Corvus_ - Report #9843

Report #9843

Creation Date: April 7, 2020, 3:16 p.m.
Last Update: April 7, 2020, 3:25 p.m.
File: corona4.exe
Results:

General
Static
Detection
Dynamic
Graph
Network
Classification

Binary

DLL

False

Size

750.50KB

trid

39.9% Win32 Executable MS Visual C++
35.3% Win64 Executable
8.4% Win32 Dynamic Link Library
5.7% Win32 Executable
2.6% Win16/32 Executable Delphi generic

type

wordsize

Subsystem

Windows CLI

Hashes

md5

d1cc9f881592af9b3fc4217e64ef2357

sha1

3548daa29e71b237b0c44ef195db13f635a8b56b

crc32

0xf250ad05

sha224

a45b77ee6471b2b2bae236a21526601226f20fefe97293064a31f24e

sha256

d6eadba77e75b9d48e23583381caba3919938fd08088c1e3f2f2d9cc81b056bd

sha384

b14b2d132c3faa72bedfee6dc535b00b4415d0f3c1b8aa6ddeac2aef16083cf8167db2995b44ac47bcf0d8f548b61c92

sha512

cd831e2923f8c523fd8139c14d77797d81a1b2bfe5c2ca94241d5dc3abd5715b49a401358e5ceb17a74749f81e8de3f3138a209f2300fd1831d95708eb6436e7

ssdeep

12288:enCNT1iukC433mySvdl4Wl/toB/3mezW8QESyBOEdZoBl8y9ZDnHgRqF1nwAqDyB:enqT1f4mycHl/t2/37W8QE77mBJTDnAi

Community

Google

False

HashLib

False

YARA

Matches

RIPEMD160_Constants, PureBasic_4x_Neil_Hodgson, DebuggerException__SetConsoleCtrl, PureBasic4xNeilHodgson, contentis_base64, PureBasic_4x_Neil_Hodgson_additional, IP, SHA1_Constants, IsConsole, CRC32_table, IsPacked, Microsoft_Visual_Basic_v50, domain, CRC32_poly_Constant, MD5_Constants, IsPE32, win_files_operation, Big_Numbers1, PureBasic

Suspicious

True

Strings

List

C.St
f9.tD
RkB1.iD
d.As
H.Fi
2.Vn
W.ki
E.Np'
ntdll.dll
IeN,N,c8
=Nf))S
Ha%/
&oNlc*A
name="Microsoft.Windows.Common-Controls"
%G]W?rh
{o%E#
Division by zero
nfDA
GM%ua
Debugger breakpoint reached
_wcsnicmp
_wcsicmp
Downloads\
4EB6ED9C60B10649AFEA107DA5EA1291
publicKeyToken="6595b64144ccf1df"
BiSSh
GetProcAddress
c9.bo?_
ExitProcess
Division by zero (floating-point)
GetForegroundWindow
SshD
TerminateProcess
CreateProcessW
ShellExecuteExW
RemoveDirectoryW
CreateFileW
DeleteFileW
GetModuleHandleW
HeapCreate
CreateDirectoryW
WriteFile
FreeLibrary
LoadLibraryExW
LoadLibraryW
TerminateThread
SetFilePointer
PeekNamedPipe
LoadResource
GetModuleFileNameW
Exception handler tried to continue after non-continuable exception
Invalid floating-point operation
Floating-point stack overflow or underflow
Denormal floating-point operand
Inexact floating-point result
inflate 1.2.8 Copyright 1995-2013 Mark Adler
l%/0RuF
%/[@
Sleep
i^dFh
WH_E
too many length or distance symbols
version="1.0.0.0"
version="6.0.0.0"
COMCTL32.DLL
['6,E
>E9#]@
Kao.1i3DZ
Wp>a;TPc;
1.2.8
ru&o
>kndA7G2V
+21#Ig%N
_/cGfesN9A
0):\/eyD~
D$TPQRU
Privileged instruction
3AR\i.?Sj
WINMM.DLL
g#.$aroH
type="win32"
'(UPNr53
'3CN;m6E
Y]R/|SeDO
HiAI(&?~
"NouM/"[
.m/jO.EFH
4*/D8nO
<dependentAssembly>
|B?bnFiy0
Va:8Tp
GVerTeE]l
6d^^e.(
DA=rpefx
fi4*/Or
w#DCerWQI
E"S*vi0
<assemblyIdentity
<assemblyIdentity
-LaG//h

Foremost

Matches

0.exe, 750 KB

Suspicious

True

Heuristics

IPs

hasIPs: False
Allowed
Suspicious
hasAllowed: False
hasSuspicious: False

URLs

Allowed
hasURLs: False
Suspicious
hasAllowed: False
hasSuspicious: False

Files

Allowed: ntdll.dll, Shell32.DLL, Kernel32.DLL, GDI32.DLL, MSVCRT.dll, OLE32.DLL, COMCTL32.DLL, USER32.DLL, SHLWAPI.DLL, WINMM.DLL
hasFiles: True
Suspicious
hasAllowed: True
hasSuspicious: False

Binary

Sizes

RVA
RVA: 16
Suspicious: False
Code
Size: 699904
Suspicious: False
Image
Address: 4194304
Suspicious: False
Stack
Stack: 4096
Suspicious: False
Headers
Headers: 1024
Suspicious: False
Suspicious: False

Symbols

Number
Number: 0
Suspicious: True
Pointer
Pointer: 0
Suspicious: True
Directories
Number: 16
Suspicious: False

Checksum

Value: 0
Suspicous: True

Sections

Allowed: .code, .text, .rdata, .data, .rsrc
Suspicious
hasAllowed: True
hasSections: True
hasSuspicious: False

Versions

OS
Version: 4
Suspicious: False
Image
Version: True
Suspicious: 4
Linker
Version: 2.50
Suspicious: False
Subsystem
Version: 4.0
Suspicious: False
Suspicious: False

EntryPoint

Address: 4096
Suspicious: False

Anomalies

Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True

Libraries

Allowed: ntdll.dll, shell32.dll, kernel32.dll, gdi32.dll, msvcrt.dll, ole32.dll, comctl32.dll, user32.dll, shlwapi.dll, winmm.dll
hasLibs: True
Suspicious
hasAllowed: True
hasSuspicious: False

Timestamp

Past: False
Valid: True
Value: 2018-02-01 18:46:15
Future: False

Compilation

Packed: False
Missing: True
Packers
Compiled: False
Compilers
MainPacker: PureBasic 4.x -> Neil Hodgson

Obfuscation

XOR: False
Fuzzing: False

PEDetector

Matches

None

Suspicious

False

Disassembly

hasTricks

True

Tricks

pushret

.rsrc: 348
.rdata: 6

pushpopmath

.code: 1
.rsrc: 165
.text: 3
.rdata: 5

ss register

.data: 1
.rsrc: 10

garbagebytes

.rsrc: 139
.rdata: 3

hookdetection

.rsrc: 11

software breakpoint

.rsrc: 11

fakeconditionaljumps

.rsrc: 16

programcontrolflowchange

.rsrc: 125
.rdata: 3

cpuinstructionsresultscomparison

.rsrc: 1
.rdata: 4

AVclass

ursu

VirusTotal

md5

d1cc9f881592af9b3fc4217e64ef2357

sha1

3548daa29e71b237b0c44ef195db13f635a8b56b

SCANS (DETECTION RATE = 56.34%)

AVG

update: 20200407
version: 18.4.3895.0
detected: False

CMC

update: 20190321
version: 1.1.0.977
detected: False

MAX

result: malware (ai score=83)
update: 20200407
version: 2019.9.16.1
detected: True

APEX

result: Malicious
update: 20200407
version: 6.9
detected: True

Bkav

result: W32.AIDetectVM.malware2
update: 20200407
version: 1.3.0.9899
detected: True

K7GW

result: Riskware ( 0040eff71 )
update: 20200407
version: 11.102.33709
detected: True

ALYac

result: Gen:Variant.Ursu.199780
update: 20200407
version: 1.1.1.5
detected: True

Avast

update: 20200407
version: 18.4.3895.0
detected: False

Avira

update: 20200407
version: 8.3.3.8
detected: False

Baidu

update: 20190318
version: 1.0.0.2
detected: False

Cyren

result: W32/Agentwdcr.ACEU-7177
update: 20200407
version: 6.2.2.2
detected: True

DrWeb

update: 20200407
version: 7.0.46.3050
detected: False

GData

result: Gen:Variant.Ursu.199780
update: 20200407
version: A:25.25357B:26.18288
detected: True

Panda

result: Trj/Genetic.gen
update: 20200407
version: 4.6.4.2
detected: True

VBA32

result: Worm.VBS.Dinihou
update: 20200407
version: 4.3.0
detected: True

VIPRE

update: 20200407
version: 82812
detected: False

Zoner

update: 20200407
version: 0.0.0.0
detected: False

ClamAV

result: Win.Worm.Sagent-6972912-0
update: 20200407
version: 0.102.2.0
detected: True

Comodo

update: 20200407
version: 32296
detected: False

F-Prot

result: W32/Agentwdcr.AY
update: 20200407
version: 4.7.1.166
detected: True

Ikarus

result: Backdoor.MSIL.Bladabindi
update: 20200407
version: 0.1.5.2
detected: True

McAfee

update: 20200407
version: 6.0.6.653
detected: False

Rising

result: Malware.Heuristic!ET#100% (RDMK:cmRtazqPutHYxrgz1YsOD3N7kfK6)
update: 20200407
version: 25.0.0.24
detected: True

Sophos

result: Troj/VBDrop-CE
update: 20200407
version: 4.98.0
detected: True

Yandex

update: 20200407
version: 5.5.2.24
detected: False

Zillya

result: Trojan.Agent.Win32.880519
update: 20200407
version: 2.0.0.4062
detected: True

Acronis

result: suspicious
update: 20200315
version: 1.1.1.73
detected: True

Alibaba

update: 20190527
version: 0.3.0.5
detected: False

Arcabit

result: Trojan.Ursu.D30C64
update: 20200407
version: 1.0.0.870
detected: True

Cylance

result: Unsafe
update: 20200407
version: 2.3.1.101
detected: True

Endgame

result: malicious (high confidence)
update: 20200226
version: 3.0.17
detected: True

FireEye

result: Generic.mg.d1cc9f881592af9b
update: 20200316
version: 32.31.0.0
detected: True

TACHYON

update: 20200407
version: 2020-04-07.03
detected: False

Tencent

result: Malware.Win32.Gencirc.10b3bb85
update: 20200407
version: 1.0.0.1
detected: True

ViRobot

update: 20200407
version: 2014.3.20.0
detected: False

Webroot

update: 20200407
version: 1.0.0.403
detected: False

eGambit

result: Unsafe.AI_Score_99%
update: 20200407
detected: True

Ad-Aware

result: Gen:Variant.Ursu.199780
update: 20200407
version: 3.0.5.370
detected: True

AegisLab

update: 20200407
version: 4.2
detected: False

Emsisoft

result: Gen:Variant.Ursu.199780 (B)
update: 20200407
version: 2018.12.0.1641
detected: True

F-Secure

update: 20200407
version: 12.0.86.52
detected: False

Fortinet

update: 20200407
version: 6.2.142.0
detected: False

Invincea

result: heuristic
update: 20200407
version: 6.3.6.26157
detected: True

Jiangmin

result: TrojanDownloader.Script.gjh
update: 20200406
version: 16.0.100
detected: True

Kingsoft

update: 20200407
version: 2013.8.14.323
detected: False

Paloalto

update: 20200407
version: 1.0
detected: False

Symantec

result: ML.Attribute.HighConfidence
update: 20200407
version: 1.11.0.0
detected: True

Trapmine

result: malicious.high.ml.score
update: 20200123
version: 3.2.22.914
detected: True

AhnLab-V3

update: 20200407
version: 3.17.4.26996
detected: False

Antiy-AVL

result: Worm/VBS.Agent
update: 20200407
version: 3.0.0.1
detected: True

Kaspersky

result: Trojan-Dropper.VBS.Agent.ns
update: 20200407
version: 15.0.1.13
detected: True

MaxSecure

update: 20200404
version: 1.0.0.1
detected: False

Microsoft

result: Trojan:Win32/Wacatac.D!ml
update: 20200407
version: 1.1.16900.4
detected: True

Qihoo-360

update: 20200407
version: 1.0.0.1120
detected: False

ZoneAlarm

result: Trojan-Dropper.VBS.Agent.ns
update: 20200407
version: 1.0
detected: True

ESET-NOD32

result: VBS/TrojanDropper.Agent.OEI
update: 20200407
version: 21126
detected: True

TrendMicro

update: 20200407
version: 11.0.0.1006
detected: False

BitDefender

result: Gen:Variant.Ursu.199780
update: 20200407
version: 7.2
detected: True

CrowdStrike

result: win/malicious_confidence_80% (D)
update: 20190702
version: 1.0
detected: True

K7AntiVirus

result: Riskware ( 0040eff71 )
update: 20200407
version: 11.102.33708
detected: True

SentinelOne

update: 20200406
version: 2.1.0.89
detected: False

Avast-Mobile

update: 20200407
version: 200407-00
detected: False

Malwarebytes

update: 20200407
version: 3.6.4.335
detected: False

TotalDefense

update: 20200407
version: 37.1.62.1
detected: False

CAT-QuickHeal

update: 20200407
version: 14.00
detected: False

NANO-Antivirus

result: Trojan.Win32.Ursu.exfdyc
update: 20200407
version: 1.0.134.25032
detected: True

BitDefenderTheta

result: Gen:NN.ZexaF.34106.UuW@aC1sQPg
update: 20200407
version: 7.2.37796.0
detected: True

MicroWorld-eScan

result: Gen:Variant.Ursu.199780
update: 20200407
version: 14.0.409.0
detected: True

SUPERAntiSpyware

update: 20200404
version: 5.6.0.1032
detected: False

McAfee-GW-Edition

result: BehavesLike.Win32.Dropper.bc
update: 20200407
version: v2017.3010
detected: True

TrendMicro-HouseCall

update: 20200407
version: 10.0.0.1040
detected: False

total

sha256

d6eadba77e75b9d48e23583381caba3919938fd08088c1e3f2f2d9cc81b056bd

scan_id

d6eadba77e75b9d48e23583381caba3919938fd08088c1e3f2f2d9cc81b056bd-1586277478

resource

d1cc9f881592af9b3fc4217e64ef2357

permalink

https://www.virustotal.com/file/d6eadba77e75b9d48e23583381caba3919938fd08088c1e3f2f2d9cc81b056bd/analysis/1586277478/

positives

scan_date

2020-04-07 16:37:58

verbose_msg

Scan finished, information embedded

response_code

File

Trace

7/4/2020 - 14:45:42.778	Open	1480	C:\malware.exe	C:\malware.exe
7/4/2020 - 14:45:42.778	Unknown	1480	C:\malware.exe	C:\malware.exe
7/4/2020 - 14:45:42.778	Open	1480	C:\malware.exe	C:\Windows\System32\cscript
7/4/2020 - 14:45:42.778	Open	1480	C:\malware.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:42.778	Open	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp
7/4/2020 - 14:45:42.778	Unknown	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp
7/4/2020 - 14:45:42.778	Open	1480	C:\malware.exe	C:\
7/4/2020 - 14:45:42.778	Unknown	1480	C:\malware.exe	C:\
7/4/2020 - 14:45:42.778	Open	1480	C:\malware.exe	C:\Users
7/4/2020 - 14:45:42.778	Unknown	1480	C:\malware.exe	C:\Users
7/4/2020 - 14:45:42.778	Open	1480	C:\malware.exe	C:\Users\Behemot
7/4/2020 - 14:45:42.778	Unknown	1480	C:\malware.exe	C:\Users\Behemot
7/4/2020 - 14:45:42.778	Open	1480	C:\malware.exe	C:\Users\Behemot\AppData
7/4/2020 - 14:45:42.778	Unknown	1480	C:\malware.exe	C:\Users\Behemot\AppData
7/4/2020 - 14:45:42.778	Open	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local
7/4/2020 - 14:45:42.778	Unknown	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local
7/4/2020 - 14:45:42.778	Open	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp
7/4/2020 - 14:45:42.778	Unknown	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp
7/4/2020 - 14:45:42.778	Open	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp
7/4/2020 - 14:45:42.793	Open	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp
7/4/2020 - 14:45:42.793	Open	1480	C:\malware.exe	C:\Monitor\Files\DeletedFiles
7/4/2020 - 14:45:42.793	Delete	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp
7/4/2020 - 14:45:42.793	Unknown	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp
7/4/2020 - 14:45:42.793	Open	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp
7/4/2020 - 14:45:42.793	Unknown	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp
7/4/2020 - 14:45:42.793	Open	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp
7/4/2020 - 14:45:42.793	Unknown	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp
7/4/2020 - 14:45:42.793	Open	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp
7/4/2020 - 14:45:42.793	Open	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp
7/4/2020 - 14:45:42.793	Open	1480	C:\malware.exe	C:\Monitor\Files\DeletedFiles
7/4/2020 - 14:45:42.793	Delete	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp
7/4/2020 - 14:45:42.793	Unknown	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp
7/4/2020 - 14:45:42.793	Open	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp
7/4/2020 - 14:45:42.793	Unknown	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp
7/4/2020 - 14:45:42.793	Open	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp
7/4/2020 - 14:45:42.793	Unknown	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp
7/4/2020 - 14:45:42.793	Open	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp\DA.tmp
7/4/2020 - 14:45:42.793	Open	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp\DA.tmp
7/4/2020 - 14:45:42.793	Open	1480	C:\malware.exe	C:\Monitor\Files\DeletedFiles
7/4/2020 - 14:45:42.793	Delete	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp\DA.tmp
7/4/2020 - 14:45:42.793	Unknown	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp\DA.tmp
7/4/2020 - 14:45:42.793	Open	1480	C:\malware.exe	C:\Monitor
7/4/2020 - 14:45:42.793	Unknown	1480	C:\malware.exe	C:\Monitor
7/4/2020 - 14:45:42.825	Open	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp\DA.vbs
7/4/2020 - 14:45:42.825	Write	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp\DA.vbs
7/4/2020 - 14:45:42.825	Write	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp\DA.vbs
7/4/2020 - 14:45:42.825	Write	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp\DA.vbs
7/4/2020 - 14:45:42.825	Unknown	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp\DA.vbs
7/4/2020 - 14:45:42.825	Open	1480	C:\malware.exe	C:\Monitor
7/4/2020 - 14:45:42.825	Unknown	1480	C:\malware.exe	C:\Monitor
7/4/2020 - 14:45:42.825	Open	1480	C:\malware.exe	C:\Windows\System32\cscript
7/4/2020 - 14:45:42.825	Open	1480	C:\malware.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:42.825	Open	1480	C:\malware.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:42.825	Open	1480	C:\malware.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:42.825	Open	1480	C:\malware.exe	C:\Windows\SysWOW64\apphelp.dll
7/4/2020 - 14:45:42.825	Open	1480	C:\malware.exe	C:\Windows\SysWOW64\apphelp.dll
7/4/2020 - 14:45:42.825	Open	1480	C:\malware.exe	C:\Windows\AppPatch\AppPatch64\sysmain.sdb
7/4/2020 - 14:45:42.825	Open	1480	C:\malware.exe	C:\Windows\System32
7/4/2020 - 14:45:42.825	Unknown	1480	C:\malware.exe	C:\Windows\System32
7/4/2020 - 14:45:42.825	Open	1480	C:\malware.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:42.825	Open	1480	C:\malware.exe	C:\
7/4/2020 - 14:45:42.825	Unknown	1480	C:\malware.exe	C:\
7/4/2020 - 14:45:42.825	Open	1480	C:\malware.exe	C:\Windows\System32
7/4/2020 - 14:45:42.825	Unknown	1480	C:\malware.exe	C:\Windows\System32
7/4/2020 - 14:45:42.825	Open	1480	C:\malware.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:42.825	Open	1480	C:\malware.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:42.825	Open	1480	C:\malware.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:42.920	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\Prefetch\CSCRIPT.EXE-D1EF4768.pf
7/4/2020 - 14:45:42.921	Open	1488	C:\Windows\System32\cscript.exe	C:\Monitor
7/4/2020 - 14:45:42.922	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:42.927	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:42.929	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\sysnative\VERSION.dll
7/4/2020 - 14:45:42.929	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\version.dll
7/4/2020 - 14:45:42.930	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\version.dll
7/4/2020 - 14:45:42.930	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\sechost.dll
7/4/2020 - 14:45:42.930	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\sechost.dll
7/4/2020 - 14:45:42.931	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\imm32.dll
7/4/2020 - 14:45:42.931	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\imm32.dll
7/4/2020 - 14:45:42.932	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\imm32.dll
7/4/2020 - 14:45:42.932	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\imm32.dll
7/4/2020 - 14:45:42.932	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\imm32.dll
7/4/2020 - 14:45:42.932	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\imm32.dll
7/4/2020 - 14:45:42.933	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:42.934	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:42.935	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:42.935	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:42.936	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\rpcss.dll
7/4/2020 - 14:45:42.937	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\rpcss.dll
7/4/2020 - 14:45:42.937	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\rpcss.dll
7/4/2020 - 14:45:42.937	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\rpcss.dll
7/4/2020 - 14:45:42.937	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cryptbase.dll
7/4/2020 - 14:45:42.937	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cryptbase.dll	cryptbase.dll
7/4/2020 - 14:45:42.937	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cryptbase.dll
7/4/2020 - 14:45:42.938	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cryptbase.dll	cryptbase.dll
7/4/2020 - 14:45:42.938	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\uxtheme.dll
7/4/2020 - 14:45:42.938	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\uxtheme.dll
7/4/2020 - 14:45:43.101	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:43.102	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:43.102	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:43.102	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:43.103	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:43.103	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:43.103	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:43.103	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:43.103	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\Globalization\Sorting\SortDefault.nls
7/4/2020 - 14:45:43.103	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Windows\Globalization\Sorting\SortDefault.nls	SortDefault.nls
7/4/2020 - 14:45:43.104	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:43.104	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:43.104	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:43.104	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:43.104	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:43.104	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:43.104	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:43.104	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:43.104	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:43.104	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:43.104	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:43.104	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:43.105	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:43.105	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:43.105	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:43.105	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:43.105	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:43.105	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\sxs.dll
7/4/2020 - 14:45:43.106	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\sxs.dll
7/4/2020 - 14:45:43.142	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\dwmapi.dll
7/4/2020 - 14:45:43.142	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\dwmapi.dll
7/4/2020 - 14:45:43.144	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\vbscript.dll
7/4/2020 - 14:45:43.144	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\vbscript.dll
7/4/2020 - 14:45:43.150	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp\DA.vbs
7/4/2020 - 14:45:43.150	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe
7/4/2020 - 14:45:43.152	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp\DA.vbs
7/4/2020 - 14:45:43.153	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp\DA.vbs
7/4/2020 - 14:45:43.153	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp\DA.vbs
7/4/2020 - 14:45:43.153	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp\DA.vbs
7/4/2020 - 14:45:43.153	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp\DA.vbs
7/4/2020 - 14:45:43.153	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp\DA.vbs
7/4/2020 - 14:45:43.154	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp\DA.vbs
7/4/2020 - 14:45:43.154	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp\DA.vbs
7/4/2020 - 14:45:43.154	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp\DA.vbs
7/4/2020 - 14:45:43.154	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp
7/4/2020 - 14:45:43.154	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp
7/4/2020 - 14:45:43.154	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp
7/4/2020 - 14:45:43.154	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp
7/4/2020 - 14:45:43.154	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp
7/4/2020 - 14:45:43.154	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp
7/4/2020 - 14:45:43.155	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp
7/4/2020 - 14:45:43.155	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp
7/4/2020 - 14:45:43.155	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp
7/4/2020 - 14:45:43.155	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp
7/4/2020 - 14:45:43.155	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp
7/4/2020 - 14:45:43.155	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp
7/4/2020 - 14:45:43.155	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp
7/4/2020 - 14:45:43.155	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp
7/4/2020 - 14:45:43.155	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp
7/4/2020 - 14:45:43.155	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp
7/4/2020 - 14:45:43.156	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp
7/4/2020 - 14:45:43.156	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp
7/4/2020 - 14:45:43.156	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp
7/4/2020 - 14:45:43.156	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp
7/4/2020 - 14:45:43.156	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp
7/4/2020 - 14:45:43.156	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp
7/4/2020 - 14:45:43.156	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp
7/4/2020 - 14:45:43.156	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp
7/4/2020 - 14:45:43.156	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp
7/4/2020 - 14:45:43.156	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp
7/4/2020 - 14:45:43.157	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp
7/4/2020 - 14:45:43.157	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local
7/4/2020 - 14:45:43.157	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local
7/4/2020 - 14:45:43.157	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local
7/4/2020 - 14:45:43.157	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local
7/4/2020 - 14:45:43.157	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local
7/4/2020 - 14:45:43.157	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local
7/4/2020 - 14:45:43.157	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local
7/4/2020 - 14:45:43.157	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local
7/4/2020 - 14:45:43.157	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local
7/4/2020 - 14:45:43.157	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData
7/4/2020 - 14:45:43.158	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData
7/4/2020 - 14:45:43.158	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData
7/4/2020 - 14:45:43.158	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData
7/4/2020 - 14:45:43.158	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData
7/4/2020 - 14:45:43.158	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData
7/4/2020 - 14:45:43.158	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData
7/4/2020 - 14:45:43.158	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData
7/4/2020 - 14:45:43.158	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData
7/4/2020 - 14:45:43.158	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot
7/4/2020 - 14:45:43.159	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot
7/4/2020 - 14:45:43.159	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot
7/4/2020 - 14:45:43.159	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot
7/4/2020 - 14:45:43.159	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot
7/4/2020 - 14:45:43.159	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot
7/4/2020 - 14:45:43.159	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot
7/4/2020 - 14:45:43.159	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot
7/4/2020 - 14:45:43.159	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot
7/4/2020 - 14:45:43.159	Open	1488	C:\Windows\System32\cscript.exe	C:\Users
7/4/2020 - 14:45:43.159	Open	1488	C:\Windows\System32\cscript.exe	C:\Users
7/4/2020 - 14:45:43.160	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users
7/4/2020 - 14:45:43.160	Open	1488	C:\Windows\System32\cscript.exe	C:\Users
7/4/2020 - 14:45:43.160	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users
7/4/2020 - 14:45:43.160	Open	1488	C:\Windows\System32\cscript.exe	C:\Users
7/4/2020 - 14:45:43.160	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users
7/4/2020 - 14:45:43.160	Open	1488	C:\Windows\System32\cscript.exe	C:\Users
7/4/2020 - 14:45:43.160	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users
7/4/2020 - 14:45:43.160	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp\DA.vbs
7/4/2020 - 14:45:43.161	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp\DA.vbs
7/4/2020 - 14:45:43.161	Open	1488	C:\Windows\System32\cscript.exe	C:\
7/4/2020 - 14:45:43.161	Unknown	1488	C:\Windows\System32\cscript.exe	C:\
7/4/2020 - 14:45:43.161	Open	1488	C:\Windows\System32\cscript.exe	C:\Users
7/4/2020 - 14:45:43.161	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users
7/4/2020 - 14:45:43.161	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot
7/4/2020 - 14:45:43.161	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot
7/4/2020 - 14:45:43.161	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData
7/4/2020 - 14:45:43.161	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData
7/4/2020 - 14:45:43.161	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local
7/4/2020 - 14:45:43.162	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local
7/4/2020 - 14:45:43.162	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp
7/4/2020 - 14:45:43.162	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp
7/4/2020 - 14:45:43.162	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp
7/4/2020 - 14:45:43.162	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp
7/4/2020 - 14:45:43.162	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp
7/4/2020 - 14:45:43.162	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp
7/4/2020 - 14:45:43.163	Read	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp\DA.vbs
7/4/2020 - 14:45:43.164	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cryptsp.dll
7/4/2020 - 14:45:43.164	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cryptsp.dll
7/4/2020 - 14:45:43.164	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\rsaenh.dll
7/4/2020 - 14:45:43.165	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\rsaenh.dll
7/4/2020 - 14:45:43.165	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\rsaenh.dll
7/4/2020 - 14:45:43.165	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\rsaenh.dll
7/4/2020 - 14:45:43.166	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\rsaenh.dll
7/4/2020 - 14:45:43.166	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\rsaenh.dll
7/4/2020 - 14:45:43.166	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\rsaenh.dll
7/4/2020 - 14:45:43.166	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\rsaenh.dll
7/4/2020 - 14:45:43.166	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\rsaenh.dll
7/4/2020 - 14:45:43.166	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\rsaenh.dll
7/4/2020 - 14:45:43.170	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\rsaenh.dll
7/4/2020 - 14:45:43.170	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\rsaenh.dll
7/4/2020 - 14:45:43.171	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\msisip.dll
7/4/2020 - 14:45:43.172	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\msisip.dll
7/4/2020 - 14:45:43.172	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp\DA.vbs
7/4/2020 - 14:45:43.173	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp\DA.vbs
7/4/2020 - 14:45:43.173	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp\DA.vbs
7/4/2020 - 14:45:43.173	Read	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp\DA.vbs
7/4/2020 - 14:45:43.173	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp\DA.vbs
7/4/2020 - 14:45:43.173	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\wshext.dll
7/4/2020 - 14:45:43.173	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\wshext.dll
7/4/2020 - 14:45:43.174	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe.Local
7/4/2020 - 14:45:43.174	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6
7/4/2020 - 14:45:43.174	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6
7/4/2020 - 14:45:43.174	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6
7/4/2020 - 14:45:43.175	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
7/4/2020 - 14:45:43.175	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
7/4/2020 - 14:45:43.175	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
7/4/2020 - 14:45:43.175	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
7/4/2020 - 14:45:43.222	Read	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp\DA.vbs
7/4/2020 - 14:45:43.223	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\scrobj.dll
7/4/2020 - 14:45:43.257	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\scrobj.dll
7/4/2020 - 14:45:43.561	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\mlang.dll
7/4/2020 - 14:45:43.562	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\mlang.dll
7/4/2020 - 14:45:43.667	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp\DA.vbs
7/4/2020 - 14:45:43.897	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\wshom.ocx
7/4/2020 - 14:45:43.930	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\wshom.ocx
7/4/2020 - 14:45:44.102	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\mpr.dll
7/4/2020 - 14:45:44.102	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\mpr.dll
7/4/2020 - 14:45:44.103	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\scrrun.dll
7/4/2020 - 14:45:44.103	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\scrrun.dll
7/4/2020 - 14:45:44.338	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\scrrun.dll
7/4/2020 - 14:45:44.338	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\scrrun.dll
7/4/2020 - 14:45:44.338	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\scrrun.dll
7/4/2020 - 14:45:44.339	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\scrrun.dll
7/4/2020 - 14:45:44.339	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\scrrun.dll
7/4/2020 - 14:45:44.339	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\scrrun.dll
7/4/2020 - 14:45:44.339	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\scrrun.dll
7/4/2020 - 14:45:44.339	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\scrrun.dll
7/4/2020 - 14:45:44.339	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\scrrun.dll
7/4/2020 - 14:45:44.339	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\scrrun.dll
7/4/2020 - 14:45:44.339	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\scrrun.dll
7/4/2020 - 14:45:44.339	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\scrrun.dll
7/4/2020 - 14:45:44.340	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\scrrun.dll
7/4/2020 - 14:45:44.340	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\scrrun.dll
7/4/2020 - 14:45:44.340	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\scrrun.dll
7/4/2020 - 14:45:44.340	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\scrrun.dll
7/4/2020 - 14:45:44.340	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\scrrun.dll
7/4/2020 - 14:45:44.340	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\scrrun.dll
7/4/2020 - 14:45:44.340	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\scrrun.dll
7/4/2020 - 14:45:44.340	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\scrrun.dll
7/4/2020 - 14:45:44.340	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\scrrun.dll
7/4/2020 - 14:45:44.340	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\scrrun.dll
7/4/2020 - 14:45:44.340	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\scrrun.dll
7/4/2020 - 14:45:44.341	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\scrrun.dll
7/4/2020 - 14:45:44.341	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\scrrun.dll
7/4/2020 - 14:45:44.342	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\wshom.ocx
7/4/2020 - 14:45:44.342	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\wshom.ocx
7/4/2020 - 14:45:44.342	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\wshom.ocx
7/4/2020 - 14:45:44.342	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\wshom.ocx
7/4/2020 - 14:45:44.342	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\wshom.ocx
7/4/2020 - 14:45:44.343	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\wshom.ocx
7/4/2020 - 14:45:44.343	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\wshom.ocx
7/4/2020 - 14:45:44.343	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\wshom.ocx
7/4/2020 - 14:45:44.343	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\wshom.ocx
7/4/2020 - 14:45:44.343	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\wshom.ocx
7/4/2020 - 14:45:44.343	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\wshom.ocx
7/4/2020 - 14:45:44.343	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\wshom.ocx
7/4/2020 - 14:45:44.343	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\wshom.ocx
7/4/2020 - 14:45:44.343	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\wshom.ocx
7/4/2020 - 14:45:44.343	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\wshom.ocx
7/4/2020 - 14:45:44.344	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\wshom.ocx
7/4/2020 - 14:45:44.344	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\wshom.ocx
7/4/2020 - 14:45:44.344	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\wshom.ocx
7/4/2020 - 14:45:44.344	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\wshom.ocx
7/4/2020 - 14:45:44.344	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\wshom.ocx
7/4/2020 - 14:45:44.344	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\wshom.ocx
7/4/2020 - 14:45:44.344	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\wshom.ocx
7/4/2020 - 14:45:44.344	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\wshom.ocx
7/4/2020 - 14:45:44.344	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\wshom.ocx
7/4/2020 - 14:45:44.344	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\wshom.ocx
7/4/2020 - 14:45:44.345	Read	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\wshom.ocx
7/4/2020 - 14:45:44.347	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\ieframe.dll
7/4/2020 - 14:45:44.347	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\ieframe.dll
7/4/2020 - 14:45:44.348	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
7/4/2020 - 14:45:44.349	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll	api-ms-win-downlevel-shell32-l1-1-0.dll
7/4/2020 - 14:45:44.349	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
7/4/2020 - 14:45:44.349	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll	api-ms-win-downlevel-shell32-l1-1-0.dll
7/4/2020 - 14:45:44.351	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\ieframe.dll
7/4/2020 - 14:45:44.351	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\cscript.exe.Local
7/4/2020 - 14:45:44.351	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
7/4/2020 - 14:45:44.352	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
7/4/2020 - 14:45:44.352	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
7/4/2020 - 14:45:44.352	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
7/4/2020 - 14:45:44.352	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
7/4/2020 - 14:45:44.352	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
7/4/2020 - 14:45:44.352	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
7/4/2020 - 14:45:44.353	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\WindowsShell.Manifest
7/4/2020 - 14:45:44.353	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Windows\WindowsShell.Manifest	WindowsShell.Manifest
7/4/2020 - 14:45:44.392	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
7/4/2020 - 14:45:44.392	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll	api-ms-win-downlevel-shlwapi-l2-1-0.dll
7/4/2020 - 14:45:44.392	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
7/4/2020 - 14:45:44.393	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll	api-ms-win-downlevel-shlwapi-l2-1-0.dll
7/4/2020 - 14:45:44.393	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\Google.url
7/4/2020 - 14:45:44.394	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\Google.url
7/4/2020 - 14:45:44.394	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\propsys.dll
7/4/2020 - 14:45:44.394	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\propsys.dll
7/4/2020 - 14:45:44.396	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\Google.url
7/4/2020 - 14:45:44.463	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\Google.url
7/4/2020 - 14:45:44.463	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\msxml3.dll
7/4/2020 - 14:45:44.464	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\msxml3.dll
7/4/2020 - 14:45:44.464	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\bcrypt.dll
7/4/2020 - 14:45:44.464	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\bcrypt.dll
7/4/2020 - 14:45:44.466	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\pt-BR\KernelBase.dll.mui
7/4/2020 - 14:45:44.466	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\msxml3r.dll
7/4/2020 - 14:45:44.467	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\msxml3r.dll
7/4/2020 - 14:45:44.513	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\RpcRtRemote.dll
7/4/2020 - 14:45:44.513	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\RpcRtRemote.dll	RpcRtRemote.dll
7/4/2020 - 14:45:44.513	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\RpcRtRemote.dll
7/4/2020 - 14:45:44.513	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\RpcRtRemote.dll	RpcRtRemote.dll
7/4/2020 - 14:45:44.760	Open	1488	C:\Windows\System32\cscript.exe	C:\Program Files\Common Files\System\ado\msado15.dll
7/4/2020 - 14:45:44.794	Open	1488	C:\Windows\System32\cscript.exe	C:\Program Files\Common Files\System\ado\msado15.dll
7/4/2020 - 14:45:44.961	Open	1488	C:\Windows\System32\cscript.exe	C:\Program Files\Common Files\System\ado\MSDART.DLL
7/4/2020 - 14:45:44.961	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\msdart.dll
7/4/2020 - 14:45:44.996	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\msdart.dll
7/4/2020 - 14:45:46.0	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.0	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.0	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.0	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.0	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.0	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.0	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.0	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.0	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.1	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.1	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.1	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.1	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.1	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.1	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.1	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.1	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.1	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.1	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.1	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.1	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.1	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.1	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.1	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.2	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.2	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.2	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.2	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.2	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.2	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.2	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.2	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.3	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.3	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.3	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.3	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.3	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.3	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.3	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.43	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.43	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.43	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.43	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.43	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.43	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.43	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.43	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.43	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.44	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.44	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.44	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.44	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.44	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.44	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.44	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.44	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.44	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.44	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.44	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.45	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.45	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.45	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.45	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.45	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.45	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.45	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.45	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.45	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.45	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.45	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.46	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.46	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.46	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.46	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.46	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.46	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.46	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.46	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.46	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.46	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.47	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.47	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.47	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.47	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.47	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.47	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.47	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.47	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.47	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.47	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.47	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.48	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.48	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.48	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.48	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.48	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.48	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.48	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.48	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.48	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.49	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.49	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.49	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.49	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.49	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.49	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.49	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.49	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.49	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.49	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.50	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.50	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.50	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.50	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.50	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.50	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.50	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.50	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.50	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.50	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.51	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.51	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.51	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.51	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.51	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.51	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.51	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.51	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.51	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.51	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.52	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.52	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.52	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.52	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.52	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.52	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.52	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.52	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.52	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.52	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.53	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.53	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.53	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.53	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.53	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.53	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.53	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.53	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.53	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.53	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.54	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.54	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.54	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.54	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.54	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.54	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.54	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.55	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.102	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.102	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.102	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.102	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.102	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.103	Write	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.237	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.238	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\apphelp.dll
7/4/2020 - 14:45:46.238	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\apphelp.dll
7/4/2020 - 14:45:46.239	Open	1488	C:\Windows\System32\cscript.exe	C:\Windows\AppPatch\sysmain.sdb
7/4/2020 - 14:45:46.239	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp
7/4/2020 - 14:45:46.239	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp
7/4/2020 - 14:45:46.239	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.239	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.239	Open	1488	C:\Windows\System32\cscript.exe	C:\
7/4/2020 - 14:45:46.239	Unknown	1488	C:\Windows\System32\cscript.exe	C:\
7/4/2020 - 14:45:46.240	Open	1488	C:\Windows\System32\cscript.exe	C:\Users
7/4/2020 - 14:45:46.240	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users
7/4/2020 - 14:45:46.240	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot
7/4/2020 - 14:45:46.240	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot
7/4/2020 - 14:45:46.240	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData
7/4/2020 - 14:45:46.240	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData
7/4/2020 - 14:45:46.240	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local
7/4/2020 - 14:45:46.240	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local
7/4/2020 - 14:45:46.240	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp
7/4/2020 - 14:45:46.241	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp
7/4/2020 - 14:45:46.241	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp
7/4/2020 - 14:45:46.241	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp
7/4/2020 - 14:45:46.241	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.241	Read	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.243	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\ui\SwDRM.dll
7/4/2020 - 14:45:46.245	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.245	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.246	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.246	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.246	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.246	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.246	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\pt-BR\qeSw.exe.mui
7/4/2020 - 14:45:46.246	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\pt\qeSw.exe.mui
7/4/2020 - 14:45:46.246	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\en-US\qeSw.exe.mui
7/4/2020 - 14:45:46.246	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\en\qeSw.exe.mui
7/4/2020 - 14:45:46.246	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.246	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.247	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.247	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.247	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.247	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.247	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.247	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.247	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.247	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.247	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.247	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.248	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.248	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.248	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.248	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.248	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.248	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.248	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.248	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.248	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.248	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.249	Open	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.249	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.249	Read	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.249	Read	1488	C:\Windows\System32\cscript.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.291	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\Prefetch\QESW.EXE-5AFC9D55.pf
7/4/2020 - 14:45:46.291	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows
7/4/2020 - 14:45:46.291	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\System32\wow64.dll
7/4/2020 - 14:45:46.291	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\System32\wow64.dll
7/4/2020 - 14:45:46.291	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\System32\wow64win.dll
7/4/2020 - 14:45:46.291	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\System32\wow64win.dll
7/4/2020 - 14:45:46.292	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\System32\wow64cpu.dll
7/4/2020 - 14:45:46.292	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\System32\wow64cpu.dll
7/4/2020 - 14:45:46.292	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\System32\wow64log.dll
7/4/2020 - 14:45:46.293	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows
7/4/2020 - 14:45:46.293	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows
7/4/2020 - 14:45:46.294	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor
7/4/2020 - 14:45:46.296	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\SysWOW64\sechost.dll
7/4/2020 - 14:45:46.296	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\SysWOW64\sechost.dll
7/4/2020 - 14:45:46.298	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe.Local
7/4/2020 - 14:45:46.298	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
7/4/2020 - 14:45:46.299	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
7/4/2020 - 14:45:46.299	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
7/4/2020 - 14:45:46.299	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
7/4/2020 - 14:45:46.299	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
7/4/2020 - 14:45:46.305	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\SysWOW64\imm32.dll
7/4/2020 - 14:45:46.305	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\SysWOW64\imm32.dll
7/4/2020 - 14:45:46.306	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\SysWOW64\imm32.dll
7/4/2020 - 14:45:46.306	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\SysWOW64\imm32.dll
7/4/2020 - 14:45:46.307	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\SysWOW64\imm32.dll
7/4/2020 - 14:45:46.307	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\SysWOW64\imm32.dll
7/4/2020 - 14:45:46.310	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Local\Temp\pt-BR\qeSw.exe.mui
7/4/2020 - 14:45:46.310	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Local\Temp\pt\qeSw.exe.mui
7/4/2020 - 14:45:46.311	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Local\Temp\en-US\qeSw.exe.mui
7/4/2020 - 14:45:46.311	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Local\Temp\en\qeSw.exe.mui
7/4/2020 - 14:45:46.311	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.311	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe
7/4/2020 - 14:45:46.314	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\Fonts\OQFTnxGWSt
7/4/2020 - 14:45:46.314	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Local\Temp\OQFTnxGWSt
7/4/2020 - 14:45:46.314	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\OQFTnxGWSt
7/4/2020 - 14:45:46.315	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\SysWOW64\OQFTnxGWSt
7/4/2020 - 14:45:46.315	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\system\OQFTnxGWSt
7/4/2020 - 14:45:46.315	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\OQFTnxGWSt
7/4/2020 - 14:45:46.315	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\SysWOW64\OQFTnxGWSt
7/4/2020 - 14:45:46.316	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\OQFTnxGWSt
7/4/2020 - 14:45:46.316	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\SysWOW64\wbem\OQFTnxGWSt
7/4/2020 - 14:45:46.317	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\OQFTnxGWSt
7/4/2020 - 14:45:46.371	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Monitor
7/4/2020 - 14:45:46.371	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6
7/4/2020 - 14:45:46.371	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
7/4/2020 - 14:45:46.371	Unknown	1488	C:\Windows\System32\cscript.exe	C:\Windows\System32\pt-BR\KernelBase.dll.mui	KernelBase.dll.mui
7/4/2020 - 14:45:46.375	Open	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp\DA.vbs
7/4/2020 - 14:45:46.375	Open	1480	C:\malware.exe	C:\Monitor\Files\DeletedFiles
7/4/2020 - 14:45:46.375	Delete	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp\DA.vbs
7/4/2020 - 14:45:46.376	Unknown	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp\DA.vbs
7/4/2020 - 14:45:46.376	Unknown	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp\DA.vbs
7/4/2020 - 14:45:46.376	Open	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp
7/4/2020 - 14:45:46.376	Open	1480	C:\malware.exe	C:\Monitor\Files\DeletedFiles
7/4/2020 - 14:45:46.376	Delete	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp
7/4/2020 - 14:45:46.376	Unknown	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp\D9.tmp
7/4/2020 - 14:45:46.376	Open	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp
7/4/2020 - 14:45:46.377	Open	1480	C:\malware.exe	C:\Monitor\Files\DeletedFiles
7/4/2020 - 14:45:46.377	Delete	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp
7/4/2020 - 14:45:46.377	Unknown	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp\C8.tmp
7/4/2020 - 14:45:46.380	Unknown	1480	C:\malware.exe	C:\Windows
7/4/2020 - 14:45:46.380	Unknown	1480	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
7/4/2020 - 14:45:46.380	Unknown	1480	C:\malware.exe	C:\Monitor
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\f
7/4/2020 - 14:45:46.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\t
7/4/2020 - 14:45:46.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Local\Temp\mpr.dll
7/4/2020 - 14:45:46.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\SysWOW64\mpr.dll
7/4/2020 - 14:45:46.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\SysWOW64\mpr.dll
7/4/2020 - 14:45:46.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Local\Temp\netapi32.dll
7/4/2020 - 14:45:46.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\SysWOW64\netapi32.dll
7/4/2020 - 14:45:46.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\SysWOW64\netapi32.dll
7/4/2020 - 14:45:46.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Local\Temp\netutils.dll
7/4/2020 - 14:45:46.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\SysWOW64\netutils.dll
7/4/2020 - 14:45:46.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\SysWOW64\netutils.dll
7/4/2020 - 14:45:46.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Local\Temp\srvcli.dll
7/4/2020 - 14:45:46.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\SysWOW64\srvcli.dll
7/4/2020 - 14:45:46.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\SysWOW64\srvcli.dll
7/4/2020 - 14:45:46.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Local\Temp\wkscli.dll
7/4/2020 - 14:45:46.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\SysWOW64\wkscli.dll
7/4/2020 - 14:45:46.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\SysWOW64\wkscli.dll
7/4/2020 - 14:45:46.709	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\System32\config\SOFTWARE.LOG1
7/4/2020 - 14:45:46.756	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\System32\config\SOFTWARE.LOG1
7/4/2020 - 14:45:46.803	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\System32\config\SOFTWARE.LOG1
7/4/2020 - 14:45:46.803	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\System32\config\SOFTWARE.LOG1
7/4/2020 - 14:45:46.803	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\System32\config\SOFTWARE.LOG1
7/4/2020 - 14:45:46.850	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\System32\config\SOFTWARE.LOG1
7/4/2020 - 14:45:46.897	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\System32\config\SOFTWARE
7/4/2020 - 14:45:46.991	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\System32\config\SOFTWARE
7/4/2020 - 14:45:46.991	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\System32\config\SOFTWARE
7/4/2020 - 14:45:46.991	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\System32\config\SOFTWARE
7/4/2020 - 14:45:46.991	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\System32\config\SOFTWARE
7/4/2020 - 14:45:47.84	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\System32\config\SOFTWARE
7/4/2020 - 14:45:47.272	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\ntuser.dat.LOG1
7/4/2020 - 14:45:47.319	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\ntuser.dat.LOG1
7/4/2020 - 14:45:47.319	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\ntuser.dat.LOG1
7/4/2020 - 14:45:47.366	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\ntuser.dat.LOG1
7/4/2020 - 14:45:47.366	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\ntuser.dat.LOG1
7/4/2020 - 14:45:47.413	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\ntuser.dat.LOG1
7/4/2020 - 14:45:47.413	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\ntuser.dat.LOG1
7/4/2020 - 14:45:47.413	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\ntuser.dat.LOG1
7/4/2020 - 14:45:47.459	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\NTUSER.DAT
7/4/2020 - 14:45:47.553	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\NTUSER.DAT
7/4/2020 - 14:45:47.553	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\NTUSER.DAT
7/4/2020 - 14:45:47.553	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\NTUSER.DAT
7/4/2020 - 14:45:47.553	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\NTUSER.DAT
7/4/2020 - 14:45:47.553	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\NTUSER.DAT
7/4/2020 - 14:45:47.553	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\NTUSER.DAT
7/4/2020 - 14:45:47.741	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\NTUSER.DAT
7/4/2020 - 14:45:47.928	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\SysWOW64\rpcss.dll
7/4/2020 - 14:45:47.928	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\SysWOW64\rpcss.dll
7/4/2020 - 14:45:47.928	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\System32\vssadmin.exe
7/4/2020 - 14:45:48.22	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\SysWOW64\taskschd.dll
7/4/2020 - 14:45:48.22	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\SysWOW64\taskschd.dll
7/4/2020 - 14:45:48.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\SysWOW64\apphelp.dll
7/4/2020 - 14:45:48.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\SysWOW64\apphelp.dll
7/4/2020 - 14:45:48.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\AppPatch\AppPatch64\sysmain.sdb
7/4/2020 - 14:45:48.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\System32
7/4/2020 - 14:45:48.116	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\System32
7/4/2020 - 14:45:48.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\System32\vssadmin.exe
7/4/2020 - 14:45:48.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\
7/4/2020 - 14:45:48.116	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\
7/4/2020 - 14:45:48.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows
7/4/2020 - 14:45:48.116	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows
7/4/2020 - 14:45:48.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\System32
7/4/2020 - 14:45:48.116	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\System32
7/4/2020 - 14:45:48.209	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\Prefetch\VSSADMIN.EXE-9FF2C6A1.pf
7/4/2020 - 14:45:48.209	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Monitor
7/4/2020 - 14:45:48.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Local\Temp\XmlLite.dll
7/4/2020 - 14:45:48.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\SysWOW64\xmllite.dll
7/4/2020 - 14:45:48.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Windows\SysWOW64\xmllite.dll
7/4/2020 - 14:45:48.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\
7/4/2020 - 14:45:48.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\
7/4/2020 - 14:45:48.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\$Recycle.Bin
7/4/2020 - 14:45:48.647	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\$Recycle.Bin
7/4/2020 - 14:45:48.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Arquivos de Programas
7/4/2020 - 14:45:48.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Arquivos de Programas
7/4/2020 - 14:45:48.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Documents and Settings
7/4/2020 - 14:45:48.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Documents and Settings
7/4/2020 - 14:45:48.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor
7/4/2020 - 14:45:48.647	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor
7/4/2020 - 14:45:48.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files
7/4/2020 - 14:45:48.647	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files
7/4/2020 - 14:45:48.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)
7/4/2020 - 14:45:48.647	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)
7/4/2020 - 14:45:48.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData
7/4/2020 - 14:45:48.647	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData
7/4/2020 - 14:45:48.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery
7/4/2020 - 14:45:48.647	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery
7/4/2020 - 14:45:48.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users
7/4/2020 - 14:45:48.647	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users
7/4/2020 - 14:45:48.694	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\sechost.dll
7/4/2020 - 14:45:48.694	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\sechost.dll
7/4/2020 - 14:45:48.694	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\atl.dll
7/4/2020 - 14:45:48.694	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\atl.dll
7/4/2020 - 14:45:48.694	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\vsstrace.dll
7/4/2020 - 14:45:48.694	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\vsstrace.dll
7/4/2020 - 14:45:48.694	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\vssapi.dll
7/4/2020 - 14:45:48.694	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\vssapi.dll
7/4/2020 - 14:45:48.694	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\imm32.dll
7/4/2020 - 14:45:48.694	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\imm32.dll
7/4/2020 - 14:45:48.694	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\imm32.dll
7/4/2020 - 14:45:48.694	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\imm32.dll
7/4/2020 - 14:45:48.694	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\imm32.dll
7/4/2020 - 14:45:48.709	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\imm32.dll
7/4/2020 - 14:45:48.709	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\pt-BR\vssadmin.exe.mui
7/4/2020 - 14:45:48.709	Read	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\pt-BR\vssadmin.exe.mui	vssadmin.exe.mui
7/4/2020 - 14:45:48.709	Read	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\pt-BR\vssadmin.exe.mui	vssadmin.exe.mui
7/4/2020 - 14:45:48.709	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\$Recycle.Bin\S-1-5-21-2148495166-3420019059-1286093062-1001
7/4/2020 - 14:45:48.709	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\rpcss.dll
7/4/2020 - 14:45:48.709	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\rpcss.dll
7/4/2020 - 14:45:48.709	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\rpcss.dll
7/4/2020 - 14:45:48.709	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\rpcss.dll
7/4/2020 - 14:45:48.709	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\cryptbase.dll
7/4/2020 - 14:45:48.709	Unknown	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\cryptbase.dll	cryptbase.dll
7/4/2020 - 14:45:48.709	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\cryptbase.dll
7/4/2020 - 14:45:48.709	Unknown	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\cryptbase.dll	cryptbase.dll
7/4/2020 - 14:45:48.709	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\$Recycle.Bin\S-1-5-21-2148495166-3420019059-1286093062-1001
7/4/2020 - 14:45:48.709	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\Files
7/4/2020 - 14:45:48.709	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\Files
7/4/2020 - 14:45:48.709	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\Malware
7/4/2020 - 14:45:48.709	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\Malware
7/4/2020 - 14:45:48.709	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package
7/4/2020 - 14:45:48.709	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package
7/4/2020 - 14:45:48.709	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Arquivos Comuns
7/4/2020 - 14:45:48.709	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Arquivos Comuns
7/4/2020 - 14:45:48.709	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Common Files
7/4/2020 - 14:45:48.709	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Common Files
7/4/2020 - 14:45:48.709	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild
7/4/2020 - 14:45:48.709	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild
7/4/2020 - 14:45:48.709	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies
7/4/2020 - 14:45:48.709	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies
7/4/2020 - 14:45:48.709	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Uninstall Information
7/4/2020 - 14:45:48.709	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Uninstall Information
7/4/2020 - 14:45:48.709	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal
7/4/2020 - 14:45:48.709	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal
7/4/2020 - 14:45:48.709	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Mail
7/4/2020 - 14:45:48.709	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Mail
7/4/2020 - 14:45:48.709	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Mail
7/4/2020 - 14:45:48.709	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files
7/4/2020 - 14:45:48.709	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files
7/4/2020 - 14:45:48.709	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild
7/4/2020 - 14:45:48.709	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild
7/4/2020 - 14:45:48.709	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies
7/4/2020 - 14:45:48.709	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies
7/4/2020 - 14:45:48.709	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Uninstall Information
7/4/2020 - 14:45:48.709	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Uninstall Information
7/4/2020 - 14:45:48.709	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Windows Mail
7/4/2020 - 14:45:48.709	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Windows Mail
7/4/2020 - 14:45:48.709	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Windows Mail
7/4/2020 - 14:45:48.709	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Application Data
7/4/2020 - 14:45:48.709	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Application Data
7/4/2020 - 14:45:48.709	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Dados de aplicativos
7/4/2020 - 14:45:48.709	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Dados de aplicativos
7/4/2020 - 14:45:48.709	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Desktop
7/4/2020 - 14:45:48.709	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Desktop
7/4/2020 - 14:45:48.709	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Documentos
7/4/2020 - 14:45:48.725	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Documentos
7/4/2020 - 14:45:48.725	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Documents
7/4/2020 - 14:45:48.725	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Documents
7/4/2020 - 14:45:48.725	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Favorites
7/4/2020 - 14:45:48.725	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Favorites
7/4/2020 - 14:45:48.725	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Favoritos
7/4/2020 - 14:45:48.725	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Favoritos
7/4/2020 - 14:45:48.725	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Menu Iniciar
7/4/2020 - 14:45:48.725	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Menu Iniciar
7/4/2020 - 14:45:48.725	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft
7/4/2020 - 14:45:48.725	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft
7/4/2020 - 14:45:48.725	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Modelos
7/4/2020 - 14:45:48.725	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Modelos
7/4/2020 - 14:45:48.725	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache
7/4/2020 - 14:45:48.725	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache
7/4/2020 - 14:45:48.725	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Start Menu
7/4/2020 - 14:45:48.725	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Start Menu
7/4/2020 - 14:45:48.725	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Templates
7/4/2020 - 14:45:48.725	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Templates
7/4/2020 - 14:45:48.725	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13
7/4/2020 - 14:45:48.725	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13
7/4/2020 - 14:45:48.725	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\All Users
7/4/2020 - 14:45:48.725	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData
7/4/2020 - 14:45:48.725	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData
7/4/2020 - 14:45:48.725	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot
7/4/2020 - 14:45:48.725	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot
7/4/2020 - 14:45:48.725	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default
7/4/2020 - 14:45:48.725	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default
7/4/2020 - 14:45:48.725	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default User
7/4/2020 - 14:45:48.725	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default User
7/4/2020 - 14:45:48.725	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public
7/4/2020 - 14:45:48.725	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public
7/4/2020 - 14:45:48.725	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Todos os Usurios
7/4/2020 - 14:45:48.725	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData
7/4/2020 - 14:45:48.725	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData
7/4/2020 - 14:45:48.725	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Usurio Padro
7/4/2020 - 14:45:48.725	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Usurio Padro
7/4/2020 - 14:45:48.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\Files\DeletedFiles
7/4/2020 - 14:45:48.788	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\Files\DeletedFiles
7/4/2020 - 14:45:48.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\Files\Logs
7/4/2020 - 14:45:48.788	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\Files\Logs
7/4/2020 - 14:45:48.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat
7/4/2020 - 14:45:48.788	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
7/4/2020 - 14:45:48.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat
7/4/2020 - 14:45:48.788	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
7/4/2020 - 14:45:48.788	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
7/4/2020 - 14:45:48.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat
7/4/2020 - 14:45:48.788	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
7/4/2020 - 14:45:48.788	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
7/4/2020 - 14:45:48.788	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
7/4/2020 - 14:45:48.788	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
7/4/2020 - 14:45:48.788	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
7/4/2020 - 14:45:48.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf
7/4/2020 - 14:45:48.788	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
7/4/2020 - 14:45:48.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf
7/4/2020 - 14:45:48.788	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
7/4/2020 - 14:45:48.788	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
7/4/2020 - 14:45:48.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf
7/4/2020 - 14:45:48.788	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
7/4/2020 - 14:45:48.788	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
7/4/2020 - 14:45:48.788	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
7/4/2020 - 14:45:48.788	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
7/4/2020 - 14:45:48.788	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
7/4/2020 - 14:45:48.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Common Files\Services
7/4/2020 - 14:45:48.788	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Common Files\Services
7/4/2020 - 14:45:48.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Common Files\Sistema
7/4/2020 - 14:45:48.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Common Files\Sistema
7/4/2020 - 14:45:48.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Common Files\SpeechEngines
7/4/2020 - 14:45:48.788	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Common Files\SpeechEngines
7/4/2020 - 14:45:48.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft
7/4/2020 - 14:45:48.788	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft
7/4/2020 - 14:45:48.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft
7/4/2020 - 14:45:48.788	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft
7/4/2020 - 14:45:48.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\pt-BR
7/4/2020 - 14:45:48.788	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\pt-BR
7/4/2020 - 14:45:48.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates
7/4/2020 - 14:45:48.803	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates
7/4/2020 - 14:45:48.803	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Mail
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Mail\pt-BR
7/4/2020 - 14:45:48.803	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Mail\pt-BR
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\Services
7/4/2020 - 14:45:48.803	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\Services
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\SpeechEngines
7/4/2020 - 14:45:48.803	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\SpeechEngines
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft
7/4/2020 - 14:45:48.803	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft
7/4/2020 - 14:45:48.803	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft
7/4/2020 - 14:45:48.803	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Windows Mail
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Windows Mail\pt-BR
7/4/2020 - 14:45:48.803	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Windows Mail\pt-BR
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance
7/4/2020 - 14:45:48.803	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto
7/4/2020 - 14:45:48.803	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage
7/4/2020 - 14:45:48.803	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\DeviceSync
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
7/4/2020 - 14:45:48.803	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030
7/4/2020 - 14:45:48.803	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030
7/4/2020 - 14:45:48.803	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030
7/4/2020 - 14:45:48.803	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
7/4/2020 - 14:45:48.803	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030
7/4/2020 - 14:45:48.803	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Application Data
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Application Data
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Application Data
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Application Data
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Dados de aplicativos
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Dados de aplicativos
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Dados de aplicativos
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Dados de aplicativos
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Desktop
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Desktop
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Desktop
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Desktop
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Documentos
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Documentos
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Documentos
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Documentos
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Documents
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Documents
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Documents
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Documents
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Favorites
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Favorites
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Favorites
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Favorites
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Favoritos
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Favoritos
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Favoritos
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Favoritos
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Menu Iniciar
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Menu Iniciar
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Menu Iniciar
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Menu Iniciar
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Modelos
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Modelos
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Modelos
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Modelos
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache
7/4/2020 - 14:45:48.819	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Start Menu
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Start Menu
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Start Menu
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Start Menu
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Templates
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Templates
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Templates
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Templates
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Ambiente de impresso
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Ambiente de impresso
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Ambiente de rede
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Ambiente de rede
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData
7/4/2020 - 14:45:48.819	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Configuraes locais
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Configuraes locais
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Contacts
7/4/2020 - 14:45:48.819	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Contacts
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Cookies
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Cookies
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Dados de aplicativos
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Dados de aplicativos
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Desktop
7/4/2020 - 14:45:48.819	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Desktop
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Documents
7/4/2020 - 14:45:48.819	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Documents
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads
7/4/2020 - 14:45:48.819	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites
7/4/2020 - 14:45:48.819	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites
7/4/2020 - 14:45:48.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Links
7/4/2020 - 14:45:48.819	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Links
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Menu Iniciar
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Menu Iniciar
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Meus documentos
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Meus documentos
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Modelos
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Modelos
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Music
7/4/2020 - 14:45:48.834	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Music
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Pictures
7/4/2020 - 14:45:48.834	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Pictures
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Recent
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Recent
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Saved Games
7/4/2020 - 14:45:48.834	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Saved Games
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches
7/4/2020 - 14:45:48.834	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\SendTo
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\SendTo
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Videos
7/4/2020 - 14:45:48.834	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Videos
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Ambiente de impresso
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Ambiente de impresso
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Ambiente de rede
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Ambiente de rede
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\AppData
7/4/2020 - 14:45:48.834	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\AppData
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Application Data
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Application Data
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Configuraes locais
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Configuraes locais
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Cookies
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Cookies
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Dados de aplicativos
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Dados de aplicativos
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Desktop
7/4/2020 - 14:45:48.834	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Desktop
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents
7/4/2020 - 14:45:48.834	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents
7/4/2020 - 14:45:48.834	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Downloads
7/4/2020 - 14:45:48.834	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Downloads
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Favorites
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Desktop
7/4/2020 - 14:45:48.834	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Desktop
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Documents
7/4/2020 - 14:45:48.850	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Documents
7/4/2020 - 14:45:48.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Downloads
7/4/2020 - 14:45:48.850	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Downloads
7/4/2020 - 14:45:48.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Favorites
7/4/2020 - 14:45:48.850	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Favorites
7/4/2020 - 14:45:48.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Libraries
7/4/2020 - 14:45:48.850	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Libraries
7/4/2020 - 14:45:48.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music
7/4/2020 - 14:45:48.850	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music
7/4/2020 - 14:45:48.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures
7/4/2020 - 14:45:48.850	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures
7/4/2020 - 14:45:48.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Recorded TV
7/4/2020 - 14:45:48.850	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Recorded TV
7/4/2020 - 14:45:48.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Videos
7/4/2020 - 14:45:48.850	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Videos
7/4/2020 - 14:45:48.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Application Data
7/4/2020 - 14:45:48.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Application Data
7/4/2020 - 14:45:48.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Application Data
7/4/2020 - 14:45:48.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Application Data
7/4/2020 - 14:45:48.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Dados de aplicativos
7/4/2020 - 14:45:48.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Dados de aplicativos
7/4/2020 - 14:45:48.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Dados de aplicativos
7/4/2020 - 14:45:48.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Dados de aplicativos
7/4/2020 - 14:45:48.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Desktop
7/4/2020 - 14:45:48.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Desktop
7/4/2020 - 14:45:48.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Desktop
7/4/2020 - 14:45:48.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Desktop
7/4/2020 - 14:45:48.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Documentos
7/4/2020 - 14:45:48.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Documentos
7/4/2020 - 14:45:48.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Documentos
7/4/2020 - 14:45:48.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Documentos
7/4/2020 - 14:45:48.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Documents
7/4/2020 - 14:45:48.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Documents
7/4/2020 - 14:45:48.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Documents
7/4/2020 - 14:45:48.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Documents
7/4/2020 - 14:45:48.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Favorites
7/4/2020 - 14:45:48.881	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Favorites
7/4/2020 - 14:45:48.881	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Favorites
7/4/2020 - 14:45:48.881	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Favorites
7/4/2020 - 14:45:48.897	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Favoritos
7/4/2020 - 14:45:48.897	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Favoritos
7/4/2020 - 14:45:48.897	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Favoritos
7/4/2020 - 14:45:48.897	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Favoritos
7/4/2020 - 14:45:48.897	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Menu Iniciar
7/4/2020 - 14:45:48.897	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Menu Iniciar
7/4/2020 - 14:45:48.897	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Menu Iniciar
7/4/2020 - 14:45:48.897	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Menu Iniciar
7/4/2020 - 14:45:48.897	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft
7/4/2020 - 14:45:48.897	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft
7/4/2020 - 14:45:48.897	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Modelos
7/4/2020 - 14:45:48.897	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Modelos
7/4/2020 - 14:45:48.897	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Modelos
7/4/2020 - 14:45:48.897	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Modelos
7/4/2020 - 14:45:48.897	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache
7/4/2020 - 14:45:48.897	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache
7/4/2020 - 14:45:48.897	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache
7/4/2020 - 14:45:48.897	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Start Menu
7/4/2020 - 14:45:48.897	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Start Menu
7/4/2020 - 14:45:48.897	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Start Menu
7/4/2020 - 14:45:48.897	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Start Menu
7/4/2020 - 14:45:48.897	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Templates
7/4/2020 - 14:45:48.897	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Templates
7/4/2020 - 14:45:48.897	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Templates
7/4/2020 - 14:45:48.897	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Templates
7/4/2020 - 14:45:48.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\Files\Logs\File.log
7/4/2020 - 14:45:48.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\Files\Logs\File.log
7/4/2020 - 14:45:48.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\Files\Logs\File.log
7/4/2020 - 14:45:48.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\Files\Logs\File.log
7/4/2020 - 14:45:48.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\Files\Logs\File.log
7/4/2020 - 14:45:48.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\Files\Logs\File.log
7/4/2020 - 14:45:48.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\Files\Logs\File.log
7/4/2020 - 14:45:48.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\Files\Logs\File.log
7/4/2020 - 14:45:48.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\Files\Logs\File.log
7/4/2020 - 14:45:48.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\Files\Logs\Process.log
7/4/2020 - 14:45:48.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\Files\Logs\Process.log
7/4/2020 - 14:45:48.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\Files\Logs\Process.log
7/4/2020 - 14:45:48.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\Files\Logs\Process.log
7/4/2020 - 14:45:48.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\Files\Logs\Process.log
7/4/2020 - 14:45:48.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\Files\Logs\Process.log
7/4/2020 - 14:45:48.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\Files\Logs\Process.log
7/4/2020 - 14:45:48.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\Files\Logs\Process.log
7/4/2020 - 14:45:48.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\Files\Logs\Registry.log
7/4/2020 - 14:45:48.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\Files\Logs\Registry.log
7/4/2020 - 14:45:48.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\Files\Logs\Registry.log
7/4/2020 - 14:45:48.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\Files\Logs\Registry.log
7/4/2020 - 14:45:48.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\Files\Logs\Registry.log
7/4/2020 - 14:45:48.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\Files\Logs\Registry.log
7/4/2020 - 14:45:48.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\Files\Logs\Registry.log
7/4/2020 - 14:45:48.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\Files\Logs\Registry.log
7/4/2020 - 14:45:48.959	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
7/4/2020 - 14:45:48.959	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
7/4/2020 - 14:45:48.959	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
7/4/2020 - 14:45:48.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Common Files\Services\verisign.bmp
7/4/2020 - 14:45:48.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Common Files\SpeechEngines\Microsoft
7/4/2020 - 14:45:48.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Common Files\SpeechEngines\Microsoft
7/4/2020 - 14:45:48.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation
7/4/2020 - 14:45:48.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation
7/4/2020 - 14:45:48.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework
7/4/2020 - 14:45:48.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework
7/4/2020 - 14:45:48.959	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
7/4/2020 - 14:45:48.959	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
7/4/2020 - 14:45:48.959	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
7/4/2020 - 14:45:48.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\pt-BR
7/4/2020 - 14:45:48.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates
7/4/2020 - 14:45:48.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\Services\verisign.bmp
7/4/2020 - 14:45:48.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft
7/4/2020 - 14:45:48.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft
7/4/2020 - 14:45:48.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation
7/4/2020 - 14:45:48.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation
7/4/2020 - 14:45:48.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework
7/4/2020 - 14:45:48.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework
7/4/2020 - 14:45:48.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client
7/4/2020 - 14:45:48.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client
7/4/2020 - 14:45:48.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\DSS
7/4/2020 - 14:45:48.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\DSS
7/4/2020 - 14:45:48.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\Keys
7/4/2020 - 14:45:48.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\Keys
7/4/2020 - 14:45:48.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA
7/4/2020 - 14:45:48.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA
7/4/2020 - 14:45:48.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device
7/4/2020 - 14:45:48.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device
7/4/2020 - 14:45:48.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task
7/4/2020 - 14:45:48.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task
7/4/2020 - 14:45:48.975	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft
7/4/2020 - 14:45:48.975	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\DeviceSync
7/4/2020 - 14:45:48.975	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
7/4/2020 - 14:45:48.975	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
7/4/2020 - 14:45:48.975	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
7/4/2020 - 14:45:48.975	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
7/4/2020 - 14:45:48.975	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
7/4/2020 - 14:45:48.975	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
7/4/2020 - 14:45:48.975	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
7/4/2020 - 14:45:48.975	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
7/4/2020 - 14:45:48.975	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
7/4/2020 - 14:45:48.975	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
7/4/2020 - 14:45:48.975	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages
7/4/2020 - 14:45:48.975	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages
7/4/2020 - 14:45:48.975	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages
7/4/2020 - 14:45:48.975	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages
7/4/2020 - 14:45:48.975	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages
7/4/2020 - 14:45:48.975	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages
7/4/2020 - 14:45:48.975	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
7/4/2020 - 14:45:48.975	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
7/4/2020 - 14:45:48.975	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
7/4/2020 - 14:45:48.975	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
7/4/2020 - 14:45:48.975	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
7/4/2020 - 14:45:48.975	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
7/4/2020 - 14:45:48.975	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
7/4/2020 - 14:45:48.975	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
7/4/2020 - 14:45:48.975	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
7/4/2020 - 14:45:48.975	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
7/4/2020 - 14:45:48.975	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages
7/4/2020 - 14:45:48.975	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
7/4/2020 - 14:45:48.975	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
7/4/2020 - 14:45:48.975	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
7/4/2020 - 14:45:48.975	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
7/4/2020 - 14:45:48.975	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030
7/4/2020 - 14:45:48.975	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030
7/4/2020 - 14:45:48.975	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030
7/4/2020 - 14:45:48.975	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030
7/4/2020 - 14:45:48.975	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
7/4/2020 - 14:45:48.975	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
7/4/2020 - 14:45:48.975	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030
7/4/2020 - 14:45:48.975	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030
7/4/2020 - 14:45:48.975	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030
7/4/2020 - 14:45:48.975	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030
7/4/2020 - 14:45:48.975	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030
7/4/2020 - 14:45:48.975	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
7/4/2020 - 14:45:48.975	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
7/4/2020 - 14:45:48.975	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
7/4/2020 - 14:45:48.975	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030
7/4/2020 - 14:45:48.975	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030
7/4/2020 - 14:45:48.975	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030
7/4/2020 - 14:45:48.975	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Local
7/4/2020 - 14:45:48.975	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Local
7/4/2020 - 14:45:48.991	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\LocalLow
7/4/2020 - 14:45:48.991	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\LocalLow
7/4/2020 - 14:45:48.991	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Roaming
7/4/2020 - 14:45:48.991	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Roaming
7/4/2020 - 14:45:48.991	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Contacts\Behemot.contact
7/4/2020 - 14:45:48.991	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Contacts\Behemot.contact	Behemot.contact
7/4/2020 - 14:45:48.991	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Contacts\Behemot.contact
7/4/2020 - 14:45:48.991	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Contacts\Behemot.contact	Behemot.contact
7/4/2020 - 14:45:48.991	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Contacts\Behemot.contact	Behemot.contact
7/4/2020 - 14:45:48.991	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Contacts\Behemot.contact
7/4/2020 - 14:45:48.991	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Contacts\Behemot.contact	Behemot.contact
7/4/2020 - 14:45:48.991	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Contacts\Behemot.contact	Behemot.contact
7/4/2020 - 14:45:48.991	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Contacts\Behemot.contact	Behemot.contact
7/4/2020 - 14:45:48.991	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Contacts\Behemot.contact	Behemot.contact
7/4/2020 - 14:45:48.991	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Contacts\Behemot.contact	Behemot.contact
7/4/2020 - 14:45:48.991	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Contacts\Behemot.contact	Behemot.contact
7/4/2020 - 14:45:48.991	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Documents\Meus vdeos
7/4/2020 - 14:45:48.991	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Contacts\Behemot.contact	Behemot.contact
7/4/2020 - 14:45:48.991	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Documents\Meus vdeos
7/4/2020 - 14:45:48.991	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Documents\Minhas imagens
7/4/2020 - 14:45:48.991	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Documents\Minhas imagens
7/4/2020 - 14:45:48.991	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Documents\Minhas msicas
7/4/2020 - 14:45:48.991	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Documents\Minhas msicas
7/4/2020 - 14:45:48.991	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor
7/4/2020 - 14:45:48.991	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor
7/4/2020 - 14:45:48.991	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor.zip
7/4/2020 - 14:45:48.991	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor.zip
7/4/2020 - 14:45:48.991	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor.zip
7/4/2020 - 14:45:48.991	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor.zip
7/4/2020 - 14:45:48.991	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor.zip
7/4/2020 - 14:45:48.991	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor.zip
7/4/2020 - 14:45:48.991	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor.zip
7/4/2020 - 14:45:48.991	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor.zip
7/4/2020 - 14:45:48.991	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor.zip
7/4/2020 - 14:45:48.991	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor.zip
7/4/2020 - 14:45:48.991	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor.zip
7/4/2020 - 14:45:48.991	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links
7/4/2020 - 14:45:48.991	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links
7/4/2020 - 14:45:48.991	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil
7/4/2020 - 14:45:48.991	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil
7/4/2020 - 14:45:48.991	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\Everywhere.search-ms
7/4/2020 - 14:45:48.991	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\Everywhere.search-ms	Everywhere.search-ms
7/4/2020 - 14:45:48.991	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\Everywhere.search-ms
7/4/2020 - 14:45:48.991	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\Everywhere.search-ms	Everywhere.search-ms
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\Everywhere.search-ms	Everywhere.search-ms
7/4/2020 - 14:45:49.6	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\Everywhere.search-ms
7/4/2020 - 14:45:49.6	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\Everywhere.search-ms	Everywhere.search-ms
7/4/2020 - 14:45:49.6	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\Everywhere.search-ms	Everywhere.search-ms
7/4/2020 - 14:45:49.6	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\Everywhere.search-ms	Everywhere.search-ms
7/4/2020 - 14:45:49.6	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\Everywhere.search-ms	Everywhere.search-ms
7/4/2020 - 14:45:49.6	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\Everywhere.search-ms	Everywhere.search-ms
7/4/2020 - 14:45:49.6	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\Everywhere.search-ms	Everywhere.search-ms
7/4/2020 - 14:45:49.6	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms	Indexed Locations.search-ms
7/4/2020 - 14:45:49.6	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms	Indexed Locations.search-ms
7/4/2020 - 14:45:49.6	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\AppData\Local
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\AppData\Local
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\AppData\Local
7/4/2020 - 14:45:49.6	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\AppData\Roaming
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\AppData\Roaming
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents
7/4/2020 - 14:45:49.6	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents\Meus vdeos
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents
7/4/2020 - 14:45:49.6	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents\Meus vdeos
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents
7/4/2020 - 14:45:49.6	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents\Minhas imagens
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents
7/4/2020 - 14:45:49.6	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents\Minhas imagens
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents
7/4/2020 - 14:45:49.6	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents\Minhas msicas
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents
7/4/2020 - 14:45:49.6	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents\Minhas msicas
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents
7/4/2020 - 14:45:49.6	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents\My Music
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents
7/4/2020 - 14:45:49.6	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents\My Music
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents
7/4/2020 - 14:45:49.6	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents\My Pictures
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents
7/4/2020 - 14:45:49.6	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents\My Pictures
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents
7/4/2020 - 14:45:49.6	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents\My Videos
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents
7/4/2020 - 14:45:49.6	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents\My Videos
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Documents
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Videos
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Videos
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Favorites
7/4/2020 - 14:45:49.6	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Documents\Meus vdeos
7/4/2020 - 14:45:49.6	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Documents\Meus vdeos
7/4/2020 - 14:45:49.6	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Documents\Minhas imagens
7/4/2020 - 14:45:49.6	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Documents\Minhas imagens
7/4/2020 - 14:45:49.6	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Documents\Minhas msicas
7/4/2020 - 14:45:49.6	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Documents\Minhas msicas
7/4/2020 - 14:45:49.6	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Documents\My Music
7/4/2020 - 14:45:49.6	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Documents\My Music
7/4/2020 - 14:45:49.6	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Documents\My Pictures
7/4/2020 - 14:45:49.6	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Documents\My Pictures
7/4/2020 - 14:45:49.6	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Documents\My Videos
7/4/2020 - 14:45:49.6	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Documents\My Videos
7/4/2020 - 14:45:49.6	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Libraries\RecordedTV.library-ms
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Libraries\RecordedTV.library-ms	RecordedTV.library-ms
7/4/2020 - 14:45:49.6	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Libraries\RecordedTV.library-ms
7/4/2020 - 14:45:49.6	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Libraries\RecordedTV.library-ms	RecordedTV.library-ms
7/4/2020 - 14:45:49.22	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Libraries\RecordedTV.library-ms	RecordedTV.library-ms
7/4/2020 - 14:45:49.22	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Libraries\RecordedTV.library-ms
7/4/2020 - 14:45:49.22	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Libraries\RecordedTV.library-ms	RecordedTV.library-ms
7/4/2020 - 14:45:49.22	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Libraries\RecordedTV.library-ms	RecordedTV.library-ms
7/4/2020 - 14:45:49.22	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Libraries\RecordedTV.library-ms	RecordedTV.library-ms
7/4/2020 - 14:45:49.22	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Libraries\RecordedTV.library-ms	RecordedTV.library-ms
7/4/2020 - 14:45:49.22	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Libraries\RecordedTV.library-ms	RecordedTV.library-ms
7/4/2020 - 14:45:49.22	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music
7/4/2020 - 14:45:49.22	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music
7/4/2020 - 14:45:49.22	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures
7/4/2020 - 14:45:49.22	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures
7/4/2020 - 14:45:49.22	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Recorded TV\Sample Media
7/4/2020 - 14:45:49.22	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Recorded TV\Sample Media
7/4/2020 - 14:45:49.22	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Libraries\RecordedTV.library-ms	RecordedTV.library-ms
7/4/2020 - 14:45:49.22	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Videos\Sample Videos
7/4/2020 - 14:45:49.22	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Videos\Sample Videos
7/4/2020 - 14:45:49.22	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
7/4/2020 - 14:45:49.22	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
7/4/2020 - 14:45:49.22	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
7/4/2020 - 14:45:49.22	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030
7/4/2020 - 14:45:49.22	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Libraries\RecordedTV.library-ms	RecordedTV.library-ms
7/4/2020 - 14:45:49.22	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Libraries\RecordedTV.library-ms	RecordedTV.library-ms
7/4/2020 - 14:45:49.22	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030
7/4/2020 - 14:45:49.22	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Libraries\RecordedTV.library-ms	RecordedTV.library-ms
7/4/2020 - 14:45:49.22	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030
7/4/2020 - 14:45:49.22	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030
7/4/2020 - 14:45:49.22	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030
7/4/2020 - 14:45:49.22	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030
7/4/2020 - 14:45:49.22	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030
7/4/2020 - 14:45:49.22	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030
7/4/2020 - 14:45:49.22	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030
7/4/2020 - 14:45:49.22	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
7/4/2020 - 14:45:49.22	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
7/4/2020 - 14:45:49.22	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
7/4/2020 - 14:45:49.22	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030
7/4/2020 - 14:45:49.22	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030
7/4/2020 - 14:45:49.22	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030
7/4/2020 - 14:45:49.22	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Libraries
7/4/2020 - 14:45:49.22	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Libraries\RecordedTV.library-ms	RecordedTV.library-ms
7/4/2020 - 14:45:49.38	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Libraries
7/4/2020 - 14:45:49.38	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Libraries\RecordedTV.library-ms.cb5649
7/4/2020 - 14:45:49.38	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Libraries\CB5649-Readme.txt
7/4/2020 - 14:45:49.38	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Libraries\CB5649-Readme.txt
7/4/2020 - 14:45:49.38	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Libraries\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:49.38	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Libraries\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:49.116	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\cryptsp.dll
7/4/2020 - 14:45:49.116	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\cryptsp.dll
7/4/2020 - 14:45:49.116	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\rsaenh.dll
7/4/2020 - 14:45:49.116	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\rsaenh.dll
7/4/2020 - 14:45:49.116	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\rsaenh.dll
7/4/2020 - 14:45:49.116	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\rsaenh.dll
7/4/2020 - 14:45:49.116	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\rsaenh.dll
7/4/2020 - 14:45:49.116	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\rsaenh.dll
7/4/2020 - 14:45:49.116	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\rsaenh.dll
7/4/2020 - 14:45:49.116	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\rsaenh.dll
7/4/2020 - 14:45:49.116	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\rsaenh.dll
7/4/2020 - 14:45:49.116	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\rsaenh.dll
7/4/2020 - 14:45:49.116	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\rsaenh.dll
7/4/2020 - 14:45:49.116	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\rsaenh.dll
7/4/2020 - 14:45:49.116	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\Globalization\Sorting\SortDefault.nls
7/4/2020 - 14:45:49.116	Unknown	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\Globalization\Sorting\SortDefault.nls	SortDefault.nls
7/4/2020 - 14:45:49.116	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\RpcRtRemote.dll
7/4/2020 - 14:45:49.116	Unknown	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\RpcRtRemote.dll	RpcRtRemote.dll
7/4/2020 - 14:45:49.116	Open	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\RpcRtRemote.dll
7/4/2020 - 14:45:49.116	Unknown	2196	C:\Windows\System32\vssadmin.exe	C:\Windows\System32\RpcRtRemote.dll	RpcRtRemote.dll
7/4/2020 - 14:45:49.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package
7/4/2020 - 14:45:49.116	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
7/4/2020 - 14:45:49.116	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package
7/4/2020 - 14:45:49.116	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat.cb5649
7/4/2020 - 14:45:49.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Common Files\Services\verisign.bmp
7/4/2020 - 14:45:49.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Common Files\Services\verisign.bmp
7/4/2020 - 14:45:49.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Common Files\Services\verisign.bmp
7/4/2020 - 14:45:49.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20
7/4/2020 - 14:45:49.131	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20
7/4/2020 - 14:45:49.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0
7/4/2020 - 14:45:49.131	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0
7/4/2020 - 14:45:49.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5
7/4/2020 - 14:45:49.131	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5
7/4/2020 - 14:45:49.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0
7/4/2020 - 14:45:49.131	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0
7/4/2020 - 14:45:49.131	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0
7/4/2020 - 14:45:49.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5
7/4/2020 - 14:45:49.131	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5
7/4/2020 - 14:45:49.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package
7/4/2020 - 14:45:49.131	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
7/4/2020 - 14:45:49.131	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package
7/4/2020 - 14:45:49.131	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf.cb5649
7/4/2020 - 14:45:49.131	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates
7/4/2020 - 14:45:49.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\blank.jtp
7/4/2020 - 14:45:49.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\Services\verisign.bmp
7/4/2020 - 14:45:49.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\Services\verisign.bmp
7/4/2020 - 14:45:49.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\Services\verisign.bmp
7/4/2020 - 14:45:49.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20
7/4/2020 - 14:45:49.131	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20
7/4/2020 - 14:45:49.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0
7/4/2020 - 14:45:49.131	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0
7/4/2020 - 14:45:49.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5
7/4/2020 - 14:45:49.131	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5
7/4/2020 - 14:45:49.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0
7/4/2020 - 14:45:49.131	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0
7/4/2020 - 14:45:49.131	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0
7/4/2020 - 14:45:49.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5
7/4/2020 - 14:45:49.131	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5
7/4/2020 - 14:45:49.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0
7/4/2020 - 14:45:49.131	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0
7/4/2020 - 14:45:49.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\DSS\MachineKeys
7/4/2020 - 14:45:49.131	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\DSS\MachineKeys
7/4/2020 - 14:45:49.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.131	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c	ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.131	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c	ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.131	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c	ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.131	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c	ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.131	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c	ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.147	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c	ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.147	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c	ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.147	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c	ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.147	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
7/4/2020 - 14:45:49.147	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c	ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
7/4/2020 - 14:45:49.147	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18
7/4/2020 - 14:45:49.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18
7/4/2020 - 14:45:49.147	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}
7/4/2020 - 14:45:49.147	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}
7/4/2020 - 14:45:49.147	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}
7/4/2020 - 14:45:49.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}
7/4/2020 - 14:45:49.147	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}
7/4/2020 - 14:45:49.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}
7/4/2020 - 14:45:49.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}
7/4/2020 - 14:45:49.147	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}
7/4/2020 - 14:45:49.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}
7/4/2020 - 14:45:49.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\DRM
7/4/2020 - 14:45:49.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\DRM
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\eHome
7/4/2020 - 14:45:49.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\eHome
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IdentityCRL
7/4/2020 - 14:45:49.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IdentityCRL
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache
7/4/2020 - 14:45:49.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF
7/4/2020 - 14:45:49.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network
7/4/2020 - 14:45:49.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC
7/4/2020 - 14:45:49.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search
7/4/2020 - 14:45:49.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures
7/4/2020 - 14:45:49.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Vault
7/4/2020 - 14:45:49.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Vault
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows
7/4/2020 - 14:45:49.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT
7/4/2020 - 14:45:49.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT
7/4/2020 - 14:45:48.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\WwanSvc
7/4/2020 - 14:45:49.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\WwanSvc
7/4/2020 - 14:45:49.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft
7/4/2020 - 14:45:49.147	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance
7/4/2020 - 14:45:49.147	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance
7/4/2020 - 14:45:49.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance
7/4/2020 - 14:45:49.147	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto
7/4/2020 - 14:45:49.147	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto
7/4/2020 - 14:45:49.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto
7/4/2020 - 14:45:49.147	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage
7/4/2020 - 14:45:49.147	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage
7/4/2020 - 14:45:49.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\DeviceSync
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\DeviceSync
7/4/2020 - 14:45:49.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\DeviceSync
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\DRM
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\DRM
7/4/2020 - 14:45:49.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\DRM
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\eHome
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\eHome
7/4/2020 - 14:45:49.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\eHome
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IdentityCRL
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IdentityCRL
7/4/2020 - 14:45:49.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IdentityCRL
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache
7/4/2020 - 14:45:49.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF
7/4/2020 - 14:45:49.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network
7/4/2020 - 14:45:49.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC
7/4/2020 - 14:45:49.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search
7/4/2020 - 14:45:49.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures
7/4/2020 - 14:45:49.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Vault
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Vault
7/4/2020 - 14:45:49.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Vault
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows
7/4/2020 - 14:45:49.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT
7/4/2020 - 14:45:49.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\WwanSvc
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\WwanSvc
7/4/2020 - 14:45:49.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\WwanSvc
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64
7/4/2020 - 14:45:49.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86
7/4/2020 - 14:45:49.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86
7/4/2020 - 14:45:49.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64
7/4/2020 - 14:45:49.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages
7/4/2020 - 14:45:49.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages
7/4/2020 - 14:45:49.163	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
7/4/2020 - 14:45:49.163	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
7/4/2020 - 14:45:49.163	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
7/4/2020 - 14:45:49.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
7/4/2020 - 14:45:49.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
7/4/2020 - 14:45:49.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
7/4/2020 - 14:45:49.178	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
7/4/2020 - 14:45:49.178	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
7/4/2020 - 14:45:49.178	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
7/4/2020 - 14:45:49.178	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
7/4/2020 - 14:45:49.178	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
7/4/2020 - 14:45:49.178	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
7/4/2020 - 14:45:49.178	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
7/4/2020 - 14:45:49.178	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
7/4/2020 - 14:45:49.178	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
7/4/2020 - 14:45:49.178	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
7/4/2020 - 14:45:49.178	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
7/4/2020 - 14:45:49.178	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
7/4/2020 - 14:45:49.178	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
7/4/2020 - 14:45:49.178	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
7/4/2020 - 14:45:49.178	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
7/4/2020 - 14:45:49.178	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
7/4/2020 - 14:45:49.178	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
7/4/2020 - 14:45:49.178	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages
7/4/2020 - 14:45:49.178	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages
7/4/2020 - 14:45:49.178	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages
7/4/2020 - 14:45:49.178	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages
7/4/2020 - 14:45:49.178	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages
7/4/2020 - 14:45:49.178	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages
7/4/2020 - 14:45:49.178	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
7/4/2020 - 14:45:49.178	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
7/4/2020 - 14:45:49.178	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages
7/4/2020 - 14:45:49.178	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages
7/4/2020 - 14:45:49.178	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages
7/4/2020 - 14:45:49.178	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Local\Dados de aplicativos
7/4/2020 - 14:45:49.178	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Local\Dados de aplicativos
7/4/2020 - 14:45:49.178	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Local\Histrico
7/4/2020 - 14:45:49.178	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Local\Histrico
7/4/2020 - 14:45:49.178	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Local\VirtualStore
7/4/2020 - 14:45:49.178	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Local\VirtualStore
7/4/2020 - 14:45:49.178	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Roaming\Adobe
7/4/2020 - 14:45:49.178	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Roaming\Adobe
7/4/2020 - 14:45:49.178	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Roaming\Identities
7/4/2020 - 14:45:49.178	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Roaming\Identities
7/4/2020 - 14:45:49.178	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Roaming\Media Center Programs
7/4/2020 - 14:45:49.178	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Roaming\Media Center Programs
7/4/2020 - 14:45:49.178	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor
7/4/2020 - 14:45:49.178	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor
7/4/2020 - 14:45:49.178	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url
7/4/2020 - 14:45:49.178	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url	Galeria do Web Slice.url
7/4/2020 - 14:45:49.178	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url
7/4/2020 - 14:45:49.178	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url	Galeria do Web Slice.url
7/4/2020 - 14:45:49.178	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url	Galeria do Web Slice.url
7/4/2020 - 14:45:49.178	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url
7/4/2020 - 14:45:49.194	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url	Galeria do Web Slice.url
7/4/2020 - 14:45:49.194	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url	Galeria do Web Slice.url
7/4/2020 - 14:45:49.194	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url	Galeria do Web Slice.url
7/4/2020 - 14:45:49.194	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url	Galeria do Web Slice.url
7/4/2020 - 14:45:49.194	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url	Galeria do Web Slice.url
7/4/2020 - 14:45:49.194	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url
7/4/2020 - 14:45:49.194	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url	Sites Sugeridos.url
7/4/2020 - 14:45:49.194	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url
7/4/2020 - 14:45:49.194	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url	Sites Sugeridos.url
7/4/2020 - 14:45:49.194	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url	Sites Sugeridos.url
7/4/2020 - 14:45:49.194	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url
7/4/2020 - 14:45:49.194	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url	Sites Sugeridos.url
7/4/2020 - 14:45:49.194	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url	Sites Sugeridos.url
7/4/2020 - 14:45:49.194	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url	Sites Sugeridos.url
7/4/2020 - 14:45:49.194	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url	Sites Sugeridos.url
7/4/2020 - 14:45:49.194	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url	Sites Sugeridos.url
7/4/2020 - 14:45:49.194	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url	Sites Sugeridos.url
7/4/2020 - 14:45:49.194	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url
7/4/2020 - 14:45:49.194	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url	Microsoft Brasil.url
7/4/2020 - 14:45:49.194	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url
7/4/2020 - 14:45:49.194	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url	Microsoft Brasil.url
7/4/2020 - 14:45:49.194	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url	Microsoft Brasil.url
7/4/2020 - 14:45:49.194	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url
7/4/2020 - 14:45:49.194	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url	Microsoft Brasil.url
7/4/2020 - 14:45:49.194	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url	Microsoft Brasil.url
7/4/2020 - 14:45:49.194	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url	Microsoft Brasil.url
7/4/2020 - 14:45:49.194	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url	Microsoft Brasil.url
7/4/2020 - 14:45:49.194	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url	Microsoft Brasil.url
7/4/2020 - 14:45:49.194	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url
7/4/2020 - 14:45:49.194	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url	MSN Brasil.url
7/4/2020 - 14:45:49.194	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url
7/4/2020 - 14:45:49.194	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url	MSN Brasil.url
7/4/2020 - 14:45:49.194	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url	MSN Brasil.url
7/4/2020 - 14:45:49.194	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url
7/4/2020 - 14:45:49.194	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url	MSN Brasil.url
7/4/2020 - 14:45:49.194	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url	MSN Brasil.url
7/4/2020 - 14:45:49.194	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url	MSN Brasil.url
7/4/2020 - 14:45:49.194	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url	MSN Brasil.url
7/4/2020 - 14:45:49.194	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url	MSN Brasil.url
7/4/2020 - 14:45:49.194	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url
7/4/2020 - 14:45:49.194	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url	Windows Brasil.url
7/4/2020 - 14:45:49.194	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url
7/4/2020 - 14:45:49.194	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url	Windows Brasil.url
7/4/2020 - 14:45:49.194	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor.zip
7/4/2020 - 14:45:49.194	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor.zip
7/4/2020 - 14:45:49.194	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor.zip
7/4/2020 - 14:45:49.194	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor.zip
7/4/2020 - 14:45:49.194	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor.zip
7/4/2020 - 14:45:49.209	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\AppData\Local
7/4/2020 - 14:45:49.209	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\AppData\Local\Application Data
7/4/2020 - 14:45:49.209	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\AppData\Local
7/4/2020 - 14:45:49.209	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\AppData\Local
7/4/2020 - 14:45:49.209	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\AppData\Local\Application Data
7/4/2020 - 14:45:49.209	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\AppData\Local
7/4/2020 - 14:45:49.209	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\AppData\Local
7/4/2020 - 14:45:49.209	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\AppData\Local\Dados de aplicativos
7/4/2020 - 14:45:49.209	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\AppData\Local
7/4/2020 - 14:45:49.209	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\AppData\Local
7/4/2020 - 14:45:49.209	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\AppData\Local\Dados de aplicativos
7/4/2020 - 14:45:49.209	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\AppData\Local
7/4/2020 - 14:45:49.209	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\AppData\Local
7/4/2020 - 14:45:49.209	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\AppData\Local\History
7/4/2020 - 14:45:49.209	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\AppData\Local
7/4/2020 - 14:45:49.209	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\AppData\Local
7/4/2020 - 14:45:49.209	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\AppData\Local\History
7/4/2020 - 14:45:49.209	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\AppData\Local
7/4/2020 - 14:45:49.209	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\AppData\Local
7/4/2020 - 14:45:49.209	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\AppData\Local\Histrico
7/4/2020 - 14:45:49.209	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\AppData\Local
7/4/2020 - 14:45:49.209	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\AppData\Local
7/4/2020 - 14:45:49.209	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\AppData\Local\Histrico
7/4/2020 - 14:45:49.209	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\AppData\Local
7/4/2020 - 14:45:49.209	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\Everywhere.search-ms	Everywhere.search-ms
7/4/2020 - 14:45:49.209	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\Everywhere.search-ms	Everywhere.search-ms
7/4/2020 - 14:45:49.209	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\Everywhere.search-ms	Everywhere.search-ms
7/4/2020 - 14:45:49.209	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\AppData\Roaming\Media Center Programs
7/4/2020 - 14:45:49.209	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\AppData\Roaming\Media Center Programs
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Links
7/4/2020 - 14:45:49.209	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Links
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Local Settings
7/4/2020 - 14:45:49.209	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Local Settings
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Menu Iniciar
7/4/2020 - 14:45:49.209	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Menu Iniciar
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Meus documentos
7/4/2020 - 14:45:49.209	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Meus documentos
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Modelos
7/4/2020 - 14:45:49.209	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Modelos
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Music
7/4/2020 - 14:45:49.209	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Music
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\My Documents
7/4/2020 - 14:45:49.209	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\My Documents
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\NetHood
7/4/2020 - 14:45:49.209	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\NetHood
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Pictures
7/4/2020 - 14:45:49.209	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Pictures
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\PrintHood
7/4/2020 - 14:45:49.209	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\PrintHood
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Recent
7/4/2020 - 14:45:49.209	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Recent
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Saved Games
7/4/2020 - 14:45:49.209	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Saved Games
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\SendTo
7/4/2020 - 14:45:49.209	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\SendTo
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Start Menu
7/4/2020 - 14:45:49.209	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Start Menu
7/4/2020 - 14:45:48.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Templates
7/4/2020 - 14:45:49.209	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Default\Templates
7/4/2020 - 14:45:49.209	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Kalimba.mp3
7/4/2020 - 14:45:49.209	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Kalimba.mp3
7/4/2020 - 14:45:49.209	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Kalimba.mp3
7/4/2020 - 14:45:49.209	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Kalimba.mp3
7/4/2020 - 14:45:49.209	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Kalimba.mp3
7/4/2020 - 14:45:49.209	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Kalimba.mp3
7/4/2020 - 14:45:49.209	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Kalimba.mp3
7/4/2020 - 14:45:49.209	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Kalimba.mp3
7/4/2020 - 14:45:49.209	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Kalimba.mp3
7/4/2020 - 14:45:49.209	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Kalimba.mp3
7/4/2020 - 14:45:49.209	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Kalimba.mp3
7/4/2020 - 14:45:49.209	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3
7/4/2020 - 14:45:49.225	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Kalimba.mp3
7/4/2020 - 14:45:49.225	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3	Maid with the Flaxen Hair.mp3
7/4/2020 - 14:45:49.225	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3
7/4/2020 - 14:45:49.225	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3	Maid with the Flaxen Hair.mp3
7/4/2020 - 14:45:49.225	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3	Maid with the Flaxen Hair.mp3
7/4/2020 - 14:45:49.225	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3
7/4/2020 - 14:45:49.225	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3	Maid with the Flaxen Hair.mp3
7/4/2020 - 14:45:49.225	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3	Maid with the Flaxen Hair.mp3
7/4/2020 - 14:45:49.225	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3	Maid with the Flaxen Hair.mp3
7/4/2020 - 14:45:49.225	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3	Maid with the Flaxen Hair.mp3
7/4/2020 - 14:45:49.225	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3	Maid with the Flaxen Hair.mp3
7/4/2020 - 14:45:49.225	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3	Maid with the Flaxen Hair.mp3
7/4/2020 - 14:45:49.225	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Sleep Away.mp3
7/4/2020 - 14:45:49.225	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3	Maid with the Flaxen Hair.mp3
7/4/2020 - 14:45:49.225	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Sleep Away.mp3	Sleep Away.mp3
7/4/2020 - 14:45:49.225	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Sleep Away.mp3
7/4/2020 - 14:45:49.225	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Sleep Away.mp3	Sleep Away.mp3
7/4/2020 - 14:45:49.225	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Sleep Away.mp3	Sleep Away.mp3
7/4/2020 - 14:45:49.225	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Sleep Away.mp3
7/4/2020 - 14:45:49.225	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Sleep Away.mp3	Sleep Away.mp3
7/4/2020 - 14:45:49.225	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Sleep Away.mp3	Sleep Away.mp3
7/4/2020 - 14:45:49.225	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Sleep Away.mp3	Sleep Away.mp3
7/4/2020 - 14:45:49.225	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Sleep Away.mp3	Sleep Away.mp3
7/4/2020 - 14:45:49.225	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Sleep Away.mp3	Sleep Away.mp3
7/4/2020 - 14:45:49.225	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Sleep Away.mp3	Sleep Away.mp3
7/4/2020 - 14:45:49.225	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg
7/4/2020 - 14:45:49.225	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Sleep Away.mp3	Sleep Away.mp3
7/4/2020 - 14:45:49.225	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg	Chrysanthemum.jpg
7/4/2020 - 14:45:49.225	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg
7/4/2020 - 14:45:49.225	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg	Chrysanthemum.jpg
7/4/2020 - 14:45:49.225	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg	Chrysanthemum.jpg
7/4/2020 - 14:45:49.225	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg
7/4/2020 - 14:45:49.225	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg	Chrysanthemum.jpg
7/4/2020 - 14:45:49.225	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg	Chrysanthemum.jpg
7/4/2020 - 14:45:49.225	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg	Chrysanthemum.jpg
7/4/2020 - 14:45:49.225	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg	Chrysanthemum.jpg
7/4/2020 - 14:45:49.225	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg	Chrysanthemum.jpg
7/4/2020 - 14:45:49.225	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg	Chrysanthemum.jpg
7/4/2020 - 14:45:49.225	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
7/4/2020 - 14:45:49.225	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg	Chrysanthemum.jpg
7/4/2020 - 14:45:49.225	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv
7/4/2020 - 14:45:49.225	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
7/4/2020 - 14:45:49.225	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
7/4/2020 - 14:45:49.225	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
7/4/2020 - 14:45:49.241	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages
7/4/2020 - 14:45:49.241	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages
7/4/2020 - 14:45:49.241	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages
7/4/2020 - 14:45:49.241	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages
7/4/2020 - 14:45:49.241	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages
7/4/2020 - 14:45:49.241	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages
7/4/2020 - 14:45:49.241	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages
7/4/2020 - 14:45:49.241	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages
7/4/2020 - 14:45:49.241	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages
7/4/2020 - 14:45:49.241	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
7/4/2020 - 14:45:49.241	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
7/4/2020 - 14:45:49.241	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages
7/4/2020 - 14:45:49.241	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages
7/4/2020 - 14:45:49.241	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages
7/4/2020 - 14:45:49.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\CB5649-Readme.txt
7/4/2020 - 14:45:49.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\CB5649-Readme.txt
7/4/2020 - 14:45:49.319	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:49.319	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:49.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US
7/4/2020 - 14:45:49.319	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US
7/4/2020 - 14:45:49.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets
7/4/2020 - 14:45:49.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets
7/4/2020 - 14:45:49.319	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0
7/4/2020 - 14:45:49.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\pt-BR
7/4/2020 - 14:45:49.319	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\pt-BR
7/4/2020 - 14:45:49.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList
7/4/2020 - 14:45:49.319	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList
7/4/2020 - 14:45:49.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml
7/4/2020 - 14:45:49.319	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml	WinFXList.xml
7/4/2020 - 14:45:49.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml
7/4/2020 - 14:45:49.319	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml	WinFXList.xml
7/4/2020 - 14:45:49.319	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml	WinFXList.xml
7/4/2020 - 14:45:49.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml
7/4/2020 - 14:45:49.319	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml	WinFXList.xml
7/4/2020 - 14:45:49.319	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml	WinFXList.xml
7/4/2020 - 14:45:49.319	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml	WinFXList.xml
7/4/2020 - 14:45:49.319	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml	WinFXList.xml
7/4/2020 - 14:45:49.319	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml	WinFXList.xml
7/4/2020 - 14:45:49.334	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml	WinFXList.xml
7/4/2020 - 14:45:49.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5
7/4/2020 - 14:45:49.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5
7/4/2020 - 14:45:49.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\To_Do_List.jtp
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\blank.jtp
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\blank.jtp
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\blank.jtp
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US
7/4/2020 - 14:45:49.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets
7/4/2020 - 14:45:49.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\pt-BR
7/4/2020 - 14:45:49.334	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\pt-BR
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList
7/4/2020 - 14:45:49.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList
7/4/2020 - 14:45:49.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml
7/4/2020 - 14:45:49.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml	WinFXList.xml
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml
7/4/2020 - 14:45:49.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml	WinFXList.xml
7/4/2020 - 14:45:49.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml	WinFXList.xml
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml
7/4/2020 - 14:45:49.334	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml	WinFXList.xml
7/4/2020 - 14:45:49.334	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml	WinFXList.xml
7/4/2020 - 14:45:49.334	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml	WinFXList.xml
7/4/2020 - 14:45:49.334	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml	WinFXList.xml
7/4/2020 - 14:45:49.334	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml	WinFXList.xml
7/4/2020 - 14:45:49.334	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml	WinFXList.xml
7/4/2020 - 14:45:49.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5
7/4/2020 - 14:45:49.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US
7/4/2020 - 14:45:49.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US
7/4/2020 - 14:45:49.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR
7/4/2020 - 14:45:49.334	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US
7/4/2020 - 14:45:49.334	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c	036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c	2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c	3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c	6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c	8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.350	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c	9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.350	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c	4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.350	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c	4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.350	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c	4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.350	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c	4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.350	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c	4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.350	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c	4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.350	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c	4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.350	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c	5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.350	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c	5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.350	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c	5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.350	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c	5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.350	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c	5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.350	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c	5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.350	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c	5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.350	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c	5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.350	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}
7/4/2020 - 14:45:49.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
7/4/2020 - 14:45:49.350	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}
7/4/2020 - 14:45:49.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR
7/4/2020 - 14:45:49.350	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR
7/4/2020 - 14:45:49.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
7/4/2020 - 14:45:49.350	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}
7/4/2020 - 14:45:49.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR
7/4/2020 - 14:45:49.350	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR
7/4/2020 - 14:45:49.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
7/4/2020 - 14:45:49.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\DRM\Server
7/4/2020 - 14:45:49.350	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\DRM\Server
7/4/2020 - 14:45:49.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\eHome\logs
7/4/2020 - 14:45:49.350	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\eHome\logs
7/4/2020 - 14:45:49.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\ilrcache.xml
7/4/2020 - 14:45:49.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\ilrcache.xml
7/4/2020 - 14:45:49.350	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\ilrcache.xml
7/4/2020 - 14:45:49.350	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\ilrcache.xml
7/4/2020 - 14:45:49.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\ilrcache.xml
7/4/2020 - 14:45:49.366	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\ilrcache.xml
7/4/2020 - 14:45:49.366	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\ilrcache.xml
7/4/2020 - 14:45:49.366	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\ilrcache.xml
7/4/2020 - 14:45:49.366	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\ilrcache.xml
7/4/2020 - 14:45:49.366	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\ilrcache.xml
7/4/2020 - 14:45:49.366	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\ilrcache.xml
7/4/2020 - 14:45:49.366	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\imcrcache.xml
7/4/2020 - 14:45:49.366	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\imcrcache.xml	imcrcache.xml
7/4/2020 - 14:45:49.366	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\imcrcache.xml
7/4/2020 - 14:45:49.366	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\imcrcache.xml	imcrcache.xml
7/4/2020 - 14:45:49.366	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Active.GRL
7/4/2020 - 14:45:49.366	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Active.GRL
7/4/2020 - 14:45:49.366	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Active.GRL
7/4/2020 - 14:45:49.366	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Active.GRL
7/4/2020 - 14:45:49.366	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Active.GRL
7/4/2020 - 14:45:49.366	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Active.GRL
7/4/2020 - 14:45:49.366	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Active.GRL
7/4/2020 - 14:45:49.366	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Active.GRL
7/4/2020 - 14:45:49.366	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Active.GRL
7/4/2020 - 14:45:49.366	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Active.GRL
7/4/2020 - 14:45:49.366	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Active.GRL
7/4/2020 - 14:45:49.366	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Active.GRL
7/4/2020 - 14:45:49.366	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Pending.GRL
7/4/2020 - 14:45:49.366	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Pending.GRL
7/4/2020 - 14:45:49.366	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Pending.GRL
7/4/2020 - 14:45:49.366	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Pending.GRL
7/4/2020 - 14:45:49.366	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Pending.GRL
7/4/2020 - 14:45:49.366	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Pending.GRL
7/4/2020 - 14:45:49.366	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Pending.GRL
7/4/2020 - 14:45:49.366	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Pending.GRL
7/4/2020 - 14:45:49.366	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Pending.GRL
7/4/2020 - 14:45:49.366	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Pending.GRL
7/4/2020 - 14:45:49.366	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Pending.GRL
7/4/2020 - 14:45:49.366	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Connections
7/4/2020 - 14:45:49.366	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Connections
7/4/2020 - 14:45:49.366	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader
7/4/2020 - 14:45:49.366	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader
7/4/2020 - 14:45:49.366	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\Outbound
7/4/2020 - 14:45:49.366	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\Outbound
7/4/2020 - 14:45:49.366	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\PublishedData
7/4/2020 - 14:45:49.366	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Pending.GRL
7/4/2020 - 14:45:49.366	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\PublishedData
7/4/2020 - 14:45:49.366	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData
7/4/2020 - 14:45:49.366	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData
7/4/2020 - 14:45:49.366	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\Temp
7/4/2020 - 14:45:49.366	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\Temp
7/4/2020 - 14:45:49.366	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data
7/4/2020 - 14:45:49.366	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data
7/4/2020 - 14:45:49.366	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat
7/4/2020 - 14:45:49.366	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat	Administrator.dat
7/4/2020 - 14:45:49.366	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat
7/4/2020 - 14:45:49.366	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat	Administrator.dat
7/4/2020 - 14:45:49.381	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat	Administrator.dat
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
7/4/2020 - 14:45:49.381	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
7/4/2020 - 14:45:49.381	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures
7/4/2020 - 14:45:49.381	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\guest.bmp
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\AIT
7/4/2020 - 14:45:49.381	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\AIT
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore
7/4/2020 - 14:45:49.381	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM
7/4/2020 - 14:45:49.381	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\GameExplorer
7/4/2020 - 14:45:49.381	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\GameExplorer
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics
7/4/2020 - 14:45:49.381	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones
7/4/2020 - 14:45:49.381	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Sqm
7/4/2020 - 14:45:49.381	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Sqm
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu
7/4/2020 - 14:45:49.381	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Templates
7/4/2020 - 14:45:49.381	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Templates
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER
7/4/2020 - 14:45:49.381	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax
7/4/2020 - 14:45:49.381	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax
7/4/2020 - 14:45:49.381	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSScan
7/4/2020 - 14:45:49.381	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSScan
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\WwanSvc\Profiles
7/4/2020 - 14:45:49.381	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\WwanSvc\Profiles
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance
7/4/2020 - 14:45:49.381	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto
7/4/2020 - 14:45:49.381	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage
7/4/2020 - 14:45:49.381	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\DeviceSync
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\DeviceSync
7/4/2020 - 14:45:49.381	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\DeviceSync
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\DRM
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\DRM
7/4/2020 - 14:45:49.381	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\DRM
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\eHome
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\eHome
7/4/2020 - 14:45:49.381	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\eHome
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IdentityCRL
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IdentityCRL
7/4/2020 - 14:45:49.397	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IdentityCRL
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache
7/4/2020 - 14:45:49.397	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF
7/4/2020 - 14:45:49.397	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network
7/4/2020 - 14:45:49.397	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC
7/4/2020 - 14:45:49.397	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search
7/4/2020 - 14:45:49.397	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Vault
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Vault
7/4/2020 - 14:45:49.397	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Vault
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows
7/4/2020 - 14:45:49.397	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT
7/4/2020 - 14:45:49.397	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\WwanSvc
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\WwanSvc
7/4/2020 - 14:45:49.397	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\WwanSvc
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client
7/4/2020 - 14:45:49.397	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\DSS
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\DSS
7/4/2020 - 14:45:49.397	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\DSS
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\Keys
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\Keys
7/4/2020 - 14:45:49.397	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\Keys
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA
7/4/2020 - 14:45:49.397	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device
7/4/2020 - 14:45:49.397	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task
7/4/2020 - 14:45:49.397	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\DRM\Server
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\DRM\Server
7/4/2020 - 14:45:49.397	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\DRM\Server
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\eHome\logs
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\eHome\logs
7/4/2020 - 14:45:49.397	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\eHome\logs
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\ilrcache.xml
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\ilrcache.xml
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\imcrcache.xml
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\imcrcache.xml
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Active.GRL
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Active.GRL
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Pending.GRL
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Pending.GRL
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Connections
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Connections
7/4/2020 - 14:45:49.397	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Connections
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader
7/4/2020 - 14:45:49.397	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\Outbound
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\Outbound
7/4/2020 - 14:45:49.397	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\Outbound
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\PublishedData
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\PublishedData
7/4/2020 - 14:45:49.397	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\PublishedData
7/4/2020 - 14:45:49.397	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data
7/4/2020 - 14:45:49.413	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\AIT
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\AIT
7/4/2020 - 14:45:49.413	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\AIT
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore
7/4/2020 - 14:45:49.413	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM
7/4/2020 - 14:45:49.413	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\GameExplorer
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\GameExplorer
7/4/2020 - 14:45:49.413	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\GameExplorer
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics
7/4/2020 - 14:45:49.413	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Sqm
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Sqm
7/4/2020 - 14:45:49.413	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Sqm
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu
7/4/2020 - 14:45:49.413	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Templates
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Templates
7/4/2020 - 14:45:49.413	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Templates
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER
7/4/2020 - 14:45:49.413	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax
7/4/2020 - 14:45:49.413	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax
7/4/2020 - 14:45:49.413	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSScan
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSScan
7/4/2020 - 14:45:49.413	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSScan
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\WwanSvc\Profiles
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\WwanSvc\Profiles
7/4/2020 - 14:45:49.413	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\WwanSvc\Profiles
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64
7/4/2020 - 14:45:49.413	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86
7/4/2020 - 14:45:49.413	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86
7/4/2020 - 14:45:49.413	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64
7/4/2020 - 14:45:49.413	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64
7/4/2020 - 14:45:49.428	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Roaming\Adobe\Flash Player
7/4/2020 - 14:45:49.428	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Roaming\Adobe\Flash Player
7/4/2020 - 14:45:49.428	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Roaming\Identities\{5F13A065-9132-4C6F-A394-1C4D0DE64D1F}
7/4/2020 - 14:45:49.428	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Roaming\Identities\{5F13A065-9132-4C6F-A394-1C4D0DE64D1F}
7/4/2020 - 14:45:49.428	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Files
7/4/2020 - 14:45:49.428	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Files
7/4/2020 - 14:45:49.428	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Malware
7/4/2020 - 14:45:49.428	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Malware
7/4/2020 - 14:45:49.428	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package
7/4/2020 - 14:45:49.428	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package
7/4/2020 - 14:45:49.428	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url	Galeria do Web Slice.url
7/4/2020 - 14:45:49.428	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url	Galeria do Web Slice.url
7/4/2020 - 14:45:49.428	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url	Galeria do Web Slice.url
7/4/2020 - 14:45:49.428	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url	Sites Sugeridos.url
7/4/2020 - 14:45:49.428	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url	Sites Sugeridos.url
7/4/2020 - 14:45:49.428	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor.zip
7/4/2020 - 14:45:49.428	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor.zip
7/4/2020 - 14:45:49.428	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor.zip
7/4/2020 - 14:45:49.428	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor.zip
7/4/2020 - 14:45:49.428	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor.zip
7/4/2020 - 14:45:49.428	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches
7/4/2020 - 14:45:49.428	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\Everywhere.search-ms	Everywhere.search-ms
7/4/2020 - 14:45:49.225	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
7/4/2020 - 14:45:49.428	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
7/4/2020 - 14:45:49.428	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
7/4/2020 - 14:45:49.428	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
7/4/2020 - 14:45:49.428	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
7/4/2020 - 14:45:49.428	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
7/4/2020 - 14:45:49.428	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
7/4/2020 - 14:45:49.428	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
7/4/2020 - 14:45:49.428	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
7/4/2020 - 14:45:49.428	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
7/4/2020 - 14:45:49.428	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
7/4/2020 - 14:45:49.428	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
7/4/2020 - 14:45:49.428	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
7/4/2020 - 14:45:49.428	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
7/4/2020 - 14:45:49.428	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
7/4/2020 - 14:45:49.428	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
7/4/2020 - 14:45:49.428	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
7/4/2020 - 14:45:49.428	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
7/4/2020 - 14:45:49.428	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
7/4/2020 - 14:45:49.428	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
7/4/2020 - 14:45:49.428	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
7/4/2020 - 14:45:49.428	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv	win7_scenic-demoshort_raw.wtv
7/4/2020 - 14:45:49.428	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv
7/4/2020 - 14:45:49.428	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv	win7_scenic-demoshort_raw.wtv
7/4/2020 - 14:45:49.428	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv	win7_scenic-demoshort_raw.wtv
7/4/2020 - 14:45:49.428	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv
7/4/2020 - 14:45:49.428	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv	win7_scenic-demoshort_raw.wtv
7/4/2020 - 14:45:49.428	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv	win7_scenic-demoshort_raw.wtv
7/4/2020 - 14:45:49.444	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv	win7_scenic-demoshort_raw.wtv
7/4/2020 - 14:45:49.444	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv	win7_scenic-demoshort_raw.wtv
7/4/2020 - 14:45:49.444	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv	win7_scenic-demoshort_raw.wtv
7/4/2020 - 14:45:49.444	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv	win7_scenic-demoshort_raw.wtv
7/4/2020 - 14:45:49.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
7/4/2020 - 14:45:49.444	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
7/4/2020 - 14:45:49.444	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
7/4/2020 - 14:45:49.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
7/4/2020 - 14:45:49.444	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
7/4/2020 - 14:45:49.444	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
7/4/2020 - 14:45:49.444	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
7/4/2020 - 14:45:49.444	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
7/4/2020 - 14:45:49.444	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
7/4/2020 - 14:45:49.444	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
7/4/2020 - 14:45:49.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64
7/4/2020 - 14:45:49.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64
7/4/2020 - 14:45:49.444	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64
7/4/2020 - 14:45:49.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86
7/4/2020 - 14:45:49.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86
7/4/2020 - 14:45:49.444	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86
7/4/2020 - 14:45:49.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86
7/4/2020 - 14:45:49.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86
7/4/2020 - 14:45:49.444	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86
7/4/2020 - 14:45:49.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64
7/4/2020 - 14:45:49.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64
7/4/2020 - 14:45:49.444	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64
7/4/2020 - 14:45:49.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk
7/4/2020 - 14:45:49.522	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk
7/4/2020 - 14:45:49.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.522	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets	Workflow.Targets
7/4/2020 - 14:45:49.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets
7/4/2020 - 14:45:49.522	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets	Workflow.Targets
7/4/2020 - 14:45:49.522	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets	Workflow.Targets
7/4/2020 - 14:45:49.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets
7/4/2020 - 14:45:49.522	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets	Workflow.Targets
7/4/2020 - 14:45:49.522	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets	Workflow.Targets
7/4/2020 - 14:45:49.522	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets	Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.522	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets	Workflow.Targets
7/4/2020 - 14:45:49.522	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets	Workflow.Targets
7/4/2020 - 14:45:49.522	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets	Workflow.Targets
7/4/2020 - 14:45:49.522	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets	Workflow.Targets
7/4/2020 - 14:45:49.522	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets	Workflow.Targets
7/4/2020 - 14:45:49.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets
7/4/2020 - 14:45:49.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets
7/4/2020 - 14:45:49.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets
7/4/2020 - 14:45:49.522	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\pt-BR
7/4/2020 - 14:45:49.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml
7/4/2020 - 14:45:49.522	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5
7/4/2020 - 14:45:49.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\pt-BR
7/4/2020 - 14:45:49.522	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\pt-BR
7/4/2020 - 14:45:49.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList
7/4/2020 - 14:45:49.522	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList
7/4/2020 - 14:45:49.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Dotted_Line.jtp
7/4/2020 - 14:45:49.522	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Dotted_Line.jtp	Dotted_Line.jtp
7/4/2020 - 14:45:49.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Dotted_Line.jtp
7/4/2020 - 14:45:49.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Dotted_Line.jtp
7/4/2020 - 14:45:49.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Dotted_Line.jtp
7/4/2020 - 14:45:49.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Genko_1.jtp
7/4/2020 - 14:45:49.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Genko_1.jtp
7/4/2020 - 14:45:49.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Genko_1.jtp
7/4/2020 - 14:45:49.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Genko_1.jtp
7/4/2020 - 14:45:49.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Genko_2.jtp
7/4/2020 - 14:45:49.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk
7/4/2020 - 14:45:49.522	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.522	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets	Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.522	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets	Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.522	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets	Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.522	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.522	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets	Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.522	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets	Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.538	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets	Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.538	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets	Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.538	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets	Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.538	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets	Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.538	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets	Workflow.Targets
7/4/2020 - 14:45:49.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets
7/4/2020 - 14:45:49.538	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets	Workflow.Targets
7/4/2020 - 14:45:49.538	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets	Workflow.Targets
7/4/2020 - 14:45:49.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets
7/4/2020 - 14:45:49.538	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets	Workflow.Targets
7/4/2020 - 14:45:49.538	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets	Workflow.Targets
7/4/2020 - 14:45:49.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.538	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets	Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.538	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets	Workflow.Targets
7/4/2020 - 14:45:49.538	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets	Workflow.Targets
7/4/2020 - 14:45:49.538	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets	Workflow.Targets
7/4/2020 - 14:45:49.538	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets	Workflow.Targets
7/4/2020 - 14:45:49.538	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets	Workflow.Targets
7/4/2020 - 14:45:49.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets
7/4/2020 - 14:45:49.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets
7/4/2020 - 14:45:49.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets
7/4/2020 - 14:45:49.538	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\pt-BR
7/4/2020 - 14:45:49.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml
7/4/2020 - 14:45:49.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\Client.xml
7/4/2020 - 14:45:49.538	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5
7/4/2020 - 14:45:49.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\pt-BR
7/4/2020 - 14:45:49.538	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\pt-BR
7/4/2020 - 14:45:49.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList
7/4/2020 - 14:45:49.538	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList
7/4/2020 - 14:45:49.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList
7/4/2020 - 14:45:49.538	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList
7/4/2020 - 14:45:49.538	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US
7/4/2020 - 14:45:49.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W
7/4/2020 - 14:45:49.538	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR
7/4/2020 - 14:45:49.538	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US
7/4/2020 - 14:45:49.538	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c	4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.538	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c	4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.538	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}
7/4/2020 - 14:45:49.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
7/4/2020 - 14:45:49.538	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c	5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.538	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c	5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
7/4/2020 - 14:45:49.538	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png	background.png
7/4/2020 - 14:45:49.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
7/4/2020 - 14:45:49.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
7/4/2020 - 14:45:49.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
7/4/2020 - 14:45:49.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
7/4/2020 - 14:45:49.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
7/4/2020 - 14:45:49.553	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
7/4/2020 - 14:45:49.553	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
7/4/2020 - 14:45:49.553	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
7/4/2020 - 14:45:49.553	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
7/4/2020 - 14:45:49.553	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
7/4/2020 - 14:45:49.553	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
7/4/2020 - 14:45:49.553	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
7/4/2020 - 14:45:49.553	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
7/4/2020 - 14:45:49.553	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
7/4/2020 - 14:45:49.553	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
7/4/2020 - 14:45:49.553	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:49.553	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:49.553	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:49.553	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:49.553	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:49.553	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:49.553	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf
7/4/2020 - 14:45:49.553	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf	RacWmiDatabase.sdf
7/4/2020 - 14:45:49.553	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf
7/4/2020 - 14:45:49.553	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf	RacWmiDatabase.sdf
7/4/2020 - 14:45:49.553	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData
7/4/2020 - 14:45:49.553	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData
7/4/2020 - 14:45:49.553	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications
7/4/2020 - 14:45:49.553	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications
7/4/2020 - 14:45:49.553	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Temp
7/4/2020 - 14:45:49.553	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Temp
7/4/2020 - 14:45:49.553	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\user.bmp
7/4/2020 - 14:45:49.553	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\user.bmp
7/4/2020 - 14:45:49.553	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\user.bmp
7/4/2020 - 14:45:49.553	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\user.bmp
7/4/2020 - 14:45:49.553	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\user.bmp
7/4/2020 - 14:45:49.553	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\user.bmp
7/4/2020 - 14:45:49.553	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\user.bmp
7/4/2020 - 14:45:49.553	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\user.bmp
7/4/2020 - 14:45:49.553	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\user.bmp
7/4/2020 - 14:45:49.553	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\user.bmp
7/4/2020 - 14:45:49.553	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\user.bmp
7/4/2020 - 14:45:49.553	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\user.bmp
7/4/2020 - 14:45:49.553	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\guest.bmp
7/4/2020 - 14:45:49.553	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\guest.bmp
7/4/2020 - 14:45:49.553	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\guest.bmp
7/4/2020 - 14:45:49.553	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\guest.bmp
7/4/2020 - 14:45:49.553	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\guest.bmp
7/4/2020 - 14:45:49.553	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\guest.bmp
7/4/2020 - 14:45:49.553	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\guest.bmp
7/4/2020 - 14:45:49.553	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\guest.bmp
7/4/2020 - 14:45:49.553	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\guest.bmp
7/4/2020 - 14:45:49.553	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\guest.bmp
7/4/2020 - 14:45:49.553	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US
7/4/2020 - 14:45:49.553	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US
7/4/2020 - 14:45:49.553	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
7/4/2020 - 14:45:49.569	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\Cache
7/4/2020 - 14:45:49.569	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\Cache
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
7/4/2020 - 14:45:49.569	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
7/4/2020 - 14:45:49.569	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\v3ks.sec
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\v3ks.sec
7/4/2020 - 14:45:49.569	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\v3ks.sec
7/4/2020 - 14:45:49.569	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones
7/4/2020 - 14:45:49.569	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Sqm\Manifest
7/4/2020 - 14:45:49.569	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Sqm\Manifest
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Sqm\Sessions
7/4/2020 - 14:45:49.569	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Sqm\Sessions
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Sqm\Upload
7/4/2020 - 14:45:49.569	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Sqm\Upload
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programas
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programas
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs
7/4/2020 - 14:45:49.569	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportArchive
7/4/2020 - 14:45:49.569	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportArchive
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue
7/4/2020 - 14:45:49.569	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue
7/4/2020 - 14:45:49.569	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue
7/4/2020 - 14:45:49.569	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\ActivityLog
7/4/2020 - 14:45:49.569	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\ActivityLog
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages
7/4/2020 - 14:45:49.569	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Inbox
7/4/2020 - 14:45:49.569	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Inbox
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Queue
7/4/2020 - 14:45:49.569	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Queue
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\SentItems
7/4/2020 - 14:45:49.569	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\SentItems
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox
7/4/2020 - 14:45:49.569	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
7/4/2020 - 14:45:49.569	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg	WelcomeScan.jpg
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client
7/4/2020 - 14:45:49.569	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\DSS
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\DSS
7/4/2020 - 14:45:49.569	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\DSS
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\Keys
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\Keys
7/4/2020 - 14:45:49.569	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\Keys
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA
7/4/2020 - 14:45:49.569	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device
7/4/2020 - 14:45:49.569	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task
7/4/2020 - 14:45:49.569	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\DRM\Server
7/4/2020 - 14:45:49.569	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\DRM\Server
7/4/2020 - 14:45:49.584	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\DRM\Server
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\eHome\logs
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\eHome\logs
7/4/2020 - 14:45:49.584	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\eHome\logs
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\ilrcache.xml
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\ilrcache.xml
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\imcrcache.xml
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\imcrcache.xml
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Active.GRL
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Active.GRL
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Pending.GRL
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Pending.GRL
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Connections
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Connections
7/4/2020 - 14:45:49.584	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Connections
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader
7/4/2020 - 14:45:49.584	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\Outbound
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\Outbound
7/4/2020 - 14:45:49.584	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\Outbound
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\PublishedData
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\PublishedData
7/4/2020 - 14:45:49.584	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\PublishedData
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData
7/4/2020 - 14:45:49.584	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData
7/4/2020 - 14:45:49.584	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data
7/4/2020 - 14:45:49.584	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\AIT
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\AIT
7/4/2020 - 14:45:49.584	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\AIT
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore
7/4/2020 - 14:45:49.584	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM
7/4/2020 - 14:45:49.584	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\GameExplorer
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\GameExplorer
7/4/2020 - 14:45:49.584	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\GameExplorer
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics
7/4/2020 - 14:45:49.584	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones
7/4/2020 - 14:45:49.584	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones
7/4/2020 - 14:45:49.584	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Sqm
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Sqm
7/4/2020 - 14:45:49.584	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Sqm
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu
7/4/2020 - 14:45:49.584	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Templates
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Templates
7/4/2020 - 14:45:49.584	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Templates
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER
7/4/2020 - 14:45:49.584	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax
7/4/2020 - 14:45:49.584	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSScan
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSScan
7/4/2020 - 14:45:49.584	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSScan
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\WwanSvc\Profiles
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\WwanSvc\Profiles
7/4/2020 - 14:45:49.584	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\WwanSvc\Profiles
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0
7/4/2020 - 14:45:49.584	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\DSS\MachineKeys
7/4/2020 - 14:45:49.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\DSS\MachineKeys
7/4/2020 - 14:45:49.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\DSS\MachineKeys
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
7/4/2020 - 14:45:49.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18
7/4/2020 - 14:45:49.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}
7/4/2020 - 14:45:49.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}
7/4/2020 - 14:45:49.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}
7/4/2020 - 14:45:49.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications
7/4/2020 - 14:45:49.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US
7/4/2020 - 14:45:49.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\Cache
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\Cache
7/4/2020 - 14:45:49.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\Cache
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\v3ks.sec
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\v3ks.sec
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Sqm\Manifest
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Sqm\Manifest
7/4/2020 - 14:45:49.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Sqm\Manifest
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Sqm\Sessions
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Sqm\Sessions
7/4/2020 - 14:45:49.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Sqm\Sessions
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Sqm\Upload
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Sqm\Upload
7/4/2020 - 14:45:49.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Sqm\Upload
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programas
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programas
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programas
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programas
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs
7/4/2020 - 14:45:49.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportArchive
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportArchive
7/4/2020 - 14:45:49.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportArchive
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue
7/4/2020 - 14:45:49.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue
7/4/2020 - 14:45:49.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\ActivityLog
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\ActivityLog
7/4/2020 - 14:45:49.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\ActivityLog
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages
7/4/2020 - 14:45:49.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Inbox
7/4/2020 - 14:45:49.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Inbox
7/4/2020 - 14:45:49.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Inbox
7/4/2020 - 14:45:49.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Queue
7/4/2020 - 14:45:49.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Queue
7/4/2020 - 14:45:49.616	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Queue
7/4/2020 - 14:45:49.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\SentItems
7/4/2020 - 14:45:49.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\SentItems
7/4/2020 - 14:45:49.616	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\SentItems
7/4/2020 - 14:45:49.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox
7/4/2020 - 14:45:49.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox
7/4/2020 - 14:45:49.616	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox
7/4/2020 - 14:45:49.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
7/4/2020 - 14:45:49.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
7/4/2020 - 14:45:49.616	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg	WelcomeScan.jpg
7/4/2020 - 14:45:49.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
7/4/2020 - 14:45:49.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
7/4/2020 - 14:45:49.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
7/4/2020 - 14:45:49.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
7/4/2020 - 14:45:49.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
7/4/2020 - 14:45:49.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
7/4/2020 - 14:45:49.616	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
7/4/2020 - 14:45:49.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Roaming\Adobe\Flash Player\NativeCache
7/4/2020 - 14:45:49.616	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\AppData\Roaming\Adobe\Flash Player\NativeCache
7/4/2020 - 14:45:49.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Files\DeletedFiles
7/4/2020 - 14:45:49.616	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Files\DeletedFiles
7/4/2020 - 14:45:49.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Files\Logs
7/4/2020 - 14:45:49.616	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\Files\Logs
7/4/2020 - 14:45:49.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat
7/4/2020 - 14:45:49.616	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
7/4/2020 - 14:45:49.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat
7/4/2020 - 14:45:49.616	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
7/4/2020 - 14:45:49.616	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
7/4/2020 - 14:45:49.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat
7/4/2020 - 14:45:49.616	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
7/4/2020 - 14:45:49.616	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
7/4/2020 - 14:45:49.616	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
7/4/2020 - 14:45:49.616	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
7/4/2020 - 14:45:49.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf
7/4/2020 - 14:45:49.616	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
7/4/2020 - 14:45:49.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf
7/4/2020 - 14:45:49.616	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
7/4/2020 - 14:45:49.616	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
7/4/2020 - 14:45:49.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf
7/4/2020 - 14:45:49.616	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
7/4/2020 - 14:45:49.616	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
7/4/2020 - 14:45:49.616	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
7/4/2020 - 14:45:49.616	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
7/4/2020 - 14:45:49.616	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
7/4/2020 - 14:45:49.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links
7/4/2020 - 14:45:49.616	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url	Galeria do Web Slice.url
7/4/2020 - 14:45:49.647	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor.zip
7/4/2020 - 14:45:49.647	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor.zip
7/4/2020 - 14:45:49.647	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor.zip
7/4/2020 - 14:45:49.647	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms	Indexed Locations.search-ms
7/4/2020 - 14:45:49.225	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg
7/4/2020 - 14:45:49.647	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg	Hydrangeas.jpg
7/4/2020 - 14:45:49.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg
7/4/2020 - 14:45:49.647	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg	Hydrangeas.jpg
7/4/2020 - 14:45:49.647	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg	Hydrangeas.jpg
7/4/2020 - 14:45:49.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg
7/4/2020 - 14:45:49.647	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg	Hydrangeas.jpg
7/4/2020 - 14:45:49.647	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg	Hydrangeas.jpg
7/4/2020 - 14:45:49.647	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg	Hydrangeas.jpg
7/4/2020 - 14:45:49.647	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg	Hydrangeas.jpg
7/4/2020 - 14:45:49.225	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg
7/4/2020 - 14:45:49.647	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg	Hydrangeas.jpg
7/4/2020 - 14:45:49.647	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg	Hydrangeas.jpg
7/4/2020 - 14:45:49.647	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg	Jellyfish.jpg
7/4/2020 - 14:45:49.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg
7/4/2020 - 14:45:49.647	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg	Jellyfish.jpg
7/4/2020 - 14:45:49.647	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg	Jellyfish.jpg
7/4/2020 - 14:45:49.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg
7/4/2020 - 14:45:49.647	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg	Jellyfish.jpg
7/4/2020 - 14:45:49.647	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg	Jellyfish.jpg
7/4/2020 - 14:45:49.647	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg	Jellyfish.jpg
7/4/2020 - 14:45:49.647	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg	Jellyfish.jpg
7/4/2020 - 14:45:49.225	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
7/4/2020 - 14:45:49.647	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg	Jellyfish.jpg
7/4/2020 - 14:45:49.647	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg	Jellyfish.jpg
7/4/2020 - 14:45:49.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
7/4/2020 - 14:45:49.663	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
7/4/2020 - 14:45:49.663	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
7/4/2020 - 14:45:49.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
7/4/2020 - 14:45:49.663	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
7/4/2020 - 14:45:49.663	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
7/4/2020 - 14:45:49.663	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
7/4/2020 - 14:45:49.663	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
7/4/2020 - 14:45:49.225	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg
7/4/2020 - 14:45:49.663	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
7/4/2020 - 14:45:49.663	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
7/4/2020 - 14:45:49.663	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg	Lighthouse.jpg
7/4/2020 - 14:45:49.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg
7/4/2020 - 14:45:49.663	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg	Lighthouse.jpg
7/4/2020 - 14:45:49.663	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg	Lighthouse.jpg
7/4/2020 - 14:45:49.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg
7/4/2020 - 14:45:49.663	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg	Lighthouse.jpg
7/4/2020 - 14:45:49.663	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg	Lighthouse.jpg
7/4/2020 - 14:45:49.663	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg	Lighthouse.jpg
7/4/2020 - 14:45:49.663	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg	Lighthouse.jpg
7/4/2020 - 14:45:49.225	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
7/4/2020 - 14:45:49.663	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg	Lighthouse.jpg
7/4/2020 - 14:45:49.663	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg	Lighthouse.jpg
7/4/2020 - 14:45:49.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
7/4/2020 - 14:45:49.663	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
7/4/2020 - 14:45:49.663	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
7/4/2020 - 14:45:49.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
7/4/2020 - 14:45:49.663	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
7/4/2020 - 14:45:49.663	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
7/4/2020 - 14:45:49.663	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
7/4/2020 - 14:45:49.663	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
7/4/2020 - 14:45:49.663	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
7/4/2020 - 14:45:49.663	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
7/4/2020 - 14:45:49.756	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat	Administrator.dat
7/4/2020 - 14:45:49.756	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat
7/4/2020 - 14:45:49.756	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat	Administrator.dat
7/4/2020 - 14:45:49.756	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
7/4/2020 - 14:45:49.756	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
7/4/2020 - 14:45:49.756	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
7/4/2020 - 14:45:49.756	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets	Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.756	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.756	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets	Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.756	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets	Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.756	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.756	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets	Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.756	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets	Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.756	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets	Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.756	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets	Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.756	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets	Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.756	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets	Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.756	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml	FrameworkList.xml
7/4/2020 - 14:45:49.756	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml
7/4/2020 - 14:45:49.756	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml	FrameworkList.xml
7/4/2020 - 14:45:49.756	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml	FrameworkList.xml
7/4/2020 - 14:45:49.756	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml
7/4/2020 - 14:45:49.756	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml	FrameworkList.xml
7/4/2020 - 14:45:49.756	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml	FrameworkList.xml
7/4/2020 - 14:45:49.756	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml	FrameworkList.xml
7/4/2020 - 14:45:49.756	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml	FrameworkList.xml
7/4/2020 - 14:45:49.756	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\pt-BR
7/4/2020 - 14:45:49.756	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml	FrameworkList.xml
7/4/2020 - 14:45:49.756	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml	FrameworkList.xml
7/4/2020 - 14:45:49.756	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml
7/4/2020 - 14:45:49.756	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml	FrameworkList.xml
7/4/2020 - 14:45:49.756	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml
7/4/2020 - 14:45:49.756	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml
7/4/2020 - 14:45:49.756	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml
7/4/2020 - 14:45:49.756	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\To_Do_List.jtp	To_Do_List.jtp
7/4/2020 - 14:45:49.756	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\To_Do_List.jtp
7/4/2020 - 14:45:49.756	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\To_Do_List.jtp
7/4/2020 - 14:45:49.756	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\To_Do_List.jtp
7/4/2020 - 14:45:49.756	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Genko_2.jtp
7/4/2020 - 14:45:49.756	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Genko_2.jtp
7/4/2020 - 14:45:49.756	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Genko_2.jtp
7/4/2020 - 14:45:49.756	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk
7/4/2020 - 14:45:49.772	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml	FrameworkList.xml
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml
7/4/2020 - 14:45:49.772	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml	FrameworkList.xml
7/4/2020 - 14:45:49.772	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml	FrameworkList.xml
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml
7/4/2020 - 14:45:49.772	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml	FrameworkList.xml
7/4/2020 - 14:45:49.772	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml	FrameworkList.xml
7/4/2020 - 14:45:49.772	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml	FrameworkList.xml
7/4/2020 - 14:45:49.772	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml	FrameworkList.xml
7/4/2020 - 14:45:49.772	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml	FrameworkList.xml
7/4/2020 - 14:45:49.772	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml	FrameworkList.xml
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\Client.xml
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\Client.xml
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\Client.xml
7/4/2020 - 14:45:49.772	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\pt-BR
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\Client.xml
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\Client.xml
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\Client.xml
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\Client.xml
7/4/2020 - 14:45:49.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck
7/4/2020 - 14:45:49.772	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W	Help_MKWD_AssetId.H1W
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W
7/4/2020 - 14:45:49.772	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W	Help_MKWD_AssetId.H1W
7/4/2020 - 14:45:49.772	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_CValidator.H1D
7/4/2020 - 14:45:49.772	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_CValidator.H1D	Help_CValidator.H1D
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_CValidator.H1D
7/4/2020 - 14:45:49.772	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_CValidator.H1D	Help_CValidator.H1D
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_AssetId.H1W
7/4/2020 - 14:45:49.772	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_CValidator.H1D
7/4/2020 - 14:45:49.772	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_CValidator.H1D	Help_CValidator.H1D
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_CValidator.H1D
7/4/2020 - 14:45:49.772	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_CValidator.H1D	Help_CValidator.H1D
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_AssetId.H1W
7/4/2020 - 14:45:49.772	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}
7/4/2020 - 14:45:49.772	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png	background.png
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
7/4/2020 - 14:45:49.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
7/4/2020 - 14:45:49.772	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png	watermark.png
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
7/4/2020 - 14:45:49.772	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
7/4/2020 - 14:45:49.772	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
7/4/2020 - 14:45:49.772	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf	RacDatabase.sdf
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
7/4/2020 - 14:45:49.772	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf	RacDatabase.sdf
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat
7/4/2020 - 14:45:49.772	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat	RacMetaData.dat
7/4/2020 - 14:45:49.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat
7/4/2020 - 14:45:49.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat
7/4/2020 - 14:45:49.788	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat	RacMetaData.dat
7/4/2020 - 14:45:49.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
7/4/2020 - 14:45:49.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
7/4/2020 - 14:45:49.788	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat	RacWmiDataBookmarks.dat
7/4/2020 - 14:45:49.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
7/4/2020 - 14:45:49.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
7/4/2020 - 14:45:49.788	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat	RacWmiDataBookmarks.dat
7/4/2020 - 14:45:49.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat
7/4/2020 - 14:45:49.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat
7/4/2020 - 14:45:49.788	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat	RacWmiEventData.dat
7/4/2020 - 14:45:49.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat
7/4/2020 - 14:45:49.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat
7/4/2020 - 14:45:49.788	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat	RacWmiEventData.dat
7/4/2020 - 14:45:49.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
7/4/2020 - 14:45:49.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat
7/4/2020 - 14:45:49.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
7/4/2020 - 14:45:49.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat
7/4/2020 - 14:45:49.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows
7/4/2020 - 14:45:49.788	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows
7/4/2020 - 14:45:49.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc
7/4/2020 - 14:45:49.788	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc
7/4/2020 - 14:45:49.788	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures
7/4/2020 - 14:45:49.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp
7/4/2020 - 14:45:49.381	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\user.bmp
7/4/2020 - 14:45:49.788	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat
7/4/2020 - 14:45:49.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
7/4/2020 - 14:45:49.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures
7/4/2020 - 14:45:49.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures
7/4/2020 - 14:45:49.413	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\guest.bmp
7/4/2020 - 14:45:49.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\guest.bmp
7/4/2020 - 14:45:49.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
7/4/2020 - 14:45:49.803	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones
7/4/2020 - 14:45:49.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma
7/4/2020 - 14:45:49.803	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones
7/4/2020 - 14:45:49.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma
7/4/2020 - 14:45:49.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
7/4/2020 - 14:45:49.803	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
7/4/2020 - 14:45:49.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
7/4/2020 - 14:45:49.803	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
7/4/2020 - 14:45:49.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
7/4/2020 - 14:45:49.803	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
7/4/2020 - 14:45:49.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
7/4/2020 - 14:45:49.803	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
7/4/2020 - 14:45:49.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
7/4/2020 - 14:45:49.803	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
7/4/2020 - 14:45:49.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
7/4/2020 - 14:45:49.803	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
7/4/2020 - 14:45:49.803	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue
7/4/2020 - 14:45:49.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f
7/4/2020 - 14:45:49.803	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f
7/4/2020 - 14:45:49.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289
7/4/2020 - 14:45:49.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR
7/4/2020 - 14:45:49.803	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR
7/4/2020 - 14:45:49.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR
7/4/2020 - 14:45:49.803	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR
7/4/2020 - 14:45:49.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0
7/4/2020 - 14:45:49.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0
7/4/2020 - 14:45:49.803	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0
7/4/2020 - 14:45:49.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\DSS\MachineKeys
7/4/2020 - 14:45:49.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\DSS\MachineKeys
7/4/2020 - 14:45:49.803	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\DSS\MachineKeys
7/4/2020 - 14:45:49.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
7/4/2020 - 14:45:49.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
7/4/2020 - 14:45:49.803	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
7/4/2020 - 14:45:49.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18
7/4/2020 - 14:45:49.819	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}
7/4/2020 - 14:45:49.819	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}
7/4/2020 - 14:45:49.819	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}
7/4/2020 - 14:45:49.819	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}
7/4/2020 - 14:45:49.819	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications
7/4/2020 - 14:45:49.819	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\Cache
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\Cache
7/4/2020 - 14:45:49.819	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\Cache
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\v3ks.sec
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\v3ks.sec
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Sqm\Manifest
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Sqm\Manifest
7/4/2020 - 14:45:49.819	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Sqm\Manifest
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Sqm\Sessions
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Sqm\Sessions
7/4/2020 - 14:45:49.819	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Sqm\Sessions
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Sqm\Upload
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Sqm\Upload
7/4/2020 - 14:45:49.819	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Sqm\Upload
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programas
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programas
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programas
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programas
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs
7/4/2020 - 14:45:49.834	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportArchive
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportArchive
7/4/2020 - 14:45:49.834	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportArchive
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\ActivityLog
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\ActivityLog
7/4/2020 - 14:45:49.834	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\ActivityLog
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages
7/4/2020 - 14:45:49.834	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Inbox
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Inbox
7/4/2020 - 14:45:49.834	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Inbox
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Queue
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Queue
7/4/2020 - 14:45:49.834	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Queue
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\SentItems
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\SentItems
7/4/2020 - 14:45:49.834	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\SentItems
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox
7/4/2020 - 14:45:49.834	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
7/4/2020 - 14:45:49.834	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg	WelcomeScan.jpg
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US
7/4/2020 - 14:45:49.834	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c	036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c	2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c	3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c	6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.834	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.850	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c	8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.850	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c	9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
7/4/2020 - 14:45:49.850	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png	background.png
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
7/4/2020 - 14:45:49.850	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png	watermark.png
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR
7/4/2020 - 14:45:49.850	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR
7/4/2020 - 14:45:49.850	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows
7/4/2020 - 14:45:49.850	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
7/4/2020 - 14:45:49.866	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
7/4/2020 - 14:45:49.866	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
7/4/2020 - 14:45:49.866	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
7/4/2020 - 14:45:49.866	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
7/4/2020 - 14:45:49.866	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
7/4/2020 - 14:45:49.866	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
7/4/2020 - 14:45:49.866	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
7/4/2020 - 14:45:49.866	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
7/4/2020 - 14:45:49.866	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
7/4/2020 - 14:45:49.866	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
7/4/2020 - 14:45:49.866	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
7/4/2020 - 14:45:49.866	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
7/4/2020 - 14:45:49.866	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
7/4/2020 - 14:45:49.866	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
7/4/2020 - 14:45:49.866	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
7/4/2020 - 14:45:49.866	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
7/4/2020 - 14:45:49.866	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR
7/4/2020 - 14:45:49.866	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR
7/4/2020 - 14:45:49.866	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR
7/4/2020 - 14:45:49.866	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR
7/4/2020 - 14:45:49.866	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR
7/4/2020 - 14:45:49.866	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR
7/4/2020 - 14:45:49.866	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
7/4/2020 - 14:45:49.866	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
7/4/2020 - 14:45:49.866	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
7/4/2020 - 14:45:49.866	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
7/4/2020 - 14:45:49.866	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
7/4/2020 - 14:45:49.866	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
7/4/2020 - 14:45:49.866	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
7/4/2020 - 14:45:49.866	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
7/4/2020 - 14:45:49.866	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
7/4/2020 - 14:45:49.866	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
7/4/2020 - 14:45:49.866	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
7/4/2020 - 14:45:49.866	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
7/4/2020 - 14:45:49.866	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
7/4/2020 - 14:45:49.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms
7/4/2020 - 14:45:49.881	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms	Indexed Locations.search-ms
7/4/2020 - 14:45:49.881	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms	Indexed Locations.search-ms
7/4/2020 - 14:45:49.881	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms	Indexed Locations.search-ms
7/4/2020 - 14:45:49.881	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms	Indexed Locations.search-ms
7/4/2020 - 14:45:49.881	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches
7/4/2020 - 14:45:49.881	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\Everywhere.search-ms.cb5649
7/4/2020 - 14:45:49.928	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv	win7_scenic-demoshort_raw.wtv
7/4/2020 - 14:45:49.928	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
7/4/2020 - 14:45:49.928	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets	Workflow.Targets
7/4/2020 - 14:45:49.928	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets	Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.928	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets	Workflow.Targets
7/4/2020 - 14:45:49.928	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c	4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.928	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c	4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.928	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.928	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.928	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c	4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.928	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c	5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.928	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\guest.bmp
7/4/2020 - 14:45:49.928	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
7/4/2020 - 14:45:49.928	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\user.bmp
7/4/2020 - 14:45:49.928	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18
7/4/2020 - 14:45:49.928	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c	4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:49.928	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
7/4/2020 - 14:45:49.928	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
7/4/2020 - 14:45:49.928	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
7/4/2020 - 14:45:49.928	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
7/4/2020 - 14:45:49.928	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
7/4/2020 - 14:45:49.928	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
7/4/2020 - 14:45:49.928	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
7/4/2020 - 14:45:49.928	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links
7/4/2020 - 14:45:49.928	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url.cb5649
7/4/2020 - 14:45:49.928	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url	Sites Sugeridos.url
7/4/2020 - 14:45:49.928	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg	Lighthouse.jpg
7/4/2020 - 14:45:49.928	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
7/4/2020 - 14:45:49.944	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\CB5649-Readme.txt
7/4/2020 - 14:45:49.944	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Monitor\WindowsKernelCaptureDriver Package\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:49.944	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets	Workflow.VisualBasic.Targets
7/4/2020 - 14:45:49.944	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml	FrameworkList.xml
7/4/2020 - 14:45:49.944	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml	FrameworkList.xml
7/4/2020 - 14:45:49.928	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
7/4/2020 - 14:45:49.928	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg	Jellyfish.jpg
7/4/2020 - 14:45:49.928	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg	Hydrangeas.jpg
7/4/2020 - 14:45:49.944	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links
7/4/2020 - 14:45:49.944	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url	Sites Sugeridos.url
7/4/2020 - 14:45:49.944	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
7/4/2020 - 14:45:49.944	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.cb5649
7/4/2020 - 14:45:49.944	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
7/4/2020 - 14:45:49.944	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package
7/4/2020 - 14:45:49.944	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat	windowskernelcapturedriver.cat
7/4/2020 - 14:45:49.944	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package
7/4/2020 - 14:45:49.944	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links
7/4/2020 - 14:45:49.944	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\Sites Sugeridos.url.cb5649
7/4/2020 - 14:45:49.944	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf	WindowsKernelCaptureDriver.inf
7/4/2020 - 14:45:49.944	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\CB5649-Readme.txt
7/4/2020 - 14:45:49.944	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\CB5649-Readme.txt
7/4/2020 - 14:45:49.944	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms	Indexed Locations.search-ms
7/4/2020 - 14:45:49.944	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18
7/4/2020 - 14:45:49.944	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c.cb5649
7/4/2020 - 14:45:49.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package
7/4/2020 - 14:45:49.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package
7/4/2020 - 14:45:49.959	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:49.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat.cb5649
7/4/2020 - 14:45:49.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf.cb5649
7/4/2020 - 14:45:49.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\CB5649-Readme.txt
7/4/2020 - 14:45:49.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\CB5649-Readme.txt
7/4/2020 - 14:45:49.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\CB5649-Readme.txt
7/4/2020 - 14:45:49.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\CB5649-Readme.txt
7/4/2020 - 14:45:49.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\CB5649-Readme.txt
7/4/2020 - 14:45:49.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\CB5649-Readme.txt
7/4/2020 - 14:45:49.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:49.959	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:49.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:49.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\CB5649-Readme.txt
7/4/2020 - 14:45:49.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\CB5649-Readme.txt
7/4/2020 - 14:45:49.959	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:49.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\CB5649-Readme.txt
7/4/2020 - 14:45:49.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:49.959	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:49.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:49.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:49.959	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:49.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:49.944	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads
7/4/2020 - 14:45:49.959	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor.zip
7/4/2020 - 14:45:49.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\CB5649-Readme.txt
7/4/2020 - 14:45:49.959	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\CB5649-Readme.txt
7/4/2020 - 14:45:49.959	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms	Indexed Locations.search-ms
7/4/2020 - 14:45:49.959	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms	Indexed Locations.search-ms
7/4/2020 - 14:45:49.975	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms	Indexed Locations.search-ms
7/4/2020 - 14:45:49.975	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches
7/4/2020 - 14:45:49.975	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads
7/4/2020 - 14:45:49.975	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\Monitor.zip.cb5649
7/4/2020 - 14:45:49.975	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms	Indexed Locations.search-ms
7/4/2020 - 14:45:49.975	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches
7/4/2020 - 14:45:49.975	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\Indexed Locations.search-ms.cb5649
7/4/2020 - 14:45:49.975	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:49.975	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\CB5649-Readme.txt
7/4/2020 - 14:45:49.975	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\CB5649-Readme.txt
7/4/2020 - 14:45:49.975	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:49.975	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Downloads\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:49.975	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:49.975	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\CB5649-Readme.txt
7/4/2020 - 14:45:49.975	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Searches\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:49.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Graph.jtp
7/4/2020 - 14:45:50.38	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Graph.jtp
7/4/2020 - 14:45:50.38	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Graph.jtp
7/4/2020 - 14:45:50.38	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Graph.jtp
7/4/2020 - 14:45:49.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Memo.jtp
7/4/2020 - 14:45:50.38	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Memo.jtp
7/4/2020 - 14:45:50.38	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Memo.jtp
7/4/2020 - 14:45:50.38	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Memo.jtp
7/4/2020 - 14:45:49.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Month_Calendar.jtp
7/4/2020 - 14:45:50.38	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Month_Calendar.jtp	Month_Calendar.jtp
7/4/2020 - 14:45:50.38	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Month_Calendar.jtp
7/4/2020 - 14:45:50.38	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Month_Calendar.jtp
7/4/2020 - 14:45:50.38	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Month_Calendar.jtp
7/4/2020 - 14:45:49.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Music.jtp
7/4/2020 - 14:45:50.38	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Music.jtp
7/4/2020 - 14:45:50.38	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Music.jtp
7/4/2020 - 14:45:50.38	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Music.jtp
7/4/2020 - 14:45:49.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Seyes.jtp
7/4/2020 - 14:45:50.38	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Seyes.jtp
7/4/2020 - 14:45:50.38	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Seyes.jtp
7/4/2020 - 14:45:50.38	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Seyes.jtp
7/4/2020 - 14:45:49.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Shorthand.jtp
7/4/2020 - 14:45:50.38	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Shorthand.jtp	Shorthand.jtp
7/4/2020 - 14:45:50.38	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Shorthand.jtp
7/4/2020 - 14:45:50.38	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Shorthand.jtp
7/4/2020 - 14:45:50.38	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Windows Journal\Templates\Shorthand.jtp
7/4/2020 - 14:45:50.38	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk
7/4/2020 - 14:45:50.38	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.APL
7/4/2020 - 14:45:50.38	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.APL
7/4/2020 - 14:45:50.38	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.APL
7/4/2020 - 14:45:50.38	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.APL
7/4/2020 - 14:45:50.38	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.CRT
7/4/2020 - 14:45:50.38	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml	FrameworkList.xml
7/4/2020 - 14:45:50.38	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml
7/4/2020 - 14:45:50.38	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml
7/4/2020 - 14:45:50.38	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml
7/4/2020 - 14:45:49.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W
7/4/2020 - 14:45:50.38	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W	Help_MKWD_BestBet.H1W
7/4/2020 - 14:45:50.38	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W
7/4/2020 - 14:45:50.38	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W	Help_MKWD_BestBet.H1W
7/4/2020 - 14:45:49.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H
7/4/2020 - 14:45:50.38	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR
7/4/2020 - 14:45:50.38	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_AssetId.H1W	Help_MKWD_AssetId.H1W
7/4/2020 - 14:45:50.38	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_AssetId.H1W
7/4/2020 - 14:45:50.38	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_AssetId.H1W	Help_MKWD_AssetId.H1W
7/4/2020 - 14:45:50.38	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US
7/4/2020 - 14:45:50.38	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_AssetId.H1W	Help_MKWD_AssetId.H1W
7/4/2020 - 14:45:50.38	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_AssetId.H1W
7/4/2020 - 14:45:50.53	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_AssetId.H1W	Help_MKWD_AssetId.H1W
7/4/2020 - 14:45:49.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
7/4/2020 - 14:45:49.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Config
7/4/2020 - 14:45:50.53	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Config
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs
7/4/2020 - 14:45:50.53	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
7/4/2020 - 14:45:50.53	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
7/4/2020 - 14:45:50.53	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00003.log
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00003.log
7/4/2020 - 14:45:50.53	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00003.log
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrs
7/4/2020 - 14:45:50.53	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrs	MSSres00001.jrs
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrs
7/4/2020 - 14:45:50.53	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrs	MSSres00001.jrs
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrs
7/4/2020 - 14:45:50.53	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrs	MSSres00002.jrs
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrs
7/4/2020 - 14:45:50.53	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrs	MSSres00002.jrs
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
7/4/2020 - 14:45:50.53	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
7/4/2020 - 14:45:50.53	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
7/4/2020 - 14:45:50.53	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
7/4/2020 - 14:45:50.53	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
7/4/2020 - 14:45:50.53	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures
7/4/2020 - 14:45:50.53	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp	usertile10.bmp
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures
7/4/2020 - 14:45:50.53	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\guest.bmp
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\guest.bmp
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\user.bmp
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\user.bmp
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
7/4/2020 - 14:45:50.69	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms	63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
7/4/2020 - 14:45:50.69	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms	34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
7/4/2020 - 14:45:49.819	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma
7/4/2020 - 14:45:50.69	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma	Ringtone 01.wma
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma
7/4/2020 - 14:45:50.69	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma	Ringtone 01.wma
7/4/2020 - 14:45:50.69	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma	Ringtone 01.wma
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma
7/4/2020 - 14:45:50.69	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma	Ringtone 01.wma
7/4/2020 - 14:45:50.69	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma	Ringtone 01.wma
7/4/2020 - 14:45:50.69	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma	Ringtone 01.wma
7/4/2020 - 14:45:50.69	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma	Ringtone 01.wma
7/4/2020 - 14:45:50.69	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma	Ringtone 01.wma
7/4/2020 - 14:45:50.69	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma	Ringtone 01.wma
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
7/4/2020 - 14:45:50.69	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
7/4/2020 - 14:45:50.69	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC
7/4/2020 - 14:45:50.69	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
7/4/2020 - 14:45:50.69	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f\Report.wer
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f\Report.wer
7/4/2020 - 14:45:50.69	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f\Report.wer
7/4/2020 - 14:45:49.866	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671
7/4/2020 - 14:45:50.69	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
7/4/2020 - 14:45:50.69	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov	confident.cov
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR
7/4/2020 - 14:45:50.84	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US
7/4/2020 - 14:45:50.84	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c	036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c	2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c	3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c	6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c	8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c	9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4ECCD106F69E31C1B12304E5463BB71D_FA25E266-6D0F-4DE2-813A-BF4374E0628C
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4ECCD106F69E31C1B12304E5463BB71D_FA25E266-6D0F-4DE2-813A-BF4374E0628C
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4ECCD106F69E31C1B12304E5463BB71D_FA25E266-6D0F-4DE2-813A-BF4374E0628C
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4ECCD106F69E31C1B12304E5463BB71D_FA25E266-6D0F-4DE2-813A-BF4374E0628C
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
7/4/2020 - 14:45:50.100	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png	background.png
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
7/4/2020 - 14:45:50.100	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png	watermark.png
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR
7/4/2020 - 14:45:50.100	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR
7/4/2020 - 14:45:50.100	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows
7/4/2020 - 14:45:50.100	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
7/4/2020 - 14:45:50.116	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
7/4/2020 - 14:45:50.116	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
7/4/2020 - 14:45:50.116	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
7/4/2020 - 14:45:50.116	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
7/4/2020 - 14:45:50.116	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
7/4/2020 - 14:45:50.116	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Config
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Config
7/4/2020 - 14:45:50.116	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Config
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs
7/4/2020 - 14:45:50.116	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00003.log
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00003.log
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrs
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrs
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrs
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrs
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
7/4/2020 - 14:45:50.116	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
7/4/2020 - 14:45:50.116	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
7/4/2020 - 14:45:50.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
7/4/2020 - 14:45:50.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
7/4/2020 - 14:45:50.131	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
7/4/2020 - 14:45:50.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC
7/4/2020 - 14:45:50.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC
7/4/2020 - 14:45:50.131	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC
7/4/2020 - 14:45:50.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
7/4/2020 - 14:45:50.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
7/4/2020 - 14:45:50.131	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
7/4/2020 - 14:45:50.131	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
7/4/2020 - 14:45:50.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
7/4/2020 - 14:45:50.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\STATE.RSM
7/4/2020 - 14:45:50.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
7/4/2020 - 14:45:50.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\STATE.RSM
7/4/2020 - 14:45:50.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
7/4/2020 - 14:45:50.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\STATE.RSM
7/4/2020 - 14:45:50.131	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Contacts\Behemot.contact	Behemot.contact
7/4/2020 - 14:45:50.131	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Contacts\Behemot.contact	Behemot.contact
7/4/2020 - 14:45:50.131	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Contacts\Behemot.contact	Behemot.contact
7/4/2020 - 14:45:50.131	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
7/4/2020 - 14:45:50.131	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
7/4/2020 - 14:45:50.147	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
7/4/2020 - 14:45:50.147	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
7/4/2020 - 14:45:50.147	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
7/4/2020 - 14:45:50.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:50.147	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:50.147	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:50.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:50.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:50.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:50.147	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:50.147	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:50.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:50.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:50.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf	RacWmiDatabase.sdf
7/4/2020 - 14:45:50.147	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf
7/4/2020 - 14:45:50.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
7/4/2020 - 14:45:50.147	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
7/4/2020 - 14:45:50.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
7/4/2020 - 14:45:50.147	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
7/4/2020 - 14:45:50.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
7/4/2020 - 14:45:50.147	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
7/4/2020 - 14:45:50.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\v3ks.sec
7/4/2020 - 14:45:50.147	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\v3ks.sec
7/4/2020 - 14:45:50.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat	Administrator.dat
7/4/2020 - 14:45:50.147	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat
7/4/2020 - 14:45:50.147	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat
7/4/2020 - 14:45:50.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat	Administrator.dat
7/4/2020 - 14:45:50.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat	Administrator.dat
7/4/2020 - 14:45:50.147	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat
7/4/2020 - 14:45:50.147	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat
7/4/2020 - 14:45:50.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat	Administrator.dat
7/4/2020 - 14:45:50.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
7/4/2020 - 14:45:50.147	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
7/4/2020 - 14:45:50.147	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
7/4/2020 - 14:45:50.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
7/4/2020 - 14:45:50.147	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
7/4/2020 - 14:45:50.147	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
7/4/2020 - 14:45:50.147	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
7/4/2020 - 14:45:50.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat	Administrator.dat
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat
7/4/2020 - 14:45:50.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat	Administrator.dat
7/4/2020 - 14:45:50.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat	Administrator.dat
7/4/2020 - 14:45:50.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
7/4/2020 - 14:45:50.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
7/4/2020 - 14:45:50.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
7/4/2020 - 14:45:50.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
7/4/2020 - 14:45:50.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf	RacDatabase.sdf
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
7/4/2020 - 14:45:50.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf	RacDatabase.sdf
7/4/2020 - 14:45:50.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf	RacDatabase.sdf
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
7/4/2020 - 14:45:50.163	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf	RacDatabase.sdf
7/4/2020 - 14:45:50.163	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf	RacDatabase.sdf
7/4/2020 - 14:45:50.163	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf	RacDatabase.sdf
7/4/2020 - 14:45:50.163	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf	RacDatabase.sdf
7/4/2020 - 14:45:50.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf	RacDatabase.sdf
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
7/4/2020 - 14:45:50.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf	RacDatabase.sdf
7/4/2020 - 14:45:50.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf	RacDatabase.sdf
7/4/2020 - 14:45:50.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat	RacMetaData.dat
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat
7/4/2020 - 14:45:50.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat	RacMetaData.dat
7/4/2020 - 14:45:50.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat	RacMetaData.dat
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat
7/4/2020 - 14:45:50.163	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat	RacMetaData.dat
7/4/2020 - 14:45:50.163	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat	RacMetaData.dat
7/4/2020 - 14:45:50.163	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat	RacMetaData.dat
7/4/2020 - 14:45:50.163	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat	RacMetaData.dat
7/4/2020 - 14:45:50.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat	RacWmiDataBookmarks.dat
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
7/4/2020 - 14:45:50.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat	RacWmiDataBookmarks.dat
7/4/2020 - 14:45:50.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat	RacWmiDataBookmarks.dat
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
7/4/2020 - 14:45:50.163	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat	RacWmiDataBookmarks.dat
7/4/2020 - 14:45:50.163	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat	RacWmiDataBookmarks.dat
7/4/2020 - 14:45:50.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat	RacWmiEventData.dat
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat
7/4/2020 - 14:45:50.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat	RacWmiEventData.dat
7/4/2020 - 14:45:50.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat	RacWmiEventData.dat
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat
7/4/2020 - 14:45:50.163	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat	RacWmiEventData.dat
7/4/2020 - 14:45:50.163	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat	RacWmiEventData.dat
7/4/2020 - 14:45:50.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat	RacWmiDataBookmarks.dat
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
7/4/2020 - 14:45:50.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat	RacWmiDataBookmarks.dat
7/4/2020 - 14:45:50.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat	RacWmiDataBookmarks.dat
7/4/2020 - 14:45:50.163	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat	RacWmiEventData.dat
7/4/2020 - 14:45:50.163	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat	RacWmiEventData.dat
7/4/2020 - 14:45:50.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c	5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c	5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.163	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c	5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.163	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.178	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c	5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.178	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c	5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.178	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18
7/4/2020 - 14:45:50.178	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c	5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.178	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat	RacWmiEventData.dat
7/4/2020 - 14:45:50.178	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat
7/4/2020 - 14:45:50.178	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat
7/4/2020 - 14:45:50.178	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat
7/4/2020 - 14:45:50.178	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat
7/4/2020 - 14:45:50.178	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat	RacWmiEventData.dat
7/4/2020 - 14:45:50.178	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat	RacWmiEventData.dat
7/4/2020 - 14:45:50.38	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.WIH
7/4/2020 - 14:45:50.256	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.CRT
7/4/2020 - 14:45:50.256	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.CRT
7/4/2020 - 14:45:50.256	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.CRT
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_BestBet.H1W
7/4/2020 - 14:45:50.256	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_BestBet.H1W	Help_MKWD_BestBet.H1W
7/4/2020 - 14:45:50.256	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_BestBet.H1W
7/4/2020 - 14:45:50.256	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_BestBet.H1W	Help_MKWD_BestBet.H1W
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1H
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_BestBet.H1W
7/4/2020 - 14:45:50.256	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_BestBet.H1W	Help_MKWD_BestBet.H1W
7/4/2020 - 14:45:50.256	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_BestBet.H1W
7/4/2020 - 14:45:50.256	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_BestBet.H1W	Help_MKWD_BestBet.H1W
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MTOC_help.H1H
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
7/4/2020 - 14:45:50.272	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
7/4/2020 - 14:45:50.272	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
7/4/2020 - 14:45:50.272	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
7/4/2020 - 14:45:50.272	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
7/4/2020 - 14:45:50.272	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex
7/4/2020 - 14:45:50.272	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex
7/4/2020 - 14:45:50.272	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex
7/4/2020 - 14:45:50.272	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex
7/4/2020 - 14:45:49.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp
7/4/2020 - 14:45:50.272	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp	usertile11.bmp
7/4/2020 - 14:45:50.272	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp
7/4/2020 - 14:45:50.272	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp
7/4/2020 - 14:45:50.272	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp
7/4/2020 - 14:45:49.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp
7/4/2020 - 14:45:50.272	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp	usertile12.bmp
7/4/2020 - 14:45:50.272	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp
7/4/2020 - 14:45:50.272	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp
7/4/2020 - 14:45:50.272	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp
7/4/2020 - 14:45:49.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp
7/4/2020 - 14:45:50.272	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp	usertile13.bmp
7/4/2020 - 14:45:50.272	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp
7/4/2020 - 14:45:50.272	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp
7/4/2020 - 14:45:50.272	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp
7/4/2020 - 14:45:49.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp
7/4/2020 - 14:45:49.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
7/4/2020 - 14:45:50.303	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms	63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
7/4/2020 - 14:45:50.303	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
7/4/2020 - 14:45:50.303	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
7/4/2020 - 14:45:50.303	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
7/4/2020 - 14:45:50.303	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US
7/4/2020 - 14:45:49.850	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
7/4/2020 - 14:45:50.303	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
7/4/2020 - 14:45:50.303	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms	34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
7/4/2020 - 14:45:50.303	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
7/4/2020 - 14:45:50.303	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
7/4/2020 - 14:45:50.303	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
7/4/2020 - 14:45:50.303	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
7/4/2020 - 14:45:50.303	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
7/4/2020 - 14:45:50.303	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
7/4/2020 - 14:45:49.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma
7/4/2020 - 14:45:50.303	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma
7/4/2020 - 14:45:50.303	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma	Ringtone 02.wma
7/4/2020 - 14:45:50.303	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma
7/4/2020 - 14:45:50.303	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma
7/4/2020 - 14:45:50.303	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma	Ringtone 02.wma
7/4/2020 - 14:45:50.303	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma	Ringtone 02.wma
7/4/2020 - 14:45:50.303	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma
7/4/2020 - 14:45:50.303	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma
7/4/2020 - 14:45:50.303	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma	Ringtone 02.wma
7/4/2020 - 14:45:50.303	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma	Ringtone 02.wma
7/4/2020 - 14:45:49.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma
7/4/2020 - 14:45:50.303	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma	Ringtone 02.wma
7/4/2020 - 14:45:50.303	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma	Ringtone 02.wma
7/4/2020 - 14:45:50.303	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma	Ringtone 02.wma
7/4/2020 - 14:45:50.303	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma	Ringtone 02.wma
7/4/2020 - 14:45:50.303	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma
7/4/2020 - 14:45:49.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671
7/4/2020 - 14:45:50.303	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue
7/4/2020 - 14:45:49.866	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f
7/4/2020 - 14:45:50.303	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f
7/4/2020 - 14:45:50.303	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f
7/4/2020 - 14:45:49.866	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289
7/4/2020 - 14:45:50.303	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289
7/4/2020 - 14:45:50.303	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289
7/4/2020 - 14:45:50.303	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671
7/4/2020 - 14:45:50.303	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671
7/4/2020 - 14:45:50.303	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xml
7/4/2020 - 14:45:50.303	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xml	DMIA26A.tmp.log.xml
7/4/2020 - 14:45:50.303	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xml
7/4/2020 - 14:45:50.303	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xml	DMIA26A.tmp.log.xml
7/4/2020 - 14:45:50.303	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
7/4/2020 - 14:45:50.303	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
7/4/2020 - 14:45:50.303	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
7/4/2020 - 14:45:50.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
7/4/2020 - 14:45:50.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
7/4/2020 - 14:45:50.319	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif	WelcomeFax.tif
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
7/4/2020 - 14:45:50.319	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif	WelcomeFax.tif
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
7/4/2020 - 14:45:50.319	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:50.319	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:50.319	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:50.319	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:50.319	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:50.319	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:50.319	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:50.319	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:50.319	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:50.319	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Config
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Config
7/4/2020 - 14:45:50.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Config
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs
7/4/2020 - 14:45:50.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00003.log
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00003.log
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrs
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrs
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrs
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrs
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
7/4/2020 - 14:45:50.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
7/4/2020 - 14:45:50.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
7/4/2020 - 14:45:50.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC
7/4/2020 - 14:45:50.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
7/4/2020 - 14:45:50.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex
7/4/2020 - 14:45:50.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex
7/4/2020 - 14:45:50.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
7/4/2020 - 14:45:50.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
7/4/2020 - 14:45:50.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
7/4/2020 - 14:45:50.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
7/4/2020 - 14:45:50.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
7/4/2020 - 14:45:50.334	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
7/4/2020 - 14:45:50.334	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
7/4/2020 - 14:45:50.334	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
7/4/2020 - 14:45:50.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\ilrcache.xml
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\ilrcache.xml
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\ilrcache.xml
7/4/2020 - 14:45:50.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\ilrcache.xml
7/4/2020 - 14:45:50.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\ilrcache.xml
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\ilrcache.xml
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\ilrcache.xml
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\ilrcache.xml
7/4/2020 - 14:45:50.334	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\ilrcache.xml
7/4/2020 - 14:45:50.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\ilrcache.xml
7/4/2020 - 14:45:50.334	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\ilrcache.xml
7/4/2020 - 14:45:50.334	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\ilrcache.xml
7/4/2020 - 14:45:50.334	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\ilrcache.xml
7/4/2020 - 14:45:50.350	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url	Microsoft Brasil.url
7/4/2020 - 14:45:50.350	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url	Microsoft Brasil.url
7/4/2020 - 14:45:50.350	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url	MSN Brasil.url
7/4/2020 - 14:45:50.350	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url	MSN Brasil.url
7/4/2020 - 14:45:50.350	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c	ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.350	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg	Chrysanthemum.jpg
7/4/2020 - 14:45:50.350	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg	Chrysanthemum.jpg
7/4/2020 - 14:45:50.350	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Kalimba.mp3
7/4/2020 - 14:45:50.350	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg	Chrysanthemum.jpg
7/4/2020 - 14:45:50.350	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg	Chrysanthemum.jpg
7/4/2020 - 14:45:50.350	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg	Chrysanthemum.jpg
7/4/2020 - 14:45:50.350	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Kalimba.mp3
7/4/2020 - 14:45:50.350	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Kalimba.mp3
7/4/2020 - 14:45:50.350	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Kalimba.mp3
7/4/2020 - 14:45:50.350	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Kalimba.mp3
7/4/2020 - 14:45:50.350	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3	Maid with the Flaxen Hair.mp3
7/4/2020 - 14:45:50.350	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3	Maid with the Flaxen Hair.mp3
7/4/2020 - 14:45:50.350	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3	Maid with the Flaxen Hair.mp3
7/4/2020 - 14:45:50.350	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3	Maid with the Flaxen Hair.mp3
7/4/2020 - 14:45:50.350	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3	Maid with the Flaxen Hair.mp3
7/4/2020 - 14:45:50.350	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Sleep Away.mp3	Sleep Away.mp3
7/4/2020 - 14:45:50.350	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Sleep Away.mp3	Sleep Away.mp3
7/4/2020 - 14:45:50.350	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Sleep Away.mp3	Sleep Away.mp3
7/4/2020 - 14:45:50.350	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Sleep Away.mp3	Sleep Away.mp3
7/4/2020 - 14:45:50.350	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Music\Sample Music\Sleep Away.mp3	Sleep Away.mp3
7/4/2020 - 14:45:50.350	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml	WinFXList.xml
7/4/2020 - 14:45:50.350	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml	WinFXList.xml
7/4/2020 - 14:45:50.350	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml	WinFXList.xml
7/4/2020 - 14:45:50.350	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml	WinFXList.xml
7/4/2020 - 14:45:50.350	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml	WinFXList.xml
7/4/2020 - 14:45:50.350	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv	win7_scenic-demoshort_raw.wtv
7/4/2020 - 14:45:50.350	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv	win7_scenic-demoshort_raw.wtv
7/4/2020 - 14:45:50.350	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml	WinFXList.xml
7/4/2020 - 14:45:50.350	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
7/4/2020 - 14:45:50.350	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
7/4/2020 - 14:45:50.350	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:50.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:50.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:50.350	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:50.350	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:50.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:50.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:50.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:50.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:50.350	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:50.350	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
7/4/2020 - 14:45:50.350	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:50.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:50.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:50.350	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:50.350	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:50.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:50.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:50.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:50.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:50.350	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:50.350	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
7/4/2020 - 14:45:50.350	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf	RacDatabase.sdf
7/4/2020 - 14:45:50.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
7/4/2020 - 14:45:50.350	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf	RacDatabase.sdf
7/4/2020 - 14:45:50.350	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf	RacDatabase.sdf
7/4/2020 - 14:45:50.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
7/4/2020 - 14:45:50.350	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
7/4/2020 - 14:45:50.350	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf	RacDatabase.sdf
7/4/2020 - 14:45:50.350	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf	RacDatabase.sdf
7/4/2020 - 14:45:50.366	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf	RacDatabase.sdf
7/4/2020 - 14:45:50.366	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf	RacDatabase.sdf
7/4/2020 - 14:45:50.366	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat	RacWmiDataBookmarks.dat
7/4/2020 - 14:45:50.366	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
7/4/2020 - 14:45:50.366	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat	RacWmiDataBookmarks.dat
7/4/2020 - 14:45:50.366	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat	RacWmiDataBookmarks.dat
7/4/2020 - 14:45:50.366	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
7/4/2020 - 14:45:50.366	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
7/4/2020 - 14:45:50.366	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat	RacWmiDataBookmarks.dat
7/4/2020 - 14:45:50.366	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv	win7_scenic-demoshort_raw.wtv
7/4/2020 - 14:45:50.366	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv	win7_scenic-demoshort_raw.wtv
7/4/2020 - 14:45:50.366	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv	win7_scenic-demoshort_raw.wtv
7/4/2020 - 14:45:50.366	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
7/4/2020 - 14:45:50.366	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
7/4/2020 - 14:45:50.366	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
7/4/2020 - 14:45:50.366	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat	RacWmiDataBookmarks.dat
7/4/2020 - 14:45:50.366	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat	RacWmiEventData.dat
7/4/2020 - 14:45:50.366	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat
7/4/2020 - 14:45:50.366	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat	RacWmiEventData.dat
7/4/2020 - 14:45:50.366	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat	RacWmiEventData.dat
7/4/2020 - 14:45:50.366	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat
7/4/2020 - 14:45:50.366	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat
7/4/2020 - 14:45:50.366	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat	RacWmiEventData.dat
7/4/2020 - 14:45:50.366	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat	RacWmiEventData.dat
7/4/2020 - 14:45:50.366	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat	RacWmiDataBookmarks.dat
7/4/2020 - 14:45:50.366	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat	RacWmiDataBookmarks.dat
7/4/2020 - 14:45:50.366	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat	RacWmiDataBookmarks.dat
7/4/2020 - 14:45:50.366	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat	RacWmiDataBookmarks.dat
7/4/2020 - 14:45:50.366	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat	RacWmiEventData.dat
7/4/2020 - 14:45:50.366	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat	RacWmiEventData.dat
7/4/2020 - 14:45:50.38	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.CSD
7/4/2020 - 14:45:50.444	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W	Help_MKWD_BestBet.H1W
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W
7/4/2020 - 14:45:50.444	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W	Help_MKWD_BestBet.H1W
7/4/2020 - 14:45:50.444	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W	Help_MKWD_BestBet.H1W
7/4/2020 - 14:45:50.444	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W	Help_MKWD_BestBet.H1W
7/4/2020 - 14:45:50.444	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W	Help_MKWD_BestBet.H1W
7/4/2020 - 14:45:49.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D
7/4/2020 - 14:45:50.444	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W	Help_MKWD_BestBet.H1W
7/4/2020 - 14:45:50.444	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W	Help_MKWD_BestBet.H1W
7/4/2020 - 14:45:50.444	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D	Help_MValidator.H1D
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D
7/4/2020 - 14:45:50.444	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D	Help_MValidator.H1D
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
7/4/2020 - 14:45:50.444	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q	Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
7/4/2020 - 14:45:50.444	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q	Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
7/4/2020 - 14:45:50.444	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1H	Help_MTOC_help.H1H
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1H
7/4/2020 - 14:45:50.444	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1H	Help_MTOC_help.H1H
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.Lck
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.Lck
7/4/2020 - 14:45:50.444	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.Lck	Help_MValidator.Lck
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.Lck
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.Lck
7/4/2020 - 14:45:50.444	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.Lck	Help_MValidator.Lck
7/4/2020 - 14:45:50.444	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MTOC_help.H1H	Help_MTOC_help.H1H
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MTOC_help.H1H
7/4/2020 - 14:45:50.444	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MTOC_help.H1H	Help_MTOC_help.H1H
7/4/2020 - 14:45:49.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
7/4/2020 - 14:45:49.538	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
7/4/2020 - 14:45:50.444	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png	background.png
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
7/4/2020 - 14:45:50.53	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
7/4/2020 - 14:45:50.444	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
7/4/2020 - 14:45:50.459	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png	background.png
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
7/4/2020 - 14:45:50.84	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
7/4/2020 - 14:45:50.100	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl
7/4/2020 - 14:45:50.459	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl	SystemIndex.1.Crwl
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl
7/4/2020 - 14:45:50.459	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl	SystemIndex.1.Crwl
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr
7/4/2020 - 14:45:50.459	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr	SystemIndex.1.gthr
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr
7/4/2020 - 14:45:50.459	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr	SystemIndex.1.gthr
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer
7/4/2020 - 14:45:50.459	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap
7/4/2020 - 14:45:50.459	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore
7/4/2020 - 14:45:50.459	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore
7/4/2020 - 14:45:50.303	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp
7/4/2020 - 14:45:50.459	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp	usertile44.bmp
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp
7/4/2020 - 14:45:50.459	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp	usertile14.bmp
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp
7/4/2020 - 14:45:50.459	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
7/4/2020 - 14:45:50.475	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms	34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
7/4/2020 - 14:45:50.475	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms	63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
7/4/2020 - 14:45:50.475	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma	Ringtone 10.wma
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma
7/4/2020 - 14:45:50.475	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma	Ringtone 10.wma
7/4/2020 - 14:45:50.475	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma	Ringtone 10.wma
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma
7/4/2020 - 14:45:50.475	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma	Ringtone 10.wma
7/4/2020 - 14:45:50.475	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma	Ringtone 10.wma
7/4/2020 - 14:45:50.475	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma	Ringtone 10.wma
7/4/2020 - 14:45:50.475	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma	Ringtone 10.wma
7/4/2020 - 14:45:50.475	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma	Ringtone 03.wma
7/4/2020 - 14:45:50.475	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma	Ringtone 10.wma
7/4/2020 - 14:45:50.475	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma	Ringtone 10.wma
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma
7/4/2020 - 14:45:50.475	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma	Ringtone 03.wma
7/4/2020 - 14:45:50.475	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma	Ringtone 03.wma
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma
7/4/2020 - 14:45:50.475	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma	Ringtone 03.wma
7/4/2020 - 14:45:50.475	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma	Ringtone 03.wma
7/4/2020 - 14:45:50.475	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma	Ringtone 03.wma
7/4/2020 - 14:45:50.475	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma	Ringtone 03.wma
7/4/2020 - 14:45:50.475	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma	Ringtone 03.wma
7/4/2020 - 14:45:50.475	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma	Ringtone 03.wma
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f
7/4/2020 - 14:45:50.475	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289
7/4/2020 - 14:45:50.475	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671
7/4/2020 - 14:45:50.475	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f\Report.wer
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f\Report.wer
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xml
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xml
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
7/4/2020 - 14:45:50.475	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671\DMIA661.tmp.log.xml
7/4/2020 - 14:45:50.491	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671\DMIA661.tmp.log.xml	DMIA661.tmp.log.xml
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671\DMIA661.tmp.log.xml
7/4/2020 - 14:45:50.491	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671\DMIA661.tmp.log.xml	DMIA661.tmp.log.xml
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671\Report.wer
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671\Report.wer
7/4/2020 - 14:45:50.491	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671\Report.wer
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671\DMIA661.tmp.log.xml
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671\DMIA661.tmp.log.xml
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671\Report.wer
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671\Report.wer
7/4/2020 - 14:45:50.69	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
7/4/2020 - 14:45:50.491	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR
7/4/2020 - 14:45:50.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
7/4/2020 - 14:45:50.491	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov	confident.cov
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
7/4/2020 - 14:45:50.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
7/4/2020 - 14:45:50.131	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
7/4/2020 - 14:45:50.491	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR
7/4/2020 - 14:45:50.491	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf	RacWmiDatabase.sdf
7/4/2020 - 14:45:50.491	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
7/4/2020 - 14:45:50.491	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
7/4/2020 - 14:45:50.491	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
7/4/2020 - 14:45:50.491	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\v3ks.sec
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex
7/4/2020 - 14:45:50.491	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex
7/4/2020 - 14:45:50.491	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer
7/4/2020 - 14:45:50.491	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap
7/4/2020 - 14:45:50.491	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore
7/4/2020 - 14:45:50.491	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
7/4/2020 - 14:45:50.491	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
7/4/2020 - 14:45:50.491	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
7/4/2020 - 14:45:50.491	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url	Windows Brasil.url
7/4/2020 - 14:45:50.506	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url
7/4/2020 - 14:45:50.506	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url	Windows Brasil.url
7/4/2020 - 14:45:50.506	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url	Windows Brasil.url
7/4/2020 - 14:45:50.506	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url	Windows Brasil.url
7/4/2020 - 14:45:50.506	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url	Windows Brasil.url
7/4/2020 - 14:45:50.506	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c	ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.506	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Active.GRL
7/4/2020 - 14:45:50.506	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Pending.GRL
7/4/2020 - 14:45:50.506	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets	Workflow.Targets
7/4/2020 - 14:45:50.506	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets	Workflow.Targets
7/4/2020 - 14:45:50.506	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets	Workflow.Targets
7/4/2020 - 14:45:50.506	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets	Workflow.Targets
7/4/2020 - 14:45:50.506	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets	Workflow.Targets
7/4/2020 - 14:45:50.506	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets	Workflow.Targets
7/4/2020 - 14:45:50.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.WIH
7/4/2020 - 14:45:50.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.WIH
7/4/2020 - 14:45:50.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.WIH
7/4/2020 - 14:45:50.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.CSD
7/4/2020 - 14:45:50.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.CSD
7/4/2020 - 14:45:50.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.CSD
7/4/2020 - 14:45:50.584	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck	Help_MValidator.Lck
7/4/2020 - 14:45:50.584	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
7/4/2020 - 14:45:50.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck
7/4/2020 - 14:45:50.584	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat	RacMetaData.dat
7/4/2020 - 14:45:50.584	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18
7/4/2020 - 14:45:50.584	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c.cb5649
7/4/2020 - 14:45:50.584	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck	Help_MValidator.Lck
7/4/2020 - 14:45:50.584	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma	Ringtone 02.wma
7/4/2020 - 14:45:50.584	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\IlsCache\ilrcache.xml
7/4/2020 - 14:45:50.584	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url	Microsoft Brasil.url
7/4/2020 - 14:45:50.584	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url	MSN Brasil.url
7/4/2020 - 14:45:50.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil
7/4/2020 - 14:45:50.584	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url	Microsoft Brasil.url
7/4/2020 - 14:45:50.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil
7/4/2020 - 14:45:50.584	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf	RacDatabase.sdf
7/4/2020 - 14:45:50.584	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat	RacWmiDataBookmarks.dat
7/4/2020 - 14:45:50.584	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat	RacWmiEventData.dat
7/4/2020 - 14:45:50.584	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W
7/4/2020 - 14:45:50.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W
7/4/2020 - 14:45:50.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H
7/4/2020 - 14:45:50.584	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W	Help_MKWD_BestBet.H1W
7/4/2020 - 14:45:50.584	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat	RacWmiEventData.dat
7/4/2020 - 14:45:50.584	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat	RacWmiEventData.dat
7/4/2020 - 14:45:50.584	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat	RacWmiEventData.dat
7/4/2020 - 14:45:50.584	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat	RacWmiEventData.dat
7/4/2020 - 14:45:50.584	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat	RacWmiEventData.dat
7/4/2020 - 14:45:50.584	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma	Ringtone 10.wma
7/4/2020 - 14:45:50.584	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma	Ringtone 03.wma
7/4/2020 - 14:45:50.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
7/4/2020 - 14:45:50.584	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
7/4/2020 - 14:45:50.584	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url	Windows Brasil.url
7/4/2020 - 14:45:50.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0
7/4/2020 - 14:45:50.584	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml	WinFXList.xml
7/4/2020 - 14:45:50.600	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url	Windows Brasil.url
7/4/2020 - 14:45:50.600	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url	Windows Brasil.url
7/4/2020 - 14:45:50.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0
7/4/2020 - 14:45:50.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml	WinFXList.xml
7/4/2020 - 14:45:50.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0
7/4/2020 - 14:45:50.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets	Workflow.Targets
7/4/2020 - 14:45:50.584	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H
7/4/2020 - 14:45:50.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0
7/4/2020 - 14:45:50.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets	Workflow.Targets
7/4/2020 - 14:45:50.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H	Help_MTOC_help.H1H
7/4/2020 - 14:45:50.600	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma	Ringtone 01.wma
7/4/2020 - 14:45:50.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url	MSN Brasil.url
7/4/2020 - 14:45:50.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0
7/4/2020 - 14:45:50.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.cb5649
7/4/2020 - 14:45:50.600	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url	Windows Brasil.url
7/4/2020 - 14:45:50.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0
7/4/2020 - 14:45:50.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.cb5649
7/4/2020 - 14:45:50.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil
7/4/2020 - 14:45:50.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0
7/4/2020 - 14:45:50.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.cb5649
7/4/2020 - 14:45:50.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H
7/4/2020 - 14:45:50.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0
7/4/2020 - 14:45:50.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.cb5649
7/4/2020 - 14:45:50.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\CB5649-Readme.txt
7/4/2020 - 14:45:50.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:50.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url	Windows Brasil.url
7/4/2020 - 14:45:50.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil
7/4/2020 - 14:45:50.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil
7/4/2020 - 14:45:50.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil
7/4/2020 - 14:45:50.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url.cb5649
7/4/2020 - 14:45:50.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\CB5649-Readme.txt
7/4/2020 - 14:45:50.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\CB5649-Readme.txt
7/4/2020 - 14:45:50.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url.cb5649
7/4/2020 - 14:45:50.600	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url.cb5649
7/4/2020 - 14:45:50.600	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H
7/4/2020 - 14:45:50.616	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H	Help_MTOC_help.H1H
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D
7/4/2020 - 14:45:50.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D
7/4/2020 - 14:45:50.116	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck
7/4/2020 - 14:45:50.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1D
7/4/2020 - 14:45:50.616	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1D	Help_MValidator.H1D
7/4/2020 - 14:45:50.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\CB5649-Readme.txt
7/4/2020 - 14:45:50.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\CB5649-Readme.txt
7/4/2020 - 14:45:50.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1D
7/4/2020 - 14:45:50.616	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1D	Help_MValidator.H1D
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.Lck
7/4/2020 - 14:45:50.616	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.Lck	Help_MValidator.Lck
7/4/2020 - 14:45:50.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.Lck
7/4/2020 - 14:45:50.616	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.Lck	Help_MValidator.Lck
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
7/4/2020 - 14:45:50.256	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_CValidator.H1D
7/4/2020 - 14:45:50.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\CB5649-Readme.txt
7/4/2020 - 14:45:50.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\CB5649-Readme.txt
7/4/2020 - 14:45:50.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_CValidator.H1D
7/4/2020 - 14:45:50.256	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_AssetId.H1W
7/4/2020 - 14:45:50.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\CB5649-Readme.txt
7/4/2020 - 14:45:50.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\CB5649-Readme.txt
7/4/2020 - 14:45:50.616	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:50.616	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:50.616	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:50.616	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:50.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\CB5649-Readme.txt
7/4/2020 - 14:45:50.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\CB5649-Readme.txt
7/4/2020 - 14:45:50.616	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:50.616	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:50.616	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:50.631	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:50.631	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:50.631	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:50.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\CB5649-Readme.txt
7/4/2020 - 14:45:50.631	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:50.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\CB5649-Readme.txt
7/4/2020 - 14:45:50.631	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Behemot\Favorites\Links for Brasil\CB5649-Readme.txt	CB5649-Readme.txt
7/4/2020 - 14:45:50.616	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_AssetId.H1W
7/4/2020 - 14:45:50.256	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_BestBet.H1W
7/4/2020 - 14:45:50.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_BestBet.H1W
7/4/2020 - 14:45:50.256	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1H
7/4/2020 - 14:45:50.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1H
7/4/2020 - 14:45:50.256	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1D
7/4/2020 - 14:45:50.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1D
7/4/2020 - 14:45:50.256	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.Lck
7/4/2020 - 14:45:50.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.Lck
7/4/2020 - 14:45:50.256	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
7/4/2020 - 14:45:50.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_CValidator.H1D
7/4/2020 - 14:45:50.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_CValidator.H1D
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_AssetId.H1W
7/4/2020 - 14:45:50.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_AssetId.H1W
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_BestBet.H1W
7/4/2020 - 14:45:50.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_BestBet.H1W
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1H
7/4/2020 - 14:45:50.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1H
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1D
7/4/2020 - 14:45:50.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1D
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.Lck
7/4/2020 - 14:45:50.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.Lck
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D
7/4/2020 - 14:45:50.631	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D	Help_MValidator.H1D
7/4/2020 - 14:45:50.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D
7/4/2020 - 14:45:50.631	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D	Help_MValidator.H1D
7/4/2020 - 14:45:50.631	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D	Help_MValidator.H1D
7/4/2020 - 14:45:50.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D
7/4/2020 - 14:45:50.631	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D	Help_MValidator.H1D
7/4/2020 - 14:45:50.631	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D	Help_MValidator.H1D
7/4/2020 - 14:45:50.631	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D	Help_MValidator.H1D
7/4/2020 - 14:45:50.631	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D	Help_MValidator.H1D
7/4/2020 - 14:45:50.631	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D	Help_MValidator.H1D
7/4/2020 - 14:45:50.631	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D	Help_MValidator.H1D
7/4/2020 - 14:45:50.631	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D	Help_MValidator.H1D
7/4/2020 - 14:45:49.772	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.Lck
7/4/2020 - 14:45:50.272	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_CValidator.H1D
7/4/2020 - 14:45:50.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_CValidator.H1D
7/4/2020 - 14:45:50.272	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_AssetId.H1W
7/4/2020 - 14:45:50.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_AssetId.H1W
7/4/2020 - 14:45:50.272	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_BestBet.H1W
7/4/2020 - 14:45:50.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_BestBet.H1W
7/4/2020 - 14:45:50.272	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MTOC_help.H1H
7/4/2020 - 14:45:50.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MTOC_help.H1H
7/4/2020 - 14:45:50.272	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D
7/4/2020 - 14:45:50.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D
7/4/2020 - 14:45:50.272	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.Lck
7/4/2020 - 14:45:50.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.Lck
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_CValidator.H1D
7/4/2020 - 14:45:50.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_CValidator.H1D
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_AssetId.H1W
7/4/2020 - 14:45:50.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_AssetId.H1W
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_BestBet.H1W
7/4/2020 - 14:45:50.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_BestBet.H1W
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MTOC_help.H1H
7/4/2020 - 14:45:50.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MTOC_help.H1H
7/4/2020 - 14:45:50.319	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D
7/4/2020 - 14:45:50.631	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D
7/4/2020 - 14:45:50.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
7/4/2020 - 14:45:50.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
7/4/2020 - 14:45:50.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
7/4/2020 - 14:45:50.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles
7/4/2020 - 14:45:50.647	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles
7/4/2020 - 14:45:50.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
7/4/2020 - 14:45:50.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
7/4/2020 - 14:45:50.647	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
7/4/2020 - 14:45:50.647	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
7/4/2020 - 14:45:50.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
7/4/2020 - 14:45:50.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
7/4/2020 - 14:45:50.647	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
7/4/2020 - 14:45:50.647	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
7/4/2020 - 14:45:50.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
7/4/2020 - 14:45:50.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
7/4/2020 - 14:45:50.647	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
7/4/2020 - 14:45:50.647	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
7/4/2020 - 14:45:50.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
7/4/2020 - 14:45:50.647	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
7/4/2020 - 14:45:50.647	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
7/4/2020 - 14:45:50.647	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
7/4/2020 - 14:45:50.647	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
7/4/2020 - 14:45:50.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
7/4/2020 - 14:45:50.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
7/4/2020 - 14:45:50.647	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
7/4/2020 - 14:45:50.647	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
7/4/2020 - 14:45:50.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
7/4/2020 - 14:45:50.647	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
7/4/2020 - 14:45:50.647	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
7/4/2020 - 14:45:50.647	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
7/4/2020 - 14:45:50.647	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
7/4/2020 - 14:45:50.647	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
7/4/2020 - 14:45:50.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
7/4/2020 - 14:45:50.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
7/4/2020 - 14:45:50.647	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
7/4/2020 - 14:45:50.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001
7/4/2020 - 14:45:50.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001
7/4/2020 - 14:45:50.647	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001
7/4/2020 - 14:45:50.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002
7/4/2020 - 14:45:50.647	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002
7/4/2020 - 14:45:50.663	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002
7/4/2020 - 14:45:49.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp
7/4/2020 - 14:45:50.663	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp	usertile15.bmp
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp
7/4/2020 - 14:45:49.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp
7/4/2020 - 14:45:50.663	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp	usertile16.bmp
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp
7/4/2020 - 14:45:49.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp
7/4/2020 - 14:45:50.663	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp	usertile17.bmp
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp
7/4/2020 - 14:45:49.788	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp
7/4/2020 - 14:45:49.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma
7/4/2020 - 14:45:50.663	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma	Ringtone 04.wma
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma
7/4/2020 - 14:45:50.663	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma	Ringtone 04.wma
7/4/2020 - 14:45:50.663	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma	Ringtone 04.wma
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma
7/4/2020 - 14:45:50.663	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma	Ringtone 04.wma
7/4/2020 - 14:45:50.663	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma	Ringtone 04.wma
7/4/2020 - 14:45:49.803	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 05.wma
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 05.wma
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f\Report.wer
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f\Report.wer
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xml
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xml
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671\DMIA661.tmp.log.xml
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671\DMIA661.tmp.log.xml
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671\Report.wer
7/4/2020 - 14:45:50.663	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
7/4/2020 - 14:45:50.663	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
7/4/2020 - 14:45:50.663	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma	Ringtone 04.wma
7/4/2020 - 14:45:50.663	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma	Ringtone 04.wma
7/4/2020 - 14:45:50.663	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma	Ringtone 04.wma
7/4/2020 - 14:45:50.663	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma	Ringtone 04.wma
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671\Report.wer
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
7/4/2020 - 14:45:50.663	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov	confident.cov
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
7/4/2020 - 14:45:50.663	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
7/4/2020 - 14:45:50.678	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif	WelcomeFax.tif
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
7/4/2020 - 14:45:50.678	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf	RacWmiDatabase.sdf
7/4/2020 - 14:45:50.678	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf	RacWmiDatabase.sdf
7/4/2020 - 14:45:50.678	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf	RacWmiDatabase.sdf
7/4/2020 - 14:45:50.678	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf	RacWmiDatabase.sdf
7/4/2020 - 14:45:50.678	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
7/4/2020 - 14:45:50.678	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
7/4/2020 - 14:45:50.678	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
7/4/2020 - 14:45:50.678	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
7/4/2020 - 14:45:50.678	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
7/4/2020 - 14:45:50.678	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
7/4/2020 - 14:45:50.678	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
7/4/2020 - 14:45:50.678	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
7/4/2020 - 14:45:50.678	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
7/4/2020 - 14:45:50.678	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
7/4/2020 - 14:45:50.678	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
7/4/2020 - 14:45:50.678	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\v3ks.sec
7/4/2020 - 14:45:50.678	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\v3ks.sec
7/4/2020 - 14:45:50.678	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\v3ks.sec
7/4/2020 - 14:45:50.678	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Windows\DRM\v3ks.sec
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer
7/4/2020 - 14:45:50.678	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer
7/4/2020 - 14:45:50.678	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap
7/4/2020 - 14:45:50.694	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap
7/4/2020 - 14:45:50.694	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap
7/4/2020 - 14:45:50.694	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore
7/4/2020 - 14:45:50.694	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore
7/4/2020 - 14:45:50.694	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore
7/4/2020 - 14:45:50.694	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles
7/4/2020 - 14:45:50.694	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles
7/4/2020 - 14:45:50.694	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles
7/4/2020 - 14:45:50.694	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
7/4/2020 - 14:45:50.694	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
7/4/2020 - 14:45:50.694	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
7/4/2020 - 14:45:50.694	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
7/4/2020 - 14:45:50.694	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
7/4/2020 - 14:45:50.694	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
7/4/2020 - 14:45:50.694	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
7/4/2020 - 14:45:50.694	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
7/4/2020 - 14:45:50.694	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
7/4/2020 - 14:45:50.694	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
7/4/2020 - 14:45:50.694	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
7/4/2020 - 14:45:50.694	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
7/4/2020 - 14:45:50.694	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001
7/4/2020 - 14:45:50.694	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001
7/4/2020 - 14:45:50.694	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002
7/4/2020 - 14:45:50.694	Open	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002
7/4/2020 - 14:45:50.694	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c	ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.694	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c	ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.694	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c	ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
7/4/2020 - 14:45:50.694	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Active.GRL
7/4/2020 - 14:45:50.694	Unknown	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\ProgramData\Microsoft\MF\Pending.GRL
7/4/2020 - 14:45:50.694	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
7/4/2020 - 14:45:50.694	Read	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
7/4/2020 - 14:45:50.694	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.exe	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets	Workflow.VisualBasic.Targets
7/4/2020 - 14:45:50.694	Write	1928	C:\Users\Behemot\AppData\Local\Temp\qeSw.ex

Report #9843 check_circle

Binary

Hashes

Community

YARA

Strings

Foremost

Heuristics

PEDetector

Disassembly

AVclass

VirusTotal

File

Report #9843