Report #9262 check_circle

  • Creation Date: March 11, 2020, 11:01 a.m.
  • Last Update: March 11, 2020, 12:33 p.m.
  • File: arquivohd.exe
  • Results:
Binary
DLL
False cancel
Size
3.24MB
trid
35.7% Win32 Executable
16.4% Win16/32 Executable Delphi generic
16.0% OS/2 Executable
15.8% Generic Win/DOS Executable
15.8% DOS Executable Generic
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
c1e688a39992ee2ce7c5d20d8ae2634c
sha1
9b186afde00fa2ad8de80cec4ee5b03df93743a5
crc32
0xec4c189d
sha224
fe3a68dc71c697c7890bdb39b86a58eee276f9a7f3cee0ea8272696c
sha256
26e910fe6130948dd4c021075edcd2f2be31541667165d09782d55281d95b57b
sha384
ff4ed01a1f9497449dbea736e5140bcd07caaa03742a26a8bfaca69c9f09065f59479788a87bda3bc75a9293129b1cd4
sha512
3be33284084163c61a4b83a9663ae69eb147ec3cc91add818c4878dbf79e01d74d2816cf251ec336697645f163ea4ca3ade1488a5329d506c22372080c259a7c
ssdeep
49152:L+Hbmf9q2ikOvIDj8h4dcfmjal3uv/iuswtfyoNNWsEp2Z3:L1q2yIDAhucfmkevdySI9p
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
maldoc_getEIP_method_1, domain, Themida10xx18xxnocompressionOreansTechnologies, IP, contentis_base64, VirtualPC_Detection, Xtreme_Protector_v105, Xtreme_Protector_100_105_Rafael_Ahucha_Sergio_Lara, IsPacked, WinRAR_32_bit_SFX_Module_additional, vmdetect, IsPE32, ThemidaWinLicenseV1XNoCompressionSecureEngineOreansTechnologies, IsWindowsGUI

Suspicious
True check_circle

Strings
List
%userappdata%\RestartApp.exe
Font.Name
Font.Style
Font.Style
Font.Name
Font.Name
Font.Style
Font.Style
Font.Name
Font.Style
Font.Name
Font.Style
Font.Name
Font.Style
Font.Name
Font.Style
Font.Name
Font.Style
Font.Name
Font.Style
Font.Name
U.TL
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
k.GD
YD.cf
X.aL
X.aL
A.mC
X.aL
X.aL
P.tT
Lm1.ZA
e$Y.to
1.nu
t-.jm
2.km
x.va
4nv3/5.TW;S
COMCTL32.dll
n.td}
zUSER32.dll
-w.drt
NTDLL.dll
winmm.dll
Network is down.
Host is down.
PortName^<html><head></head><body><h1>Error Encountered</h1><P>Interface %s not found</P></body></html>V<html><head></head><body><h1>Forbidden (403)</h1><P>Access Forbidden</P></body></html>
Socket Error # %d
"i.rO
@RfDg1
(ld?;i
Pcn|U-
&oH-p
C9SAg|1
,f$mC,E
:\++
`%/
H&or
Vs,E
@L he
I'NhMu
5]ue\=%a?
L%E>}DI5"
name="Microsoft.Windows.Common-Controls"
UTF-7)"%s" DOMImplementation already registered
!6wn%dr
R3`VN%c
R3`VN%c
4EWc
9%iT(
i9N"%c
%Et4%n
?6}I%a
Connected.
4FN%A
6FN%A
6FN%A
2FN%e
6FN%A
6FN%A
6FN%A
6FN%A
6FN%A
u%0El
6FN%A
6FN%A
6FN%A
6FN%A
6FN%A
6FN%A
2FN%e
6FN%A
4FN%A
6FN%A
6FN%A
6FN%A
6FN%A
6FN%A
6FN%A
6FN%A

Foremost
Matches
0.exe, 3 MB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: Invalid owner=This control requires version 4.70 or greater of COMCTL32.DLL, ADVAPI32.dll, COMCTL32.dll, KERNEL32.dll, zUSER32.dll, winmm.dll, NTDLL.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 887808
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 16384
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 3436526
Suspicous: False cancel

Sections
Allowed: , .rsrc, .idata , themida
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 2.25
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 1933332
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: advapi32.dll, comctl32.dll, kernel32.dll, winmm.dll, ntdll.dll
hasLibs: True check_circle
Suspicious: invalid owner=this control requires version 4.70 or greater of comctl32.dll, zuser32.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2014-07-25 14:21:35
Future: False cancel

Compilation
Packed: True check_circle
Missing: False cancel
Packers: WinRAR 32-bit SFX Module
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8
MainPacker: Xtreme-Protector v1.05

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
none: 479
.rsrc: 2651

pushpopmath
none: 340
.rsrc: 748

ss register
none: 57
.rsrc: 11

garbagebytes
none: 183
.rsrc: 2062

hookdetection
none: 10
.rsrc: 30

software breakpoint
none: 7
.rsrc: 24

fakeconditionaljumps
none: 4
.rsrc: 28

programcontrolflowchange
none: 179
.rsrc: 2038

cpuinstructionsresultscomparison
.rsrc: 18

AVclass
behav
1
VirusTotal
md5
c1e688a39992ee2ce7c5d20d8ae2634c
sha1
9b186afde00fa2ad8de80cec4ee5b03df93743a5
SCANS (DETECTION RATE = 79.10%)
AVG
result: FileRepMetagen [Malware]
update: 20180323
version: 18.2.3827.0
detected: True check_circle

CMC
update: 20180323
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=82)
update: 20180323
version: 2017.11.15.1
detected: True check_circle

Bkav
result: W32.eHeur.Virus02
update: 20180322
version: 1.3.0.9466
detected: True check_circle

K7GW
result: Trojan ( 0040f4ef1 )
update: 20180323
version: 10.42.26597
detected: True check_circle

ALYac
result: Gen:Variant.Symmi.6360
update: 20180323
version: 1.1.1.5
detected: True check_circle

Avast
result: FileRepMetagen [Malware]
update: 20180323
version: 18.2.3827.0
detected: True check_circle

Avira
result: TR/Symmi.6360
update: 20180323
version: 8.3.3.6
detected: True check_circle

Baidu
result: Win32.Trojan.WisdomEyes.16070401.9500.9727
update: 20180323
version: 1.0.0.2
detected: True check_circle

Cyren
result: W32/Themida_Packed!Eldorado
update: 20180323
version: 5.4.30.7
detected: True check_circle

DrWeb
update: 20180323
version: 7.0.28.2020
detected: False cancel

GData
result: Gen:Variant.Symmi.6360
update: 20180323
version: A:25.16478B:25.11859
detected: True check_circle

Panda
result: Generic Suspicious
update: 20180323
version: 4.6.4.2
detected: True check_circle

VBA32
result: TScope.Malware-Cryptor.SB
update: 20180323
version: 3.12.28.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180323
version: 65472
detected: True check_circle

Zoner
update: 20180323
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180323
version: 1.5.0.42
detected: True check_circle

ClamAV
update: 20180323
version: 0.99.2.0
detected: False cancel

Comodo
result: UnclassifiedMalware
update: 20180323
version: 28732
detected: True check_circle

F-Prot
result: W32/Themida_Packed!Eldorado
update: 20180323
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Trojan.Win32.Buzus
update: 20180323
version: 0.1.5.2
detected: True check_circle

McAfee
result: Artemis!C1E688A39992
update: 20180323
version: 6.0.6.653
detected: True check_circle

Rising
update: 20180323
version: 25.0.0.1
detected: False cancel

Sophos
result: Mal/Behav-374
update: 20180323
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.Blocker!ZDEu6GvHJks
update: 20180323
version: 5.5.1.3
detected: True check_circle

Zillya
result: Trojan.Blocker.Win32.31148
update: 20180323
version: 2.0.0.3519
detected: True check_circle

Arcabit
result: Trojan.Symmi.D18D8
update: 20180323
version: 1.0.0.831
detected: True check_circle

Cylance
result: Unsafe
update: 20180323
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180316
version: 2.0.5
detected: True check_circle

Tencent
result: Win32.Trojan.Blocker.Szbi
update: 20180323
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180323
version: 2014.3.20.0
detected: False cancel

eGambit
result: Unsafe.AI_Score_62%
update: 20180323
version: v4.3.5
detected: True check_circle

Ad-Aware
result: Gen:Variant.Symmi.6360
update: 20180323
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: Troj.Ransom.W32.Blocker.fgzq!c
update: 20180323
version: 4.2
detected: True check_circle

Emsisoft
result: Gen:Variant.Symmi.6360 (B)
update: 20180323
version: 4.0.2.899
detected: True check_circle

F-Secure
result: Gen:Variant.Symmi.6360
update: 20180323
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: W32/Blocker.FGZQ!tr
update: 20180323
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20180121
version: 6.3.4.26036
detected: True check_circle

Jiangmin
result: Trojan.Blocker.grn
update: 20180323
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20180323
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180323
version: 1.0
detected: True check_circle

Symantec
result: Trojan.Gen
update: 20180323
version: 1.5.0.0
detected: True check_circle

nProtect
update: 20180323
version: 2018-03-23.02
detected: False cancel

AhnLab-V3
result: Trojan/Win32.KillAV.R121143
update: 20180323
version: 3.12.0.20130
detected: True check_circle

Antiy-AVL
result: Trojan[Ransom]/Win32.Blocker
update: 20180323
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Trojan-Ransom.Win32.Blocker.fgzq
update: 20180323
version: 15.0.1.13
detected: True check_circle

Microsoft
update: 20180323
version: 1.1.14600.4
detected: False cancel

Qihoo-360
result: Win32/Trojan.0bb
update: 20180323
version: 1.0.0.1120
detected: True check_circle

TheHacker
result: W32/Behav-Heuristic-064
update: 20180319
version: 6.8.0.5.2551
detected: True check_circle

ZoneAlarm
result: Trojan-Ransom.Win32.Blocker.fgzq
update: 20180323
version: 1.0
detected: True check_circle

Cybereason
result: malicious.39992e
update: 20180225
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: a variant of Win32/KillAV.NQL
update: 20180323
version: 17106
detected: True check_circle

TrendMicro
result: TROJ_KILLAV.WUOA
update: 20180323
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20180223
detected: False cancel

BitDefender
result: Gen:Variant.Symmi.6360
update: 20180323
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_100% (W)
update: 20170201
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 0040f4ef1 )
update: 20180323
version: 10.42.26598
detected: True check_circle

SentinelOne
result: static engine - malicious
update: 20180225
version: 1.0.15.206
detected: True check_circle

Avast-Mobile
update: 20180323
version: 180323-04
detected: False cancel

Malwarebytes
update: 20180323
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180323
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.Rimod
update: 20180323
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.KillAV.ddmwom
update: 20180323
version: 1.0.100.22043
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Symmi.6360
update: 20180323
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180323
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Trojan.wc
update: 20180323
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_KILLAV.WUOA
update: 20180323
version: 9.950.0.1006
detected: True check_circle

total
67
sha256
26e910fe6130948dd4c021075edcd2f2be31541667165d09782d55281d95b57b
scan_id
26e910fe6130948dd4c021075edcd2f2be31541667165d09782d55281d95b57b-1521831278
resource
c1e688a39992ee2ce7c5d20d8ae2634c
positives
53
scan_date
2018-03-23 18:54:38
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
11/3/2020 - 11:45:43.543Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 11:45:43.543Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 11:45:43.637Open1480C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:43.637Read1480C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:43.778Open1480C:\malware.exeC:\Monitor\Malware
11/3/2020 - 11:45:43.778Unknown1480C:\malware.exeC:\Monitor
11/3/2020 - 11:45:43.809Open1480C:\malware.exeC:\version.dll
11/3/2020 - 11:45:43.809Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
11/3/2020 - 11:45:43.809Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
11/3/2020 - 11:45:43.809Open1480C:\malware.exeC:\mpr.dll
11/3/2020 - 11:45:43.809Open1480C:\malware.exeC:\Windows\SysWOW64\mpr.dll
11/3/2020 - 11:45:43.809Open1480C:\malware.exeC:\Windows\SysWOW64\mpr.dll
11/3/2020 - 11:45:43.903Open1480C:\malware.exeC:\Monitor
11/3/2020 - 11:45:43.903Unknown1480C:\malware.exeC:\Monitor\Malware
11/3/2020 - 11:45:46.872Open1480C:\malware.exeC:\malware.PTB
11/3/2020 - 11:45:46.872Open1480C:\malware.exeC:\malware.PTB.DLL
11/3/2020 - 11:45:46.872Open1480C:\malware.exeC:\malware.PT
11/3/2020 - 11:45:46.872Open1480C:\malware.exeC:\malware.PT.DLL
11/3/2020 - 11:45:46.872Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:46.872Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:46.918Open1480C:\malware.exeC:\dwmapi.dll
11/3/2020 - 11:45:46.918Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
11/3/2020 - 11:45:46.918Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
11/3/2020 - 11:45:46.918Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
11/3/2020 - 11:45:46.918Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
11/3/2020 - 11:45:46.918Open1480C:\malware.exeC:\Wship6.dll
11/3/2020 - 11:45:46.918Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
11/3/2020 - 11:45:46.918Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
11/3/2020 - 11:45:46.918Open1480C:\malware.exeC:\olepro32.dll
11/3/2020 - 11:45:46.918Open1480C:\malware.exeC:\Windows\SysWOW64\olepro32.dll
11/3/2020 - 11:45:46.918Open1480C:\malware.exeC:\Windows\SysWOW64\olepro32.dll
11/3/2020 - 11:45:46.918Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
11/3/2020 - 11:45:46.918Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
11/3/2020 - 11:45:46.918Open1480C:\malware.exeC:\malware.exe.Local
11/3/2020 - 11:45:46.918Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61
11/3/2020 - 11:45:46.918Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61
11/3/2020 - 11:45:46.918Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61
11/3/2020 - 11:45:46.918Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61\comctl32.dll.mui
11/3/2020 - 11:45:46.934Read1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61\comctl32.dll.muicomctl32.dll.mui
11/3/2020 - 11:45:46.934Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
11/3/2020 - 11:45:46.934Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll.Config
11/3/2020 - 11:45:46.934Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:46.934Open1480C:\malware.exeC:\malware.exe.Local
11/3/2020 - 11:45:46.934Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:46.934Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:46.934Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:46.934Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:46.934Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:46.934Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
11/3/2020 - 11:45:46.934Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\AVAST Software\Avast\AvastSvc.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Windows\AVAST Software\Avast\AvastSvc.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\AVAST Software\Avast\AvastSvc.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\AVG\AVG9\avgemc.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Windows\AVG\AVG9\avgemc.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\AVG\AVG9\avgemc.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Windows\Baidu Security\Baidu Antivirus\BavTray.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\Baidu Security\Baidu Antivirus\BavUpdater.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Windows\Baidu Security\Baidu Antivirus\BavUpdater.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\Baidu Security\Baidu Antivirus\BavUpdater.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\Baidu Security\Baidu Antivirus\BavWebClient.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Windows\Baidu Security\Baidu Antivirus\BavWebClient.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\Baidu Security\Baidu Antivirus\BavWebClient.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\AVG\AVG10\avgfws.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Windows\AVG\AVG10\avgfws.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\AVG\AVG10\avgfws.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Windows\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\AVG\AVG10\avgwdsvc.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Windows\AVG\AVG10\avgwdsvc.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\AVG\AVG10\avgwdsvc.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\system32\DRIVERS\avgldx86.sys
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Windows\SysWOW64\drivers\avgldx86.sys
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\system32\DRIVERS\avgldx86.sys
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\system32\DRIVERS\avgmfx86.sys
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Windows\SysWOW64\drivers\avgmfx86.sys
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\system32\DRIVERS\avgmfx86.sys
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Windows\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\AVG\AVG10\avgwdsvc.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Windows\AVG\AVG10\avgwdsvc.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\AVG\AVG10\avgwdsvc.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\AVG\AVG10\avgwdsvc.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Windows\AVG\AVG10\avgwdsvc.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\AVG\AVG10\avgwdsvc.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Windows\AVG\AVG2012\AVGIDSAgent.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\AVG\AVG2012\avgwdsvc.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Windows\AVG\AVG2012\avgwdsvc.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\AVG\AVG2012\avgwdsvc.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\AVG\AVG2014\avgwdsvc.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Windows\AVG\AVG2014\avgwdsvc.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\AVG\AVG2014\avgwdsvc.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\AVG\AVG2014\avgemc.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Windows\AVG\AVG2014\avgemc.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\AVG\AVG2014\avgemc.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\AVG\AVG2013\avgemc.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Windows\AVG\AVG2013\avgemc.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\AVG\AVG2013\avgemc.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\AVG\AVG2013\avgfws.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Windows\AVG\AVG2013\avgfws.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\AVG\AVG2013\avgfws.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\AVG\AVG2014\avgfws.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Windows\AVG\AVG2014\avgfws.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\AVG\AVG2014\avgfws.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\AVG\AVG2014\avgidsagent.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Windows\AVG\AVG2014\avgidsagent.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\AVG\AVG2014\avgidsagent.exe
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\system32\DRIVERS\AVGIDSDriver.Sys
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Windows\SysWOW64\drivers\AVGIDSDriver.Sys
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\system32\DRIVERS\AVGIDSDriver.Sys
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\system32\DRIVERS\AVGIDSEH.Sys
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Windows\SysWOW64\drivers\AVGIDSEH.Sys
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\system32\DRIVERS\AVGIDSEH.Sys
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\system32\DRIVERS\AVGIDSFilter.Sys
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Windows\SysWOW64\drivers\AVGIDSFilter.Sys
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\system32\DRIVERS\AVGIDSFilter.Sys
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\system32\DRIVERS\AVGIDSShim.Sys
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Windows\SysWOW64\drivers\AVGIDSShim.Sys
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\system32\DRIVERS\AVGIDSShim.Sys
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\system32\DRIVERS\avgldx86.sys
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Windows\SysWOW64\drivers\avgldx86.sys
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\system32\DRIVERS\avgldx86.sys
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Program Files\system32\DRIVERS\avgmfx86.sys
11/3/2020 - 11:45:46.950Open1480C:\malware.exeC:\Windows\SysWOW64\drivers\avgmfx86.sys
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\system32\DRIVERS\avgmfx86.sys
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\system32\DRIVERS\avgrkx86.sys
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Windows\SysWOW64\drivers\avgrkx86.sys
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\system32\DRIVERS\avgrkx86.sys
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Windows\ESET\ESET NOD32 Antivirus\ekrn.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Windows\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Norton Internet Security\Engine\17.0.0.136\diMaster.dll
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Windows\Norton Internet Security\Engine\17.0.0.136\diMaster.dll
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Norton Internet Security\Engine\17.0.0.136\diMaster.dll
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Windows\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\CleanUpPolicy.xml
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Windows\Microsoft Security Client\CleanUpPolicy.xml
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\CleanUpPolicy.xml
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Windows\Microsoft Security Client\Antimalware\MsMpEng.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\msseces.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Windows\Microsoft Security Client\msseces.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\msseces.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\setupres.dll
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Windows\Microsoft Security Client\setupres.dll
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\setupres.dll
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\shellext.dll
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Windows\Microsoft Security Client\shellext.dll
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\shellext.dll
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\sqmapi.dll
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Windows\Microsoft Security Client\sqmapi.dll
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\sqmapi.dll
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\Antimalware\IpsConsumer.dll
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Windows\Microsoft Security Client\Antimalware\IpsConsumer.dll
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\Antimalware\IpsConsumer.dll
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Windows\Microsoft Security Client\Antimalware\MpAsDesc.dll
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\Antimalware\MpClient.dll
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Windows\Microsoft Security Client\Antimalware\MpClient.dll
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\Antimalware\MpClient.dll
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Windows\Microsoft Security Client\Antimalware\MpCmdRun.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\Antimalware\MpCommu.dll
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Windows\Microsoft Security Client\Antimalware\MpCommu.dll
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\Antimalware\MpCommu.dll
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\Antimalware\mpevmsg.dll
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Windows\Microsoft Security Client\Antimalware\mpevmsg.dll
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\Antimalware\mpevmsg.dll
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\Antimalware\MpOAv.dll
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Windows\Microsoft Security Client\Antimalware\MpOAv.dll
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\Antimalware\MpOAv.dll
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Avira\AntiVir Desktop\sched.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Windows\Avira\AntiVir Desktop\sched.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Avira\AntiVir Desktop\sched.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Windows\Avira\AntiVir Desktop\avguard.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\system32\DRIVERS\avgntflt.sys
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Windows\SysWOW64\drivers\avgntflt.sys
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\system32\DRIVERS\avgntflt.sys
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\system32\DRIVERS\avipbb.sys
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Windows\SysWOW64\drivers\avipbb.sys
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\system32\DRIVERS\avipbb.sys
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Windows\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\system32\drivers\kl1.sys
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Windows\SysWOW64\drivers\kl1.sys
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\system32\drivers\kl1.sys
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\system32\drivers\klif.sys
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Windows\SysWOW64\drivers\klif.sys
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\system32\drivers\klif.sys
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\AVG\AVG2013\avgidsagent.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Windows\AVG\AVG2013\avgidsagent.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\AVG\AVG2013\avgidsagent.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Avira\AntiVir Desktop\sched.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Windows\Avira\AntiVir Desktop\sched.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Avira\AntiVir Desktop\sched.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Windows\Avira\AntiVir Desktop\avguard.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Program Files\system32\UserAccountControlSettings.exe
11/3/2020 - 11:45:47.43Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exe
11/3/2020 - 11:45:47.43Unknown1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exeUserAccountControlSettings.exe
11/3/2020 - 11:45:47.340Open1480C:\malware.exeC:\
11/3/2020 - 11:45:47.340Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:47.340Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exe
11/3/2020 - 11:45:47.340Unknown1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exeUserAccountControlSettings.exe
11/3/2020 - 11:45:47.340Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exe
11/3/2020 - 11:45:47.340Unknown1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exeUserAccountControlSettings.exe
11/3/2020 - 11:45:47.340Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exe
11/3/2020 - 11:45:47.340Unknown1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exeUserAccountControlSettings.exe
11/3/2020 - 11:45:47.340Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exe
11/3/2020 - 11:45:47.340Unknown1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exeUserAccountControlSettings.exe
11/3/2020 - 11:45:47.387Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exe
11/3/2020 - 11:45:47.387Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
11/3/2020 - 11:45:47.387Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exe
11/3/2020 - 11:45:47.387Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exe
11/3/2020 - 11:45:47.387Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exe
11/3/2020 - 11:45:47.387Open1480C:\malware.exeC:\Program Files\system32\UserAccountControlSettings.dll
11/3/2020 - 11:45:47.387Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.dll
11/3/2020 - 11:45:47.387Unknown1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.dllUserAccountControlSettings.dll
11/3/2020 - 11:45:47.387Open1480C:\malware.exeC:\
11/3/2020 - 11:45:47.387Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:47.387Open1480C:\malware.exeC:\
11/3/2020 - 11:45:47.387Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:47.387Open1480C:\malware.exeC:\
11/3/2020 - 11:45:47.387Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:47.387Open1480C:\malware.exeC:\
11/3/2020 - 11:45:47.387Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:47.387Open1480C:\malware.exeC:\
11/3/2020 - 11:45:47.387Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:47.387Open1480C:\malware.exeC:\
11/3/2020 - 11:45:47.387Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:47.387Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.dll
11/3/2020 - 11:45:47.387Unknown1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.dllUserAccountControlSettings.dll
11/3/2020 - 11:45:47.387Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.dll
11/3/2020 - 11:45:47.387Unknown1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.dllUserAccountControlSettings.dll
11/3/2020 - 11:45:47.387Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.dll
11/3/2020 - 11:45:47.387Unknown1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.dllUserAccountControlSettings.dll
11/3/2020 - 11:45:47.387Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.dll
11/3/2020 - 11:45:47.387Unknown1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.dllUserAccountControlSettings.dll
11/3/2020 - 11:45:47.387Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.dll
11/3/2020 - 11:45:47.387Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.dll
11/3/2020 - 11:45:47.387Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.dll
11/3/2020 - 11:45:47.387Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.dll
11/3/2020 - 11:45:47.387Open1480C:\malware.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
11/3/2020 - 11:45:47.387Open1480C:\malware.exeC:\Windows\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Program Files\Windows Defender\MsMpEng.exe
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Windows\Windows Defender\MsMpEng.exe
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Program Files\Windows Defender\MsMpEng.exe
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Program Files\Windows Defender
11/3/2020 - 11:45:47.403Unknown1480C:\malware.exeC:\Program Files\Windows Defender
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Windows\Windows Defender
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Program Files\Windows Defender
11/3/2020 - 11:45:47.403Unknown1480C:\malware.exeC:\Program Files\Windows Defender
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\
11/3/2020 - 11:45:47.403Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\
11/3/2020 - 11:45:47.403Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\
11/3/2020 - 11:45:47.403Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\
11/3/2020 - 11:45:47.403Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\
11/3/2020 - 11:45:47.403Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\
11/3/2020 - 11:45:47.403Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Program Files\Windows Defender
11/3/2020 - 11:45:47.403Unknown1480C:\malware.exeC:\Program Files\Windows Defender
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Program Files\Windows Defender
11/3/2020 - 11:45:47.403Unknown1480C:\malware.exeC:\Program Files\Windows Defender
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Program Files\Windows Defender
11/3/2020 - 11:45:47.403Unknown1480C:\malware.exeC:\Program Files\Windows Defender
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Program Files\Windows Defender
11/3/2020 - 11:45:47.403Unknown1480C:\malware.exeC:\Program Files\Windows Defender
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Program Files\Windows Defender
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Program Files\Windows Defender
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Program Files\Windows Defender
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Program Files\Windows Defender
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Program Files\Windows Defender
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Windows\Kaspersky Lab\Kaspersky Anti-Virus 2013\
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Program Files\Kaspersky Lab
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Windows\Kaspersky Lab
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Program Files\Kaspersky Lab
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Program Files\AVAST Software
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Windows\AVAST Software
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Program Files\AVAST Software
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Program Files\Alwil Software\Avast5
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Windows\Alwil Software\Avast5
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Program Files\Alwil Software\Avast5
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Program Files\Alwil Software
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Windows\Alwil Software
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Program Files\Alwil Software
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Program Files\AVG\AVG9
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Windows\AVG\AVG9
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Program Files\AVG\AVG9
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Program Files\AVG\AVG10
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Windows\AVG\AVG10
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Program Files\AVG\AVG10
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Program Files\AVG
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Windows\AVG
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Program Files\AVG
11/3/2020 - 11:45:47.403Open1480C:\malware.exeC:\Program Files\AVG\AVG2012
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\AVG\AVG2012
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\AVG\AVG2012
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\AVG\AVG2014
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\AVG\AVG2014
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\AVG\AVG2014
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\ESET\ESET NOD32 Antivirus
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\ESET\ESET NOD32 Antivirus
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\ESET\ESET NOD32 Antivirus
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\ESET
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\ESET
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\ESET
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\Norton Internet Security\Engine
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\Norton Internet Security\Engine
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\Norton Internet Security\Engine
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\Spyware Terminator
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\Spyware Terminator
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\Spyware Terminator
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\Antimalware\Drivers
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\Microsoft Security Client\Antimalware\Drivers
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\Antimalware\Drivers
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\Antimalware\Drivers
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\Microsoft Security Client\Antimalware\Drivers
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\Antimalware\Drivers
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\Antimalware\EN-US
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\Microsoft Security Client\Antimalware\EN-US
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\Antimalware\EN-US
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\Antimalware\PT-BR
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\Microsoft Security Client\Antimalware\PT-BR
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\Antimalware\PT-BR
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\EN-US
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\Microsoft Security Client\EN-US
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\EN-US
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\PT-BR
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\Microsoft Security Client\PT-BR
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\Microsoft Security Client\PT-BR
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\Avira\AntiVir Desktop
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\Avira\AntiVir Desktop
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\Avira\AntiVir Desktop
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\Avira
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\Avira
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\Avira
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\Kaspersky Lab\Kaspersky Internet Security 6.0
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\Kaspersky Lab
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\Kaspersky Lab
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\Kaspersky Lab
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\AVG\AVG2013
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\AVG\AVG2013
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\AVG\AVG2013
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\Baidu Security
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\Baidu Security
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files\Baidu Security
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\AVAST Software\Avast\AvastSvc.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\AVAST Software\Avast\AvastSvc.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\AVAST Software\Avast\AvastSvc.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG9\avgemc.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\AVG\AVG9\avgemc.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG9\avgemc.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\Baidu Security\Baidu Antivirus\BavTray.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavUpdater.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\Baidu Security\Baidu Antivirus\BavUpdater.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavUpdater.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavWebClient.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\Baidu Security\Baidu Antivirus\BavWebClient.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavWebClient.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG10\avgfws.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\AVG\AVG10\avgfws.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG10\avgfws.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\AVG\AVG10\avgwdsvc.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\system32\DRIVERS\avgldx86.sys
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\SysWOW64\drivers\avgldx86.sys
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\system32\DRIVERS\avgldx86.sys
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\system32\DRIVERS\avgmfx86.sys
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\SysWOW64\drivers\avgmfx86.sys
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\system32\DRIVERS\avgmfx86.sys
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\AVG\AVG10\avgwdsvc.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\AVG\AVG10\avgwdsvc.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\AVG\AVG2012\AVGIDSAgent.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\AVG\AVG2012\avgwdsvc.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\AVG\AVG2014\avgwdsvc.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG2014\avgemc.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\AVG\AVG2014\avgemc.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG2014\avgemc.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG2013\avgemc.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\AVG\AVG2013\avgemc.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG2013\avgemc.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG2013\avgfws.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\AVG\AVG2013\avgfws.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG2013\avgfws.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG2014\avgfws.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\AVG\AVG2014\avgfws.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG2014\avgfws.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\AVG\AVG2014\avgidsagent.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\system32\DRIVERS\AVGIDSDriver.Sys
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\SysWOW64\drivers\AVGIDSDriver.Sys
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\system32\DRIVERS\AVGIDSDriver.Sys
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\system32\DRIVERS\AVGIDSEH.Sys
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\SysWOW64\drivers\AVGIDSEH.Sys
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\system32\DRIVERS\AVGIDSEH.Sys
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\system32\DRIVERS\AVGIDSFilter.Sys
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\SysWOW64\drivers\AVGIDSFilter.Sys
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\system32\DRIVERS\AVGIDSFilter.Sys
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\system32\DRIVERS\AVGIDSShim.Sys
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\SysWOW64\drivers\AVGIDSShim.Sys
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\system32\DRIVERS\AVGIDSShim.Sys
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\system32\DRIVERS\avgldx86.sys
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\SysWOW64\drivers\avgldx86.sys
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\system32\DRIVERS\avgldx86.sys
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\system32\DRIVERS\avgmfx86.sys
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\SysWOW64\drivers\avgmfx86.sys
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\system32\DRIVERS\avgmfx86.sys
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\system32\DRIVERS\avgrkx86.sys
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\SysWOW64\drivers\avgrkx86.sys
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\system32\DRIVERS\avgrkx86.sys
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\ESET\ESET NOD32 Antivirus\ekrn.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Windows\ESET\ESET NOD32 Antivirus\ekrn.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\ESET\ESET NOD32 Antivirus\ekrn.exe
11/3/2020 - 11:45:47.418Open1480C:\malware.exeC:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Windows\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\diMaster.dll
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Windows\Norton Internet Security\Engine\17.0.0.136\diMaster.dll
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\diMaster.dll
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Windows\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\CleanUpPolicy.xml
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Windows\Microsoft Security Client\CleanUpPolicy.xml
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\CleanUpPolicy.xml
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\Antimalware\MsMpEng.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Windows\Microsoft Security Client\Antimalware\MsMpEng.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\Antimalware\MsMpEng.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\msseces.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Windows\Microsoft Security Client\msseces.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\msseces.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\setupres.dll
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Windows\Microsoft Security Client\setupres.dll
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\setupres.dll
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\shellext.dll
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Windows\Microsoft Security Client\shellext.dll
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\shellext.dll
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\sqmapi.dll
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Windows\Microsoft Security Client\sqmapi.dll
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\sqmapi.dll
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\Antimalware\IpsConsumer.dll
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Windows\Microsoft Security Client\Antimalware\IpsConsumer.dll
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\Antimalware\IpsConsumer.dll
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\Antimalware\MpAsDesc.dll
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Windows\Microsoft Security Client\Antimalware\MpAsDesc.dll
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\Antimalware\MpAsDesc.dll
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\Antimalware\MpClient.dll
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Windows\Microsoft Security Client\Antimalware\MpClient.dll
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\Antimalware\MpClient.dll
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\Antimalware\MpCmdRun.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Windows\Microsoft Security Client\Antimalware\MpCmdRun.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\Antimalware\MpCmdRun.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\Antimalware\MpCommu.dll
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Windows\Microsoft Security Client\Antimalware\MpCommu.dll
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\Antimalware\MpCommu.dll
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\Antimalware\mpevmsg.dll
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Windows\Microsoft Security Client\Antimalware\mpevmsg.dll
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\Antimalware\mpevmsg.dll
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\Antimalware\MpOAv.dll
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Windows\Microsoft Security Client\Antimalware\MpOAv.dll
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\Antimalware\MpOAv.dll
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Windows\Avira\AntiVir Desktop\sched.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Windows\Avira\AntiVir Desktop\avguard.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\system32\DRIVERS\avgntflt.sys
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Windows\SysWOW64\drivers\avgntflt.sys
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\system32\DRIVERS\avgntflt.sys
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\system32\DRIVERS\avipbb.sys
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Windows\SysWOW64\drivers\avipbb.sys
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\system32\DRIVERS\avipbb.sys
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Windows\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\system32\drivers\kl1.sys
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Windows\SysWOW64\drivers\kl1.sys
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\system32\drivers\kl1.sys
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\system32\drivers\klif.sys
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Windows\SysWOW64\drivers\klif.sys
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\system32\drivers\klif.sys
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Windows\AVG\AVG2013\avgidsagent.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Windows\Avira\AntiVir Desktop\sched.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Windows\Avira\AntiVir Desktop\avguard.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Program Files (x86)\system32\UserAccountControlSettings.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exe
11/3/2020 - 11:45:47.481Unknown1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exeUserAccountControlSettings.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\
11/3/2020 - 11:45:47.481Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\
11/3/2020 - 11:45:47.481Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\
11/3/2020 - 11:45:47.481Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\
11/3/2020 - 11:45:47.481Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\
11/3/2020 - 11:45:47.481Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\
11/3/2020 - 11:45:47.481Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exe
11/3/2020 - 11:45:47.481Unknown1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exeUserAccountControlSettings.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exe
11/3/2020 - 11:45:47.481Unknown1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exeUserAccountControlSettings.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exe
11/3/2020 - 11:45:47.481Unknown1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exeUserAccountControlSettings.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exe
11/3/2020 - 11:45:47.481Unknown1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exeUserAccountControlSettings.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exe
11/3/2020 - 11:45:47.481Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exe
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exe
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exe
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\Program Files (x86)\system32\UserAccountControlSettings.dll
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.dll
11/3/2020 - 11:45:47.497Unknown1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.dllUserAccountControlSettings.dll
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\
11/3/2020 - 11:45:47.497Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\
11/3/2020 - 11:45:47.497Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\
11/3/2020 - 11:45:47.497Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\
11/3/2020 - 11:45:47.497Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\
11/3/2020 - 11:45:47.497Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\
11/3/2020 - 11:45:47.497Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.dll
11/3/2020 - 11:45:47.497Unknown1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.dllUserAccountControlSettings.dll
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.dll
11/3/2020 - 11:45:47.497Unknown1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.dllUserAccountControlSettings.dll
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.dll
11/3/2020 - 11:45:47.497Unknown1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.dllUserAccountControlSettings.dll
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.dll
11/3/2020 - 11:45:47.497Unknown1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.dllUserAccountControlSettings.dll
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.dll
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.dll
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.dll
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.dll
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\Windows\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\Program Files (x86)\Windows Defender\MsMpEng.exe
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\Windows\Windows Defender\MsMpEng.exe
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\Program Files (x86)\Windows Defender\MsMpEng.exe
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\Program Files (x86)\Windows Defender
11/3/2020 - 11:45:47.497Unknown1480C:\malware.exeC:\Program Files (x86)\Windows Defender
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\Windows\Windows Defender
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\Program Files (x86)\Windows Defender
11/3/2020 - 11:45:47.497Unknown1480C:\malware.exeC:\Program Files (x86)\Windows Defender
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\
11/3/2020 - 11:45:47.497Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\
11/3/2020 - 11:45:47.497Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\
11/3/2020 - 11:45:47.497Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\
11/3/2020 - 11:45:47.497Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\
11/3/2020 - 11:45:47.497Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\
11/3/2020 - 11:45:47.497Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\Program Files (x86)\Windows Defender
11/3/2020 - 11:45:47.497Unknown1480C:\malware.exeC:\Program Files (x86)\Windows Defender
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\Program Files (x86)\Windows Defender
11/3/2020 - 11:45:47.497Unknown1480C:\malware.exeC:\Program Files (x86)\Windows Defender
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\Program Files (x86)\Windows Defender
11/3/2020 - 11:45:47.497Unknown1480C:\malware.exeC:\Program Files (x86)\Windows Defender
11/3/2020 - 11:45:47.497Open1480C:\malware.exeC:\Program Files (x86)\Windows Defender
11/3/2020 - 11:45:47.497Unknown1480C:\malware.exeC:\Program Files (x86)\Windows Defender
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Windows Defender
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Windows Defender
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Windows Defender
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Windows Defender
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Windows Defender
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Windows\Kaspersky Lab\Kaspersky Anti-Virus 2013\
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Kaspersky Lab
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Windows\Kaspersky Lab
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Kaspersky Lab
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\AVAST Software
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Windows\AVAST Software
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\AVAST Software
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Alwil Software\Avast5
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Windows\Alwil Software\Avast5
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Alwil Software\Avast5
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Alwil Software
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Windows\Alwil Software
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Alwil Software
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG9
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Windows\AVG\AVG9
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG9
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG10
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Windows\AVG\AVG10
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG10
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\AVG
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Windows\AVG
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\AVG
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG2012
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Windows\AVG\AVG2012
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG2012
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG2014
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Windows\AVG\AVG2014
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG2014
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\ESET\ESET NOD32 Antivirus
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Windows\ESET\ESET NOD32 Antivirus
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\ESET\ESET NOD32 Antivirus
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\ESET
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Windows\ESET
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\ESET
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Norton Internet Security\Engine
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Windows\Norton Internet Security\Engine
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Norton Internet Security\Engine
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Spyware Terminator
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Windows\Spyware Terminator
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Spyware Terminator
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\Antimalware\Drivers
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Windows\Microsoft Security Client\Antimalware\Drivers
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\Antimalware\Drivers
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\Antimalware\Drivers
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Windows\Microsoft Security Client\Antimalware\Drivers
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\Antimalware\Drivers
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\Antimalware\EN-US
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Windows\Microsoft Security Client\Antimalware\EN-US
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\Antimalware\EN-US
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\Antimalware\PT-BR
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Windows\Microsoft Security Client\Antimalware\PT-BR
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\Antimalware\PT-BR
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\EN-US
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Windows\Microsoft Security Client\EN-US
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\EN-US
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\PT-BR
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Windows\Microsoft Security Client\PT-BR
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Microsoft Security Client\PT-BR
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Avira\AntiVir Desktop
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Windows\Avira\AntiVir Desktop
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Avira\AntiVir Desktop
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Avira
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Windows\Avira
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Avira
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 6.0
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Windows\Kaspersky Lab\Kaspersky Internet Security 6.0
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 6.0
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Kaspersky Lab
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Windows\Kaspersky Lab
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Kaspersky Lab
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG2013
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Windows\AVG\AVG2013
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\AVG\AVG2013
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Baidu Security
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Windows\Baidu Security
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Program Files (x86)\Baidu Security
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 11:45:47.512Unknown1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 11:45:47.512Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 11:45:47.528Open1480C:\malware.exeC:\Users\Behemot\Ambiente de impresso
11/3/2020 - 11:45:47.528Open1480C:\malware.exeC:\Users\Behemot\Ambiente de impresso
11/3/2020 - 11:45:47.528Open1480C:\malware.exeC:\Users\Behemot\Ambiente de impresso
11/3/2020 - 11:45:47.528Open1480C:\malware.exeC:\Users\Behemot\Ambiente de impresso
11/3/2020 - 11:45:47.528Open1480C:\malware.exeC:\Users\Behemot\Ambiente de rede
11/3/2020 - 11:45:47.528Open1480C:\malware.exeC:\Users\Behemot\Ambiente de rede
11/3/2020 - 11:45:47.528Open1480C:\malware.exeC:\Users\Behemot\Ambiente de rede
11/3/2020 - 11:45:47.528Open1480C:\malware.exeC:\Users\Behemot\Ambiente de rede
11/3/2020 - 11:45:47.528Open1480C:\malware.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:47.528Unknown1480C:\malware.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:47.528Open1480C:\malware.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:47.528Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:47.528Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:47.528Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:47.528Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Dados de aplicativos
11/3/2020 - 11:45:47.528Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Dados de aplicativos
11/3/2020 - 11:45:47.528Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Dados de aplicativos
11/3/2020 - 11:45:47.528Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Dados de aplicativos
11/3/2020 - 11:45:47.528Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Histrico
11/3/2020 - 11:45:47.528Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Histrico
11/3/2020 - 11:45:47.528Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Histrico
11/3/2020 - 11:45:47.528Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Histrico
11/3/2020 - 11:45:47.528Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\IconCache.db
11/3/2020 - 11:45:47.528Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\IconCache.db
11/3/2020 - 11:45:47.528Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 11:45:47.528Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 11:45:47.528Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 11:45:47.528Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Credentials
11/3/2020 - 11:45:47.528Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Credentials
11/3/2020 - 11:45:47.528Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Credentials
11/3/2020 - 11:45:47.528Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Credentials
11/3/2020 - 11:45:47.528Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds
11/3/2020 - 11:45:47.528Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds
11/3/2020 - 11:45:47.528Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds
11/3/2020 - 11:45:47.528Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds\Feeds para Brasil~
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds\Feeds para Brasil~
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds\Feeds para Brasil~
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds\Feeds para Brasil~\Notcias do MSN (Brasil)~.feed-ms
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds\Feeds para Brasil~\Notcias do MSN (Brasil)~.feed-ms
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds\Feeds para Brasil~
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Galeria do Web Slice~.feed-ms
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Galeria do Web Slice~.feed-ms
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Sites Sugeridos~.feed-ms
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Sites Sugeridos~.feed-ms
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\842C0V69
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\842C0V69
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\842C0V69
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\842C0V69\fwlink[1]
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\842C0V69\fwlink[1]
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\842C0V69
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.dat
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.dat
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\H6RGS1PK
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\H6RGS1PK
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\H6RGS1PK
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\H6RGS1PK\fwlink[1]
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\H6RGS1PK\fwlink[1]
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\H6RGS1PK
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\NLW5N2H9
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\NLW5N2H9
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\NLW5N2H9
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\NLW5N2H9
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\PTCH1MQL
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\PTCH1MQL
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\PTCH1MQL
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\PTCH1MQL\ieonline.microsoft[1]
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\PTCH1MQL\ieonline.microsoft[1]
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\PTCH1MQL
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\brndlog.txt
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\brndlog.txt
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\pt-BR.1
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\pt-BR.1
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.dat
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.dat
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\GYWGN74Z
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\GYWGN74Z
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\GYWGN74Z
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\GYWGN74Z\www.microsoft[1].xml
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\GYWGN74Z\www.microsoft[1].xml
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\GYWGN74Z
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\O7SUU5RP
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\O7SUU5RP
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\O7SUU5RP
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\O7SUU5RP\www.msn[1].xml
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\O7SUU5RP\www.msn[1].xml
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\O7SUU5RP
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\SM4GL60W
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\SM4GL60W
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\SM4GL60W
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\SM4GL60W\www.microsoft[1].xml
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\SM4GL60W\www.microsoft[1].xml
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\SM4GL60W
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\UMO1MC3Q
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\UMO1MC3Q
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\UMO1MC3Q
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\UMO1MC3Q
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.dat
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.dat
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.dat
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.dat
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EUPP
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EUPP
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EUPP
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EUPP
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\IECompatData
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\IECompatData
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\IECompatData
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\IECompatData
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\imagestore
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\imagestore
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\imagestore
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\imagestore\iwbzmlt
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\imagestore\iwbzmlt
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\imagestore\iwbzmlt
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\imagestore\iwbzmlt\imagestore.dat
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\imagestore\iwbzmlt\imagestore.dat
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\imagestore\iwbzmlt
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\imagestore
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Recovery
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Recovery
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Recovery
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Recovery\High
11/3/2020 - 11:45:47.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Recovery\High
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Recovery\High
11/3/2020 - 11:45:47.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{2F2B06D5-4F19-11E8-8B8A-525400842A13}.dat
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{2F2B06D5-4F19-11E8-8B8A-525400842A13}.dat
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{7D9E1E62-4F1A-11E8-8B8A-525400842A13}.dat
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{7D9E1E62-4F1A-11E8-8B8A-525400842A13}.dat
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{7D9E1E63-4F1A-11E8-8B8A-525400842A13}.dat
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{7D9E1E63-4F1A-11E8-8B8A-525400842A13}.dat
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Recovery\High
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Recovery
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\TabRoaming
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\TabRoaming
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\TabRoaming
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\TabRoaming
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Tiles
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Tiles
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Tiles
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440\msapplication.xml
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440\msapplication.xml
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Tiles\pin9728060290
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Tiles\pin9728060290
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Tiles\pin9728060290
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Tiles\pin9728060290\msapplication.xml
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Tiles\pin9728060290\msapplication.xml
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Tiles\pin9728060290
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Tiles
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Tracking Protection
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Tracking Protection
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Tracking Protection
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\Tracking Protection
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\UrlBlockManager
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\UrlBlockManager
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\UrlBlockManager
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\UrlBlockManager\urlblocklist.bin
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\UrlBlockManager\urlblocklist.bin
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\UrlBlockManager
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR\000047B7
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR\000047B7
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR\000047B7
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR\000047B7
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR\000047B7\01_Music_auto_rated_at_5_stars.wpl
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR\000047B7\01_Music_auto_rated_at_5_stars.wpl
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR\000047B7\02_Music_added_in_the_last_month.wpl
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR\000047B7\02_Music_added_in_the_last_month.wpl
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR\000047B7\03_Music_rated_at_4_or_5_stars.wpl
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR\000047B7\03_Music_rated_at_4_or_5_stars.wpl
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR\000047B7\04_Music_played_in_the_last_month.wpl
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR\000047B7\04_Music_played_in_the_last_month.wpl
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR\000047B7\05_Pictures_taken_in_the_last_month.wpl
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR\000047B7\05_Pictures_taken_in_the_last_month.wpl
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR\000047B7\06_Pictures_rated_4_or_5_stars.wpl
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR\000047B7\06_Pictures_rated_4_or_5_stars.wpl
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR\000047B7\07_TV_recorded_in_the_last_week.wpl
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR\000047B7\07_TV_recorded_in_the_last_week.wpl
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR\000047B7\08_Video_rated_at_4_or_5_stars.wpl
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR\000047B7\08_Video_rated_at_4_or_5_stars.wpl
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR\000047B7\09_Music_played_the_most.wpl
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR\000047B7\09_Music_played_the_most.wpl
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR\000047B7\10_All_Music.wpl
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR\000047B7\10_All_Music.wpl
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR\000047B7\11_All_Pictures.wpl
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR\000047B7\11_All_Pictures.wpl
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR\000047B7\12_All_Video.wpl
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR\000047B7\12_All_Video.wpl
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR\000047B7
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR\000047B7
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists\pt-BR
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player\Sync Playlists
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Media Player
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\PlayReady
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\PlayReady
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\PlayReady
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\PlayReady
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\1046
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\1046
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\1046
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\1046\StructuredQuerySchema.bin
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\1046\StructuredQuerySchema.bin
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\1046
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.dat
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.dat
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\container.dat
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\container.dat
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Burn
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Burn
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Burn
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Burn\Burn
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Burn\Burn
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Burn\Burn
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Burn\Burn
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Burn
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Explorer
11/3/2020 - 11:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Explorer
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Explorer
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog.etl
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog.etl
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl
11/3/2020 - 11:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
11/3/2020 - 11:45:47.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Explorer
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\GameExplorer
11/3/2020 - 11:45:47.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\GameExplorer
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\GameExplorer
11/3/2020 - 11:45:47.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\GameExplorer
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
11/3/2020 - 11:45:47.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\desktop.ini
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\desktop.ini
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
11/3/2020 - 11:45:47.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504
11/3/2020 - 11:45:47.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.dat
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.dat
11/3/2020 - 11:45:47.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504
11/3/2020 - 11:45:47.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\Low
11/3/2020 - 11:45:47.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\Low
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\Low
11/3/2020 - 11:45:47.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\Low
11/3/2020 - 11:45:47.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Ringtones
11/3/2020 - 11:45:47.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Ringtones
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Ringtones
11/3/2020 - 11:45:47.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Ringtones
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 11:45:47.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 11:45:47.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 11:45:47.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\1715500327[1].js
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\1715500327[1].js
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\1x1[1].jpg
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\1x1[1].jpg
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\4300ae64-546c-4bbe-9026-6779b3684fb8_32[1].png
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\4300ae64-546c-4bbe-9026-6779b3684fb8_32[1].png
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\46045091[1].js
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\46045091[1].js
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\48d809c9[1].js
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\48d809c9[1].js
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\5838062207510150261[1].gif
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\5838062207510150261[1].gif
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\58b810[1].gif
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\58b810[1].gif
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\59c177f5d970c300041220e2.tpl.min[1].js
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\59c177f5d970c300041220e2.tpl.min[1].js
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\6675008850913050333[1]
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\6675008850913050333[1]
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\754abb75[1].js
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\754abb75[1].js
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\9608[1].js
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\9608[1].js
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\a5ea21[1].ico
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\a5ea21[1].ico
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\AA3kCvb[1].png
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\AA3kCvb[1].png
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\AA8vbR0[1].png
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\AA8vbR0[1].png
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\AAbrNfa[1].png
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\AAbrNfa[1].png
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\AAgPBML[1].png
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\AAgPBML[1].png
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\AAigwCb[1].jpg
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\AAigwCb[1].jpg
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\AAj6eTs[1].jpg
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\AAj6eTs[1].jpg
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\AAwEm6a[1].jpg
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\AAwEm6a[1].jpg
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\AAwFTeP[1].jpg
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\AAwFTeP[1].jpg
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\AAwFWEU[1].jpg
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\AAwFWEU[1].jpg
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\AAwG3Oa[1].jpg
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\AAwG3Oa[1].jpg
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\AAwGgve[1].jpg
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\AAwGgve[1].jpg
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\AAwGQg2[1].jpg
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\AAwGQg2[1].jpg
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\AAwHD1w[1].jpg
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\AAwHD1w[1].jpg
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\AAwHvVq[1].jpg
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\AAwHvVq[1].jpg
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\ae00a169[1].js
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\ae00a169[1].js
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\aep-formats-20.14.0.min[1].js
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\aep-formats-20.14.0.min[1].js
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\BB3U7zX[1].png
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\BB3U7zX[1].png
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\BBCjaM0[1].png
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\BBCjaM0[1].png
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\BBJEjxc[1].jpg
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\BBJEjxc[1].jpg
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\BBKjrTh[1].jpg
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\BBKjrTh[1].jpg
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\BBKtJeg[1].jpg
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\BBKtJeg[1].jpg
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\beacon[1].js
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\beacon[1].js
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\bing_p_rr_teal_min[1].ico
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\bing_p_rr_teal_min[1].ico
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\bing_p_rr_teal_min[1].png
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\bing_p_rr_teal_min[1].png
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\c64c2a[1].woff
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\c64c2a[1].woff
11/3/2020 - 11:45:47.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\chartbeat[1].js
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\chartbeat[1].js
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\click-run_pt-br[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\click-run_pt-br[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\e26c0b65[1].js
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\e26c0b65[1].js
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\favicon[1].ico
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\favicon[1].ico
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\favicon[2].ico
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\favicon[2].ico
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\generic[1].gif
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\generic[1].gif
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\http___cdn.taboola.com_libtrc_static_thumbnails_7942eb755b4239926910f85e5b90b1bd[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\http___cdn.taboola.com_libtrc_static_thumbnails_7942eb755b4239926910f85e5b90b1bd[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\lH1ibRl5GKq[1].png
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\lH1ibRl5GKq[1].png
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\loading-md[1].gif
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\loading-md[1].gif
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\MeControl[1].js
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\MeControl[1].js
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\microsoft_logo_56x56[1].png
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\microsoft_logo_56x56[1].png
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\ms[1].js
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\ms[1].js
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\MWFMDL2[1].woff
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\MWFMDL2[1].woff
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\publishertag[1].js
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\publishertag[1].js
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\px[1]
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\px[1]
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\silentauth5b79812e[1]
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\silentauth5b79812e[1]
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\style[1].css
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\style[1].css
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\suggestions[1].pt-BR
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\suggestions[1].pt-BR
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\trans[1].gif
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\trans[1].gif
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\vcredist_x86.exe
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\vcredist_x86.exe
11/3/2020 - 11:45:47.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
11/3/2020 - 11:45:47.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\24-3b1d5e-68ddb2ab[1].js
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\24-3b1d5e-68ddb2ab[1].js
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\784658[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\784658[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\784663[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\784663[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\a5ea21[1].png
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\a5ea21[1].png
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\AA42rQN[1].png
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\AA42rQN[1].png
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\AAdg7kk[1].png
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\AAdg7kk[1].png
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\AAwE4KA[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\AAwE4KA[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\AAwEbd3[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\AAwEbd3[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\AAwFcEb[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\AAwFcEb[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\AAwFiK9[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\AAwFiK9[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\AAwFONy[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\AAwFONy[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\AAwFxbC[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\AAwFxbC[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\AAwGL0I[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\AAwGL0I[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\AAwGmpz[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\AAwGmpz[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\AAwkOTf[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\AAwkOTf[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\accordion_icon_sprite[2].png
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\accordion_icon_sprite[2].png
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\adswrappermsni[1].js
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\adswrappermsni[1].js
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\ast[1].js
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\ast[1].js
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\async_usersync[1].htm
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\async_usersync[1].htm
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\BB96bv[1].png
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\BB96bv[1].png
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\BBqgb7K[1].png
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\BBqgb7K[1].png
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\br_msn_home_vitrine[1].js
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\br_msn_home_vitrine[1].js
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\Closed_btn_21x21[1].png
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\Closed_btn_21x21[1].png
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\cm[1]
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\cm[1]
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\collect[1].gif
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\collect[1].gif
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\eyJpdSI6IjU4MzRmMWJhMmQ3NGM5NzhiMWVjNDYzZjE5ZTI1NWY0NzY4MmZlMWNhMTIzNGQ2YmVhMTY0MGExYzY3NmFhY2QiLCJ3IjoxMDAsImgiOjc1LCJkIjoxLjUsImNzIjowLCJmIjowfQ[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\eyJpdSI6IjU4MzRmMWJhMmQ3NGM5NzhiMWVjNDYzZjE5ZTI1NWY0NzY4MmZlMWNhMTIzNGQ2YmVhMTY0MGExYzY3NmFhY2QiLCJ3IjoxMDAsImgiOjc1LCJkIjoxLjUsImNzIjowLCJmIjowfQ[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\eyJpdSI6IjU4MzRmMWJhMmQ3NGM5NzhiMWVjNDYzZjE5ZTI1NWY0NzY4MmZlMWNhMTIzNGQ2YmVhMTY0MGExYzY3NmFhY2QiLCJ3IjoxNTUsImgiOjgzLCJkIjoyLjAsImNzIjowLCJmIjowfQ[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\eyJpdSI6IjU4MzRmMWJhMmQ3NGM5NzhiMWVjNDYzZjE5ZTI1NWY0NzY4MmZlMWNhMTIzNGQ2YmVhMTY0MGExYzY3NmFhY2QiLCJ3IjoxNTUsImgiOjgzLCJkIjoyLjAsImNzIjowLCJmIjowfQ[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\eyJpdSI6ImM4ZTc4YjhkZmQ4NGQ5OTYyMDY1Y2YxNjI4MDdjMjE4NTc2ZTk4ZjAyZWI4ZWMwOTc5YTgyODZkZmJiMDU3NWQiLCJ3IjoxNTUsImgiOjgzLCJkIjoyLjAsImNzIjowLCJmIjowfQ[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\eyJpdSI6ImM4ZTc4YjhkZmQ4NGQ5OTYyMDY1Y2YxNjI4MDdjMjE4NTc2ZTk4ZjAyZWI4ZWMwOTc5YTgyODZkZmJiMDU3NWQiLCJ3IjoxNTUsImgiOjgzLCJkIjoyLjAsImNzIjowLCJmIjowfQ[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].ico
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].ico
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].png
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].png
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\http___cdn.taboola.com_libtrc_static_thumbnails_72bf7579cf5822c6679a7478dfe1e809[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\http___cdn.taboola.com_libtrc_static_thumbnails_72bf7579cf5822c6679a7478dfe1e809[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\http___cdn.taboola.com_libtrc_static_thumbnails_7bf660bce66b93d235f82e666ed8f1bb[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\http___cdn.taboola.com_libtrc_static_thumbnails_7bf660bce66b93d235f82e666ed8f1bb[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\http___cdn.taboola.com_libtrc_static_thumbnails_e8f5ae9688f17530060e110d6e82c479[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\http___cdn.taboola.com_libtrc_static_thumbnails_e8f5ae9688f17530060e110d6e82c479[1].jpg
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\icon_arrow[1].png
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\icon_arrow[1].png
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\jquery-1.9.1.min[1].js
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\jquery-1.9.1.min[1].js
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\latest[1].eot
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\latest[1].eot
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\latest[2].eot
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\latest[2].eot
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\like[1].php
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\like[1].php
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\meCore.min[1].js
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\meCore.min[1].js
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\meversion[1].js
11/3/2020 - 11:45:47.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\meversion[1].js
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\MSNIdSync[1].js
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\MSNIdSync[1].js
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\mwfmdl2-v2.77[1].woff
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\mwfmdl2-v2.77[1].woff
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\MWFMDL2[1].ttf
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\MWFMDL2[1].ttf
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\Passport[1].htm
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\Passport[1].htm
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\p[1]
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\p[1]
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\script[1].js
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\script[1].js
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\script[2].js
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\script[2].js
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\search[1].htm
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\search[1].htm
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\SharedSpriteDesktopTwoToneLogoTealSpy_022118[1].png
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\SharedSpriteDesktopTwoToneLogoTealSpy_022118[1].png
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\silentauthdb02199f[1]
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\silentauthdb02199f[1]
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\sync[1].gif
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\sync[1].gif
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\TaboolaCookieSyncScript[1].js
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\TaboolaCookieSyncScript[1].js
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\trans[1].gif
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\trans[1].gif
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\trans[2].gif
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\trans[2].gif
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\trans[3].gif
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\trans[3].gif
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\urlblocklist[1].bin
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\urlblocklist[1].bin
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\usersync[1].gif
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\usersync[1].gif
11/3/2020 - 11:45:47.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
11/3/2020 - 11:45:47.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\1715500327[1].js
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\1715500327[1].js
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\207571578186968116[1]
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\207571578186968116[1]
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\41-e73167-68ddb2ab[1].js
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\41-e73167-68ddb2ab[1].js
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\5838062207510150261[1]
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\5838062207510150261[1]
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\59c177f5d970c300041220e2[1].css
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\59c177f5d970c300041220e2[1].css
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\784659[1].jpg
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\784659[1].jpg
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\784660[1].jpg
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\784660[1].jpg
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\AAn7gNq[1].png
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\AAn7gNq[1].png
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\AAv4RrG[1].jpg
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\AAv4RrG[1].jpg
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\AAwBbg7[1].jpg
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\AAwBbg7[1].jpg
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\AAwENWw[1].jpg
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\AAwENWw[1].jpg
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\AAwFMeA[1].jpg
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\AAwFMeA[1].jpg
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\AAwFnsm[1].jpg
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\AAwFnsm[1].jpg
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\AAwGNFi[1].jpg
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\AAwGNFi[1].jpg
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\AAwHtyA[1].jpg
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\AAwHtyA[1].jpg
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\b8-2f3a4c-4b5f58d3[1].css
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\b8-2f3a4c-4b5f58d3[1].css
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\BB1kvzy[1].png
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\BB1kvzy[1].png
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\BB8MIiC[1].png
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\BB8MIiC[1].png
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\BB8MKSg[1].png
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\BB8MKSg[1].png
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\BBm37ja[1].png
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\BBm37ja[1].png
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\BBsNRdy[1].png
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\BBsNRdy[1].png
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\bing-search-logo[1].png
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\bing-search-logo[1].png
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\Bing[1].png
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\Bing[1].png
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\c9969752[1].js
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\c9969752[1].js
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\CCiDhK[1].png
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\CCiDhK[1].png
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\cde69486[1].js
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\cde69486[1].js
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\e151e5[1].gif
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\e151e5[1].gif
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\eyJpdSI6IjJmMzY2ZWY2YTYyOWM3ZTYxODgyZTMzMGNhYTcyZDQ0YWFmMzYxOTliOTg1MDMzNzM2OTM2ZWNkNWY4ZWI2OWYiLCJ3IjoxNTUsImgiOjgzLCJkIjoyLjAsImNzIjowLCJmIjowfQ[1].jpg
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\eyJpdSI6IjJmMzY2ZWY2YTYyOWM3ZTYxODgyZTMzMGNhYTcyZDQ0YWFmMzYxOTliOTg1MDMzNzM2OTM2ZWNkNWY4ZWI2OWYiLCJ3IjoxNTUsImgiOjgzLCJkIjoyLjAsImNzIjowLCJmIjowfQ[1].jpg
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\eyJpdSI6IjU4MzRmMWJhMmQ3NGM5NzhiMWVjNDYzZjE5ZTI1NWY0NzY4MmZlMWNhMTIzNGQ2YmVhMTY0MGExYzY3NmFhY2QiLCJ3IjoyMDcsImgiOjIyMiwiZCI6MS41LCJjcyI6MCwiZiI6MH0[1].jpg
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\eyJpdSI6IjU4MzRmMWJhMmQ3NGM5NzhiMWVjNDYzZjE5ZTI1NWY0NzY4MmZlMWNhMTIzNGQ2YmVhMTY0MGExYzY3NmFhY2QiLCJ3IjoyMDcsImgiOjIyMiwiZCI6MS41LCJjcyI6MCwiZiI6MH0[1].jpg
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\eyJpdSI6ImQxZDA5YWIxN2VjODBjZjRjYjdiMGQ3MDkxZjUzNTYxMDhmNjhmMDRmYTEzZTBjYmEyMmVmMzk3Nzc0Y2M5ZWYiLCJ3IjoxMDAsImgiOjc1LCJkIjoxLjUsImNzIjowLCJmIjowfQ[1].jpg
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\eyJpdSI6ImQxZDA5YWIxN2VjODBjZjRjYjdiMGQ3MDkxZjUzNTYxMDhmNjhmMDRmYTEzZTBjYmEyMmVmMzk3Nzc0Y2M5ZWYiLCJ3IjoxMDAsImgiOjc1LCJkIjoxLjUsImNzIjowLCJmIjowfQ[1].jpg
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\favicon[1].png
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\favicon[1].png
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\http___cdn.taboola.com_libtrc_static_thumbnails_4f21498559a75c1e1ffb6503b58b2fcc[1].jpg
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\http___cdn.taboola.com_libtrc_static_thumbnails_4f21498559a75c1e1ffb6503b58b2fcc[1].jpg
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\http___cdn.taboolasyndication.com_libtrc_static_thumbnails_357ac072313496a25d447c0cf88343c3[1].jpg
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\http___cdn.taboolasyndication.com_libtrc_static_thumbnails_357ac072313496a25d447c0cf88343c3[1].jpg
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\http___s3-sa-east-1.amazonaws.com_mairos3_wp-content_uploads_2016_03_30122406_Como-Aprender-Ingle%25CC%2582s-Sozinho-Tutorial-Completo[1].jpg
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\http___s3-sa-east-1.amazonaws.com_mairos3_wp-content_uploads_2016_03_30122406_Como-Aprender-Ingle%25CC%2582s-Sozinho-Tutorial-Completo[1].jpg
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\ie[1].png
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\ie[1].png
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\jquery-2.1.1.min[1].js
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\jquery-2.1.1.min[1].js
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\jsll-4[1].js
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\jsll-4[1].js
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\known_providers_download_v1[1].xml
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\known_providers_download_v1[1].xml
11/3/2020 - 11:45:47.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\meBoot.min[1].js
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\meBoot.min[1].js
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\mwf-auto-init-main.var.min[1].js
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\mwf-auto-init-main.var.min[1].js
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\mwf-west-european-default.min[1].css
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\mwf-west-european-default.min[1].css
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\RE1CxoA[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\RE1CxoA[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\script[1].js
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\script[1].js
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\script[2].js
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\script[2].js
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\search[1].htm
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\search[1].htm
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\silentauth914a848a[1]
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\silentauth914a848a[1]
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\style[1].css
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\style[1].css
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\trans[1].gif
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\trans[1].gif
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\trans[2].gif
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\trans[2].gif
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\user[1].json
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\user[1].json
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\vcredist_x64.exe
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\vcredist_x64.exe
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\windowsupdate[1].png
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\windowsupdate[1].png
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\yellow-arrow[1].png
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\yellow-arrow[1].png
11/3/2020 - 11:45:47.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
11/3/2020 - 11:45:47.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\345843dc[1].js
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\345843dc[1].js
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\40e1b425[1].js
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\40e1b425[1].js
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\865070[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\865070[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\8adb60[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\8adb60[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\8bd8bf[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\8bd8bf[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\8df804ba[1].js
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\8df804ba[1].js
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\990861[1].svg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\990861[1].svg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\a7-b05f22[1].css
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\a7-b05f22[1].css
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\AA2JbD3[1].png
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\AA2JbD3[1].png
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\AA368aK[1].png
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\AA368aK[1].png
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\AA3e1oO[1].png
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\AA3e1oO[1].png
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\AA3jsXa[1].png
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\AA3jsXa[1].png
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\AAktn6R[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\AAktn6R[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\AAwD4Og[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\AAwD4Og[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\AAwFny6[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\AAwFny6[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\AAwFXtc[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\AAwFXtc[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\AAwG8He[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\AAwG8He[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\AAwGklX[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\AAwGklX[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\AAwGlUb[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\AAwGlUb[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\AAwHDxa[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\AAwHDxa[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\aea7e831[1].js
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\aea7e831[1].js
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\BB3VNRK[1].png
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\BB3VNRK[1].png
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\br_msn_home_vitrine.cfg[1].js
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\br_msn_home_vitrine.cfg[1].js
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\c08e43[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\c08e43[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\c91eb779[1].js
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\c91eb779[1].js
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\collect[1]
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\collect[1]
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\d3-dfd8d6[1].js
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\d3-dfd8d6[1].js
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\eyJpdSI6IjJhOTZmODJiYWEyNTcwYzNmYzA4MWM3YTA4ZjExZmQ0YzY1ZmUzMTBjODEwYzZlZTdiZGE4ZGYwZjZkNjZlMWEiLCJ3IjoxMDAsImgiOjc1LCJkIjoxLjUsImNzIjowLCJmIjowfQ[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\eyJpdSI6IjJhOTZmODJiYWEyNTcwYzNmYzA4MWM3YTA4ZjExZmQ0YzY1ZmUzMTBjODEwYzZlZTdiZGE4ZGYwZjZkNjZlMWEiLCJ3IjoxMDAsImgiOjc1LCJkIjoxLjUsImNzIjowLCJmIjowfQ[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\eyJpdSI6IjJmMzY2ZWY2YTYyOWM3ZTYxODgyZTMzMGNhYTcyZDQ0YWFmMzYxOTliOTg1MDMzNzM2OTM2ZWNkNWY4ZWI2OWYiLCJ3IjoxMDAsImgiOjc1LCJkIjoxLjUsImNzIjowLCJmIjowfQ[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\eyJpdSI6IjJmMzY2ZWY2YTYyOWM3ZTYxODgyZTMzMGNhYTcyZDQ0YWFmMzYxOTliOTg1MDMzNzM2OTM2ZWNkNWY4ZWI2OWYiLCJ3IjoxMDAsImgiOjc1LCJkIjoxLjUsImNzIjowLCJmIjowfQ[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\eyJpdSI6IjU4ZmEzYjY0MmU1Njg2NDcwM2UwYjliNjU1NTY0NGQzMjIyODE1ZWI0MTJlYjQwOTUyZWQ4Y2I3MjY1YjdmMDUiLCJ3IjoxNTUsImgiOjgzLCJkIjoyLjAsImNzIjowLCJmIjowfQ[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\eyJpdSI6IjU4ZmEzYjY0MmU1Njg2NDcwM2UwYjliNjU1NTY0NGQzMjIyODE1ZWI0MTJlYjQwOTUyZWQ4Y2I3MjY1YjdmMDUiLCJ3IjoxNTUsImgiOjgzLCJkIjoyLjAsImNzIjowLCJmIjowfQ[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\eyJpdSI6ImU1YzU1Yjc3YjAwMjlhYjRlMjliMDU0NWE4NjcxMzFmZWFkZDZlMWRmNTdlYmQ2MTA1M2VkZjRlMDcyYjUxNWIiLCJ3IjoyMDcsImgiOjIyMiwiZCI6MS41LCJjcyI6MCwiZiI6MH0[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\eyJpdSI6ImU1YzU1Yjc3YjAwMjlhYjRlMjliMDU0NWE4NjcxMzFmZWFkZDZlMWRmNTdlYmQ2MTA1M2VkZjRlMDcyYjUxNWIiLCJ3IjoyMDcsImgiOjIyMiwiZCI6MS41LCJjcyI6MCwiZiI6MH0[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\f1d86b5a[1].js
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\f1d86b5a[1].js
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\favicon[1].png
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\favicon[1].png
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\fwlink[1]
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\fwlink[1]
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\HPFeb15_social_Facebook[1].png
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\HPFeb15_social_Facebook[1].png
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\HPFeb15_social_Twitter[1].png
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\HPFeb15_social_Twitter[1].png
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\https___console.brax-cdn.com_creatives_b86bbc0b-1fab-4ae3-9b34-fef78c1a7488_hJo0VTrw_818b1175b02b5ed0e89802e46318d2dd.600x500[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\https___console.brax-cdn.com_creatives_b86bbc0b-1fab-4ae3-9b34-fef78c1a7488_hJo0VTrw_818b1175b02b5ed0e89802e46318d2dd.600x500[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\http___cdn.taboola.com_libtrc_static_thumbnails_ddef02b244d08a7893c3b086c092030e[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\http___cdn.taboola.com_libtrc_static_thumbnails_ddef02b244d08a7893c3b086c092030e[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\http___cdn.taboola.com_libtrc_static_thumbnails_GETTY_IMAGES_PCP_143729877__6f4hXNsh[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\http___cdn.taboola.com_libtrc_static_thumbnails_GETTY_IMAGES_PCP_143729877__6f4hXNsh[1].jpg
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\jquery-1.8.3.min[1].js
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\jquery-1.8.3.min[1].js
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\latest[1].eot
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\latest[1].eot
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\msn[1].htm
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\msn[1].htm
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\override[1].css
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\override[1].css
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\px[1]
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\px[1]
11/3/2020 - 11:45:47.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\RE1ChLw[1].jpg
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\RE1ChLw[1].jpg
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\RE1Mu3b[1].png
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\RE1Mu3b[1].png
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\script[1].js
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\script[1].js
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\search_icon[1].png
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\search_icon[1].png
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\silentpassport[1].htm
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\silentpassport[1].htm
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\sync[1].gif
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\sync[1].gif
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\th[1].jpg
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\th[1].jpg
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\th[2].jpg
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\th[2].jpg
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\undefined[1].png
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\undefined[1].png
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\urlblockindex[1].bin
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\urlblockindex[1].bin
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\user[1].js
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\user[1].js
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\xfLjhe25qYs[1].js
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\xfLjhe25qYs[1].js
11/3/2020 - 11:45:47.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
11/3/2020 - 11:45:47.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low
11/3/2020 - 11:45:47.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low
11/3/2020 - 11:45:47.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized
11/3/2020 - 11:45:47.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized
11/3/2020 - 11:45:47.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized
11/3/2020 - 11:45:47.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\UsrClass.dat
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\UsrClass.dat
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\UsrClass.dat{9d17a98b-4f15-11e8-8e6d-525400842a13}.TM.blf
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\UsrClass.dat{9d17a98b-4f15-11e8-8e6d-525400842a13}.TM.blf
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\UsrClass.dat{9d17a98b-4f15-11e8-8e6d-525400842a13}.TMContainer00000000000000000001.regtrans-ms
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\UsrClass.dat{9d17a98b-4f15-11e8-8e6d-525400842a13}.TMContainer00000000000000000001.regtrans-ms
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\UsrClass.dat{9d17a98b-4f15-11e8-8e6d-525400842a13}.TMContainer00000000000000000002.regtrans-ms
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\UsrClass.dat{9d17a98b-4f15-11e8-8e6d-525400842a13}.TMContainer00000000000000000002.regtrans-ms
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
11/3/2020 - 11:45:47.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V0100001.log
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V0100001.log
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V0100002.log
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V0100002.log
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V0100003.log
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V0100003.log
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V0100004.log
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V0100004.log
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V0100005.log
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V0100005.log
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V0100006.log
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V0100006.log
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V0100007.log
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V0100007.log
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V0100008.log
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V0100008.log
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V0100009.log
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V0100009.log
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V010000A.log
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V010000A.log
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V010000B.log
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V010000B.log
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V010000C.log
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V010000C.log
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01res00001.jrs
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01res00001.jrs
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01res00002.jrs
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01res00002.jrs
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp
11/3/2020 - 11:45:47.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCacheLock.dat
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCacheLock.dat
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WER
11/3/2020 - 11:45:47.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WER
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WER
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WER\ERC
11/3/2020 - 11:45:47.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WER\ERC
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WER\ERC
11/3/2020 - 11:45:47.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WER\ERC
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WER\ReportArchive
11/3/2020 - 11:45:47.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WER\ReportArchive
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WER\ReportArchive
11/3/2020 - 11:45:47.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WER\ReportArchive
11/3/2020 - 11:45:47.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WER
11/3/2020 - 11:45:47.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail
11/3/2020 - 11:45:47.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\account{65790683-BB30-4C93-9045-D19A9A107219}.oeaccount
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\account{65790683-BB30-4C93-9045-D19A9A107219}.oeaccount
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\account{CDED0D8D-2EEB-4917-9962-7BCAE7F89B4F}.oeaccount
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\account{CDED0D8D-2EEB-4917-9962-7BCAE7F89B4F}.oeaccount
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\account{F238BA81-4130-4465-BE2F-F03DD95EEE2C}.oeaccount
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\account{F238BA81-4130-4465-BE2F-F03DD95EEE2C}.oeaccount
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Backup
11/3/2020 - 11:45:47.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Backup
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Backup
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Backup\new
11/3/2020 - 11:45:47.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Backup\new
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Backup\new
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Backup\new\edb00001.log
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Backup\new\edb00001.log
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.MSMessageStore
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.MSMessageStore
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.pat
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.pat
11/3/2020 - 11:45:47.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Backup\new
11/3/2020 - 11:45:47.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Backup
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\edb.chk
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\edb.chk
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\edb.log
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\edb.log
11/3/2020 - 11:45:47.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\edb00001.log
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\edb00001.log
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\edbres00001.jrs
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\edbres00001.jrs
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\edbres00002.jrs
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\edbres00002.jrs
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\oeold.xml
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\oeold.xml
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery
11/3/2020 - 11:45:47.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery
11/3/2020 - 11:45:47.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Blue_Gradient.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Blue_Gradient.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Cave_Drawings.gif
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Cave_Drawings.gif
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Connectivity.gif
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Connectivity.gif
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Desktop.ini
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Desktop.ini
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Dotted_Lines.emf
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Dotted_Lines.emf
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_1.emf
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_1.emf
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_2.emf
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_2.emf
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Graph.emf
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Graph.emf
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(cm).wmf
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(cm).wmf
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(inch).wmf
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(inch).wmf
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\HandPrints.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\HandPrints.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Memo.emf
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Memo.emf
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Monet.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Monet.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Month_Calendar.emf
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Month_Calendar.emf
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Music.emf
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Music.emf
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Notebook.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Notebook.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Pine_Lumber.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Pine_Lumber.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Pretty_Peacock.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Pretty_Peacock.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Psychedelic.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Psychedelic.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Sand_Paper.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Sand_Paper.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Seyes.emf
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Seyes.emf
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Shorthand.emf
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Shorthand.emf
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Small_News.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Small_News.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\SoftBlue.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\SoftBlue.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Stucco.gif
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Stucco.gif
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Tanspecks.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Tanspecks.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Tiki.gif
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Tiki.gif
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\To_Do_List.emf
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\To_Do_List.emf
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\White_Chocolate.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\White_Chocolate.jpg
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Wrinkled_Paper.gif
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery\Wrinkled_Paper.gif
11/3/2020 - 11:45:47.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery
11/3/2020 - 11:45:47.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\WindowsMail.pat
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\WindowsMail.pat
11/3/2020 - 11:45:47.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Media
11/3/2020 - 11:45:47.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Media
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Media
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Media\12.0
11/3/2020 - 11:45:47.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Media\12.0
11/3/2020 - 11:45:47.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Media\12.0
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Media\12.0
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
11/3/2020 - 11:45:47.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Media\12.0
11/3/2020 - 11:45:47.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Media\12.0
11/3/2020 - 11:45:47.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Media
11/3/2020 - 11:45:47.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Sidebar
11/3/2020 - 11:45:47.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Sidebar
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Sidebar
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Sidebar\Gadgets
11/3/2020 - 11:45:47.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Sidebar\Gadgets
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Sidebar\Gadgets
11/3/2020 - 11:45:47.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Sidebar\Gadgets
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
11/3/2020 - 11:45:47.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Sidebar
11/3/2020 - 11:45:47.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 11:45:47.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Behemot.bmp
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Behemot.bmp
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dd_vcredist_amd64_20180503182944.log
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dd_vcredist_amd64_20180503182944.log
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dd_vcredist_amd64_20180503182944_0_vcRuntimeMinimum_x64.log
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dd_vcredist_amd64_20180503182944_0_vcRuntimeMinimum_x64.log
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dd_vcredist_amd64_20180503182944_1_vcRuntimeAdditional_x64.log
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dd_vcredist_amd64_20180503182944_1_vcRuntimeAdditional_x64.log
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dd_vcredist_x86_20180503182944.log
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dd_vcredist_x86_20180503182944.log
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dd_vcredist_x86_20180503182944_0_vcRuntimeMinimum_x86.log
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dd_vcredist_x86_20180503182944_0_vcRuntimeMinimum_x86.log
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dd_vcredist_x86_20180503182944_1_vcRuntimeAdditional_x86.log
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dd_vcredist_x86_20180503182944_1_vcRuntimeAdditional_x86.log
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\FXSAPIDebugLogFile.txt
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\FXSAPIDebugLogFile.txt
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Low
11/3/2020 - 11:45:47.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Low
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Low
11/3/2020 - 11:45:47.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Low
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\StructuredQuery.log
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\StructuredQuery.log
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\wmsetup.log
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\wmsetup.log
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\WPDNSE
11/3/2020 - 11:45:47.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\WPDNSE
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\WPDNSE
11/3/2020 - 11:45:47.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\WPDNSE
11/3/2020 - 11:45:47.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temporary Internet Files
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temporary Internet Files
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temporary Internet Files
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temporary Internet Files
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\VirtualStore
11/3/2020 - 11:45:47.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\VirtualStore
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\VirtualStore
11/3/2020 - 11:45:47.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\VirtualStore
11/3/2020 - 11:45:47.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/3/2020 - 11:45:47.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft
11/3/2020 - 11:45:47.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache
11/3/2020 - 11:45:47.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
11/3/2020 - 11:45:47.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\024823B39FBEACCDB5C06426A8168E99_D14B1CE36D9D0F93A634A5E9E22B442B
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\024823B39FBEACCDB5C06426A8168E99_D14B1CE36D9D0F93A634A5E9E22B442B
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_7DC3E633EDFAEFC3AA3C99552548EC2F
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_7DC3E633EDFAEFC3AA3C99552548EC2F
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1BB09BEEC155258835C193A7AA85AA5B_C07F4FBDFD1799BD32FEF0665A30D1F2
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1BB09BEEC155258835C193A7AA85AA5B_C07F4FBDFD1799BD32FEF0665A30D1F2
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_F2DE72102A14736B534BAAAB62F0BD4B
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_F2DE72102A14736B534BAAAB62F0BD4B
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\37D958F0157C4E87D39A5E7FAB3AECCC_3EDF929CDCA58A7C765EEFF26606F52F
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\37D958F0157C4E87D39A5E7FAB3AECCC_3EDF929CDCA58A7C765EEFF26606F52F
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\696F3DE637E6DE85B458996D49D759AD
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\696F3DE637E6DE85B458996D49D759AD
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_88614FFAD35D353421B8A7E1FE18FCE4
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_88614FFAD35D353421B8A7E1FE18FCE4
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_C9FB72B5AE80778A08024D8B0FDECC6F
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_C9FB72B5AE80778A08024D8B0FDECC6F
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7396C420A8E1BC1DA97F1AF0D10BAD21
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7396C420A8E1BC1DA97F1AF0D10BAD21
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\96385D66FC0D184E05CF52F82EF524C0_211A310D4F931FB5C44BEAAD745DED15
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\96385D66FC0D184E05CF52F82EF524C0_211A310D4F931FB5C44BEAAD745DED15
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\96385D66FC0D184E05CF52F82EF524C0_5F146F572BF4DCA3E33C620B37D44C0C
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\96385D66FC0D184E05CF52F82EF524C0_5F146F572BF4DCA3E33C620B37D44C0C
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9915FBCE5ECE56452A09FB65EDE2FAD2_80F9A36DBD5FAAA38A8DED2B49FA4109
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9915FBCE5ECE56452A09FB65EDE2FAD2_80F9A36DBD5FAAA38A8DED2B49FA4109
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A9E4F776657345B52012CE8E279D314C_9E5F079A21E9B5A16B5D6449033D0D0E
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A9E4F776657345B52012CE8E279D314C_9E5F079A21E9B5A16B5D6449033D0D0E
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_592839A8569F831D0F2306AE4BB5C24B
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_592839A8569F831D0F2306AE4BB5C24B
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_D93C575AD9E9AF9B95268A3CB953B5A1
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_D93C575AD9E9AF9B95268A3CB953B5A1
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_FDB452422670E72EDD3FB3D65568F821
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_FDB452422670E72EDD3FB3D65568F821
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F12703B35B1F82C21160A92376087C84_D65FD79591497596ED270B90105A4D42
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F12703B35B1F82C21160A92376087C84_D65FD79591497596ED270B90105A4D42
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F5F320A94D4D2B4465D8F17E2BB2D351_93E466BB423204734963FF9282ED547F
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F5F320A94D4D2B4465D8F17E2BB2D351_93E466BB423204734963FF9282ED547F
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F6F92FBF4E8096C9272B135AF6140AA8_7A4E2A388EC0A74C0B0563A058DB29DE
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F6F92FBF4E8096C9272B135AF6140AA8_7A4E2A388EC0A74C0B0563A058DB29DE
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F90F18257CBB4D84216AC1E1F3BB2C76
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F90F18257CBB4D84216AC1E1F3BB2C76
11/3/2020 - 11:45:47.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
11/3/2020 - 11:45:47.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
11/3/2020 - 11:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\024823B39FBEACCDB5C06426A8168E99_D14B1CE36D9D0F93A634A5E9E22B442B
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\024823B39FBEACCDB5C06426A8168E99_D14B1CE36D9D0F93A634A5E9E22B442B
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_7DC3E633EDFAEFC3AA3C99552548EC2F
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_7DC3E633EDFAEFC3AA3C99552548EC2F
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1BB09BEEC155258835C193A7AA85AA5B_C07F4FBDFD1799BD32FEF0665A30D1F2
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1BB09BEEC155258835C193A7AA85AA5B_C07F4FBDFD1799BD32FEF0665A30D1F2
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_F2DE72102A14736B534BAAAB62F0BD4B
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_F2DE72102A14736B534BAAAB62F0BD4B
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\37D958F0157C4E87D39A5E7FAB3AECCC_3EDF929CDCA58A7C765EEFF26606F52F
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\37D958F0157C4E87D39A5E7FAB3AECCC_3EDF929CDCA58A7C765EEFF26606F52F
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9911FE760A9B
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\696F3DE637E6DE85B458996D49D759AD
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\696F3DE637E6DE85B458996D49D759AD
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_88614FFAD35D353421B8A7E1FE18FCE4
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_88614FFAD35D353421B8A7E1FE18FCE4
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_C9FB72B5AE80778A08024D8B0FDECC6F
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_C9FB72B5AE80778A08024D8B0FDECC6F
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7396C420A8E1BC1DA97F1AF0D10BAD21
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7396C420A8E1BC1DA97F1AF0D10BAD21
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\96385D66FC0D184E05CF52F82EF524C0_211A310D4F931FB5C44BEAAD745DED15
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\96385D66FC0D184E05CF52F82EF524C0_211A310D4F931FB5C44BEAAD745DED15
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\96385D66FC0D184E05CF52F82EF524C0_5F146F572BF4DCA3E33C620B37D44C0C
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\96385D66FC0D184E05CF52F82EF524C0_5F146F572BF4DCA3E33C620B37D44C0C
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9915FBCE5ECE56452A09FB65EDE2FAD2_80F9A36DBD5FAAA38A8DED2B49FA4109
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9915FBCE5ECE56452A09FB65EDE2FAD2_80F9A36DBD5FAAA38A8DED2B49FA4109
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A9E4F776657345B52012CE8E279D314C_9E5F079A21E9B5A16B5D6449033D0D0E
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A9E4F776657345B52012CE8E279D314C_9E5F079A21E9B5A16B5D6449033D0D0E
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_592839A8569F831D0F2306AE4BB5C24B
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_592839A8569F831D0F2306AE4BB5C24B
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_D93C575AD9E9AF9B95268A3CB953B5A1
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_D93C575AD9E9AF9B95268A3CB953B5A1
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_FDB452422670E72EDD3FB3D65568F821
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_FDB452422670E72EDD3FB3D65568F821
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F12703B35B1F82C21160A92376087C84_D65FD79591497596ED270B90105A4D42
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F12703B35B1F82C21160A92376087C84_D65FD79591497596ED270B90105A4D42
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F5F320A94D4D2B4465D8F17E2BB2D351_93E466BB423204734963FF9282ED547F
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F5F320A94D4D2B4465D8F17E2BB2D351_93E466BB423204734963FF9282ED547F
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F6F92FBF4E8096C9272B135AF6140AA8_7A4E2A388EC0A74C0B0563A058DB29DE
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F6F92FBF4E8096C9272B135AF6140AA8_7A4E2A388EC0A74C0B0563A058DB29DE
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F90F18257CBB4D84216AC1E1F3BB2C76
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F90F18257CBB4D84216AC1E1F3BB2C76
11/3/2020 - 11:45:47.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
11/3/2020 - 11:45:47.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\Internet Explorer
11/3/2020 - 11:45:47.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\Internet Explorer
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\Internet Explorer
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\Internet Explorer\Services
11/3/2020 - 11:45:47.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\Internet Explorer\Services
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\Internet Explorer\Services
11/3/2020 - 11:45:47.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\Internet Explorer\Services
11/3/2020 - 11:45:47.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\Internet Explorer
11/3/2020 - 11:45:47.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft
11/3/2020 - 11:45:47.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/3/2020 - 11:45:47.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Adobe
11/3/2020 - 11:45:47.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Adobe
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Adobe
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Adobe\Flash Player
11/3/2020 - 11:45:47.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Adobe\Flash Player
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Adobe\Flash Player
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Adobe\Flash Player\NativeCache
11/3/2020 - 11:45:47.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Adobe\Flash Player\NativeCache
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Adobe\Flash Player\NativeCache
11/3/2020 - 11:45:47.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Adobe\Flash Player\NativeCache
11/3/2020 - 11:45:47.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Adobe\Flash Player
11/3/2020 - 11:45:47.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Adobe
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Identities
11/3/2020 - 11:45:47.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Identities
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Identities
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Identities\{5F13A065-9132-4C6F-A394-1C4D0DE64D1F}
11/3/2020 - 11:45:47.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Identities\{5F13A065-9132-4C6F-A394-1C4D0DE64D1F}
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Identities\{5F13A065-9132-4C6F-A394-1C4D0DE64D1F}
11/3/2020 - 11:45:47.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Identities\{5F13A065-9132-4C6F-A394-1C4D0DE64D1F}
11/3/2020 - 11:45:47.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Identities
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Media Center Programs
11/3/2020 - 11:45:47.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Media Center Programs
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Media Center Programs
11/3/2020 - 11:45:47.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Media Center Programs
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
11/3/2020 - 11:45:47.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Credentials
11/3/2020 - 11:45:47.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Credentials
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Credentials
11/3/2020 - 11:45:47.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Credentials
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
11/3/2020 - 11:45:47.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
11/3/2020 - 11:45:47.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
11/3/2020 - 11:45:47.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts
11/3/2020 - 11:45:47.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts
11/3/2020 - 11:45:47.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
11/3/2020 - 11:45:47.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
11/3/2020 - 11:45:47.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\UserData
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\UserData
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\UserData
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\UserData
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Network
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Network
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Network
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Network\Connections
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Network\Connections
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Network\Connections
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Network\Connections\Pbk
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Network\Connections\Pbk
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Network\Connections\Pbk
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Network\Connections\Pbk
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Network\Connections
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Network
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Protect
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Protect
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Protect
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Protect\CREDHIST
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Protect\CREDHIST
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Protect\S-1-5-21-2148495166-3420019059-1286093062-1001
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Protect\S-1-5-21-2148495166-3420019059-1286093062-1001
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Protect\S-1-5-21-2148495166-3420019059-1286093062-1001
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Protect\S-1-5-21-2148495166-3420019059-1286093062-1001\d64fc139-c309-4ed0-ad5a-84fe72b76ece
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Protect\S-1-5-21-2148495166-3420019059-1286093062-1001\d64fc139-c309-4ed0-ad5a-84fe72b76ece
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Protect\S-1-5-21-2148495166-3420019059-1286093062-1001\Preferred
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Protect\S-1-5-21-2148495166-3420019059-1286093062-1001\Preferred
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Protect\S-1-5-21-2148495166-3420019059-1286093062-1001
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Protect
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\0SX9NXYL.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\0SX9NXYL.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\12VUDNSG.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\12VUDNSG.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\19O5P9C0.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\19O5P9C0.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2V6DM9OZ.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2V6DM9OZ.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2X3BR6RQ.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2X3BR6RQ.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\3GKPXVZT.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\3GKPXVZT.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\3L3U065O.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\3L3U065O.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\49KMG096.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\49KMG096.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\5CHJIOTJ.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\5CHJIOTJ.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\5MEBXT6G.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\5MEBXT6G.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\6QEDDIFJ.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\6QEDDIFJ.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\7JEN94FE.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\7JEN94FE.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\7WTMPT1X.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\7WTMPT1X.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\8CS2PRM4.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\8CS2PRM4.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\8IS70EJY.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\8IS70EJY.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\8YR44F7C.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\8YR44F7C.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.dat
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.dat
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\D3LNK60R.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\D3LNK60R.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\DG9ZG57D.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\DG9ZG57D.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\GCQADA29.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\GCQADA29.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\GRO8Z4YG.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\GRO8Z4YG.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\IJ0RVW2Q.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\IJ0RVW2Q.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\J0QZ2T79.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\J0QZ2T79.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\Low
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\Low
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\Low
11/3/2020 - 11:45:47.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\Low
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\M4DVBFFQ.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\M4DVBFFQ.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\MFZB191A.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\MFZB191A.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\N3KSM2NN.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\N3KSM2NN.txt
11/3/2020 - 11:45:47.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\OLU3XFVE.txt
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\OLU3XFVE.txt
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\P5H02U0I.txt
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\P5H02U0I.txt
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\RWFCWIM5.txt
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\RWFCWIM5.txt
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\S4OWK0RR.txt
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\S4OWK0RR.txt
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\S5MKAZSW.txt
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\S5MKAZSW.txt
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\SIYPXHAF.txt
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\SIYPXHAF.txt
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\TWRT86Z3.txt
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\TWRT86Z3.txt
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\TZGFZZAN.txt
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\TZGFZZAN.txt
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\YC1B78J5.txt
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\YC1B78J5.txt
11/3/2020 - 11:45:48.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException
11/3/2020 - 11:45:48.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.dat
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.dat
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\Low
11/3/2020 - 11:45:48.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\Low
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\Low
11/3/2020 - 11:45:48.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\Low
11/3/2020 - 11:45:48.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache
11/3/2020 - 11:45:48.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.dat
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.dat
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
11/3/2020 - 11:45:48.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
11/3/2020 - 11:45:48.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
11/3/2020 - 11:45:48.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache
11/3/2020 - 11:45:48.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.dat
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.dat
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low
11/3/2020 - 11:45:48.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low
11/3/2020 - 11:45:48.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low
11/3/2020 - 11:45:48.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory
11/3/2020 - 11:45:48.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.dat
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.dat
11/3/2020 - 11:45:48.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries
11/3/2020 - 11:45:48.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms
11/3/2020 - 11:45:48.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Libraries
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Network Shortcuts
11/3/2020 - 11:45:48.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Network Shortcuts
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Network Shortcuts
11/3/2020 - 11:45:48.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Network Shortcuts
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
11/3/2020 - 11:45:48.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
11/3/2020 - 11:45:48.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\PrivacIE
11/3/2020 - 11:45:48.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\PrivacIE
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\PrivacIE
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
11/3/2020 - 11:45:48.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
11/3/2020 - 11:45:48.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
11/3/2020 - 11:45:48.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\PrivacIE
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent
11/3/2020 - 11:45:48.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations
11/3/2020 - 11:45:48.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\1b4dd67f29cb1962.automaticDestinations-ms
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\1b4dd67f29cb1962.automaticDestinations-ms
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\7e4dca80246863e3.automaticDestinations-ms
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\7e4dca80246863e3.automaticDestinations-ms
11/3/2020 - 11:45:48.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
11/3/2020 - 11:45:48.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1b4dd67f29cb1962.customDestinations-ms
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1b4dd67f29cb1962.customDestinations-ms
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5afe4de1b92fc382.customDestinations-ms
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5afe4de1b92fc382.customDestinations-ms
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7e4dca80246863e3.customDestinations-ms
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7e4dca80246863e3.customDestinations-ms
11/3/2020 - 11:45:48.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\Monitor.lnk
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent\Monitor.lnk
11/3/2020 - 11:45:48.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Recent
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\SendTo
11/3/2020 - 11:45:48.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\SendTo
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\SendTo
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\SendTo\Compressed (zipped) Folder.ZFSendToTarget
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\SendTo\Compressed (zipped) Folder.ZFSendToTarget
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\SendTo\Documentos.mydocs
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\SendTo\Documentos.mydocs
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\SendTo\Mail Recipient.MAPIMail
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\SendTo\Mail Recipient.MAPIMail
11/3/2020 - 11:45:48.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\SendTo
11/3/2020 - 11:45:48.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
11/3/2020 - 11:45:48.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
11/3/2020 - 11:45:48.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
11/3/2020 - 11:45:48.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
11/3/2020 - 11:45:48.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
11/3/2020 - 11:45:48.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
11/3/2020 - 11:45:48.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk
11/3/2020 - 11:45:48.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
11/3/2020 - 11:45:48.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
11/3/2020 - 11:45:48.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini
11/3/2020 - 11:45:48.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
11/3/2020 - 11:45:48.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk
11/3/2020 - 11:45:48.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
11/3/2020 - 11:45:48.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
11/3/2020 - 11:45:48.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
11/3/2020 - 11:45:48.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
11/3/2020 - 11:45:48.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Templates
11/3/2020 - 11:45:48.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Templates
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Templates
11/3/2020 - 11:45:48.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Templates
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes
11/3/2020 - 11:45:48.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
11/3/2020 - 11:45:48.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes
11/3/2020 - 11:45:48.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
11/3/2020 - 11:45:48.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
11/3/2020 - 11:45:48.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/3/2020 - 11:45:48.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Configuraes locais
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Configuraes locais
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Configuraes locais
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Configuraes locais
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Contacts
11/3/2020 - 11:45:48.43Unknown1480C:\malware.exeC:\Users\Behemot\Contacts
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Contacts
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Contacts\Behemot.contact
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Contacts\Behemot.contact
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Contacts\desktop.ini
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Contacts\desktop.ini
11/3/2020 - 11:45:48.43Unknown1480C:\malware.exeC:\Users\Behemot\Contacts
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Cookies
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Cookies
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Cookies
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Cookies
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Dados de aplicativos
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Dados de aplicativos
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Dados de aplicativos
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Dados de aplicativos
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Desktop
11/3/2020 - 11:45:48.43Unknown1480C:\malware.exeC:\Users\Behemot\Desktop
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Desktop
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
11/3/2020 - 11:45:48.43Unknown1480C:\malware.exeC:\Users\Behemot\Desktop
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Documents
11/3/2020 - 11:45:48.43Unknown1480C:\malware.exeC:\Users\Behemot\Documents
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Documents
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Documents\desktop.ini
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Documents\desktop.ini
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Documents\Meus vdeos
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Documents\Meus vdeos
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Documents\Meus vdeos
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Documents\Meus vdeos
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Documents\Minhas imagens
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Documents\Minhas imagens
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Documents\Minhas imagens
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Documents\Minhas imagens
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Documents\Minhas msicas
11/3/2020 - 11:45:48.43Open1480C:\malware.exeC:\Users\Behemot\Documents\Minhas msicas
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Documents\Minhas msicas
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Documents\Minhas msicas
11/3/2020 - 11:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\Documents
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Downloads
11/3/2020 - 11:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\Downloads
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Downloads
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Downloads\desktop.ini
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Downloads\desktop.ini
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor
11/3/2020 - 11:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor
11/3/2020 - 11:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\Files
11/3/2020 - 11:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\Files
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\Files
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\Files\DeletedFiles
11/3/2020 - 11:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\Files\DeletedFiles
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\Files\DeletedFiles
11/3/2020 - 11:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\Files\DeletedFiles
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\Files\Logs
11/3/2020 - 11:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\Files\Logs
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\Files\Logs
11/3/2020 - 11:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\Files\Logs
11/3/2020 - 11:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\Files
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\Malware
11/3/2020 - 11:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\Malware
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\Malware
11/3/2020 - 11:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\Malware
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package
11/3/2020 - 11:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.sys
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.sys
11/3/2020 - 11:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WKCDController.exe
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WKCDController.exe
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WKCD_Load_Use.exe
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WKCD_Load_Use.exe
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\zip.exe
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\zip.exe
11/3/2020 - 11:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor
11/3/2020 - 11:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor.zip
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor.zip
11/3/2020 - 11:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\Downloads
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Favorites
11/3/2020 - 11:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\Favorites
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Favorites
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Favorites\desktop.ini
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Favorites\desktop.ini
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links
11/3/2020 - 11:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\Favorites\Links
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links\desktop.ini
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links\desktop.ini
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Sites Sugeridos.url
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Sites Sugeridos.url
11/3/2020 - 11:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\Favorites\Links
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
11/3/2020 - 11:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\desktop.ini
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\desktop.ini
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url
11/3/2020 - 11:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
11/3/2020 - 11:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\Favorites
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Links
11/3/2020 - 11:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\Links
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Links
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Links\desktop.ini
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Links\desktop.ini
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Links\Desktop.lnk
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Links\Desktop.lnk
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Links\Downloads.lnk
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Links\Downloads.lnk
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Links\RecentPlaces.lnk
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Links\RecentPlaces.lnk
11/3/2020 - 11:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\Links
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Menu Iniciar
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Menu Iniciar
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Menu Iniciar
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Menu Iniciar
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Meus documentos
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Meus documentos
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Meus documentos
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Meus documentos
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Modelos
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Modelos
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Modelos
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Modelos
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Music
11/3/2020 - 11:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\Music
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Music
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Music\desktop.ini
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Music\desktop.ini
11/3/2020 - 11:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\Music
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\NTUSER.DAT
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\NTUSER.DAT
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\ntuser.dat.LOG1
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\ntuser.dat.LOG1
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\ntuser.dat.LOG2
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\ntuser.dat.LOG2
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\ntuser.ini
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\ntuser.ini
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Pictures
11/3/2020 - 11:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\Pictures
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Pictures
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Pictures\desktop.ini
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Pictures\desktop.ini
11/3/2020 - 11:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\Pictures
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Recent
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Recent
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Recent
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Recent
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Saved Games
11/3/2020 - 11:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\Saved Games
11/3/2020 - 11:45:48.59Open1480C:\malware.exeC:\Users\Behemot\Saved Games
11/3/2020 - 11:45:48.137Open1480C:\malware.exeC:\Users\Behemot\Saved Games\desktop.ini
11/3/2020 - 11:45:48.137Open1480C:\malware.exeC:\Users\Behemot\Saved Games\desktop.ini
11/3/2020 - 11:45:48.137Unknown1480C:\malware.exeC:\Users\Behemot\Saved Games
11/3/2020 - 11:45:48.137Open1480C:\malware.exeC:\Users\Behemot\Searches
11/3/2020 - 11:45:48.137Unknown1480C:\malware.exeC:\Users\Behemot\Searches
11/3/2020 - 11:45:48.137Open1480C:\malware.exeC:\Users\Behemot\Searches
11/3/2020 - 11:45:48.137Open1480C:\malware.exeC:\Users\Behemot\Searches\desktop.ini
11/3/2020 - 11:45:48.137Open1480C:\malware.exeC:\Users\Behemot\Searches\desktop.ini
11/3/2020 - 11:45:48.137Open1480C:\malware.exeC:\Users\Behemot\Searches\Everywhere.search-ms
11/3/2020 - 11:45:48.137Open1480C:\malware.exeC:\Users\Behemot\Searches\Everywhere.search-ms
11/3/2020 - 11:45:48.137Open1480C:\malware.exeC:\Users\Behemot\Searches\Indexed Locations.search-ms
11/3/2020 - 11:45:48.137Open1480C:\malware.exeC:\Users\Behemot\Searches\Indexed Locations.search-ms
11/3/2020 - 11:45:48.137Unknown1480C:\malware.exeC:\Users\Behemot\Searches
11/3/2020 - 11:45:48.137Open1480C:\malware.exeC:\Users\Behemot\SendTo
11/3/2020 - 11:45:48.137Open1480C:\malware.exeC:\Users\Behemot\SendTo
11/3/2020 - 11:45:48.137Open1480C:\malware.exeC:\Users\Behemot\SendTo
11/3/2020 - 11:45:48.137Open1480C:\malware.exeC:\Users\Behemot\SendTo
11/3/2020 - 11:45:48.137Open1480C:\malware.exeC:\Users\Behemot\Videos
11/3/2020 - 11:45:48.137Unknown1480C:\malware.exeC:\Users\Behemot\Videos
11/3/2020 - 11:45:48.137Open1480C:\malware.exeC:\Users\Behemot\Videos
11/3/2020 - 11:45:48.137Open1480C:\malware.exeC:\Users\Behemot\Videos\desktop.ini
11/3/2020 - 11:45:48.137Open1480C:\malware.exeC:\Users\Behemot\Videos\desktop.ini
11/3/2020 - 11:45:48.137Unknown1480C:\malware.exeC:\Users\Behemot\Videos
11/3/2020 - 11:45:48.137Unknown1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 11:45:48.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\protection.ini
11/3/2020 - 11:45:48.137Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\protection.iniprotection.ini
11/3/2020 - 11:45:48.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\protection.iniprotection.ini
11/3/2020 - 11:45:48.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\protection.ini
11/3/2020 - 11:45:48.137Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\protection.iniprotection.ini
11/3/2020 - 11:45:48.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\protection.iniprotection.ini
11/3/2020 - 11:45:48.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\protection.ini
11/3/2020 - 11:45:48.137Open1480C:\malware.exeC:\Monitor\Files\DeletedFiles\protection.ini
11/3/2020 - 11:45:48.137Write1480C:\malware.exeC:\Monitor\Files\DeletedFiles\protection.iniprotection.ini
11/3/2020 - 11:45:48.137Delete1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\protection.iniprotection.ini
11/3/2020 - 11:45:48.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\protection.iniprotection.ini
11/3/2020 - 11:45:48.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\protection.iniprotection.ini
11/3/2020 - 11:45:48.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\KB119875.txt
11/3/2020 - 11:45:48.137Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\KB119875.txt
11/3/2020 - 11:45:48.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\KB119875.txt
11/3/2020 - 11:45:48.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exe
11/3/2020 - 11:45:48.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exe
11/3/2020 - 11:45:48.137Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exePlugin_IE8_.exe
11/3/2020 - 11:45:48.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exePlugin_IE8_.exe
11/3/2020 - 11:45:49.215Open1480C:\malware.exeC:\Monitor
11/3/2020 - 11:45:49.215Unknown1480C:\malware.exeC:\Monitor
11/3/2020 - 11:45:49.215Open1480C:\malware.exeC:\PROPSYS.dll
11/3/2020 - 11:45:49.215Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
11/3/2020 - 11:45:49.215Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
11/3/2020 - 11:45:49.215Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:49.215Open1480C:\malware.exeC:\malware.exe.Local
11/3/2020 - 11:45:49.215Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:49.215Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:49.215Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:49.215Open1480C:\malware.exeC:\apphelp.dll
11/3/2020 - 11:45:49.215Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
11/3/2020 - 11:45:49.215Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
11/3/2020 - 11:45:49.215Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
11/3/2020 - 11:45:49.215Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 11:45:49.215Open1480C:\malware.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:49.215Unknown1480C:\malware.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:49.215Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
11/3/2020 - 11:45:49.215Open1480C:\malware.exeC:\
11/3/2020 - 11:45:49.215Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:49.215Open1480C:\malware.exeC:\Windows
11/3/2020 - 11:45:49.215Unknown1480C:\malware.exeC:\Windows
11/3/2020 - 11:45:49.215Open1480C:\malware.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:49.215Unknown1480C:\malware.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:49.215Open1480C:\malware.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:49.215Unknown1480C:\malware.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:49.215Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
11/3/2020 - 11:45:49.215Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
11/3/2020 - 11:45:49.215Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
11/3/2020 - 11:45:49.215Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
11/3/2020 - 11:45:49.215Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
11/3/2020 - 11:45:49.231Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
11/3/2020 - 11:45:49.231Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
11/3/2020 - 11:45:49.231Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
11/3/2020 - 11:45:49.231Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
11/3/2020 - 11:45:49.231Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
11/3/2020 - 11:45:49.231Unknown1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
11/3/2020 - 11:45:49.231Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
11/3/2020 - 11:45:49.231Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
11/3/2020 - 11:45:49.231Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
11/3/2020 - 11:45:49.231Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
11/3/2020 - 11:45:49.231Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
11/3/2020 - 11:45:49.231Open1480C:\malware.exeC:\malware.exe.Local
11/3/2020 - 11:45:49.231Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:49.231Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:49.231Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:49.247Open1480C:\malware.exeC:\Monitor\cmd.exe
11/3/2020 - 11:45:49.247Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 11:45:49.247Open1480C:\malware.exeC:\
11/3/2020 - 11:45:49.247Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:49.247Open1480C:\malware.exeC:\Windows
11/3/2020 - 11:45:49.247Unknown1480C:\malware.exeC:\Windows
11/3/2020 - 11:45:49.247Open1480C:\malware.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:49.247Unknown1480C:\malware.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:49.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
11/3/2020 - 11:45:49.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
11/3/2020 - 11:45:49.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
11/3/2020 - 11:45:49.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
11/3/2020 - 11:45:49.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
11/3/2020 - 11:45:49.293Open1480C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
11/3/2020 - 11:45:49.293Read1480C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
11/3/2020 - 11:45:49.293Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
11/3/2020 - 11:45:49.293Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
11/3/2020 - 11:45:49.293Open1480C:\malware.exeC:\Windows\System32\propsys.dll
11/3/2020 - 11:45:49.293Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
11/3/2020 - 11:45:49.293Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
11/3/2020 - 11:45:49.293Open1480C:\malware.exeC:\Windows\System32\propsys.dll
11/3/2020 - 11:45:49.403Open1480C:\malware.exeC:\Monitor
11/3/2020 - 11:45:49.403Unknown1480C:\malware.exeC:\Monitor
11/3/2020 - 11:45:49.403Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 11:45:49.590Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 11:45:49.590Open1480C:\malware.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:49.590Unknown1480C:\malware.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:49.590Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 11:45:49.590Open1480C:\malware.exeC:\
11/3/2020 - 11:45:49.590Unknown1480C:\malware.exeC:\
11/3/2020 - 11:45:49.590Open1480C:\malware.exeC:\Windows
11/3/2020 - 11:45:49.590Unknown1480C:\malware.exeC:\Windows
11/3/2020 - 11:45:49.590Open1480C:\malware.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:49.590Unknown1480C:\malware.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:49.590Open1480C:\malware.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:49.590Unknown1480C:\malware.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:49.590Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 11:45:49.590Read1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 11:45:49.590Read1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 11:45:49.590Read1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 11:45:49.590Open1480C:\malware.exeC:\Windows\SysWOW64\ui\SwDRM.dll
11/3/2020 - 11:45:49.590Open1480C:\malware.exeC:\avenger.txt
11/3/2020 - 11:45:49.590Open1480C:\malware.exeC:\backup.reg
11/3/2020 - 11:45:49.590Open1480C:\malware.exeC:\cleanup.bat
11/3/2020 - 11:45:49.590Open1480C:\malware.exeC:\zip.exe
11/3/2020 - 11:45:49.590Unknown1480C:\malware.exeC:\zip.exe
11/3/2020 - 11:45:49.590Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exe
11/3/2020 - 11:45:49.590Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.dll
11/3/2020 - 11:45:49.590Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exe
11/3/2020 - 11:45:49.590Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.dll
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
11/3/2020 - 11:45:49.653Read1500C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
11/3/2020 - 11:45:49.653Read1500C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
11/3/2020 - 11:45:49.653Read1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 11:45:49.653Read1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 11:45:49.653Read1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
11/3/2020 - 11:45:49.653Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
11/3/2020 - 11:45:49.653Read1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 11:45:49.653Read1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 11:45:49.653Read1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
11/3/2020 - 11:45:49.653Read1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
11/3/2020 - 11:45:49.653Read1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
11/3/2020 - 11:45:49.653Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 11:45:49.668Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 11:45:49.668Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 11:45:49.668Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 11:45:49.668Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 11:45:49.668Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 11:45:49.668Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 11:45:49.668Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:49.668Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 11:45:49.668Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 11:45:49.668Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
11/3/2020 - 11:45:49.668Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:49.668Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 11:45:49.668Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
11/3/2020 - 11:45:49.668Unknown1500C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
11/3/2020 - 11:45:49.668Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 11:45:49.668Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:49.668Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:49.668Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:49.668Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:49.668Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:49.668Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:49.668Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64log.dll
11/3/2020 - 11:45:49.668Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 11:45:49.668Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 11:45:49.668Open1500C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:49.887Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
11/3/2020 - 11:45:49.887Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
11/3/2020 - 11:45:49.887Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:49.887Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:49.887Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:49.887Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:49.887Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:49.887Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:49.887Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:49.887Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:49.887Read1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 11:45:49.887Open1500C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:49.887Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:49.887Open1500C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 11:45:49.887Unknown1500C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 11:45:49.887Open1500C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:49.887Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:49.903Read1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 11:45:49.903Open1500C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 11:45:49.903Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 11:45:49.903Open1500C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exe
11/3/2020 - 11:45:49.903Write1500C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exePlugin_IE8_.exe
11/3/2020 - 11:45:49.950Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exePlugin_IE8_.exe
11/3/2020 - 11:45:49.950Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
11/3/2020 - 11:45:49.950Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
11/3/2020 - 11:45:49.950Open1500C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 11:45:49.950Open1500C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 11:45:49.950Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 11:45:49.950Open1500C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exe
11/3/2020 - 11:45:49.950Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exePlugin_IE8_.exe
11/3/2020 - 11:45:49.950Open1500C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 11:45:49.950Unknown1500C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 11:45:49.950Open1500C:\Windows\SysWOW64\cmd.exeC:\Users
11/3/2020 - 11:45:49.950Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Users
11/3/2020 - 11:45:49.950Open1500C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
11/3/2020 - 11:45:49.950Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
11/3/2020 - 11:45:49.950Open1500C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:49.950Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:49.950Open1500C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:49.950Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:49.950Open1500C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 11:45:49.950Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 11:45:49.950Open1500C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exe
11/3/2020 - 11:45:49.950Read1500C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exePlugin_IE8_.exe
11/3/2020 - 11:45:49.950Open1500C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\ui\SwDRM.dll
11/3/2020 - 11:45:49.950Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 11:45:49.950Unknown1500C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:49.950Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\Prefetch\PLUGIN_IE8_.EXE-80998AAC.pf
11/3/2020 - 11:45:49.950Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows
11/3/2020 - 11:45:49.950Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:49.950Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:49.950Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:49.950Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:49.965Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:49.965Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:49.965Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\System32\wow64log.dll
11/3/2020 - 11:45:49.965Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows
11/3/2020 - 11:45:49.965Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows
11/3/2020 - 11:45:49.965Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Monitor
11/3/2020 - 11:45:49.965Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:49.965Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:49.965Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exe.Local
11/3/2020 - 11:45:49.965Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
11/3/2020 - 11:45:49.965Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
11/3/2020 - 11:45:49.965Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
11/3/2020 - 11:45:49.965Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
11/3/2020 - 11:45:49.965Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
11/3/2020 - 11:45:49.965Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Users\Behemot\AppData\Local\Temp\WSOCK32.DLL
11/3/2020 - 11:45:49.965Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\wsock32.dll
11/3/2020 - 11:45:49.965Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\wsock32.dll
11/3/2020 - 11:45:49.965Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:49.965Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:49.965Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:49.965Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:49.965Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:49.965Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:50.153Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\rpcss.dll
11/3/2020 - 11:45:50.153Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\rpcss.dll
11/3/2020 - 11:45:50.153Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:50.153Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:50.200Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Users\Behemot\AppData\Local\Temp\dwmapi.dll
11/3/2020 - 11:45:50.200Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\dwmapi.dll
11/3/2020 - 11:45:50.200Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\dwmapi.dll
11/3/2020 - 11:45:50.200Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 11:45:50.200Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 11:45:50.200Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\Fonts\msgothic.ttc
11/3/2020 - 11:45:50.200Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\Fonts\msgothic.ttc
11/3/2020 - 11:45:50.200Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\Fonts\msgothic.ttc
11/3/2020 - 11:45:50.215Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\Fonts\mingliu.ttc
11/3/2020 - 11:45:50.215Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\Fonts\mingliu.ttc
11/3/2020 - 11:45:50.215Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\Fonts\simsun.ttc
11/3/2020 - 11:45:50.215Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\Fonts\simsun.ttc
11/3/2020 - 11:45:50.215Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\Fonts\gulim.ttc
11/3/2020 - 11:45:50.231Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\Fonts\gulim.ttc
11/3/2020 - 11:45:50.231Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\Fonts\verdana.ttf
11/3/2020 - 11:45:50.231Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\Fonts\verdana.ttf
11/3/2020 - 11:45:50.231Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\uxtheme.dll.Config
11/3/2020 - 11:45:50.231Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:50.231Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exe.Local
11/3/2020 - 11:45:50.231Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:50.231Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:50.231Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:50.231Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:50.231Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:50.231Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\WindowsShell.Manifest
11/3/2020 - 11:45:50.231Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/3/2020 - 11:45:50.247Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\Fonts\StaticCache.dat
11/3/2020 - 11:45:50.247Read876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
11/3/2020 - 11:45:50.247Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Users\Behemot\AppData\Local\Temp\riched32.DLL
11/3/2020 - 11:45:50.247Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\riched32.dll
11/3/2020 - 11:45:50.247Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\riched32.dll
11/3/2020 - 11:45:50.247Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Users\Behemot\AppData\Local\Temp\RICHED20.dll
11/3/2020 - 11:45:50.247Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\riched20.dll
11/3/2020 - 11:45:50.247Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\riched20.dll
11/3/2020 - 11:45:50.247Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\win.ini
11/3/2020 - 11:45:50.247Read876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\win.ini
11/3/2020 - 11:45:50.262Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Users\Behemot\AppData\Local\Temp\CRYPTSP.dll
11/3/2020 - 11:45:50.262Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\cryptsp.dll
11/3/2020 - 11:45:50.262Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\cryptsp.dll
11/3/2020 - 11:45:50.262Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 11:45:50.262Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 11:45:50.262Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 11:45:50.262Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 11:45:50.262Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 11:45:50.262Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 11:45:50.262Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 11:45:50.262Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 11:45:50.262Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 11:45:50.262Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 11:45:50.262Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 11:45:50.262Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 11:45:50.325Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Users\Behemot\AppData\Local\Temp\KB119875.txt
11/3/2020 - 11:45:50.325Read876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Users\Behemot\AppData\Local\Temp\KB119875.txt
11/3/2020 - 11:45:50.325Read876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Users\Behemot\AppData\Local\Temp\KB119875.txt
11/3/2020 - 11:45:50.325Read876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
11/3/2020 - 11:45:50.325Read876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
11/3/2020 - 11:45:50.325Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Users\Behemot\AppData\Local\Temp\KB119875.txt
11/3/2020 - 11:45:50.325Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\avenger.txt
11/3/2020 - 11:45:50.325Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.325Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.325Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.325Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.325Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.325Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.325Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.325Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.325Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.325Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.325Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.325Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.325Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.325Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.325Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.325Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.325Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.325Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.325Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.325Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.325Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.325Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.325Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.325Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.325Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\tqhwgub.txt
11/3/2020 - 11:45:50.340Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\drivers\nleqm.sys
11/3/2020 - 11:45:50.340Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\drivers\nleqm.sys
11/3/2020 - 11:45:50.356Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\drivers\nleqm.sys
11/3/2020 - 11:45:50.356Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\zip.exe
11/3/2020 - 11:45:50.356Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\zip.exe
11/3/2020 - 11:45:50.356Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\zip.exe
11/3/2020 - 11:45:50.356Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\zip.exe
11/3/2020 - 11:45:50.356Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\cleanup.bat
11/3/2020 - 11:45:50.356Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\cleanup.bat
11/3/2020 - 11:45:50.356Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\cleanup.exe
11/3/2020 - 11:45:50.356Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\cleanup.exe
11/3/2020 - 11:45:50.356Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\cleanup.exe
11/3/2020 - 11:45:50.356Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\avexport.bat
11/3/2020 - 11:45:50.356Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\avexport.bat
11/3/2020 - 11:45:50.356Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\avexport.bat
11/3/2020 - 11:45:50.356Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Monitor
11/3/2020 - 11:45:50.356Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Monitor
11/3/2020 - 11:45:50.356Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\avexport.bat
11/3/2020 - 11:45:50.356Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\avexport.bat
11/3/2020 - 11:45:50.356Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Users\Behemot\AppData\Local\Temp\PROPSYS.dll
11/3/2020 - 11:45:50.356Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\propsys.dll
11/3/2020 - 11:45:50.356Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\propsys.dll
11/3/2020 - 11:45:50.356Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:50.356Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exe.Local
11/3/2020 - 11:45:50.372Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:50.372Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:50.372Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:50.372Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
11/3/2020 - 11:45:50.372Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
11/3/2020 - 11:45:50.372Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
11/3/2020 - 11:45:50.372Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
11/3/2020 - 11:45:50.372Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
11/3/2020 - 11:45:50.372Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Users\Behemot\Desktop\desktop.ini
11/3/2020 - 11:45:50.372Read876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Users\Behemot\Desktop\desktop.ini
11/3/2020 - 11:45:50.372Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\propsys.dll
11/3/2020 - 11:45:50.372Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\propsys.dll
11/3/2020 - 11:45:50.372Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\System32\propsys.dll
11/3/2020 - 11:45:50.372Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\propsys.dll
11/3/2020 - 11:45:50.372Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\propsys.dll
11/3/2020 - 11:45:50.372Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\System32\propsys.dll
11/3/2020 - 11:45:50.372Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Monitor
11/3/2020 - 11:45:50.372Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Monitor
11/3/2020 - 11:45:50.372Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\avexport.bat
11/3/2020 - 11:45:50.372Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\avexport.bat
11/3/2020 - 11:45:50.387Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\avexport.bat
11/3/2020 - 11:45:50.387Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\avexport.bat
11/3/2020 - 11:45:50.387Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\avexport.bat
11/3/2020 - 11:45:50.387Write876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\avexport.bat
11/3/2020 - 11:45:50.387Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\avexport.bat
11/3/2020 - 11:45:50.387Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\apphelp.dll
11/3/2020 - 11:45:50.387Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\apphelp.dll
11/3/2020 - 11:45:50.387Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 11:45:50.387Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\
11/3/2020 - 11:45:50.387Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\
11/3/2020 - 11:45:50.387Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\avexport.bat
11/3/2020 - 11:45:50.387Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\avexport.bat
11/3/2020 - 11:45:50.387Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\
11/3/2020 - 11:45:50.387Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\
11/3/2020 - 11:45:50.387Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\
11/3/2020 - 11:45:50.387Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\
11/3/2020 - 11:45:50.387Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\avexport.bat
11/3/2020 - 11:45:50.387Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\avexport.bat
11/3/2020 - 11:45:50.387Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\avexport.bat
11/3/2020 - 11:45:50.387Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\avexport.bat
11/3/2020 - 11:45:50.387Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\avexport.bat
11/3/2020 - 11:45:50.387Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\avexport.bat
11/3/2020 - 11:45:50.387Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\avexport.bat
11/3/2020 - 11:45:50.387Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\avexport.bat
11/3/2020 - 11:45:50.387Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\avexport.bat
11/3/2020 - 11:45:50.387Read876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\avexport.bat
11/3/2020 - 11:45:50.387Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\avexport.bat
11/3/2020 - 11:45:50.387Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\avexport.bat
11/3/2020 - 11:45:50.387Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\avexport.bat
11/3/2020 - 11:45:50.387Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\avexport.bat
11/3/2020 - 11:45:50.403Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\avexport.bat
11/3/2020 - 11:45:50.403Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 11:45:50.403Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 11:45:50.403Open876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 11:45:50.403Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 11:45:50.403Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 11:45:50.403Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
11/3/2020 - 11:45:50.481Read2264C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Users
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Users
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Users
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\Microsoft
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\Microsoft
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\Microsoft
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\UAFCZPL6.TXT
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dll
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dll
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 11:45:50.481Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 11:45:50.481Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 11:45:50.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dll
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
11/3/2020 - 11:45:50.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:50.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 11:45:50.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
11/3/2020 - 11:45:50.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exe
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exePlugin_IE8_.exe
11/3/2020 - 11:45:50.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 11:45:50.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
11/3/2020 - 11:45:50.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 11:45:50.497Open2264C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
11/3/2020 - 11:45:50.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 11:45:50.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\UAFCZPL6.TXT
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exePlugin_IE8_.exe
11/3/2020 - 11:45:50.497Open2264C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
11/3/2020 - 11:45:50.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exePlugin_IE8_.exe
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
11/3/2020 - 11:45:50.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 11:45:50.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:50.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:50.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:50.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:50.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:50.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:50.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64log.dll
11/3/2020 - 11:45:50.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 11:45:50.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 11:45:50.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:50.575Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows
11/3/2020 - 11:45:50.575Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Monitor
11/3/2020 - 11:45:50.575Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
11/3/2020 - 11:45:50.575Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:50.575Unknown876C:\Users\Behemot\AppData\Local\Temp\Plugin_IE8_.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
11/3/2020 - 11:45:50.668Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
11/3/2020 - 11:45:50.668Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
11/3/2020 - 11:45:50.668Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:50.668Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:50.668Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:50.668Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:50.684Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:50.684Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:50.684Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:50.684Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:50.684Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:50.684Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:50.684Open2264C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 11:45:50.684Unknown2264C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 11:45:50.684Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:50.684Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:50.684Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor\"C:\avexport.bat"
11/3/2020 - 11:45:50.684Open2264C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 11:45:50.684Unknown2264C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 11:45:50.684Open2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:50.684Open2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:50.684Unknown2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:50.684Open2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:50.684Unknown2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:50.684Open2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:50.684Unknown2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:50.684Open2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:50.684Open2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:50.684Unknown2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:50.684Open2264C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 11:45:50.684Unknown2264C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 11:45:50.684Unknown2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:50.684Open2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:50.684Read2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 11:45:50.684Read2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:50.684Read2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 11:45:50.684Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:50.684Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:50.684Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:50.684Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:50.684Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:50.684Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:50.684Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:50.684Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:50.684Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor\regedit.exe
11/3/2020 - 11:45:50.684Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:50.684Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:50.684Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:50.684Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:50.684Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:50.684Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:50.684Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:50.684Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:50.684Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 11:45:50.684Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 11:45:50.684Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:50.684Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:50.684Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:50.700Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
11/3/2020 - 11:45:50.700Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
11/3/2020 - 11:45:50.700Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 11:45:50.700Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:50.700Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:50.700Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:50.700Open2264C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 11:45:50.700Unknown2264C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 11:45:50.700Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 11:45:50.700Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 11:45:50.700Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:50.700Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:50.700Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:50.700Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:50.700Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:50.700Read2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:50.700Read2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:50.700Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ui\SwDRM.dll
11/3/2020 - 11:45:50.778Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\Prefetch\REGEDIT.EXE-2023FAA8.pf
11/3/2020 - 11:45:50.778Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:50.778Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:50.778Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:50.778Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:50.778Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:50.778Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:50.778Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:50.778Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64log.dll
11/3/2020 - 11:45:50.778Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:50.778Unknown2204C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:50.778Open2204C:\Windows\SysWOW64\regedit.exeC:\Monitor
11/3/2020 - 11:45:50.778Read2204C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:50.778Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:50.778Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:50.793Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe.Local
11/3/2020 - 11:45:50.793Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:50.793Unknown2204C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:50.793Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:50.793Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:50.793Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:50.793Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:50.793Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:50.809Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:50.809Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:50.809Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:50.809Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:50.809Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:50.809Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:50.809Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:50.809Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:50.809Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:50.809Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:50.809Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:50.809Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:50.825Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:50.825Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:50.825Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:50.825Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:50.825Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.mui
11/3/2020 - 11:45:50.825Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.Manifest
11/3/2020 - 11:45:50.825Unknown2204C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/3/2020 - 11:45:50.825Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:50.840Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe.Local
11/3/2020 - 11:45:50.840Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:50.840Unknown2204C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:50.840Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:50.840Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:50.840Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe.Local
11/3/2020 - 11:45:50.840Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:50.840Unknown2204C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:50.840Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:50.840Open2204C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 11:45:50.840Unknown2204C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 11:45:50.840Unknown2204C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:50.840Unknown2204C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:50.840Unknown2204C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:50.840Unknown2204C:\Windows\SysWOW64\regedit.exeC:\Monitor
11/3/2020 - 11:45:50.840Unknown2204C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:50.840Unknown2204C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.muiregedit.exe.mui
11/3/2020 - 11:45:50.903Open2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:50.903Read2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:50.903Unknown2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:50.903Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:50.903Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:50.903Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:50.903Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:50.903Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:50.903Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:50.903Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:50.903Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:50.903Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor\regedit.exe
11/3/2020 - 11:45:50.903Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:50.903Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:50.903Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:50.903Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:50.903Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:50.903Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:50.903Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:50.903Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:50.903Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:50.903Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:50.903Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:50.903Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:50.903Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 11:45:50.903Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:50.903Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:50.903Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:50.903Open2264C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 11:45:50.903Unknown2264C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 11:45:50.903Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 11:45:50.903Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 11:45:50.903Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:50.903Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:50.903Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:50.903Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:50.903Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:50.903Read2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:50.903Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ui\SwDRM.dll
11/3/2020 - 11:45:50.918Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\Prefetch\REGEDIT.EXE-2023FAA8.pf
11/3/2020 - 11:45:50.965Read1592C:\Windows\SysWOW64\regedit.exeC:\Windows\Prefetch\REGEDIT.EXE-2023FAA8.pfREGEDIT.EXE-2023FAA8.pf
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\Prefetch\REGEDIT.EXE-2023FAA8.pfREGEDIT.EXE-2023FAA8.pf
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exe\Device\HarddiskVolume2
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Users
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Users
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Users
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\user32.dll
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\user32.dll
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\apisetschema.dll
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\KernelBase.dll
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\locale.nls
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\locale.nls
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\cryptbase.dll
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shlwapi.dll
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shlwapi.dll
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\comdlg32.dll
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\comdlg32.dll
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ole32.dll
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ole32.dll
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\oleaut32.dll
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\oleaut32.dll
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[3].XML
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ws2_32.dll
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ws2_32.dll
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\nsi.dll
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\nsi.dll
11/3/2020 - 11:45:50.965Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:50.965Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:50.981Open1592C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
11/3/2020 - 11:45:50.981Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:50.981Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:50.981Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 11:45:50.981Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.mui
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.muiregedit.exe.mui
11/3/2020 - 11:45:50.981Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.Manifest
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/3/2020 - 11:45:50.981Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 11:45:50.981Read1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:50.981Read1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:50.981Read1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\locale.nls
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.muiregedit.exe.mui
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:50.981Open1592C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[3].XML
11/3/2020 - 11:45:50.981Open1592C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\user32.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shlwapi.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\comdlg32.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ole32.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\oleaut32.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ws2_32.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\nsi.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exe\Device\HarddiskVolume2
11/3/2020 - 11:45:50.981Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:50.981Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:50.981Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:50.981Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:50.981Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:50.981Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:50.981Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:50.981Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64log.dll
11/3/2020 - 11:45:50.981Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:50.981Open1592C:\Windows\SysWOW64\regedit.exeC:\Monitor
11/3/2020 - 11:45:50.981Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:50.981Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:50.981Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe.Local
11/3/2020 - 11:45:50.981Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:50.981Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:50.981Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:50.981Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:50.981Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:50.981Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:50.981Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:50.981Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:50.981Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:50.981Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:50.997Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:50.997Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:50.997Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:50.997Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:50.997Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:50.997Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:50.997Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:51.59Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:51.59Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:51.59Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:51.59Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:51.59Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:51.59Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:51.59Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.mui
11/3/2020 - 11:45:51.106Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.Manifest
11/3/2020 - 11:45:51.106Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/3/2020 - 11:45:51.106Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:51.106Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe.Local
11/3/2020 - 11:45:51.106Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.106Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.106Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.106Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:51.106Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe.Local
11/3/2020 - 11:45:51.106Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.106Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.106Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.106Open1592C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 11:45:51.106Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 11:45:51.106Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.106Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.106Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:51.106Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Monitor
11/3/2020 - 11:45:51.106Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.106Unknown1592C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.muiregedit.exe.mui
11/3/2020 - 11:45:51.153Open2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:51.153Read2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:51.153Unknown2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:51.153Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.153Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.153Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.153Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.153Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.153Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.153Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.153Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.153Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor\regedit.exe
11/3/2020 - 11:45:51.153Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.153Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.153Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.153Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.153Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.153Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.153Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.153Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.153Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.153Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.153Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:51.153Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 11:45:51.153Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.153Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.153Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:51.153Open2264C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 11:45:51.153Unknown2264C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 11:45:51.153Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 11:45:51.153Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 11:45:51.153Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.153Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.153Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.153Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.153Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:51.153Read2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:51.153Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ui\SwDRM.dll
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\Prefetch\REGEDIT.EXE-2023FAA8.pf
11/3/2020 - 11:45:51.215Read2452C:\Windows\SysWOW64\regedit.exeC:\Windows\Prefetch\REGEDIT.EXE-2023FAA8.pfREGEDIT.EXE-2023FAA8.pf
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\Prefetch\REGEDIT.EXE-2023FAA8.pfREGEDIT.EXE-2023FAA8.pf
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exe\Device\HarddiskVolume2
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Users
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Users
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Users
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\user32.dll
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\user32.dll
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\apisetschema.dll
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\KernelBase.dll
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\locale.nls
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\locale.nls
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\cryptbase.dll
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shlwapi.dll
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shlwapi.dll
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\comdlg32.dll
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\comdlg32.dll
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ole32.dll
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ole32.dll
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\oleaut32.dll
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\oleaut32.dll
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ws2_32.dll
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ws2_32.dll
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\nsi.dll
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\nsi.dll
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:51.215Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:51.215Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:51.231Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:51.231Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:51.231Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 11:45:51.231Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.mui
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.muiregedit.exe.mui
11/3/2020 - 11:45:51.231Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.Manifest
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/3/2020 - 11:45:51.231Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 11:45:51.231Open2452C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[3].XML
11/3/2020 - 11:45:51.231Open2452C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
11/3/2020 - 11:45:51.231Read2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:51.231Read2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\locale.nls
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.muiregedit.exe.mui
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:51.231Open2452C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[3].XML
11/3/2020 - 11:45:51.231Open2452C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\user32.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shlwapi.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\comdlg32.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ole32.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\oleaut32.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ws2_32.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\nsi.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exe\Device\HarddiskVolume2
11/3/2020 - 11:45:51.231Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:51.231Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:51.231Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:51.231Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:51.231Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:51.231Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:51.231Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:51.231Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64log.dll
11/3/2020 - 11:45:51.231Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:51.231Open2452C:\Windows\SysWOW64\regedit.exeC:\Monitor
11/3/2020 - 11:45:51.231Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:51.231Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:51.231Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe.Local
11/3/2020 - 11:45:51.231Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.231Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.231Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:51.231Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:51.231Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:51.231Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:51.231Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:51.231Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:51.231Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:51.247Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:51.247Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:51.247Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:51.247Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:51.247Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:51.247Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:51.247Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:51.247Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:51.309Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:51.309Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:51.309Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:51.309Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:51.309Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:51.309Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:51.309Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.mui
11/3/2020 - 11:45:51.356Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.Manifest
11/3/2020 - 11:45:51.356Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/3/2020 - 11:45:51.356Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:51.356Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe.Local
11/3/2020 - 11:45:51.356Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.356Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.356Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.356Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:51.356Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe.Local
11/3/2020 - 11:45:51.356Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.356Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.356Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.356Open2452C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 11:45:51.356Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 11:45:51.356Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.356Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.356Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:51.356Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Monitor
11/3/2020 - 11:45:51.356Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.356Unknown2452C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.muiregedit.exe.mui
11/3/2020 - 11:45:51.403Open2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:51.403Read2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:51.403Unknown2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:51.403Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.403Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.403Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.403Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.403Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.403Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.403Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.403Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.403Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor\regedit.exe
11/3/2020 - 11:45:51.403Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.403Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.403Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.403Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.403Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.403Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.403Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.403Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.403Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.403Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.403Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:51.403Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:51.403Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 11:45:51.403Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.403Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.403Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:51.403Open2264C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 11:45:51.403Unknown2264C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 11:45:51.403Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 11:45:51.403Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 11:45:51.403Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.403Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.403Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.403Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.403Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:51.403Read2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:51.403Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ui\SwDRM.dll
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\Prefetch\REGEDIT.EXE-2023FAA8.pf
11/3/2020 - 11:45:51.465Read2572C:\Windows\SysWOW64\regedit.exeC:\Windows\Prefetch\REGEDIT.EXE-2023FAA8.pfREGEDIT.EXE-2023FAA8.pf
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\Prefetch\REGEDIT.EXE-2023FAA8.pfREGEDIT.EXE-2023FAA8.pf
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exe\Device\HarddiskVolume2
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Users
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Users
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Users
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\user32.dll
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\user32.dll
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\apisetschema.dll
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\KernelBase.dll
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\locale.nls
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\locale.nls
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\cryptbase.dll
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shlwapi.dll
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shlwapi.dll
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\comdlg32.dll
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\comdlg32.dll
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ole32.dll
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ole32.dll
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\oleaut32.dll
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\oleaut32.dll
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ws2_32.dll
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ws2_32.dll
11/3/2020 - 11:45:51.465Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\nsi.dll
11/3/2020 - 11:45:51.465Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\nsi.dll
11/3/2020 - 11:45:51.481Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:51.481Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:51.481Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:51.481Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:51.481Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 11:45:51.481Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.mui
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.muiregedit.exe.mui
11/3/2020 - 11:45:51.481Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.Manifest
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/3/2020 - 11:45:51.481Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 11:45:51.481Open2572C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[3].XML
11/3/2020 - 11:45:51.481Open2572C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\locale.nls
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.muiregedit.exe.mui
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:51.481Open2572C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[3].XML
11/3/2020 - 11:45:51.481Open2572C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\user32.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shlwapi.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\comdlg32.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ole32.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\oleaut32.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ws2_32.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\nsi.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exe\Device\HarddiskVolume2
11/3/2020 - 11:45:51.481Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:51.481Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:51.481Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:51.481Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:51.481Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:51.481Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:51.481Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:51.481Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64log.dll
11/3/2020 - 11:45:51.481Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:51.481Open2572C:\Windows\SysWOW64\regedit.exeC:\Monitor
11/3/2020 - 11:45:51.481Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:51.481Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:51.481Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe.Local
11/3/2020 - 11:45:51.481Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.481Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.481Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:51.481Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:51.481Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:51.481Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:51.481Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:51.481Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:51.481Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:51.497Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:51.497Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:51.497Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:51.497Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:51.497Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:51.497Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:51.497Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:51.497Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:51.497Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:51.497Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:51.497Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:51.497Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:51.497Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:51.497Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:51.497Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.mui
11/3/2020 - 11:45:51.512Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.Manifest
11/3/2020 - 11:45:51.512Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/3/2020 - 11:45:51.512Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:51.512Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe.Local
11/3/2020 - 11:45:51.512Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.512Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.512Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.512Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:51.512Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe.Local
11/3/2020 - 11:45:51.512Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.512Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.512Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.512Open2572C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 11:45:51.512Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 11:45:51.512Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.512Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.512Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:51.512Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Monitor
11/3/2020 - 11:45:51.512Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.512Unknown2572C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.muiregedit.exe.mui
11/3/2020 - 11:45:51.528Open2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:51.528Read2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:51.528Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.528Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.528Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.528Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.528Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.528Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.528Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.528Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.528Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor\regedit.exe
11/3/2020 - 11:45:51.528Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.528Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.528Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.528Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.528Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.528Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.528Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.528Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.528Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.528Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.528Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:51.528Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 11:45:51.528Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.528Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.528Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:51.528Open2264C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 11:45:51.528Unknown2264C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 11:45:51.528Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 11:45:51.528Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 11:45:51.528Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.528Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.528Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.528Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.528Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:51.528Read2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:51.543Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ui\SwDRM.dll
11/3/2020 - 11:45:51.543Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\Prefetch\REGEDIT.EXE-2023FAA8.pf
11/3/2020 - 11:45:51.653Read3040C:\Windows\SysWOW64\regedit.exeC:\Windows\Prefetch\REGEDIT.EXE-2023FAA8.pfREGEDIT.EXE-2023FAA8.pf
11/3/2020 - 11:45:51.653Open3040C:\Windows\SysWOW64\regedit.exe\Device\HarddiskVolume2
11/3/2020 - 11:45:51.653Open3040C:\Windows\SysWOW64\regedit.exeC:\Users
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Users
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Users
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\user32.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\user32.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\apisetschema.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\KernelBase.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\locale.nls
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\locale.nls
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\cryptbase.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shlwapi.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shlwapi.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\comdlg32.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\comdlg32.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ole32.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ole32.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\oleaut32.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\oleaut32.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ws2_32.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ws2_32.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\nsi.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\nsi.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:51.793Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:51.793Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 11:45:51.809Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.mui
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.muiregedit.exe.mui
11/3/2020 - 11:45:51.809Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.Manifest
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/3/2020 - 11:45:51.809Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 11:45:51.809Open3040C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[3].XML
11/3/2020 - 11:45:51.809Open3040C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\locale.nls
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.muiregedit.exe.mui
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:51.809Open3040C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[3].XML
11/3/2020 - 11:45:51.809Open3040C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\user32.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shlwapi.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\comdlg32.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ole32.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\oleaut32.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ws2_32.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\nsi.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exe\Device\HarddiskVolume2
11/3/2020 - 11:45:51.809Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:51.809Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:51.809Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:51.809Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:51.809Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:51.809Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:51.809Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:51.809Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64log.dll
11/3/2020 - 11:45:51.809Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:51.809Open3040C:\Windows\SysWOW64\regedit.exeC:\Monitor
11/3/2020 - 11:45:51.809Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:51.809Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:51.809Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe.Local
11/3/2020 - 11:45:51.809Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.809Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.809Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:51.809Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:51.809Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:51.809Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:51.809Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:51.809Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:51.809Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:51.809Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:51.809Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:51.809Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:51.809Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:51.825Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:51.825Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:51.825Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:51.825Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:51.887Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:51.887Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:51.887Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:51.887Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:51.887Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:51.887Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:51.887Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.mui
11/3/2020 - 11:45:51.934Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.Manifest
11/3/2020 - 11:45:51.934Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/3/2020 - 11:45:51.934Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:51.934Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe.Local
11/3/2020 - 11:45:51.934Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.934Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.934Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.934Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:51.934Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe.Local
11/3/2020 - 11:45:51.934Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.934Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.934Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.934Open3040C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 11:45:51.934Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 11:45:51.934Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.934Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.934Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:51.934Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Monitor
11/3/2020 - 11:45:51.934Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:51.934Unknown3040C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.muiregedit.exe.mui
11/3/2020 - 11:45:51.997Open2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:51.997Read2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:51.997Unknown2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:51.997Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.997Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.997Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.997Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.997Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.997Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.997Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.997Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.997Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor\regedit.exe
11/3/2020 - 11:45:51.997Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.997Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.997Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.997Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.997Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.997Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.997Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.997Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.997Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.997Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:51.997Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:51.997Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 11:45:51.997Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.997Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.997Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:51.997Open2264C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 11:45:51.997Unknown2264C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 11:45:51.997Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 11:45:51.997Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 11:45:51.997Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.997Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.997Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.997Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:51.997Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:51.997Read2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:51.997Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ui\SwDRM.dll
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\Prefetch\REGEDIT.EXE-2023FAA8.pf
11/3/2020 - 11:45:52.59Read2496C:\Windows\SysWOW64\regedit.exeC:\Windows\Prefetch\REGEDIT.EXE-2023FAA8.pfREGEDIT.EXE-2023FAA8.pf
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\Prefetch\REGEDIT.EXE-2023FAA8.pfREGEDIT.EXE-2023FAA8.pf
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exe\Device\HarddiskVolume2
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Users
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Users
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Users
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\user32.dll
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\user32.dll
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\apisetschema.dll
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\KernelBase.dll
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\locale.nls
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\locale.nls
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\cryptbase.dll
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shlwapi.dll
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shlwapi.dll
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\comdlg32.dll
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\comdlg32.dll
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ole32.dll
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ole32.dll
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\oleaut32.dll
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\oleaut32.dll
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ws2_32.dll
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ws2_32.dll
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\nsi.dll
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\nsi.dll
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:52.59Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:52.59Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:52.75Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:52.75Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.75Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 11:45:52.75Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.mui
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.muiregedit.exe.mui
11/3/2020 - 11:45:52.75Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.Manifest
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/3/2020 - 11:45:52.75Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 11:45:52.75Open2496C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[3].XML
11/3/2020 - 11:45:52.75Open2496C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\locale.nls
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.muiregedit.exe.mui
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:52.75Open2496C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[3].XML
11/3/2020 - 11:45:52.75Open2496C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\user32.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shlwapi.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\comdlg32.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ole32.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\oleaut32.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ws2_32.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\nsi.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exe\Device\HarddiskVolume2
11/3/2020 - 11:45:52.75Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:52.75Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:52.75Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:52.75Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:52.75Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:52.75Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:52.75Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:52.75Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64log.dll
11/3/2020 - 11:45:52.75Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:52.75Open2496C:\Windows\SysWOW64\regedit.exeC:\Monitor
11/3/2020 - 11:45:52.75Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:52.75Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:52.75Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe.Local
11/3/2020 - 11:45:52.75Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.75Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.75Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:52.75Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:52.75Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:52.75Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:52.75Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:52.75Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:52.75Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:52.75Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:52.75Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:52.90Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:52.90Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:52.90Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:52.90Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:52.90Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:52.90Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:52.153Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.153Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.153Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.153Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.153Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.153Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.153Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.mui
11/3/2020 - 11:45:52.200Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.Manifest
11/3/2020 - 11:45:52.200Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/3/2020 - 11:45:52.200Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:52.200Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe.Local
11/3/2020 - 11:45:52.200Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.200Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.200Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.200Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:52.200Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe.Local
11/3/2020 - 11:45:52.200Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.200Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.200Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.200Open2496C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 11:45:52.200Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 11:45:52.200Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.200Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.200Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:52.200Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Monitor
11/3/2020 - 11:45:52.200Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.200Unknown2496C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.muiregedit.exe.mui
11/3/2020 - 11:45:52.247Open2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:52.247Read2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:52.247Unknown2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:52.247Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.247Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.247Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.247Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.247Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.247Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.247Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.247Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.247Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor\regedit.exe
11/3/2020 - 11:45:52.247Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.247Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.247Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.247Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.247Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.247Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.247Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.247Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.247Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.247Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.247Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:52.247Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 11:45:52.247Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.247Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.247Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:52.247Open2264C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 11:45:52.247Unknown2264C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 11:45:52.247Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 11:45:52.247Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 11:45:52.247Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.247Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.247Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.247Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.247Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:52.247Read2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:52.247Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ui\SwDRM.dll
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\Prefetch\REGEDIT.EXE-2023FAA8.pf
11/3/2020 - 11:45:52.309Read2168C:\Windows\SysWOW64\regedit.exeC:\Windows\Prefetch\REGEDIT.EXE-2023FAA8.pfREGEDIT.EXE-2023FAA8.pf
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\Prefetch\REGEDIT.EXE-2023FAA8.pfREGEDIT.EXE-2023FAA8.pf
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exe\Device\HarddiskVolume2
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Users
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Users
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Users
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\user32.dll
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\user32.dll
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\apisetschema.dll
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\KernelBase.dll
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\locale.nls
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\locale.nls
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\cryptbase.dll
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shlwapi.dll
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shlwapi.dll
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\comdlg32.dll
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\comdlg32.dll
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ole32.dll
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ole32.dll
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\oleaut32.dll
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\oleaut32.dll
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ws2_32.dll
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ws2_32.dll
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\nsi.dll
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\nsi.dll
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:52.309Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:52.309Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:52.325Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:52.325Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.325Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 11:45:52.325Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.mui
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.muiregedit.exe.mui
11/3/2020 - 11:45:52.325Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.Manifest
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/3/2020 - 11:45:52.325Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 11:45:52.325Open2168C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[3].XML
11/3/2020 - 11:45:52.325Open2168C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\locale.nls
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.muiregedit.exe.mui
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:52.325Open2168C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[3].XML
11/3/2020 - 11:45:52.325Open2168C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\user32.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shlwapi.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\comdlg32.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ole32.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\oleaut32.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ws2_32.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\nsi.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exe\Device\HarddiskVolume2
11/3/2020 - 11:45:52.325Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:52.325Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:52.325Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:52.325Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:52.325Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:52.325Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:52.325Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:52.325Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64log.dll
11/3/2020 - 11:45:52.325Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:52.325Open2168C:\Windows\SysWOW64\regedit.exeC:\Monitor
11/3/2020 - 11:45:52.325Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:52.325Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:52.325Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe.Local
11/3/2020 - 11:45:52.325Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.325Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.325Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:52.325Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:52.325Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:52.325Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:52.325Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:52.325Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:52.325Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:52.325Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:52.325Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:52.340Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:52.340Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:52.340Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:52.340Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:52.340Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:52.340Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:52.403Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.403Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.403Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.403Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.403Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.403Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.403Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.mui
11/3/2020 - 11:45:52.450Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.Manifest
11/3/2020 - 11:45:52.450Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/3/2020 - 11:45:52.450Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:52.450Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe.Local
11/3/2020 - 11:45:52.450Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.450Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.450Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.450Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:52.450Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe.Local
11/3/2020 - 11:45:52.450Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.450Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.450Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.450Open2168C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 11:45:52.450Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 11:45:52.450Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.450Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.450Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:52.450Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Monitor
11/3/2020 - 11:45:52.450Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.450Unknown2168C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.muiregedit.exe.mui
11/3/2020 - 11:45:52.497Open2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:52.497Read2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:52.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:52.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor\regedit.exe
11/3/2020 - 11:45:52.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:52.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 11:45:52.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:52.497Open2264C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 11:45:52.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 11:45:52.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 11:45:52.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 11:45:52.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.497Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:52.497Read2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:52.497Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ui\SwDRM.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\Prefetch\REGEDIT.EXE-2023FAA8.pf
11/3/2020 - 11:45:52.559Read2560C:\Windows\SysWOW64\regedit.exeC:\Windows\Prefetch\REGEDIT.EXE-2023FAA8.pfREGEDIT.EXE-2023FAA8.pf
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\Prefetch\REGEDIT.EXE-2023FAA8.pfREGEDIT.EXE-2023FAA8.pf
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exe\Device\HarddiskVolume2
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Users
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Users
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Users
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\user32.dll
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\user32.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\apisetschema.dll
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\KernelBase.dll
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\locale.nls
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\locale.nls
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\cryptbase.dll
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shlwapi.dll
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shlwapi.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\comdlg32.dll
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\comdlg32.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ole32.dll
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ole32.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\oleaut32.dll
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\oleaut32.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ws2_32.dll
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ws2_32.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\nsi.dll
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\nsi.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:52.559Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:52.559Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:52.575Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.575Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 11:45:52.575Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.mui
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.muiregedit.exe.mui
11/3/2020 - 11:45:52.575Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.Manifest
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/3/2020 - 11:45:52.575Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 11:45:52.575Open2560C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[3].XML
11/3/2020 - 11:45:52.575Open2560C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\locale.nls
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.muiregedit.exe.mui
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:52.575Open2560C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[3].XML
11/3/2020 - 11:45:52.575Open2560C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\user32.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shlwapi.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\comdlg32.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ole32.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\oleaut32.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ws2_32.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\nsi.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exe\Device\HarddiskVolume2
11/3/2020 - 11:45:52.575Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:52.575Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:52.575Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:52.575Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:52.575Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:52.575Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:52.575Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:52.575Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64log.dll
11/3/2020 - 11:45:52.575Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:52.575Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:52.575Open2560C:\Windows\SysWOW64\regedit.exeC:\Monitor
11/3/2020 - 11:45:52.575Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:52.575Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:52.590Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe.Local
11/3/2020 - 11:45:52.590Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.590Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.590Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.590Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:52.590Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:52.590Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:52.590Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:52.590Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:52.590Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:52.590Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:52.590Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:52.590Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:52.590Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:52.590Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:52.590Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:52.590Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:52.590Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:52.590Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:52.590Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:52.668Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.668Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.668Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.668Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.668Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.668Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.668Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.mui
11/3/2020 - 11:45:52.715Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.Manifest
11/3/2020 - 11:45:52.715Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/3/2020 - 11:45:52.715Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:52.715Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe.Local
11/3/2020 - 11:45:52.715Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.715Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.715Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.715Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:52.715Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe.Local
11/3/2020 - 11:45:52.715Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.715Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.715Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.715Open2560C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 11:45:52.715Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 11:45:52.715Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.715Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.715Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:52.715Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Monitor
11/3/2020 - 11:45:52.715Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.715Unknown2560C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.muiregedit.exe.mui
11/3/2020 - 11:45:52.762Open2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:52.762Read2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:52.762Unknown2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:52.762Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.762Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.762Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.762Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.762Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.762Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.762Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.762Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.762Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor\regedit.exe
11/3/2020 - 11:45:52.762Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.762Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.762Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.762Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.762Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.762Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.762Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.762Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.762Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.762Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:52.762Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:52.762Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:52.762Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 11:45:52.762Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.762Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.762Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:52.762Open2264C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 11:45:52.762Unknown2264C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 11:45:52.762Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 11:45:52.762Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 11:45:52.762Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.762Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.762Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.762Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.762Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:52.762Read2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:52.762Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ui\SwDRM.dll
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\Prefetch\REGEDIT.EXE-2023FAA8.pf
11/3/2020 - 11:45:52.825Read2608C:\Windows\SysWOW64\regedit.exeC:\Windows\Prefetch\REGEDIT.EXE-2023FAA8.pfREGEDIT.EXE-2023FAA8.pf
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\Prefetch\REGEDIT.EXE-2023FAA8.pfREGEDIT.EXE-2023FAA8.pf
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exe\Device\HarddiskVolume2
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Users
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Users
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Users
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\user32.dll
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\user32.dll
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\apisetschema.dll
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\KernelBase.dll
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\locale.nls
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\locale.nls
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\cryptbase.dll
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shlwapi.dll
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shlwapi.dll
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\comdlg32.dll
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\comdlg32.dll
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ole32.dll
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ole32.dll
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\oleaut32.dll
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\oleaut32.dll
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ws2_32.dll
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ws2_32.dll
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\nsi.dll
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\nsi.dll
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:52.825Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:52.825Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.mui
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.muiregedit.exe.mui
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.Manifest
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[3].XML
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\locale.nls
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.muiregedit.exe.mui
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[3].XML
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\user32.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shlwapi.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\comdlg32.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ole32.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\oleaut32.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ws2_32.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\nsi.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exe\Device\HarddiskVolume2
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64log.dll
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Monitor
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe.Local
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:52.840Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\authz.dll
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdsapi.dll
11/3/2020 - 11:45:52.840Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:52.856Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ulib.dll
11/3/2020 - 11:45:52.856Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:52.856Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\clb.dll
11/3/2020 - 11:45:52.856Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:52.856Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 11:45:52.918Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.918Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.918Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.918Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.918Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.918Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 11:45:52.918Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.mui
11/3/2020 - 11:45:52.965Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.Manifest
11/3/2020 - 11:45:52.965Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/3/2020 - 11:45:52.965Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\aclui.dll
11/3/2020 - 11:45:52.965Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe.Local
11/3/2020 - 11:45:52.965Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.965Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.965Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.965Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 11:45:52.965Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\regedit.exe.Local
11/3/2020 - 11:45:52.965Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.965Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.965Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.965Open2608C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 11:45:52.965Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 11:45:52.965Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.965Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.965Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:52.965Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Monitor
11/3/2020 - 11:45:52.965Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:52.965Unknown2608C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR\regedit.exe.muiregedit.exe.mui
11/3/2020 - 11:45:53.12Open2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:53.12Read2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:53.12Unknown2264C:\Windows\SysWOW64\cmd.exeC:\avexport.bat
11/3/2020 - 11:45:53.12Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:53.12Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:53.12Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:53.12Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:53.12Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:53.12Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:53.12Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:53.12Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:53.12Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor\regedit.exe
11/3/2020 - 11:45:53.12Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:53.12Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:53.12Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:53.12Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:53.12Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:53.12Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:53.12Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:53.12Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:53.12Open2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:53.12Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 11:45:53.12Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:53.12Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:53.12Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 11:45:53.12Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:53.12Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:53.12Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:53.12Open2264C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 11:45:53.12Unknown2264C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 11:45:53.12Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 11:45:53.12Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 11:45:53.12Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:53.12Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:53.12Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:53.12Unknown2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:53.12Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:53.12Read2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\regedit.exe
11/3/2020 - 11:45:53.12Open2264C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ui\SwDRM.dll
11/3/2020 - 11:45:53.75Open2324C:\Windows\SysWOW64\regedit.exeC:\Windows\Prefetch\REGEDIT.EXE-2023FAA8.pf
11/3/2020 - 11:45:53.75Read2324C:\Windows\SysWOW64\regedit.exeC:\Windows\Prefetch\REGEDIT.EXE-2023FAA8.pfREGEDIT.EXE-2023FAA8.pf
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Windows\Prefetch\REGEDIT.EXE-2023FAA8.pfREGEDIT.EXE-2023FAA8.pf
11/3/2020 - 11:45:53.75Open2324C:\Windows\SysWOW64\regedit.exe\Device\HarddiskVolume2
11/3/2020 - 11:45:53.75Open2324C:\Windows\SysWOW64\regedit.exeC:\Users
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Users
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Users
11/3/2020 - 11:45:53.75Open2324C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot
11/3/2020 - 11:45:53.75Open2324C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData
11/3/2020 - 11:45:53.75Open2324C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 11:45:53.75Open2324C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft
11/3/2020 - 11:45:53.75Open2324C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/3/2020 - 11:45:53.75Open2324C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 11:45:53.75Open2324C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 11:45:53.75Open2324C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
11/3/2020 - 11:45:53.75Open2324C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
11/3/2020 - 11:45:53.75Open2324C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Windows
11/3/2020 - 11:45:53.75Open2324C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization
11/3/2020 - 11:45:53.75Open2324C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Windows\Globalization\Sorting
11/3/2020 - 11:45:53.75Open2324C:\Windows\SysWOW64\regedit.exeC:\Windows\System32
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Windows\System32
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Windows\System32
11/3/2020 - 11:45:53.75Open2324C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64
11/3/2020 - 11:45:53.75Open2324C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\pt-BR
11/3/2020 - 11:45:53.75Open2324C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 11:45:53.75Open2324C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 11:45:53.75Open2324C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64.dll
11/3/2020 - 11:45:53.75Open2324C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 11:45:53.75Open2324C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 11:45:53.75Open2324C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 11:45:53.75Open2324C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 11:45:53.75Open2324C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\user32.dll
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\user32.dll
11/3/2020 - 11:45:53.75Open2324C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 11:45:53.75Open2324C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\apisetschema.dll
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
11/3/2020 - 11:45:53.75Open2324C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\KernelBase.dll
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
11/3/2020 - 11:45:53.75Open2324C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\locale.nls
11/3/2020 - 11:45:53.75Unknown2324C:\Windows\SysWOW64\regedit.exeC:\Windows\System32\locale.nls
11/3/2020 - 11:45:53.75Open2324C:\Windows\SysWOW64\regedit.exeC:\Windows\SysWOW64\r