Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Start Menu
19/10/2019 - 5:45:49.309Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Start Menu
19/10/2019 - 5:45:49.325Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Templates
19/10/2019 - 5:45:49.325Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Templates
19/10/2019 - 5:45:49.325Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData
19/10/2019 - 5:45:49.325Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Recovery
19/10/2019 - 5:45:49.325Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13
19/10/2019 - 5:45:49.325Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13
19/10/2019 - 5:45:49.325Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Recovery
19/10/2019 - 5:45:49.325Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users
19/10/2019 - 5:45:49.325Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\All Users
19/10/2019 - 5:45:49.325Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData
19/10/2019 - 5:45:49.325Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Application Data
19/10/2019 - 5:45:49.325Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Application Data
19/10/2019 - 5:45:49.325Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Application Data
19/10/2019 - 5:45:49.325Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Application Data
19/10/2019 - 5:45:49.325Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Dados de aplicativos
19/10/2019 - 5:45:49.325Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Dados de aplicativos
19/10/2019 - 5:45:49.325Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Dados de aplicativos
19/10/2019 - 5:45:49.325Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Dados de aplicativos
19/10/2019 - 5:45:49.325Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Desktop
19/10/2019 - 5:45:49.325Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Desktop
19/10/2019 - 5:45:49.325Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Desktop
19/10/2019 - 5:45:49.325Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Desktop
19/10/2019 - 5:45:49.325Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Documentos
19/10/2019 - 5:45:49.325Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Documentos
19/10/2019 - 5:45:49.325Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Documentos
19/10/2019 - 5:45:49.325Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Documentos
19/10/2019 - 5:45:49.325Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Documents
19/10/2019 - 5:45:49.325Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Documents
19/10/2019 - 5:45:49.325Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Documents
19/10/2019 - 5:45:49.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Documents
19/10/2019 - 5:45:49.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Favorites
19/10/2019 - 5:45:49.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Favorites
19/10/2019 - 5:45:49.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Favorites
19/10/2019 - 5:45:49.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Favorites
19/10/2019 - 5:45:49.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Favoritos
19/10/2019 - 5:45:49.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Favoritos
19/10/2019 - 5:45:49.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Favoritos
19/10/2019 - 5:45:49.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Favoritos
19/10/2019 - 5:45:49.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Menu Iniciar
19/10/2019 - 5:45:49.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Menu Iniciar
19/10/2019 - 5:45:49.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Menu Iniciar
19/10/2019 - 5:45:49.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Menu Iniciar
19/10/2019 - 5:45:49.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Modelos
19/10/2019 - 5:45:49.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Modelos
19/10/2019 - 5:45:49.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Modelos
19/10/2019 - 5:45:49.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Modelos
19/10/2019 - 5:45:49.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache
19/10/2019 - 5:45:49.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache
19/10/2019 - 5:45:49.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
19/10/2019 - 5:45:49.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
19/10/2019 - 5:45:49.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
19/10/2019 - 5:45:49.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
19/10/2019 - 5:45:49.387Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exevcredist_x86.exe
19/10/2019 - 5:45:49.387Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exevcredist_x86.exe
19/10/2019 - 5:45:49.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
19/10/2019 - 5:45:49.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
19/10/2019 - 5:45:49.387Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exevcredist_x86.exe
19/10/2019 - 5:45:49.387Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
19/10/2019 - 5:45:49.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030
19/10/2019 - 5:45:49.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030
19/10/2019 - 5:45:49.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages
19/10/2019 - 5:45:49.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages
19/10/2019 - 5:45:49.387Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64
19/10/2019 - 5:45:49.403Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64
19/10/2019 - 5:45:49.403Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64
19/10/2019 - 5:45:49.403Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages
19/10/2019 - 5:45:49.403Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030
19/10/2019 - 5:45:49.403Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030
19/10/2019 - 5:45:49.403Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030
19/10/2019 - 5:45:49.403Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages
19/10/2019 - 5:45:49.403Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages
19/10/2019 - 5:45:49.403Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86
19/10/2019 - 5:45:49.403Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86
19/10/2019 - 5:45:49.403Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86
19/10/2019 - 5:45:49.403Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages
19/10/2019 - 5:45:49.403Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030
19/10/2019 - 5:45:49.403Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030
19/10/2019 - 5:45:49.403Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030
19/10/2019 - 5:45:49.403Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages
19/10/2019 - 5:45:49.403Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages
19/10/2019 - 5:45:49.403Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86
19/10/2019 - 5:45:49.403Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86
19/10/2019 - 5:45:49.403Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86
19/10/2019 - 5:45:49.403Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages
19/10/2019 - 5:45:49.403Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030
19/10/2019 - 5:45:49.403Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
19/10/2019 - 5:45:49.403Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
19/10/2019 - 5:45:49.403Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
19/10/2019 - 5:45:49.403Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
19/10/2019 - 5:45:49.403Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exevcredist_x64.exe
19/10/2019 - 5:45:49.403Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exevcredist_x64.exe
19/10/2019 - 5:45:49.403Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
19/10/2019 - 5:45:49.403Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
19/10/2019 - 5:45:49.403Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exevcredist_x64.exe
19/10/2019 - 5:45:49.403Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
19/10/2019 - 5:45:49.403Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030
19/10/2019 - 5:45:49.403Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030
19/10/2019 - 5:45:49.403Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages
19/10/2019 - 5:45:49.403Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages
19/10/2019 - 5:45:49.418Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64
19/10/2019 - 5:45:49.418Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64
19/10/2019 - 5:45:49.418Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64
19/10/2019 - 5:45:49.418Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages
19/10/2019 - 5:45:49.418Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030
19/10/2019 - 5:45:49.418Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache
19/10/2019 - 5:45:49.418Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Start Menu
19/10/2019 - 5:45:49.418Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Start Menu
19/10/2019 - 5:45:49.418Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Start Menu
19/10/2019 - 5:45:49.418Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Start Menu
19/10/2019 - 5:45:49.418Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Templates
19/10/2019 - 5:45:49.418Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Templates
19/10/2019 - 5:45:49.418Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Templates
19/10/2019 - 5:45:49.418Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Templates
19/10/2019 - 5:45:49.418Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData
19/10/2019 - 5:45:49.418Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:45:49.418Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Ambiente de impresso
19/10/2019 - 5:45:49.418Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Ambiente de impresso
19/10/2019 - 5:45:49.418Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Ambiente de rede
19/10/2019 - 5:45:49.418Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Ambiente de rede
19/10/2019 - 5:45:49.418Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Configuraes locais
19/10/2019 - 5:45:49.418Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Configuraes locais
19/10/2019 - 5:45:49.418Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Contacts
19/10/2019 - 5:45:49.418Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Contacts
19/10/2019 - 5:45:49.418Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Cookies
19/10/2019 - 5:45:49.418Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Cookies
19/10/2019 - 5:45:49.418Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Dados de aplicativos
19/10/2019 - 5:45:49.418Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Dados de aplicativos
19/10/2019 - 5:45:49.418Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Desktop
19/10/2019 - 5:45:49.481Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Desktop
19/10/2019 - 5:45:49.481Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Documents
19/10/2019 - 5:45:49.481Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Documents\Meus vdeos
19/10/2019 - 5:45:49.481Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Documents\Meus vdeos
19/10/2019 - 5:45:49.481Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Documents\Minhas imagens
19/10/2019 - 5:45:49.481Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Documents\Minhas imagens
19/10/2019 - 5:45:49.481Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Documents\Minhas msicas
19/10/2019 - 5:45:49.481Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Documents\Minhas msicas
19/10/2019 - 5:45:49.481Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Documents
19/10/2019 - 5:45:49.481Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads
19/10/2019 - 5:45:49.481Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor
19/10/2019 - 5:45:49.481Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor
19/10/2019 - 5:45:49.481Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\Files
19/10/2019 - 5:45:49.481Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\Files\DeletedFiles
19/10/2019 - 5:45:49.481Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\Files\DeletedFiles
19/10/2019 - 5:45:49.481Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\Files\Logs
19/10/2019 - 5:45:49.481Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\Files\Logs
19/10/2019 - 5:45:49.481Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\Files
19/10/2019 - 5:45:49.481Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\Malware
19/10/2019 - 5:45:49.481Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\Malware
19/10/2019 - 5:45:49.481Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package
19/10/2019 - 5:45:49.481Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package
19/10/2019 - 5:45:49.481Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WKCDController.exe
19/10/2019 - 5:45:49.481Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WKCDController.exeWKCDController.exe
19/10/2019 - 5:45:49.481Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WKCDController.exeWKCDController.exe
19/10/2019 - 5:45:49.481Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WKCDController.exe
19/10/2019 - 5:45:49.481Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WKCDController.exeWKCDController.exe
19/10/2019 - 5:45:49.481Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WKCDController.exeWKCDController.exe
19/10/2019 - 5:45:49.481Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WKCD_Load_Use.exe
19/10/2019 - 5:45:49.481Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/10/2019 - 5:45:49.481Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/10/2019 - 5:45:49.481Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WKCD_Load_Use.exe
19/10/2019 - 5:45:49.481Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/10/2019 - 5:45:49.481Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/10/2019 - 5:45:49.481Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\zip.exe
19/10/2019 - 5:45:49.481Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\zip.exe
19/10/2019 - 5:45:49.481Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\zip.exe
19/10/2019 - 5:45:49.481Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\zip.exe
19/10/2019 - 5:45:49.481Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\zip.exe
19/10/2019 - 5:45:49.481Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\zip.exe
19/10/2019 - 5:45:49.481Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\zip.exe
19/10/2019 - 5:45:49.481Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\zip.exe
19/10/2019 - 5:45:49.481Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\zip.exe
19/10/2019 - 5:45:49.481Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\zip.exe
19/10/2019 - 5:45:49.481Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\zip.exe
19/10/2019 - 5:45:49.497Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor\zip.exe
19/10/2019 - 5:45:49.497Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor\Monitor
19/10/2019 - 5:45:49.497Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\Monitor
19/10/2019 - 5:45:49.497Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Favorites
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Favorites\Links
19/10/2019 - 5:45:49.497Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Favorites\Links
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Favorites\Links for Brasil
19/10/2019 - 5:45:49.497Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Favorites\Links for Brasil
19/10/2019 - 5:45:49.497Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Favorites
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Links
19/10/2019 - 5:45:49.497Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Links
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Menu Iniciar
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Menu Iniciar
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Meus documentos
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Meus documentos
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Modelos
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Modelos
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Music
19/10/2019 - 5:45:49.497Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Music
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Pictures
19/10/2019 - 5:45:49.497Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Pictures
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Recent
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Recent
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Saved Games
19/10/2019 - 5:45:49.497Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Saved Games
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Searches
19/10/2019 - 5:45:49.497Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Searches
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\SendTo
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\SendTo
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Videos
19/10/2019 - 5:45:49.497Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Videos
19/10/2019 - 5:45:49.497Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Ambiente de impresso
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Ambiente de impresso
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Ambiente de rede
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Ambiente de rede
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Application Data
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Application Data
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Configuraes locais
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Configuraes locais
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Cookies
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Cookies
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Dados de aplicativos
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Dados de aplicativos
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Desktop
19/10/2019 - 5:45:49.497Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Desktop
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Documents
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Documents\Meus vdeos
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Documents\Meus vdeos
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Documents\Minhas imagens
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Documents\Minhas imagens
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Documents\Minhas msicas
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Documents\Minhas msicas
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Documents\My Music
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Documents\My Music
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Documents\My Pictures
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Documents\My Pictures
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Documents\My Videos
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Documents\My Videos
19/10/2019 - 5:45:49.497Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Documents
19/10/2019 - 5:45:49.497Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Documents
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Downloads
19/10/2019 - 5:45:49.497Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Downloads
19/10/2019 - 5:45:49.497Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Favorites
19/10/2019 - 5:45:49.559Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Favorites
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Links
19/10/2019 - 5:45:49.559Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Links
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Menu Iniciar
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Menu Iniciar
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Meus documentos
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Meus documentos
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Modelos
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Modelos
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Music
19/10/2019 - 5:45:49.559Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Music
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\My Documents
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\My Documents
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\NetHood
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\NetHood
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Pictures
19/10/2019 - 5:45:49.559Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Pictures
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\PrintHood
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\PrintHood
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Recent
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Recent
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Saved Games
19/10/2019 - 5:45:49.559Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Saved Games
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\SendTo
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\SendTo
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Start Menu
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Start Menu
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Templates
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Templates
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Videos
19/10/2019 - 5:45:49.559Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default\Videos
19/10/2019 - 5:45:49.559Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default User
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Default User
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Desktop
19/10/2019 - 5:45:49.559Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Desktop
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Documents
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Documents\Meus vdeos
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Documents\Meus vdeos
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Documents\Minhas imagens
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Documents\Minhas imagens
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Documents\Minhas msicas
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Documents\Minhas msicas
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Documents\My Music
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Documents\My Music
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Documents\My Pictures
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Documents\My Pictures
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Documents\My Videos
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Documents\My Videos
19/10/2019 - 5:45:49.559Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Documents
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Downloads
19/10/2019 - 5:45:49.559Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Downloads
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Favorites
19/10/2019 - 5:45:49.559Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Favorites
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Libraries
19/10/2019 - 5:45:49.559Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Libraries
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Music
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Music\Sample Music
19/10/2019 - 5:45:49.559Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Music\Sample Music
19/10/2019 - 5:45:49.559Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Music
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Pictures
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Pictures\Sample Pictures
19/10/2019 - 5:45:49.559Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Pictures\Sample Pictures
19/10/2019 - 5:45:49.559Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Pictures
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Recorded TV
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Recorded TV\Sample Media
19/10/2019 - 5:45:49.559Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Recorded TV\Sample Media
19/10/2019 - 5:45:49.559Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Recorded TV
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Videos
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Videos\Sample Videos
19/10/2019 - 5:45:49.559Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Videos\Sample Videos
19/10/2019 - 5:45:49.559Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public\Videos
19/10/2019 - 5:45:49.559Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Public
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Todos os Usurios
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Application Data
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Application Data
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Application Data
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Application Data
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Dados de aplicativos
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Dados de aplicativos
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Dados de aplicativos
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Dados de aplicativos
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Desktop
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Desktop
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Desktop
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Desktop
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Documentos
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Documentos
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Documentos
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Documentos
19/10/2019 - 5:45:49.559Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Documents
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Documents
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Documents
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Documents
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Favorites
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Favorites
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Favorites
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Favorites
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Favoritos
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Favoritos
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Favoritos
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Favoritos
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Menu Iniciar
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Menu Iniciar
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Menu Iniciar
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Menu Iniciar
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Modelos
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Modelos
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Modelos
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Modelos
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
19/10/2019 - 5:45:49.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exevcredist_x86.exe
19/10/2019 - 5:45:49.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exevcredist_x86.exe
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
19/10/2019 - 5:45:49.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exevcredist_x86.exe
19/10/2019 - 5:45:49.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64
19/10/2019 - 5:45:49.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64
19/10/2019 - 5:45:49.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages
19/10/2019 - 5:45:49.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86
19/10/2019 - 5:45:49.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86
19/10/2019 - 5:45:49.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages
19/10/2019 - 5:45:49.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86
19/10/2019 - 5:45:49.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86
19/10/2019 - 5:45:49.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages
19/10/2019 - 5:45:49.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
19/10/2019 - 5:45:49.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exevcredist_x64.exe
19/10/2019 - 5:45:49.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exevcredist_x64.exe
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
19/10/2019 - 5:45:49.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exevcredist_x64.exe
19/10/2019 - 5:45:49.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64
19/10/2019 - 5:45:49.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64
19/10/2019 - 5:45:49.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages
19/10/2019 - 5:45:49.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030
19/10/2019 - 5:45:49.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Package Cache
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Start Menu
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Start Menu
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Start Menu
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Start Menu
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Templates
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Templates
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Templates
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData\Templates
19/10/2019 - 5:45:49.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\ProgramData
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Usurio Padro
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Usurio Padro
19/10/2019 - 5:45:49.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\zip.exe
19/10/2019 - 5:45:49.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\zip.exe
19/10/2019 - 5:45:49.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\zip.exe
19/10/2019 - 5:45:49.622Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\zip.exe
19/10/2019 - 5:45:49.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\zip.exe
19/10/2019 - 5:45:49.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\zip.exe
19/10/2019 - 5:45:49.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\zip.exe
19/10/2019 - 5:45:49.622Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\zip.exe
19/10/2019 - 5:45:49.622Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\zip.exe
19/10/2019 - 5:45:49.622Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\zip.exe
19/10/2019 - 5:45:49.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\zip.exe
19/10/2019 - 5:45:49.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\zip.exe
19/10/2019 - 5:45:49.622Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\
19/10/2019 - 5:45:49.778Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)
19/10/2019 - 5:45:49.778Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)
19/10/2019 - 5:45:49.778Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\WinRAR\Rar.exe
19/10/2019 - 5:45:49.778Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\WinRAR\Rar.exe
19/10/2019 - 5:45:49.778Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\WinRAR\Rar.exe
19/10/2019 - 5:45:49.778Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Program Files (x86)\WinRAR\Rar.exe
19/10/2019 - 5:45:49.778Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\5295123e.exe
19/10/2019 - 5:46:48.450Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\netprofm.dll
19/10/2019 - 5:46:48.450Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\netprofm.dll
19/10/2019 - 5:46:48.450Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\nlaapi.dll
19/10/2019 - 5:46:48.450Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\nlaapi.dll
19/10/2019 - 5:46:48.637Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\npmproxy.dll
19/10/2019 - 5:46:48.637Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\npmproxy.dll
19/10/2019 - 5:46:49.793Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\wininet.dll
19/10/2019 - 5:46:49.793Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\wininet.dll
19/10/2019 - 5:47:30.793Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:30.793Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:30.887Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor
19/10/2019 - 5:47:30.887Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor
19/10/2019 - 5:47:30.887Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:30.887Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:30.887Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\PROPSYS.dll
19/10/2019 - 5:47:30.887Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\propsys.dll
19/10/2019 - 5:47:30.887Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\propsys.dll
19/10/2019 - 5:47:30.887Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 5:47:30.887Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe.Local
19/10/2019 - 5:47:30.887Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:47:30.887Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:47:30.887Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:47:30.887Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
19/10/2019 - 5:47:30.887Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
19/10/2019 - 5:47:30.887Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
19/10/2019 - 5:47:30.887Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
19/10/2019 - 5:47:30.887Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
19/10/2019 - 5:47:30.887Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Desktop\desktop.ini
19/10/2019 - 5:47:30.887Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Desktop\desktop.ini
19/10/2019 - 5:47:30.887Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\propsys.dll
19/10/2019 - 5:47:30.887Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\propsys.dll
19/10/2019 - 5:47:30.887Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\System32\propsys.dll
19/10/2019 - 5:47:30.887Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\propsys.dll
19/10/2019 - 5:47:30.887Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\propsys.dll
19/10/2019 - 5:47:30.887Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\System32\propsys.dll
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\
19/10/2019 - 5:47:30.903Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\desktop.ini
19/10/2019 - 5:47:30.903Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\desktop.ini
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users
19/10/2019 - 5:47:30.903Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:47:30.903Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Searches\desktop.ini
19/10/2019 - 5:47:30.903Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Searches\desktop.ini
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\
19/10/2019 - 5:47:30.903Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users
19/10/2019 - 5:47:30.903Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:47:30.903Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Videos\desktop.ini
19/10/2019 - 5:47:30.903Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Videos\desktop.ini
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\
19/10/2019 - 5:47:30.903Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users
19/10/2019 - 5:47:30.903Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:47:30.903Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Pictures\desktop.ini
19/10/2019 - 5:47:30.903Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Pictures\desktop.ini
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\
19/10/2019 - 5:47:30.903Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users
19/10/2019 - 5:47:30.903Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:47:30.903Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\
19/10/2019 - 5:47:30.903Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users
19/10/2019 - 5:47:30.903Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:47:30.903Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Contacts\desktop.ini
19/10/2019 - 5:47:30.903Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Contacts\desktop.ini
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\
19/10/2019 - 5:47:30.903Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users
19/10/2019 - 5:47:30.903Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:47:30.903Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Favorites\desktop.ini
19/10/2019 - 5:47:30.903Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Favorites\desktop.ini
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\
19/10/2019 - 5:47:30.903Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users
19/10/2019 - 5:47:30.903Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:47:30.903Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Music\desktop.ini
19/10/2019 - 5:47:30.903Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Music\desktop.ini
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\
19/10/2019 - 5:47:30.903Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users
19/10/2019 - 5:47:30.903Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:47:30.903Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\desktop.ini
19/10/2019 - 5:47:30.903Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Downloads\desktop.ini
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\
19/10/2019 - 5:47:30.903Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users
19/10/2019 - 5:47:30.903Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:47:30.903Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Documents\desktop.ini
19/10/2019 - 5:47:30.903Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Documents\desktop.ini
19/10/2019 - 5:47:30.903Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\
19/10/2019 - 5:47:30.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\
19/10/2019 - 5:47:30.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users
19/10/2019 - 5:47:30.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users
19/10/2019 - 5:47:30.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:47:30.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:47:30.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Links\desktop.ini
19/10/2019 - 5:47:30.965Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Links\desktop.ini
19/10/2019 - 5:47:30.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\
19/10/2019 - 5:47:30.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\
19/10/2019 - 5:47:30.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users
19/10/2019 - 5:47:30.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users
19/10/2019 - 5:47:30.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:47:30.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:47:30.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Saved Games\desktop.ini
19/10/2019 - 5:47:30.965Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\Saved Games\desktop.ini
19/10/2019 - 5:47:30.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\apphelp.dll
19/10/2019 - 5:47:30.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:47:30.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:47:30.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:47:30.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:47:30.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64
19/10/2019 - 5:47:30.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64
19/10/2019 - 5:47:30.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:47:30.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\
19/10/2019 - 5:47:30.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\
19/10/2019 - 5:47:30.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows
19/10/2019 - 5:47:30.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows
19/10/2019 - 5:47:30.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64
19/10/2019 - 5:47:30.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64
19/10/2019 - 5:47:30.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64
19/10/2019 - 5:47:30.965Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64
19/10/2019 - 5:47:30.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:47:30.965Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:47:31.153Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:47:31.153Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:47:31.153Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:47:31.153Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:47:31.153Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:47:31.153Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:47:31.153Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:47:31.153Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:47:31.153Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:47:31.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 5:47:31.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 5:47:31.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\
19/10/2019 - 5:47:31.168Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\
19/10/2019 - 5:47:31.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users
19/10/2019 - 5:47:31.168Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users
19/10/2019 - 5:47:31.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.168Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\
19/10/2019 - 5:47:31.168Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\
19/10/2019 - 5:47:31.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users
19/10/2019 - 5:47:31.168Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users
19/10/2019 - 5:47:31.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:47:31.168Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:47:31.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData
19/10/2019 - 5:47:31.168Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData
19/10/2019 - 5:47:31.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local
19/10/2019 - 5:47:31.168Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local
19/10/2019 - 5:47:31.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:47:31.168Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:47:31.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.168Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:47:31.168Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:47:31.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local
19/10/2019 - 5:47:31.168Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local
19/10/2019 - 5:47:31.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData
19/10/2019 - 5:47:31.168Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData
19/10/2019 - 5:47:31.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:47:31.168Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:47:31.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users
19/10/2019 - 5:47:31.168Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users
19/10/2019 - 5:47:31.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.168Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.168Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.168Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat:Zone.Identifier
19/10/2019 - 5:47:31.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor
19/10/2019 - 5:47:31.168Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor
19/10/2019 - 5:47:31.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.168Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.168Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.168Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.168Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:47:31.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:47:31.168Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:47:31.168Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.184Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.184Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\
19/10/2019 - 5:47:31.184Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\
19/10/2019 - 5:47:31.184Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users
19/10/2019 - 5:47:31.184Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users
19/10/2019 - 5:47:31.184Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:47:31.184Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot
19/10/2019 - 5:47:31.184Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData
19/10/2019 - 5:47:31.184Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData
19/10/2019 - 5:47:31.184Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local
19/10/2019 - 5:47:31.184Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local
19/10/2019 - 5:47:31.184Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:47:31.184Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:47:31.184Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:47:31.184Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:47:31.184Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.184Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.184Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.184Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.184Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.184Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.184Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.184Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.184Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.184Read2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.184Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.184Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.184Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.184Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.184Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.184Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.184Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:47:31.184Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:47:31.184Open2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:47:31.387Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:47:31.387Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
19/10/2019 - 5:47:31.387Read2984C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 5:47:31.387Read2984C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 5:47:31.387Open2984C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 5:47:31.387Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows
19/10/2019 - 5:47:31.387Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Monitor
19/10/2019 - 5:47:31.387Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
19/10/2019 - 5:47:31.387Unknown2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:47:31.387Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:47:31.387Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 5:47:31.387Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 5:47:31.387Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 5:47:31.387Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 5:47:31.387Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 5:47:31.387Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 5:47:31.387Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 5:47:31.387Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:47:31.387Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:47:31.387Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:47:31.387Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 5:47:31.387Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:47:31.387Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 5:47:31.387Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 5:47:31.387Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dll
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 5:47:31.387Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dll
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 5:47:31.387Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 5:47:31.387Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:47:31.387Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 5:47:31.387Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:47:31.387Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 5:47:31.387Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 5:47:31.387Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 5:47:31.387Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 5:47:31.387Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 5:47:31.387Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 5:47:31.403Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:47:31.403Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 5:47:31.403Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 5:47:31.403Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dll
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 5:47:31.403Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:47:31.403Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 5:47:31.403Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:47:31.403Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:47:31.403Open2984C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 5:47:31.403Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 5:47:31.403Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 5:47:31.403Read2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:47:31.403Read2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:47:31.403Read2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:47:31.403Open2984C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 5:47:31.403Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 5:47:31.403Read2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:47:31.403Read2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:47:31.403Read2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:47:31.403Read2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:47:31.403Read2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:47:31.403Read2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 5:47:31.403Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:47:31.403Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:47:31.403Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 5:47:31.403Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:47:31.403Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 5:47:31.403Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:47:31.403Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 5:47:31.403Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 5:47:31.403Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:47:31.403Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:47:31.403Open2984C:\Windows\SysWOW64\cmd.exeC:\Monitor
19/10/2019 - 5:47:31.622Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:47:31.622Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 5:47:31.622Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:47:31.622Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 5:47:31.622Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:47:31.622Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:47:31.622Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:47:31.622Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:47:31.622Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:47:31.622Open2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 5:47:31.622Read2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:47:31.622Open2984C:\Windows\SysWOW64\cmd.exeC:\Monitor
19/10/2019 - 5:47:31.622Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Monitor
19/10/2019 - 5:47:31.622Open2984C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:47:31.622Unknown2984C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:47:31.622Open2984C:\Windows\SysWOW64\cmd.exeC:\Monitor
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Monitor
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Monitor\"C:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat"
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.637Read2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:47:31.637Read2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.637Read2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.637Read2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:47:31.637Read2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Monitor\Files\DeletedFiles
19/10/2019 - 5:47:31.637Delete2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:47:31.637Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.637Read2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.637Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.637Read2984C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:47:31.653Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:47:31.653Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:47:31.653Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.653Read2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.653Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.653Open2984C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:47:31.653Unknown2984C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 5:47:31.653Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.653Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.653Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:47:31.653Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:47:31.653Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.653Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.653Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:47:31.653Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.653Open2984C:\Windows\SysWOW64\cmd.exeC:\Monitor\Files\DeletedFiles
19/10/2019 - 5:47:31.653Delete2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.653Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.653Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:47:31.653Open2984C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\0ae6359c.bat
19/10/2019 - 5:47:31.653Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 5:47:31.653Unknown2984C:\Windows\SysWOW64\cmd.exeC:\Monitor

Process
Trace
19/10/2019 - 5:45:43.700Create1480C:\malware.exe1488C:\Monitor\proc.exe
19/10/2019 - 5:45:43.731Create1488C:\Monitor\proc.exe2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:47:31.387Create2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exe2984C:\Windows\SysWOW64\cmd.exe
19/10/2019 - 5:47:31.387Terminate1488C:\Monitor\proc.exe2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exe
19/10/2019 - 5:47:31.653Terminate2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exe2984C:\Windows\SysWOW64\cmd.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
19/10/2019 - 5:45:44.28Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
19/10/2019 - 5:45:44.28Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
19/10/2019 - 5:45:44.28Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
19/10/2019 - 5:45:44.28Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
19/10/2019 - 5:45:44.28Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
19/10/2019 - 5:45:44.28Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
19/10/2019 - 5:45:44.28Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
19/10/2019 - 5:45:44.28Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
19/10/2019 - 5:45:44.28Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnable
19/10/2019 - 5:45:44.28Delete2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyServer
19/10/2019 - 5:45:44.28Delete2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyOverride
19/10/2019 - 5:45:44.28Delete2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigURL
19/10/2019 - 5:45:44.28Delete2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoDetect
19/10/2019 - 5:45:44.28Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsSavedLegacySettings
19/10/2019 - 5:45:44.90Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ContentCachePrefix
19/10/2019 - 5:45:44.90Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\CookiesCachePrefix
19/10/2019 - 5:45:44.90Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\HistoryCachePrefix
19/10/2019 - 5:45:44.434Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
19/10/2019 - 5:45:44.434Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
19/10/2019 - 5:45:44.434Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
19/10/2019 - 5:45:44.434Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
19/10/2019 - 5:45:45.465Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\RunOncehhxoepjzxqz
19/10/2019 - 5:45:45.981Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
19/10/2019 - 5:45:45.981Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
19/10/2019 - 5:45:45.981Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
19/10/2019 - 5:45:45.981Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
19/10/2019 - 5:45:45.981Delete2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
19/10/2019 - 5:45:45.981Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
19/10/2019 - 5:45:45.981Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
19/10/2019 - 5:45:45.981Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
19/10/2019 - 5:45:45.981Delete2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
19/10/2019 - 5:45:45.981Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
19/10/2019 - 5:45:45.981Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
19/10/2019 - 5:45:45.981Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
19/10/2019 - 5:45:45.981Delete2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
19/10/2019 - 5:46:48.637Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
19/10/2019 - 5:46:48.637Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
19/10/2019 - 5:46:48.637Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
19/10/2019 - 5:46:48.637Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
19/10/2019 - 5:46:49.934Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
19/10/2019 - 5:46:49.934Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
19/10/2019 - 5:46:49.934Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
19/10/2019 - 5:46:49.934Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
19/10/2019 - 5:46:49.934Delete2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
19/10/2019 - 5:46:49.934Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
19/10/2019 - 5:46:49.934Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
19/10/2019 - 5:46:49.934Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
19/10/2019 - 5:46:49.934Delete2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
19/10/2019 - 5:46:49.934Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
19/10/2019 - 5:46:49.934Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
19/10/2019 - 5:46:49.934Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
19/10/2019 - 5:46:49.934Delete2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
19/10/2019 - 5:47:30.793Write2476C:\Users\Behemot\AppData\Local\Temp\vSQshX.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\GTplusTime

File Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:50273 code ddos.dnsnb8.net.
computer localhost arrow_forward computer gateway:DNS code dns.msftncsi.com.
computer localhost arrow_forward computer gateway:DNS code ddos.dnsnb8.net.

Response
computer gateway:DNS arrow_forward computer localhost code dns.msftncsi.com. reply_all 131.107.255.255

computer gateway:DNS arrow_forward computer localhost code ddos.dnsnb8.net. reply_all 185.87.187.198


TCP
Info
computer localhost:65194 arrow_forward 185.87.187.198:799
computer localhost:65191 arrow_forward 185.87.187.198:799
computer localhost:65193 arrow_forward 185.87.187.198:799
computer localhost:65192 arrow_forward 185.87.187.198:799
computer localhost:65195 arrow_forward 185.87.187.198:799

UDP
Info
computer localhost:55394 arrow_forward computer localhost:53
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273
computer localhost:53 arrow_forward computer localhost:55394
computer localhost:67 arrow_forward computer localhost:68
computer localhost:68 arrow_forward help_outline 255.255.255.255:67

HTTP
Info

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
False cancel

Results
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel
Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle
SVC (Kernel=Linear, NFS-BRMalware)
confidence: 94.82%
suspicious: False cancel
Random Forest (100 estimators, NFS-BRMalware)
confidence: 64.00%
suspicious: False cancel
Add to Collection
Download