Report #9845 check_circle

  • Creation Date: April 9, 2020, 6:39 p.m.
  • Last Update: April 9, 2020, 6:43 p.m.
  • File: qeSw.exe
  • Results:
Binary
DLL
False cancel
Size
296.17KB
trid
61.7% Win64 Executable
14.6% Win32 Dynamic Link Library
10.0% Win32 Executable
4.5% OS/2 Executable
4.4% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
258ed03a6e4d9012f8102c635a5e3dcd
sha1
a3bc2a30318f9bd2b51cb57e2022996e7f15c69e
crc32
0xa106a20b
sha224
e4d2b7a26c4b4c659c4cfb80031797f938f92dca2bbf7796445fcc3b
sha256
8639825230d5504fd8126ed55b2d7aeb72944ffe17e762801aab8d4f8f880160
sha384
97dd385c4f4b9b6ff38045a043654a1dba9057a6052d96b237e6cbf34aba158ba88f9245a65f79c37536a71984eea24e
sha512
967414274cb8d8fdf0e4dd446332b37060d54a726ab77f4ec704a5afe12162e098183add4342d1710db1e1c3b74035a001cf4c2d7790a27bf6d8381c34a96889
ssdeep
3072:Kv4ZAWXDSxcoWn+v75ssiEcx7fWr5JNfb23y2O1Nm5dc:B1X7vwVspdOJND01
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, contentis_base64, anti_dbg, HasDigitalSignature, Borland_Delphi_DLL, Borland_Delphi_v40_v50, IP, win_files_operation, url, Borland_Delphi_30_, win_registry, Microsoft_Visual_Cpp_v50v60_MFC, HasOverlay, screenshot, create_service, Borland_Delphi_30_additional, IsPE32, Borland_Delphi_v30, IsWindowsGUI

Suspicious
True check_circle

Strings
List
1http://crt.sectigo.com/COMODOTimeStampingCA_2.crt0#
1http://crl.sectigo.com/COMODOTimeStampingCA_2.crl0r
3http://crl.usertrust.com/AddTrustExternalCARoot.crl05
https://sectigo.com/CPS0B
1http://crl.usertrust.com/UTN-USERFirst-Object.crl0t
1http://crt.usertrust.com/UTNAddTrustObject_CA.crt0%
http://www.usertrust.com1
http://www.usertrust.com1
http://ocsp.usertrust.com0
http://ocsp.usertrust.com0
http://ocsp.sectigo.com0
COMCTL32.dll
WTVConverter.exe
WTVConverter.exe
name="Microsoft.Windows.MultiMedia.WTVConverter"
h`oD
InterfacE\{b196b287-bab4-101a-b69c-00aa00341d07}
h4eD
%chI-
hLfD
hPfD
hlfD
hpfD
hTfD
htfD
COMODO CA Limited1 0
COMODO CA Limited1 0
COMODO CA Limited1 0
<requestedPrivileges>
IsProcessorFeaturePresent
GetProcAddress
ExitProcess
CreateEventW
IsDebuggerPresent
CreateProcessW
TerminateProcess
ShellExecuteW
ShellExecuteExW
VirtualAlloc
CoCreateInstance
ControlService
RegOpenKeyA
SetServiceStatus
HeapCreate
RegQueryValueExA
OpenServiceW
QueryPerformanceCounter
DeleteService
GetModuleHandleW
CreateServiceW
OpenSCManagerW
GetModuleHandleA
RegOpenKeyExW
CreateFileW
SetFilePointer
LoadLibraryA
GetModuleFileNameW
WriteFile
StartServiceW
RegQueryValueExW
GetModuleHandleW
LoadLibraryW
Dee5
Microsoft Corporation. All rights reserved.
GetTickCount
AddTrust External TTP Network1"0
Sleep
COMODO Time Stamping CA
COMODO Time Stamping CA0
COMODO Time Stamping CA0
<!-- Identify the application security requirements. -->
The USERTRUST Network1!0
The USERTRUST Network1!0
<requestedExecutionLevel
SetClassLongW
GetCPInfo
AddTrust External CA Root0
H~=(IL=NI
S#7dUb7
tM?@$e'a
AddTrust AB1&0$
<DRa<#RG<
6.1.7600.16385
<iCSa^.
level="asInvoker"
uayHE0O0
Microsoft
Microsoft Corporation
uiAccess="false"/>
Salford1
Salford1
Salford1
Salford1
</assembly>
CompanyName
EnumICMProfilesW
Greater Manchester1
Greater Manchester1
Greater Manchester1
Greater Manchester1

Foremost
Matches
0.exe, 291 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: True check_circle
Suspicious: http://crt.sectigo.com/comodotimestampingca_2.crt0#, http://crl.sectigo.com/comodotimestampingca_2.crl0r, http://ocsp.sectigo.com0, http://crt.usertrust.com/utnaddtrustobject_ca.crt0%, http://www.usertrust.com1, http://crl.usertrust.com/utn-userfirst-object.crl0t, https://sectigo.com/cps0b, http://crl.usertrust.com/addtrustexternalcaroot.crl05, http://ocsp.usertrust.com0
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: ADVAPI32.dll, SHLWAPI.dll, GDI32.dll, USER32.dll, SHELL32.dll, COMCTL32.dll, COMDLG32.dll, ole32.dll, KERNEL32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 217088
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 310855
Suspicous: False cancel

Sections
Allowed: .text, .data, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 1
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 1
Linker
Version: 2.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 14976
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: advapi32.dll, shlwapi.dll, gdi32.dll, user32.dll, shell32.dll, comctl32.dll, comdlg32.dll, ole32.dll, kernel32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2002-01-13 19:51:13
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Borland Delphi 3.0 (???)

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.data: 47
.text: 2

pushpopmath
.data: 36

garbagebytes
.data: 87

hookdetection
.data: 1

software breakpoint
.data: 4

fakeconditionaljumps
.data: 76

programcontrolflowchange
.data: 11

AVclass
netwalker
1
VirusTotal
md5
258ed03a6e4d9012f8102c635a5e3dcd
sha1
a3bc2a30318f9bd2b51cb57e2022996e7f15c69e
SCANS (DETECTION RATE = 86.30%)
AVG
result: Win32:BankerX-gen [Trj]
update: 20200402
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=100)
update: 20200403
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200401
version: 6.7
detected: True check_circle

Bkav
result: W32.AIDetectVM.malware
update: 20200401
version: 1.3.0.9899
detected: True check_circle

K7GW
result: Trojan ( 005630c01 )
update: 20200402
version: 11.102.33670
detected: True check_circle

ALYac
result: Trojan.Ransom.Mailto
update: 20200402
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:BankerX-gen [Trj]
update: 20200402
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/AD.RansomHeur.mewny
update: 20200402
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/Trojan.SHZP-4366
update: 20200403
version: 6.2.2.2
detected: True check_circle

DrWeb
result: Trojan.Encoder.31298
update: 20200403
version: 7.0.46.3050
detected: True check_circle

GData
result: Trojan.GenericKD.33558132
update: 20200402
version: A:25.25317B:26.18233
detected: True check_circle

Panda
result: Trj/Genetic.gen
update: 20200402
version: 4.6.4.2
detected: True check_circle

VBA32
result: BScope.Trojan.Emotet
update: 20200402
version: 4.3.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20200402
version: 82698
detected: True check_circle

Zoner
update: 20200402
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20200402
version: 0.102.2.0
detected: False cancel

Comodo
result: Malware@#3u9ccptbnjyoa
update: 20200402
version: 32277
detected: True check_circle

F-Prot
result: W32/Kryptik.BHO.gen!Eldorado
update: 20200402
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Trojan.Win32.Crypt
update: 20200402
version: 0.1.5.2
detected: True check_circle

McAfee
result: RDN/Ransom
update: 20200402
version: 6.0.6.653
detected: True check_circle

Rising
result: Ransom.NetWalker!8.11732 (CLOUD)
update: 20200403
version: 25.0.0.24
detected: True check_circle

Sophos
result: Troj/Ransom-FWK
update: 20200402
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.Kryptik!Rn4fnRM3Dsg
update: 20200402
version: 5.5.2.24
detected: True check_circle

Zillya
result: Trojan.DelShad.Win32.449
update: 20200402
version: 2.0.0.4059
detected: True check_circle

Acronis
result: suspicious
update: 20200315
version: 1.1.1.73
detected: True check_circle

Alibaba
result: Trojan:Win32/DelShad.81c5e1a9
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Generic.D2000E74
update: 20200402
version: 1.0.0.870
detected: True check_circle

Cylance
result: Unsafe
update: 20200403
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20200226
version: 3.0.17
detected: True check_circle

FireEye
result: Generic.mg.258ed03a6e4d9012
update: 20200316
version: 32.31.0.0
detected: True check_circle

Sangfor
result: Malware
update: 20200324
version: 1.0
detected: True check_circle

TACHYON
update: 20200402
version: 2020-04-02.02
detected: False cancel

Tencent
result: Win32.Trojan.Delshad.Hqvu
update: 20200403
version: 1.0.0.1
detected: True check_circle

ViRobot
result: Trojan.Win32.S.Netwalker.303280
update: 20200402
version: 2014.3.20.0
detected: True check_circle

Webroot
result: W32.Malware.Gen
update: 20200403
version: 1.0.0.403
detected: True check_circle

eGambit
result: PE.Heur.InvalidSig
update: 20200403
detected: True check_circle

Ad-Aware
result: Trojan.GenericKD.33558132
update: 20200402
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Multi.Generic.4!c
update: 20200402
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.33558132 (B)
update: 20200403
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Trojan.TR/AD.RansomHeur.mewny
update: 20200402
version: 12.0.86.52
detected: True check_circle

Fortinet
result: W32/GenKryptik.EHFB!tr
update: 20200402
version: 6.2.142.0
detected: True check_circle

Invincea
result: heuristic
update: 20200219
version: 6.3.6.26157
detected: True check_circle

Jiangmin
result: TrojanDownloader.Cridex.nw
update: 20200403
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20200403
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20200403
version: 1.0
detected: True check_circle

Symantec
result: Downloader
update: 20200402
version: 1.11.0.0
detected: True check_circle

Trapmine
result: malicious.moderate.ml.score
update: 20200123
version: 3.2.22.914
detected: True check_circle

AhnLab-V3
result: Trojan/Win32.Ransom.C4028227
update: 20200402
version: 3.17.4.26996
detected: True check_circle

Antiy-AVL
result: Trojan[Downloader]/Win32.Cridex
update: 20200403
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Trojan.Win32.DelShad.cvg
update: 20200402
version: 15.0.1.13
detected: True check_circle

MaxSecure
update: 20200320
version: 1.0.0.1
detected: False cancel

Microsoft
result: Ransom:Win32/NetWalker!MSR
update: 20200403
version: 1.1.16900.4
detected: True check_circle

Qihoo-360
result: Generic/HEUR/QVM20.1.FA5D.Malware.Gen
update: 20200403
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: Trojan.Win32.DelShad.cvg
update: 20200402
version: 1.0
detected: True check_circle

Cybereason
result: malicious.a6e4d9
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of Win32/Kryptik.HCAW
update: 20200402
version: 21102
detected: True check_circle

TrendMicro
result: Ransom.Win32.MAILTO.ADF
update: 20200402
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.GenericKD.33558132
update: 20200402
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_100% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 005630c01 )
update: 20200402
version: 11.102.33672
detected: True check_circle

SentinelOne
result: DFI - Malicious PE
update: 20200220
version: 2.0.0.2603
detected: True check_circle

Avast-Mobile
update: 20200402
version: 200402-00
detected: False cancel

Malwarebytes
result: Ransom.NetWalker
update: 20200403
version: 3.6.4.335
detected: True check_circle

TotalDefense
update: 20200402
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Ransom.NetWalker.S12340961
update: 20200402
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.DelShad.hgdgmz
update: 20200403
version: 1.0.134.25032
detected: True check_circle

BitDefenderTheta
result: Gen:NN.ZexaF.34104.sm1@am2wc4hi
update: 20200325
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.33558132
update: 20200402
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200327
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: RDN/Ransom
update: 20200402
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: Ransom.Win32.MAILTO.ADF
update: 20200402
version: 10.0.0.1040
detected: True check_circle

total
73
sha256
8639825230d5504fd8126ed55b2d7aeb72944ffe17e762801aab8d4f8f880160
scan_id
8639825230d5504fd8126ed55b2d7aeb72944ffe17e762801aab8d4f8f880160-1585871185
resource
258ed03a6e4d9012f8102c635a5e3dcd
positives
63
scan_date
2020-04-02 23:46:25
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
9/4/2020 - 17:45:42.918Write1480C:\malware.exeC:\Windows\System32\config\SOFTWARE.LOG1
9/4/2020 - 17:45:42.965Write1480C:\malware.exeC:\Windows\System32\config\SOFTWARE.LOG1
9/4/2020 - 17:45:42.997Write1480C:\malware.exeC:\Windows\System32\config\SOFTWARE.LOG1
9/4/2020 - 17:45:43.28Write1480C:\malware.exeC:\Windows\System32\config\SOFTWARE.LOG1
9/4/2020 - 17:45:43.59Write1480C:\malware.exeC:\Windows\System32\config\SOFTWARE.LOG1
9/4/2020 - 17:45:43.59Write1480C:\malware.exeC:\Windows\System32\config\SOFTWARE.LOG1
9/4/2020 - 17:45:43.59Write1480C:\malware.exeC:\Windows\System32\config\SOFTWARE
9/4/2020 - 17:45:43.106Write1480C:\malware.exeC:\Windows\System32\config\SOFTWARE
9/4/2020 - 17:45:43.106Write1480C:\malware.exeC:\Windows\System32\config\SOFTWARE
9/4/2020 - 17:45:43.106Write1480C:\malware.exeC:\Windows\System32\config\SOFTWARE
9/4/2020 - 17:45:43.106Write1480C:\malware.exeC:\Windows\System32\config\SOFTWARE
9/4/2020 - 17:45:43.106Write1480C:\malware.exeC:\Windows\System32\config\SOFTWARE
9/4/2020 - 17:45:43.122Write1480C:\malware.exeC:\Users\Behemot\ntuser.dat.LOG1
9/4/2020 - 17:45:43.122Write1480C:\malware.exeC:\Users\Behemot\ntuser.dat.LOG1
9/4/2020 - 17:45:43.122Write1480C:\malware.exeC:\Users\Behemot\ntuser.dat.LOG1
9/4/2020 - 17:45:43.122Write1480C:\malware.exeC:\Users\Behemot\ntuser.dat.LOG1
9/4/2020 - 17:45:43.122Write1480C:\malware.exeC:\Users\Behemot\ntuser.dat.LOG1
9/4/2020 - 17:45:43.122Write1480C:\malware.exeC:\Users\Behemot\ntuser.dat.LOG1
9/4/2020 - 17:45:43.122Write1480C:\malware.exeC:\Users\Behemot\NTUSER.DAT
9/4/2020 - 17:45:43.122Write1480C:\malware.exeC:\Users\Behemot\NTUSER.DAT
9/4/2020 - 17:45:43.122Write1480C:\malware.exeC:\Users\Behemot\NTUSER.DAT
9/4/2020 - 17:45:43.122Write1480C:\malware.exeC:\Users\Behemot\NTUSER.DAT
9/4/2020 - 17:45:43.122Write1480C:\malware.exeC:\Users\Behemot\NTUSER.DAT
9/4/2020 - 17:45:43.309Write1480C:\malware.exeC:\Users\Behemot\NTUSER.DAT
9/4/2020 - 17:45:43.497Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
9/4/2020 - 17:45:43.497Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
9/4/2020 - 17:45:43.497Open1480C:\malware.exeC:\Windows\System32\vssadmin.exe
9/4/2020 - 17:45:43.590Open1480C:\malware.exeC:\Windows\SysWOW64\taskschd.dll
9/4/2020 - 17:45:43.590Open1480C:\malware.exeC:\Windows\SysWOW64\taskschd.dll
9/4/2020 - 17:45:43.684Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
9/4/2020 - 17:45:43.684Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
9/4/2020 - 17:45:43.684Open1480C:\malware.exeC:\Windows\AppPatch\AppPatch64\sysmain.sdb
9/4/2020 - 17:45:43.684Open1480C:\malware.exeC:\Windows\System32
9/4/2020 - 17:45:43.684Unknown1480C:\malware.exeC:\Windows\System32
9/4/2020 - 17:45:43.684Open1480C:\malware.exeC:\Windows\System32\vssadmin.exe
9/4/2020 - 17:45:43.684Open1480C:\malware.exeC:\
9/4/2020 - 17:45:43.684Unknown1480C:\malware.exeC:\
9/4/2020 - 17:45:43.684Open1480C:\malware.exeC:\Windows
9/4/2020 - 17:45:43.684Unknown1480C:\malware.exeC:\Windows
9/4/2020 - 17:45:43.684Open1480C:\malware.exeC:\Windows\System32
9/4/2020 - 17:45:43.684Unknown1480C:\malware.exeC:\Windows\System32
9/4/2020 - 17:45:43.778Open344C:\Windows\System32\vssadmin.exeC:\Windows\Prefetch\VSSADMIN.EXE-9FF2C6A1.pf
9/4/2020 - 17:45:43.778Open344C:\Windows\System32\vssadmin.exeC:\Monitor
9/4/2020 - 17:45:44.28Open1480C:\malware.exeC:\XmlLite.dll
9/4/2020 - 17:45:44.28Open1480C:\malware.exeC:\Windows\SysWOW64\xmllite.dll
9/4/2020 - 17:45:44.28Open1480C:\malware.exeC:\Windows\SysWOW64\xmllite.dll
9/4/2020 - 17:45:44.168Open1480C:\malware.exeC:\
9/4/2020 - 17:45:44.168Unknown1480C:\malware.exeC:\
9/4/2020 - 17:45:44.215Open1480C:\malware.exeC:\$Recycle.Bin
9/4/2020 - 17:45:44.215Unknown1480C:\malware.exeC:\$Recycle.Bin
9/4/2020 - 17:45:44.215Open1480C:\malware.exeC:\Arquivos de Programas
9/4/2020 - 17:45:44.215Open1480C:\malware.exeC:\Arquivos de Programas
9/4/2020 - 17:45:44.215Open1480C:\malware.exeC:\Documents and Settings
9/4/2020 - 17:45:44.215Open1480C:\malware.exeC:\Documents and Settings
9/4/2020 - 17:45:44.215Open1480C:\malware.exeC:\Monitor
9/4/2020 - 17:45:44.215Unknown1480C:\malware.exeC:\Monitor
9/4/2020 - 17:45:44.215Open1480C:\malware.exeC:\Program Files
9/4/2020 - 17:45:44.215Unknown1480C:\malware.exeC:\Program Files
9/4/2020 - 17:45:44.215Open1480C:\malware.exeC:\Program Files (x86)
9/4/2020 - 17:45:44.215Unknown1480C:\malware.exeC:\Program Files (x86)
9/4/2020 - 17:45:44.215Open1480C:\malware.exeC:\ProgramData
9/4/2020 - 17:45:44.215Unknown1480C:\malware.exeC:\ProgramData
9/4/2020 - 17:45:44.215Open1480C:\malware.exeC:\Recovery
9/4/2020 - 17:45:44.215Unknown1480C:\malware.exeC:\Recovery
9/4/2020 - 17:45:44.215Open1480C:\malware.exeC:\Users
9/4/2020 - 17:45:44.215Unknown1480C:\malware.exeC:\Users
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\$Recycle.Bin\S-1-5-21-2148495166-3420019059-1286093062-1001
9/4/2020 - 17:45:44.262Unknown1480C:\malware.exeC:\$Recycle.Bin\S-1-5-21-2148495166-3420019059-1286093062-1001
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\Monitor\Files
9/4/2020 - 17:45:44.262Unknown1480C:\malware.exeC:\Monitor\Files
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\Monitor\Malware
9/4/2020 - 17:45:44.262Unknown1480C:\malware.exeC:\Monitor\Malware
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package
9/4/2020 - 17:45:44.262Unknown1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\Program Files\Arquivos Comuns
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\Program Files\Arquivos Comuns
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\Program Files\Common Files
9/4/2020 - 17:45:44.262Unknown1480C:\malware.exeC:\Program Files\Common Files
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\Program Files\MSBuild
9/4/2020 - 17:45:44.262Unknown1480C:\malware.exeC:\Program Files\MSBuild
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\Program Files\Reference Assemblies
9/4/2020 - 17:45:44.262Unknown1480C:\malware.exeC:\Program Files\Reference Assemblies
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\Program Files\Uninstall Information
9/4/2020 - 17:45:44.262Unknown1480C:\malware.exeC:\Program Files\Uninstall Information
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\Program Files\Windows Journal
9/4/2020 - 17:45:44.262Unknown1480C:\malware.exeC:\Program Files\Windows Journal
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\Program Files\Windows Mail
9/4/2020 - 17:45:44.262Unknown1480C:\malware.exeC:\Program Files\Windows Mail
9/4/2020 - 17:45:44.262Unknown1480C:\malware.exeC:\Program Files\Windows Mail
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\Program Files (x86)\Common Files
9/4/2020 - 17:45:44.262Unknown1480C:\malware.exeC:\Program Files (x86)\Common Files
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\Program Files (x86)\MSBuild
9/4/2020 - 17:45:44.262Unknown1480C:\malware.exeC:\Program Files (x86)\MSBuild
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies
9/4/2020 - 17:45:44.262Unknown1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\Program Files (x86)\Uninstall Information
9/4/2020 - 17:45:44.262Unknown1480C:\malware.exeC:\Program Files (x86)\Uninstall Information
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\Program Files (x86)\Windows Mail
9/4/2020 - 17:45:44.262Unknown1480C:\malware.exeC:\Program Files (x86)\Windows Mail
9/4/2020 - 17:45:44.262Unknown1480C:\malware.exeC:\Program Files (x86)\Windows Mail
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\ProgramData\Application Data
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\ProgramData\Application Data
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\ProgramData\Dados de aplicativos
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\ProgramData\Dados de aplicativos
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\ProgramData\Desktop
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\ProgramData\Desktop
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\ProgramData\Documentos
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\ProgramData\Documentos
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\ProgramData\Documents
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\ProgramData\Documents
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\ProgramData\Favorites
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\ProgramData\Favorites
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\ProgramData\Favoritos
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\ProgramData\Favoritos
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\ProgramData\Menu Iniciar
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\ProgramData\Menu Iniciar
9/4/2020 - 17:45:44.262Open1480C:\malware.exeC:\ProgramData\Microsoft
9/4/2020 - 17:45:44.278Unknown1480C:\malware.exeC:\ProgramData\Microsoft
9/4/2020 - 17:45:44.278Open1480C:\malware.exeC:\ProgramData\Modelos
9/4/2020 - 17:45:44.278Open1480C:\malware.exeC:\ProgramData\Modelos
9/4/2020 - 17:45:44.278Open1480C:\malware.exeC:\ProgramData\Package Cache
9/4/2020 - 17:45:44.278Unknown1480C:\malware.exeC:\ProgramData\Package Cache
9/4/2020 - 17:45:44.278Open1480C:\malware.exeC:\ProgramData\Start Menu
9/4/2020 - 17:45:44.278Open1480C:\malware.exeC:\ProgramData\Start Menu
9/4/2020 - 17:45:44.278Open1480C:\malware.exeC:\ProgramData\Templates
9/4/2020 - 17:45:44.278Open1480C:\malware.exeC:\ProgramData\Templates
9/4/2020 - 17:45:44.278Open1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13
9/4/2020 - 17:45:44.278Unknown1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13
9/4/2020 - 17:45:44.278Open1480C:\malware.exeC:\Users\All Users
9/4/2020 - 17:45:44.278Open1480C:\malware.exeC:\ProgramData
9/4/2020 - 17:45:44.278Unknown1480C:\malware.exeC:\ProgramData
9/4/2020 - 17:45:44.278Open1480C:\malware.exeC:\Users\Behemot
9/4/2020 - 17:45:44.278Unknown1480C:\malware.exeC:\Users\Behemot
9/4/2020 - 17:45:44.278Open1480C:\malware.exeC:\Users\Default
9/4/2020 - 17:45:44.278Unknown1480C:\malware.exeC:\Users\Default
9/4/2020 - 17:45:44.278Open1480C:\malware.exeC:\Users\Default User
9/4/2020 - 17:45:44.278Open1480C:\malware.exeC:\Users\Default User
9/4/2020 - 17:45:44.278Open1480C:\malware.exeC:\Users\Public
9/4/2020 - 17:45:44.278Unknown1480C:\malware.exeC:\Users\Public
9/4/2020 - 17:45:44.278Open1480C:\malware.exeC:\Users\Todos os Usurios
9/4/2020 - 17:45:44.278Open1480C:\malware.exeC:\ProgramData
9/4/2020 - 17:45:44.278Unknown1480C:\malware.exeC:\ProgramData
9/4/2020 - 17:45:44.278Open1480C:\malware.exeC:\Users\Usurio Padro
9/4/2020 - 17:45:44.278Open1480C:\malware.exeC:\Users\Usurio Padro
9/4/2020 - 17:45:44.340Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\sechost.dll
9/4/2020 - 17:45:44.340Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\sechost.dll
9/4/2020 - 17:45:44.340Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\atl.dll
9/4/2020 - 17:45:44.340Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\atl.dll
9/4/2020 - 17:45:44.340Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\vsstrace.dll
9/4/2020 - 17:45:44.340Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\vsstrace.dll
9/4/2020 - 17:45:44.340Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\vssapi.dll
9/4/2020 - 17:45:44.340Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\vssapi.dll
9/4/2020 - 17:45:44.340Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\imm32.dll
9/4/2020 - 17:45:44.340Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\imm32.dll
9/4/2020 - 17:45:44.340Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\imm32.dll
9/4/2020 - 17:45:44.340Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\imm32.dll
9/4/2020 - 17:45:44.356Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\imm32.dll
9/4/2020 - 17:45:44.356Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\imm32.dll
9/4/2020 - 17:45:44.356Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\pt-BR\vssadmin.exe.mui
9/4/2020 - 17:45:44.356Read344C:\Windows\System32\vssadmin.exeC:\Windows\System32\pt-BR\vssadmin.exe.muivssadmin.exe.mui
9/4/2020 - 17:45:44.356Read344C:\Windows\System32\vssadmin.exeC:\Windows\System32\pt-BR\vssadmin.exe.muivssadmin.exe.mui
9/4/2020 - 17:45:44.356Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\rpcss.dll
9/4/2020 - 17:45:44.356Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\rpcss.dll
9/4/2020 - 17:45:44.356Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\rpcss.dll
9/4/2020 - 17:45:44.356Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\rpcss.dll
9/4/2020 - 17:45:44.356Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\cryptbase.dll
9/4/2020 - 17:45:44.356Unknown344C:\Windows\System32\vssadmin.exeC:\Windows\System32\cryptbase.dllcryptbase.dll
9/4/2020 - 17:45:44.356Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\cryptbase.dll
9/4/2020 - 17:45:44.356Unknown344C:\Windows\System32\vssadmin.exeC:\Windows\System32\cryptbase.dllcryptbase.dll
9/4/2020 - 17:45:44.372Open1480C:\malware.exeC:\Monitor\Files\DeletedFiles
9/4/2020 - 17:45:44.372Unknown1480C:\malware.exeC:\Monitor\Files\DeletedFiles
9/4/2020 - 17:45:44.372Open1480C:\malware.exeC:\Monitor\Files\Logs
9/4/2020 - 17:45:44.372Unknown1480C:\malware.exeC:\Monitor\Files\Logs
9/4/2020 - 17:45:44.372Open1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat
9/4/2020 - 17:45:44.372Unknown1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.catwindowskernelcapturedriver.cat
9/4/2020 - 17:45:44.372Open1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat
9/4/2020 - 17:45:44.372Unknown1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.catwindowskernelcapturedriver.cat
9/4/2020 - 17:45:44.372Unknown1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.catwindowskernelcapturedriver.cat
9/4/2020 - 17:45:44.372Open1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat
9/4/2020 - 17:45:44.372Read1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.catwindowskernelcapturedriver.cat
9/4/2020 - 17:45:44.372Read1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.catwindowskernelcapturedriver.cat
9/4/2020 - 17:45:44.372Write1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.catwindowskernelcapturedriver.cat
9/4/2020 - 17:45:44.372Write1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.catwindowskernelcapturedriver.cat
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf
9/4/2020 - 17:45:44.387Unknown1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.infWindowsKernelCaptureDriver.inf
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf
9/4/2020 - 17:45:44.387Unknown1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.infWindowsKernelCaptureDriver.inf
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\Program Files\Common Files\Services
9/4/2020 - 17:45:44.387Unknown1480C:\malware.exeC:\Program Files\Common Files\Services
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\Program Files\Common Files\Sistema
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\Program Files\Common Files\Sistema
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\Program Files\Common Files\SpeechEngines
9/4/2020 - 17:45:44.387Unknown1480C:\malware.exeC:\Program Files\Common Files\SpeechEngines
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\Program Files\MSBuild\Microsoft
9/4/2020 - 17:45:44.387Unknown1480C:\malware.exeC:\Program Files\MSBuild\Microsoft
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft
9/4/2020 - 17:45:44.387Unknown1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\Program Files\Windows Journal\pt-BR
9/4/2020 - 17:45:44.387Read1480C:\malware.exeC:\Program Files\Windows Journal\pt-BR
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates
9/4/2020 - 17:45:44.387Read1480C:\malware.exeC:\Program Files\Windows Journal\Templates
9/4/2020 - 17:45:44.387Unknown1480C:\malware.exeC:\Program Files\Windows Mail
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\Program Files\Windows Mail\pt-BR
9/4/2020 - 17:45:44.387Unknown1480C:\malware.exeC:\Program Files\Windows Mail\pt-BR
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\Program Files (x86)\Common Files\Services
9/4/2020 - 17:45:44.387Unknown1480C:\malware.exeC:\Program Files (x86)\Common Files\Services
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines
9/4/2020 - 17:45:44.387Unknown1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft
9/4/2020 - 17:45:44.387Unknown1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft
9/4/2020 - 17:45:44.387Unknown1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft
9/4/2020 - 17:45:44.387Unknown1480C:\malware.exeC:\Program Files (x86)\Windows Mail
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\Program Files (x86)\Windows Mail\pt-BR
9/4/2020 - 17:45:44.387Unknown1480C:\malware.exeC:\Program Files (x86)\Windows Mail\pt-BR
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance
9/4/2020 - 17:45:44.387Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto
9/4/2020 - 17:45:44.387Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage
9/4/2020 - 17:45:44.387Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\ProgramData\Microsoft\DeviceSync
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
9/4/2020 - 17:45:44.387Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030
9/4/2020 - 17:45:44.387Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030
9/4/2020 - 17:45:44.387Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030
9/4/2020 - 17:45:44.387Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
9/4/2020 - 17:45:44.387Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030
9/4/2020 - 17:45:44.387Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
9/4/2020 - 17:45:44.403Unknown1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Application Data
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Application Data
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Application Data
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Application Data
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Dados de aplicativos
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Dados de aplicativos
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Dados de aplicativos
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Dados de aplicativos
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Desktop
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Desktop
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Desktop
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Desktop
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Documentos
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Documentos
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Documentos
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Documentos
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Documents
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Documents
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Documents
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Documents
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Favorites
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Favorites
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Favorites
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Favorites
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Favoritos
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Favoritos
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Favoritos
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Favoritos
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Menu Iniciar
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Menu Iniciar
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Menu Iniciar
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Menu Iniciar
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Microsoft
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Microsoft
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Modelos
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Modelos
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Modelos
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Modelos
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Package Cache
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Package Cache
9/4/2020 - 17:45:44.403Unknown1480C:\malware.exeC:\ProgramData\Package Cache
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Start Menu
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Start Menu
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Start Menu
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Start Menu
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Templates
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Templates
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Templates
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\ProgramData\Templates
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\Users\Behemot\Ambiente de impresso
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\Users\Behemot\Ambiente de impresso
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\Users\Behemot\Ambiente de rede
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\Users\Behemot\Ambiente de rede
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\Users\Behemot\AppData
9/4/2020 - 17:45:44.403Unknown1480C:\malware.exeC:\Users\Behemot\AppData
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\Users\Behemot\Configuraes locais
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\Users\Behemot\Configuraes locais
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\Users\Behemot\Contacts
9/4/2020 - 17:45:44.403Unknown1480C:\malware.exeC:\Users\Behemot\Contacts
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\Users\Behemot\Cookies
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\Users\Behemot\Cookies
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\Users\Behemot\Dados de aplicativos
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\Users\Behemot\Dados de aplicativos
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\Users\Behemot\Desktop
9/4/2020 - 17:45:44.403Unknown1480C:\malware.exeC:\Users\Behemot\Desktop
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\Users\Behemot\Documents
9/4/2020 - 17:45:44.403Unknown1480C:\malware.exeC:\Users\Behemot\Documents
9/4/2020 - 17:45:44.403Open1480C:\malware.exeC:\Users\Behemot\Downloads
9/4/2020 - 17:45:44.418Unknown1480C:\malware.exeC:\Users\Behemot\Downloads
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Behemot\Favorites
9/4/2020 - 17:45:44.418Unknown1480C:\malware.exeC:\Users\Behemot\Favorites
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Behemot\Links
9/4/2020 - 17:45:44.418Unknown1480C:\malware.exeC:\Users\Behemot\Links
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Behemot\Menu Iniciar
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Behemot\Menu Iniciar
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Behemot\Meus documentos
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Behemot\Meus documentos
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Behemot\Modelos
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Behemot\Modelos
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Behemot\Music
9/4/2020 - 17:45:44.418Unknown1480C:\malware.exeC:\Users\Behemot\Music
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Behemot\Pictures
9/4/2020 - 17:45:44.418Unknown1480C:\malware.exeC:\Users\Behemot\Pictures
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Behemot\Recent
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Behemot\Recent
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Behemot\Saved Games
9/4/2020 - 17:45:44.418Unknown1480C:\malware.exeC:\Users\Behemot\Saved Games
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Behemot\Searches
9/4/2020 - 17:45:44.418Unknown1480C:\malware.exeC:\Users\Behemot\Searches
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Behemot\SendTo
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Behemot\SendTo
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Behemot\Videos
9/4/2020 - 17:45:44.418Unknown1480C:\malware.exeC:\Users\Behemot\Videos
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Default\Ambiente de impresso
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Default\Ambiente de impresso
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Default\Ambiente de rede
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Default\Ambiente de rede
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Default\AppData
9/4/2020 - 17:45:44.418Unknown1480C:\malware.exeC:\Users\Default\AppData
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Default\Application Data
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Default\Application Data
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Default\Configuraes locais
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Default\Configuraes locais
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Default\Cookies
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Default\Cookies
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Default\Dados de aplicativos
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Default\Dados de aplicativos
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Default\Desktop
9/4/2020 - 17:45:44.418Unknown1480C:\malware.exeC:\Users\Default\Desktop
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Default\Documents
9/4/2020 - 17:45:44.418Unknown1480C:\malware.exeC:\Users\Default\Documents
9/4/2020 - 17:45:44.418Unknown1480C:\malware.exeC:\Users\Default\Documents
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Default\Downloads
9/4/2020 - 17:45:44.418Unknown1480C:\malware.exeC:\Users\Default\Downloads
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Default\Favorites
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Public\Desktop
9/4/2020 - 17:45:44.418Unknown1480C:\malware.exeC:\Users\Public\Desktop
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Public\Documents
9/4/2020 - 17:45:44.418Unknown1480C:\malware.exeC:\Users\Public\Documents
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Public\Downloads
9/4/2020 - 17:45:44.418Unknown1480C:\malware.exeC:\Users\Public\Downloads
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Public\Favorites
9/4/2020 - 17:45:44.434Unknown1480C:\malware.exeC:\Users\Public\Favorites
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\Users\Public\Libraries
9/4/2020 - 17:45:44.434Unknown1480C:\malware.exeC:\Users\Public\Libraries
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\Users\Public\Music
9/4/2020 - 17:45:44.434Unknown1480C:\malware.exeC:\Users\Public\Music
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\Users\Public\Pictures
9/4/2020 - 17:45:44.434Unknown1480C:\malware.exeC:\Users\Public\Pictures
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\Users\Public\Recorded TV
9/4/2020 - 17:45:44.434Unknown1480C:\malware.exeC:\Users\Public\Recorded TV
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\Users\Public\Videos
9/4/2020 - 17:45:44.434Unknown1480C:\malware.exeC:\Users\Public\Videos
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Application Data
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Application Data
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Application Data
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Application Data
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Dados de aplicativos
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Dados de aplicativos
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Dados de aplicativos
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Dados de aplicativos
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Desktop
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Desktop
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Desktop
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Desktop
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Documentos
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Documentos
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Documentos
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Documentos
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Documents
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Documents
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Documents
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Documents
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Favorites
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Favorites
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Favorites
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Favorites
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Favoritos
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Favoritos
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Favoritos
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Favoritos
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Menu Iniciar
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Menu Iniciar
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Menu Iniciar
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Menu Iniciar
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Microsoft
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Microsoft
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Modelos
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Modelos
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Modelos
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Modelos
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Package Cache
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Package Cache
9/4/2020 - 17:45:44.434Unknown1480C:\malware.exeC:\ProgramData\Package Cache
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Start Menu
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Start Menu
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Start Menu
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Start Menu
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Templates
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Templates
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Templates
9/4/2020 - 17:45:44.434Open1480C:\malware.exeC:\ProgramData\Templates
9/4/2020 - 17:45:44.465Open1480C:\malware.exeC:\Monitor\Files\Logs\File.log
9/4/2020 - 17:45:44.465Open1480C:\malware.exeC:\Monitor\Files\Logs\Process.log
9/4/2020 - 17:45:44.465Open1480C:\malware.exeC:\Monitor\Files\Logs\Process.log
9/4/2020 - 17:45:44.465Unknown1480C:\malware.exeC:\Monitor\Files\Logs\Process.log
9/4/2020 - 17:45:44.465Open1480C:\malware.exeC:\Monitor\Files\Logs\Registry.log
9/4/2020 - 17:45:44.465Open1480C:\malware.exeC:\Monitor\Files\Logs\Registry.log
9/4/2020 - 17:45:44.465Unknown1480C:\malware.exeC:\Monitor\Files\Logs\Registry.log
9/4/2020 - 17:45:44.465Unknown1480C:\malware.exeC:\Monitor\Files\Logs\Registry.log
9/4/2020 - 17:45:44.465Open1480C:\malware.exeC:\Monitor\Files\Logs\Registry.log
9/4/2020 - 17:45:44.465Open1480C:\malware.exeC:\Monitor\Files\Logs\Registry.log
9/4/2020 - 17:45:44.465Unknown1480C:\malware.exeC:\Monitor\Files\Logs\Registry.log
9/4/2020 - 17:45:44.465Unknown1480C:\malware.exeC:\Monitor\Files\Logs\Registry.log
9/4/2020 - 17:45:44.465Unknown1480C:\malware.exeC:\Monitor\Files\Logs\File.log
9/4/2020 - 17:45:44.465Open1480C:\malware.exeC:\Monitor\Files\Logs\File.log
9/4/2020 - 17:45:44.465Unknown1480C:\malware.exeC:\Monitor\Files\Logs\File.log
9/4/2020 - 17:45:44.465Unknown1480C:\malware.exeC:\Monitor\Files\Logs\File.log
9/4/2020 - 17:45:44.465Open1480C:\malware.exeC:\Monitor\Files\Logs\File.log
9/4/2020 - 17:45:44.465Open1480C:\malware.exeC:\Monitor\Files\Logs\File.log
9/4/2020 - 17:45:44.465Unknown1480C:\malware.exeC:\Monitor\Files\Logs\File.log
9/4/2020 - 17:45:44.465Unknown1480C:\malware.exeC:\Monitor\Files\Logs\File.log
9/4/2020 - 17:45:44.528Write1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.catwindowskernelcapturedriver.cat
9/4/2020 - 17:45:44.528Open1480C:\malware.exeC:\Program Files\Common Files\Services\verisign.bmp
9/4/2020 - 17:45:44.528Open1480C:\malware.exeC:\Program Files\Common Files\SpeechEngines\Microsoft
9/4/2020 - 17:45:44.528Unknown1480C:\malware.exeC:\Program Files\Common Files\SpeechEngines\Microsoft
9/4/2020 - 17:45:44.528Open1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation
9/4/2020 - 17:45:44.528Unknown1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation
9/4/2020 - 17:45:44.528Open1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework
9/4/2020 - 17:45:44.528Unknown1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework
9/4/2020 - 17:45:44.528Unknown1480C:\malware.exeC:\Program Files\Windows Journal\pt-BR
9/4/2020 - 17:45:44.528Unknown1480C:\malware.exeC:\Program Files\Windows Journal\Templates
9/4/2020 - 17:45:44.528Open1480C:\malware.exeC:\Program Files (x86)\Common Files\Services\verisign.bmp
9/4/2020 - 17:45:44.528Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft
9/4/2020 - 17:45:44.528Unknown1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft
9/4/2020 - 17:45:44.528Open1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation
9/4/2020 - 17:45:44.528Unknown1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation
9/4/2020 - 17:45:44.528Open1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework
9/4/2020 - 17:45:44.528Unknown1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework
9/4/2020 - 17:45:44.528Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client
9/4/2020 - 17:45:44.528Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client
9/4/2020 - 17:45:44.528Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\DSS
9/4/2020 - 17:45:44.528Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\DSS
9/4/2020 - 17:45:44.528Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys
9/4/2020 - 17:45:44.528Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys
9/4/2020 - 17:45:44.528Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA
9/4/2020 - 17:45:44.528Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA
9/4/2020 - 17:45:44.528Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device
9/4/2020 - 17:45:44.528Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device
9/4/2020 - 17:45:44.528Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task
9/4/2020 - 17:45:44.528Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task
9/4/2020 - 17:45:44.528Unknown1480C:\malware.exeC:\ProgramData\Microsoft
9/4/2020 - 17:45:44.528Unknown1480C:\malware.exeC:\ProgramData\Microsoft\DeviceSync
9/4/2020 - 17:45:44.528Open1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:44.528Open1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:44.528Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:44.528Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:44.528Open1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:44.528Read1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:44.528Read1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:44.528Write1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:44.528Write1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:44.528Write1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:44.528Open1480C:\malware.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages
9/4/2020 - 17:45:44.543Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages
9/4/2020 - 17:45:44.543Open1480C:\malware.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages
9/4/2020 - 17:45:44.543Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages
9/4/2020 - 17:45:44.543Open1480C:\malware.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages
9/4/2020 - 17:45:44.543Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages
9/4/2020 - 17:45:44.543Open1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
9/4/2020 - 17:45:44.543Open1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
9/4/2020 - 17:45:44.543Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
9/4/2020 - 17:45:44.543Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
9/4/2020 - 17:45:44.543Open1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
9/4/2020 - 17:45:44.543Read1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
9/4/2020 - 17:45:44.543Read1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
9/4/2020 - 17:45:44.543Write1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
9/4/2020 - 17:45:44.543Write1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
9/4/2020 - 17:45:44.543Write1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
9/4/2020 - 17:45:44.543Open1480C:\malware.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages
9/4/2020 - 17:45:44.543Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages
9/4/2020 - 17:45:44.543Open1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
9/4/2020 - 17:45:44.543Unknown1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
9/4/2020 - 17:45:44.543Unknown1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
9/4/2020 - 17:45:44.543Open1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
9/4/2020 - 17:45:44.543Read1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
9/4/2020 - 17:45:44.543Read1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
9/4/2020 - 17:45:44.543Read1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
9/4/2020 - 17:45:44.543Read1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
9/4/2020 - 17:45:44.543Write1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
9/4/2020 - 17:45:44.543Write1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
9/4/2020 - 17:45:44.543Open1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
9/4/2020 - 17:45:44.543Open1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
9/4/2020 - 17:45:44.543Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
9/4/2020 - 17:45:44.543Open1480C:\malware.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030
9/4/2020 - 17:45:44.543Open1480C:\malware.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030
9/4/2020 - 17:45:44.543Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030
9/4/2020 - 17:45:44.543Open1480C:\malware.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030
9/4/2020 - 17:45:44.543Open1480C:\malware.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030
9/4/2020 - 17:45:44.543Write1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
9/4/2020 - 17:45:44.543Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030
9/4/2020 - 17:45:44.543Open1480C:\malware.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030
9/4/2020 - 17:45:44.543Open1480C:\malware.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030
9/4/2020 - 17:45:44.543Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030
9/4/2020 - 17:45:44.543Open1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
9/4/2020 - 17:45:44.543Open1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
9/4/2020 - 17:45:44.543Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
9/4/2020 - 17:45:44.543Open1480C:\malware.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030
9/4/2020 - 17:45:44.543Open1480C:\malware.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030
9/4/2020 - 17:45:44.543Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030
9/4/2020 - 17:45:44.543Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
9/4/2020 - 17:45:44.559Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
9/4/2020 - 17:45:44.559Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
9/4/2020 - 17:45:44.559Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
9/4/2020 - 17:45:44.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
9/4/2020 - 17:45:44.559Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
9/4/2020 - 17:45:44.559Open1480C:\malware.exeC:\Users\Behemot\Contacts\Behemot.contact
9/4/2020 - 17:45:44.559Unknown1480C:\malware.exeC:\Users\Behemot\Contacts\Behemot.contactBehemot.contact
9/4/2020 - 17:45:44.559Open1480C:\malware.exeC:\Users\Behemot\Contacts\Behemot.contact
9/4/2020 - 17:45:44.559Unknown1480C:\malware.exeC:\Users\Behemot\Contacts\Behemot.contactBehemot.contact
9/4/2020 - 17:45:44.559Unknown1480C:\malware.exeC:\Users\Behemot\Contacts\Behemot.contactBehemot.contact
9/4/2020 - 17:45:44.559Open1480C:\malware.exeC:\Users\Behemot\Contacts\Behemot.contact
9/4/2020 - 17:45:44.559Read1480C:\malware.exeC:\Users\Behemot\Contacts\Behemot.contactBehemot.contact
9/4/2020 - 17:45:44.559Read1480C:\malware.exeC:\Users\Behemot\Contacts\Behemot.contactBehemot.contact
9/4/2020 - 17:45:44.559Read1480C:\malware.exeC:\Users\Behemot\Contacts\Behemot.contactBehemot.contact
9/4/2020 - 17:45:44.559Read1480C:\malware.exeC:\Users\Behemot\Contacts\Behemot.contactBehemot.contact
9/4/2020 - 17:45:44.559Write1480C:\malware.exeC:\Users\Behemot\Contacts\Behemot.contactBehemot.contact
9/4/2020 - 17:45:44.559Write1480C:\malware.exeC:\Users\Behemot\Contacts\Behemot.contactBehemot.contact
9/4/2020 - 17:45:44.559Write1480C:\malware.exeC:\Users\Behemot\Contacts\Behemot.contactBehemot.contact
9/4/2020 - 17:45:44.559Open1480C:\malware.exeC:\Users\Behemot\Documents\Meus vdeos
9/4/2020 - 17:45:44.559Open1480C:\malware.exeC:\Users\Behemot\Documents\Meus vdeos
9/4/2020 - 17:45:44.559Open1480C:\malware.exeC:\Users\Behemot\Documents\Minhas imagens
9/4/2020 - 17:45:44.559Open1480C:\malware.exeC:\Users\Behemot\Documents\Minhas imagens
9/4/2020 - 17:45:44.559Open1480C:\malware.exeC:\Users\Behemot\Documents\Minhas msicas
9/4/2020 - 17:45:44.559Open1480C:\malware.exeC:\Users\Behemot\Documents\Minhas msicas
9/4/2020 - 17:45:44.559Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor
9/4/2020 - 17:45:44.559Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor
9/4/2020 - 17:45:44.559Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor.zip
9/4/2020 - 17:45:44.559Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor.zip
9/4/2020 - 17:45:44.559Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor.zip
9/4/2020 - 17:45:44.559Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor.zip
9/4/2020 - 17:45:44.559Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor.zip
9/4/2020 - 17:45:44.559Read1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor.zip
9/4/2020 - 17:45:44.559Read1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor.zip
9/4/2020 - 17:45:44.559Read1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor.zip
9/4/2020 - 17:45:44.559Write1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor.zip
9/4/2020 - 17:45:44.559Write1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor.zip
9/4/2020 - 17:45:44.559Write1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor.zip
9/4/2020 - 17:45:44.559Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links
9/4/2020 - 17:45:44.559Unknown1480C:\malware.exeC:\Users\Behemot\Favorites\Links
9/4/2020 - 17:45:44.559Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
9/4/2020 - 17:45:44.559Unknown1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
9/4/2020 - 17:45:44.559Open1480C:\malware.exeC:\Users\Behemot\Searches\Everywhere.search-ms
9/4/2020 - 17:45:44.559Unknown1480C:\malware.exeC:\Users\Behemot\Searches\Everywhere.search-msEverywhere.search-ms
9/4/2020 - 17:45:44.559Open1480C:\malware.exeC:\Users\Behemot\Searches\Everywhere.search-ms
9/4/2020 - 17:45:44.559Unknown1480C:\malware.exeC:\Users\Behemot\Searches\Everywhere.search-msEverywhere.search-ms
9/4/2020 - 17:45:44.559Unknown1480C:\malware.exeC:\Users\Behemot\Searches\Everywhere.search-msEverywhere.search-ms
9/4/2020 - 17:45:44.559Open1480C:\malware.exeC:\Users\Behemot\Searches\Everywhere.search-ms
9/4/2020 - 17:45:44.559Read1480C:\malware.exeC:\Users\Behemot\Searches\Everywhere.search-msEverywhere.search-ms
9/4/2020 - 17:45:44.559Read1480C:\malware.exeC:\Users\Behemot\Searches\Everywhere.search-msEverywhere.search-ms
9/4/2020 - 17:45:44.575Read1480C:\malware.exeC:\Users\Behemot\Searches\Everywhere.search-msEverywhere.search-ms
9/4/2020 - 17:45:44.575Write1480C:\malware.exeC:\Users\Behemot\Searches\Everywhere.search-msEverywhere.search-ms
9/4/2020 - 17:45:44.575Write1480C:\malware.exeC:\Users\Behemot\Searches\Everywhere.search-msEverywhere.search-ms
9/4/2020 - 17:45:44.575Write1480C:\malware.exeC:\Users\Behemot\Searches\Everywhere.search-msEverywhere.search-ms
9/4/2020 - 17:45:44.575Open1480C:\malware.exeC:\Users\Behemot\Searches\Indexed Locations.search-ms
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Behemot\Searches\Indexed Locations.search-msIndexed Locations.search-ms
9/4/2020 - 17:45:44.575Open1480C:\malware.exeC:\Users\Behemot\Searches\Indexed Locations.search-ms
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Behemot\Searches\Indexed Locations.search-msIndexed Locations.search-ms
9/4/2020 - 17:45:44.575Open1480C:\malware.exeC:\Users\Default\AppData\Local
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Default\AppData\Local
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Default\AppData\Local
9/4/2020 - 17:45:44.575Open1480C:\malware.exeC:\Users\Default\AppData\Roaming
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Default\AppData\Roaming
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Default\Documents
9/4/2020 - 17:45:44.575Open1480C:\malware.exeC:\Users\Default\Documents\Meus vdeos
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Default\Documents
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Default\Documents
9/4/2020 - 17:45:44.575Open1480C:\malware.exeC:\Users\Default\Documents\Meus vdeos
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Default\Documents
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Default\Documents
9/4/2020 - 17:45:44.575Open1480C:\malware.exeC:\Users\Default\Documents\Minhas imagens
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Default\Documents
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Default\Documents
9/4/2020 - 17:45:44.575Open1480C:\malware.exeC:\Users\Default\Documents\Minhas imagens
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Default\Documents
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Default\Documents
9/4/2020 - 17:45:44.575Open1480C:\malware.exeC:\Users\Default\Documents\Minhas msicas
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Default\Documents
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Default\Documents
9/4/2020 - 17:45:44.575Open1480C:\malware.exeC:\Users\Default\Documents\Minhas msicas
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Default\Documents
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Default\Documents
9/4/2020 - 17:45:44.575Open1480C:\malware.exeC:\Users\Default\Documents\My Music
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Default\Documents
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Default\Documents
9/4/2020 - 17:45:44.575Open1480C:\malware.exeC:\Users\Default\Documents\My Music
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Default\Documents
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Default\Documents
9/4/2020 - 17:45:44.575Open1480C:\malware.exeC:\Users\Default\Documents\My Pictures
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Default\Documents
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Default\Documents
9/4/2020 - 17:45:44.575Open1480C:\malware.exeC:\Users\Default\Documents\My Pictures
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Default\Documents
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Default\Documents
9/4/2020 - 17:45:44.575Open1480C:\malware.exeC:\Users\Default\Documents\My Videos
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Default\Documents
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Default\Documents
9/4/2020 - 17:45:44.575Open1480C:\malware.exeC:\Users\Default\Documents\My Videos
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Default\Documents
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Default\Videos
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Default\Videos
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Default\Favorites
9/4/2020 - 17:45:44.575Open1480C:\malware.exeC:\Users\Public\Documents\Meus vdeos
9/4/2020 - 17:45:44.575Open1480C:\malware.exeC:\Users\Public\Documents\Meus vdeos
9/4/2020 - 17:45:44.575Open1480C:\malware.exeC:\Users\Public\Documents\Minhas imagens
9/4/2020 - 17:45:44.575Open1480C:\malware.exeC:\Users\Public\Documents\Minhas imagens
9/4/2020 - 17:45:44.575Open1480C:\malware.exeC:\Users\Public\Documents\Minhas msicas
9/4/2020 - 17:45:44.575Open1480C:\malware.exeC:\Users\Public\Documents\Minhas msicas
9/4/2020 - 17:45:44.575Open1480C:\malware.exeC:\Users\Public\Documents\My Music
9/4/2020 - 17:45:44.575Open1480C:\malware.exeC:\Users\Public\Documents\My Music
9/4/2020 - 17:45:44.575Open1480C:\malware.exeC:\Users\Public\Documents\My Pictures
9/4/2020 - 17:45:44.575Open1480C:\malware.exeC:\Users\Public\Documents\My Pictures
9/4/2020 - 17:45:44.575Open1480C:\malware.exeC:\Users\Public\Documents\My Videos
9/4/2020 - 17:45:44.575Open1480C:\malware.exeC:\Users\Public\Documents\My Videos
9/4/2020 - 17:45:44.575Open1480C:\malware.exeC:\Users\Public\Libraries\RecordedTV.library-ms
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Public\Libraries\RecordedTV.library-msRecordedTV.library-ms
9/4/2020 - 17:45:44.575Open1480C:\malware.exeC:\Users\Public\Libraries\RecordedTV.library-ms
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Public\Libraries\RecordedTV.library-msRecordedTV.library-ms
9/4/2020 - 17:45:44.575Unknown1480C:\malware.exeC:\Users\Public\Libraries\RecordedTV.library-msRecordedTV.library-ms
9/4/2020 - 17:45:44.575Open1480C:\malware.exeC:\Users\Public\Libraries\RecordedTV.library-ms
9/4/2020 - 17:45:44.575Read1480C:\malware.exeC:\Users\Public\Libraries\RecordedTV.library-msRecordedTV.library-ms
9/4/2020 - 17:45:44.575Read1480C:\malware.exeC:\Users\Public\Libraries\RecordedTV.library-msRecordedTV.library-ms
9/4/2020 - 17:45:44.590Read1480C:\malware.exeC:\Users\Public\Libraries\RecordedTV.library-msRecordedTV.library-ms
9/4/2020 - 17:45:44.590Write1480C:\malware.exeC:\Users\Public\Libraries\RecordedTV.library-msRecordedTV.library-ms
9/4/2020 - 17:45:44.590Write1480C:\malware.exeC:\Users\Public\Libraries\RecordedTV.library-msRecordedTV.library-ms
9/4/2020 - 17:45:44.590Write1480C:\malware.exeC:\Users\Public\Libraries\RecordedTV.library-msRecordedTV.library-ms
9/4/2020 - 17:45:44.590Open1480C:\malware.exeC:\Users\Public\Music\Sample Music
9/4/2020 - 17:45:44.590Unknown1480C:\malware.exeC:\Users\Public\Music\Sample Music
9/4/2020 - 17:45:44.590Open1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures
9/4/2020 - 17:45:44.590Unknown1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures
9/4/2020 - 17:45:44.590Write1480C:\malware.exeC:\Users\Public\Libraries\RecordedTV.library-msRecordedTV.library-ms
9/4/2020 - 17:45:44.590Write1480C:\malware.exeC:\Users\Public\Libraries\RecordedTV.library-msRecordedTV.library-ms
9/4/2020 - 17:45:44.590Write1480C:\malware.exeC:\Users\Public\Libraries\RecordedTV.library-msRecordedTV.library-ms
9/4/2020 - 17:45:44.590Open1480C:\malware.exeC:\Users\Public\Recorded TV\Sample Media
9/4/2020 - 17:45:44.590Unknown1480C:\malware.exeC:\Users\Public\Recorded TV\Sample Media
9/4/2020 - 17:45:44.590Open1480C:\malware.exeC:\Users\Public\Videos\Sample Videos
9/4/2020 - 17:45:44.590Unknown1480C:\malware.exeC:\Users\Public\Videos\Sample Videos
9/4/2020 - 17:45:44.590Open1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
9/4/2020 - 17:45:44.590Open1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
9/4/2020 - 17:45:44.590Open1480C:\malware.exeC:\Users\Public\Libraries
9/4/2020 - 17:45:44.590Unknown1480C:\malware.exeC:\Users\Public\Libraries\RecordedTV.library-msRecordedTV.library-ms
9/4/2020 - 17:45:44.590Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
9/4/2020 - 17:45:44.590Unknown1480C:\malware.exeC:\Users\Public\Libraries
9/4/2020 - 17:45:44.590Unknown1480C:\malware.exeC:\Users\Public\Libraries\RecordedTV.library-ms.cb5649
9/4/2020 - 17:45:44.590Open1480C:\malware.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030
9/4/2020 - 17:45:44.590Open1480C:\malware.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030
9/4/2020 - 17:45:44.590Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030
9/4/2020 - 17:45:44.590Open1480C:\malware.exeC:\Users\Public\Libraries\CB5649-Readme.txt
9/4/2020 - 17:45:44.590Open1480C:\malware.exeC:\Users\Public\Libraries\CB5649-Readme.txt
9/4/2020 - 17:45:44.590Write1480C:\malware.exeC:\Users\Public\Libraries\CB5649-Readme.txtCB5649-Readme.txt
9/4/2020 - 17:45:44.590Unknown1480C:\malware.exeC:\Users\Public\Libraries\CB5649-Readme.txtCB5649-Readme.txt
9/4/2020 - 17:45:44.590Open1480C:\malware.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030
9/4/2020 - 17:45:44.590Open1480C:\malware.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030
9/4/2020 - 17:45:44.590Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030
9/4/2020 - 17:45:44.590Open1480C:\malware.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030
9/4/2020 - 17:45:44.590Open1480C:\malware.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030
9/4/2020 - 17:45:44.590Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030
9/4/2020 - 17:45:44.590Open1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
9/4/2020 - 17:45:44.590Open1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
9/4/2020 - 17:45:44.590Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
9/4/2020 - 17:45:44.590Open1480C:\malware.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030
9/4/2020 - 17:45:44.590Open1480C:\malware.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030
9/4/2020 - 17:45:44.606Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030
9/4/2020 - 17:45:44.606Unknown1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.infWindowsKernelCaptureDriver.inf
9/4/2020 - 17:45:44.606Open1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf
9/4/2020 - 17:45:44.606Read1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.infWindowsKernelCaptureDriver.inf
9/4/2020 - 17:45:44.606Read1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.infWindowsKernelCaptureDriver.inf
9/4/2020 - 17:45:44.606Write1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.infWindowsKernelCaptureDriver.inf
9/4/2020 - 17:45:44.606Write1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.infWindowsKernelCaptureDriver.inf
9/4/2020 - 17:45:44.606Unknown1480C:\malware.exeC:\Monitor\Files\Logs\Process.log
9/4/2020 - 17:45:44.606Open1480C:\malware.exeC:\Monitor\Files\Logs\Process.log
9/4/2020 - 17:45:44.606Open1480C:\malware.exeC:\Monitor\Files\Logs\Process.log
9/4/2020 - 17:45:44.606Unknown1480C:\malware.exeC:\Monitor\Files\Logs\Process.log
9/4/2020 - 17:45:44.606Unknown1480C:\malware.exeC:\Monitor\Files\Logs\Process.log
9/4/2020 - 17:45:44.606Open1480C:\malware.exeC:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20
9/4/2020 - 17:45:44.606Unknown1480C:\malware.exeC:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20
9/4/2020 - 17:45:44.606Open1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0
9/4/2020 - 17:45:44.606Unknown1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0
9/4/2020 - 17:45:44.606Open1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5
9/4/2020 - 17:45:44.606Unknown1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5
9/4/2020 - 17:45:44.606Write1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.catwindowskernelcapturedriver.cat
9/4/2020 - 17:45:44.606Write1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.catwindowskernelcapturedriver.cat
9/4/2020 - 17:45:44.606Write1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.catwindowskernelcapturedriver.cat
9/4/2020 - 17:45:44.606Open1480C:\malware.exeC:\Program Files\Common Files\Services\verisign.bmp
9/4/2020 - 17:45:44.606Open1480C:\malware.exeC:\Program Files\Common Files\Services\verisign.bmp
9/4/2020 - 17:45:44.606Open1480C:\malware.exeC:\Program Files\Common Files\Services\verisign.bmp
9/4/2020 - 17:45:44.606Open1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0
9/4/2020 - 17:45:44.606Unknown1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0
9/4/2020 - 17:45:44.606Unknown1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0
9/4/2020 - 17:45:44.606Open1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5
9/4/2020 - 17:45:44.606Read1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5
9/4/2020 - 17:45:44.606Unknown1480C:\malware.exeC:\Program Files\Windows Journal\Templates
9/4/2020 - 17:45:44.606Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\blank.jtp
9/4/2020 - 17:45:44.684Open1480C:\malware.exeC:\Program Files (x86)\Common Files\Services\verisign.bmp
9/4/2020 - 17:45:44.684Open1480C:\malware.exeC:\Program Files (x86)\Common Files\Services\verisign.bmp
9/4/2020 - 17:45:44.684Open1480C:\malware.exeC:\Program Files (x86)\Common Files\Services\verisign.bmp
9/4/2020 - 17:45:44.684Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20
9/4/2020 - 17:45:44.684Unknown1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20
9/4/2020 - 17:45:44.684Open1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0
9/4/2020 - 17:45:44.684Unknown1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0
9/4/2020 - 17:45:44.684Open1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5
9/4/2020 - 17:45:44.684Unknown1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5
9/4/2020 - 17:45:44.684Open1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0
9/4/2020 - 17:45:44.684Unknown1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0
9/4/2020 - 17:45:44.684Unknown1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0
9/4/2020 - 17:45:44.684Open1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5
9/4/2020 - 17:45:44.684Read1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5
9/4/2020 - 17:45:44.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0
9/4/2020 - 17:45:44.684Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0
9/4/2020 - 17:45:44.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\DSS\MachineKeys
9/4/2020 - 17:45:44.684Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\DSS\MachineKeys
9/4/2020 - 17:45:44.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.684Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628cea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.684Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628cea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
9/4/2020 - 17:45:44.684Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
9/4/2020 - 17:45:44.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18
9/4/2020 - 17:45:44.684Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18
9/4/2020 - 17:45:44.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}
9/4/2020 - 17:45:44.684Read1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}
9/4/2020 - 17:45:44.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}
9/4/2020 - 17:45:44.684Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}
9/4/2020 - 17:45:44.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}
9/4/2020 - 17:45:44.684Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}
9/4/2020 - 17:45:44.684Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}
9/4/2020 - 17:45:44.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}
9/4/2020 - 17:45:44.684Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}
9/4/2020 - 17:45:44.684Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\ProgramData\Microsoft\DRM
9/4/2020 - 17:45:44.684Unknown1480C:\malware.exeC:\ProgramData\Microsoft\DRM
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\ProgramData\Microsoft\eHome
9/4/2020 - 17:45:44.684Unknown1480C:\malware.exeC:\ProgramData\Microsoft\eHome
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\ProgramData\Microsoft\IdentityCRL
9/4/2020 - 17:45:44.684Unknown1480C:\malware.exeC:\ProgramData\Microsoft\IdentityCRL
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache
9/4/2020 - 17:45:44.684Unknown1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\ProgramData\Microsoft\MF
9/4/2020 - 17:45:44.684Unknown1480C:\malware.exeC:\ProgramData\Microsoft\MF
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\ProgramData\Microsoft\Network
9/4/2020 - 17:45:44.684Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC
9/4/2020 - 17:45:44.684Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\ProgramData\Microsoft\Search
9/4/2020 - 17:45:44.684Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures
9/4/2020 - 17:45:44.684Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\ProgramData\Microsoft\Vault
9/4/2020 - 17:45:44.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Vault
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows
9/4/2020 - 17:45:44.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT
9/4/2020 - 17:45:44.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT
9/4/2020 - 17:45:44.387Open1480C:\malware.exeC:\ProgramData\Microsoft\WwanSvc
9/4/2020 - 17:45:44.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\WwanSvc
9/4/2020 - 17:45:44.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft
9/4/2020 - 17:45:44.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance
9/4/2020 - 17:45:44.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance
9/4/2020 - 17:45:44.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance
9/4/2020 - 17:45:44.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto
9/4/2020 - 17:45:44.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto
9/4/2020 - 17:45:44.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto
9/4/2020 - 17:45:44.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage
9/4/2020 - 17:45:44.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage
9/4/2020 - 17:45:44.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage
9/4/2020 - 17:45:44.700Open1480C:\malware.exeC:\ProgramData\Microsoft\DeviceSync
9/4/2020 - 17:45:44.700Open1480C:\malware.exeC:\ProgramData\Microsoft\DeviceSync
9/4/2020 - 17:45:44.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\DeviceSync
9/4/2020 - 17:45:44.700Open1480C:\malware.exeC:\ProgramData\Microsoft\DRM
9/4/2020 - 17:45:44.700Open1480C:\malware.exeC:\ProgramData\Microsoft\DRM
9/4/2020 - 17:45:44.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\DRM
9/4/2020 - 17:45:44.700Open1480C:\malware.exeC:\ProgramData\Microsoft\eHome
9/4/2020 - 17:45:44.700Open1480C:\malware.exeC:\ProgramData\Microsoft\eHome
9/4/2020 - 17:45:44.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\eHome
9/4/2020 - 17:45:44.700Open1480C:\malware.exeC:\ProgramData\Microsoft\IdentityCRL
9/4/2020 - 17:45:44.700Open1480C:\malware.exeC:\ProgramData\Microsoft\IdentityCRL
9/4/2020 - 17:45:44.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\IdentityCRL
9/4/2020 - 17:45:44.700Open1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache
9/4/2020 - 17:45:44.700Open1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache
9/4/2020 - 17:45:44.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache
9/4/2020 - 17:45:44.700Open1480C:\malware.exeC:\ProgramData\Microsoft\MF
9/4/2020 - 17:45:44.700Open1480C:\malware.exeC:\ProgramData\Microsoft\MF
9/4/2020 - 17:45:44.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\MF
9/4/2020 - 17:45:44.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Network
9/4/2020 - 17:45:44.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Network
9/4/2020 - 17:45:44.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network
9/4/2020 - 17:45:44.700Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC
9/4/2020 - 17:45:44.700Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC
9/4/2020 - 17:45:44.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC
9/4/2020 - 17:45:44.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Search
9/4/2020 - 17:45:44.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Search
9/4/2020 - 17:45:44.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search
9/4/2020 - 17:45:44.700Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures
9/4/2020 - 17:45:44.700Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures
9/4/2020 - 17:45:44.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures
9/4/2020 - 17:45:44.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Vault
9/4/2020 - 17:45:44.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Vault
9/4/2020 - 17:45:44.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Vault
9/4/2020 - 17:45:44.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows
9/4/2020 - 17:45:44.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows
9/4/2020 - 17:45:44.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows
9/4/2020 - 17:45:44.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT
9/4/2020 - 17:45:44.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT
9/4/2020 - 17:45:44.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\ProgramData\Microsoft\WwanSvc
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\ProgramData\Microsoft\WwanSvc
9/4/2020 - 17:45:44.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\WwanSvc
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64
9/4/2020 - 17:45:44.715Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86
9/4/2020 - 17:45:44.715Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86
9/4/2020 - 17:45:44.715Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64
9/4/2020 - 17:45:44.715Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64
9/4/2020 - 17:45:44.715Write1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
9/4/2020 - 17:45:44.715Write1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
9/4/2020 - 17:45:44.715Write1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages
9/4/2020 - 17:45:44.715Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages
9/4/2020 - 17:45:44.715Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages
9/4/2020 - 17:45:44.715Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages
9/4/2020 - 17:45:44.715Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Dados de aplicativos
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Dados de aplicativos
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Histrico
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Histrico
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\VirtualStore
9/4/2020 - 17:45:44.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\VirtualStore
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Adobe
9/4/2020 - 17:45:44.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Adobe
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Identities
9/4/2020 - 17:45:44.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Identities
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Media Center Programs
9/4/2020 - 17:45:44.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Media Center Programs
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor
9/4/2020 - 17:45:44.715Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url
9/4/2020 - 17:45:44.715Unknown1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Galeria do Web Slice.urlGaleria do Web Slice.url
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url
9/4/2020 - 17:45:44.715Unknown1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Galeria do Web Slice.urlGaleria do Web Slice.url
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Sites Sugeridos.url
9/4/2020 - 17:45:44.715Unknown1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Sites Sugeridos.urlSites Sugeridos.url
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Sites Sugeridos.url
9/4/2020 - 17:45:44.715Unknown1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Sites Sugeridos.urlSites Sugeridos.url
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url
9/4/2020 - 17:45:44.715Unknown1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.urlMicrosoft Brasil.url
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url
9/4/2020 - 17:45:44.715Unknown1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.urlMicrosoft Brasil.url
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url
9/4/2020 - 17:45:44.715Unknown1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.urlMSN Brasil.url
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url
9/4/2020 - 17:45:44.715Unknown1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.urlMSN Brasil.url
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url
9/4/2020 - 17:45:44.715Unknown1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
9/4/2020 - 17:45:44.715Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url
9/4/2020 - 17:45:44.715Unknown1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
9/4/2020 - 17:45:44.715Read1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor.zip
9/4/2020 - 17:45:44.715Read1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor.zip
9/4/2020 - 17:45:44.715Write1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor.zip
9/4/2020 - 17:45:44.715Write1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor.zip
9/4/2020 - 17:45:44.715Write1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor.zip
9/4/2020 - 17:45:44.731Unknown1480C:\malware.exeC:\Users\Default\AppData\Local
9/4/2020 - 17:45:44.731Open1480C:\malware.exeC:\Users\Default\AppData\Local\Application Data
9/4/2020 - 17:45:44.731Unknown1480C:\malware.exeC:\Users\Default\AppData\Local
9/4/2020 - 17:45:44.731Unknown1480C:\malware.exeC:\Users\Default\AppData\Local
9/4/2020 - 17:45:44.731Open1480C:\malware.exeC:\Users\Default\AppData\Local\Application Data
9/4/2020 - 17:45:44.731Unknown1480C:\malware.exeC:\Users\Default\AppData\Local
9/4/2020 - 17:45:44.731Unknown1480C:\malware.exeC:\Users\Default\AppData\Local
9/4/2020 - 17:45:44.731Open1480C:\malware.exeC:\Users\Default\AppData\Local\Dados de aplicativos
9/4/2020 - 17:45:44.731Unknown1480C:\malware.exeC:\Users\Default\AppData\Local
9/4/2020 - 17:45:44.731Unknown1480C:\malware.exeC:\Users\Default\AppData\Local
9/4/2020 - 17:45:44.731Open1480C:\malware.exeC:\Users\Default\AppData\Local\Dados de aplicativos
9/4/2020 - 17:45:44.731Unknown1480C:\malware.exeC:\Users\Default\AppData\Local
9/4/2020 - 17:45:44.731Unknown1480C:\malware.exeC:\Users\Default\AppData\Local
9/4/2020 - 17:45:44.731Open1480C:\malware.exeC:\Users\Default\AppData\Local\History
9/4/2020 - 17:45:44.731Unknown1480C:\malware.exeC:\Users\Default\AppData\Local
9/4/2020 - 17:45:44.731Unknown1480C:\malware.exeC:\Users\Default\AppData\Local
9/4/2020 - 17:45:44.731Open1480C:\malware.exeC:\Users\Default\AppData\Local\History
9/4/2020 - 17:45:44.731Unknown1480C:\malware.exeC:\Users\Default\AppData\Local
9/4/2020 - 17:45:44.731Unknown1480C:\malware.exeC:\Users\Default\AppData\Local
9/4/2020 - 17:45:44.731Open1480C:\malware.exeC:\Users\Default\AppData\Local\Histrico
9/4/2020 - 17:45:44.731Unknown1480C:\malware.exeC:\Users\Default\AppData\Local
9/4/2020 - 17:45:44.731Unknown1480C:\malware.exeC:\Users\Default\AppData\Local
9/4/2020 - 17:45:44.731Open1480C:\malware.exeC:\Users\Default\AppData\Local\Histrico
9/4/2020 - 17:45:44.731Unknown1480C:\malware.exeC:\Users\Default\AppData\Local
9/4/2020 - 17:45:44.731Write1480C:\malware.exeC:\Users\Behemot\Searches\Everywhere.search-msEverywhere.search-ms
9/4/2020 - 17:45:44.731Write1480C:\malware.exeC:\Users\Behemot\Searches\Everywhere.search-msEverywhere.search-ms
9/4/2020 - 17:45:44.731Open1480C:\malware.exeC:\Users\Default\AppData\Roaming\Media Center Programs
9/4/2020 - 17:45:44.731Unknown1480C:\malware.exeC:\Users\Default\AppData\Roaming\Media Center Programs
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Default\Links
9/4/2020 - 17:45:44.731Unknown1480C:\malware.exeC:\Users\Default\Links
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Default\Local Settings
9/4/2020 - 17:45:44.731Open1480C:\malware.exeC:\Users\Default\Local Settings
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Default\Menu Iniciar
9/4/2020 - 17:45:44.731Open1480C:\malware.exeC:\Users\Default\Menu Iniciar
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Default\Meus documentos
9/4/2020 - 17:45:44.731Open1480C:\malware.exeC:\Users\Default\Meus documentos
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Default\Modelos
9/4/2020 - 17:45:44.731Open1480C:\malware.exeC:\Users\Default\Modelos
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Default\Music
9/4/2020 - 17:45:44.731Unknown1480C:\malware.exeC:\Users\Default\Music
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Default\My Documents
9/4/2020 - 17:45:44.731Open1480C:\malware.exeC:\Users\Default\My Documents
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Default\NetHood
9/4/2020 - 17:45:44.731Open1480C:\malware.exeC:\Users\Default\NetHood
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Default\Pictures
9/4/2020 - 17:45:44.731Unknown1480C:\malware.exeC:\Users\Default\Pictures
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Default\PrintHood
9/4/2020 - 17:45:44.731Open1480C:\malware.exeC:\Users\Default\PrintHood
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Default\Recent
9/4/2020 - 17:45:44.731Open1480C:\malware.exeC:\Users\Default\Recent
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Default\Saved Games
9/4/2020 - 17:45:44.731Unknown1480C:\malware.exeC:\Users\Default\Saved Games
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Default\SendTo
9/4/2020 - 17:45:44.731Open1480C:\malware.exeC:\Users\Default\SendTo
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Default\Start Menu
9/4/2020 - 17:45:44.731Open1480C:\malware.exeC:\Users\Default\Start Menu
9/4/2020 - 17:45:44.418Open1480C:\malware.exeC:\Users\Default\Templates
9/4/2020 - 17:45:44.731Open1480C:\malware.exeC:\Users\Default\Templates
9/4/2020 - 17:45:44.731Open1480C:\malware.exeC:\Users\Public\Music\Sample Music\Kalimba.mp3
9/4/2020 - 17:45:44.731Open1480C:\malware.exeC:\Users\Public\Music\Sample Music\Kalimba.mp3
9/4/2020 - 17:45:44.731Unknown1480C:\malware.exeC:\Users\Public\Music\Sample Music\Kalimba.mp3
9/4/2020 - 17:45:44.747Open1480C:\malware.exeC:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3
9/4/2020 - 17:45:44.747Unknown1480C:\malware.exeC:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3Maid with the Flaxen Hair.mp3
9/4/2020 - 17:45:44.747Open1480C:\malware.exeC:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3
9/4/2020 - 17:45:44.747Unknown1480C:\malware.exeC:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3Maid with the Flaxen Hair.mp3
9/4/2020 - 17:45:44.747Open1480C:\malware.exeC:\Users\Public\Music\Sample Music\Sleep Away.mp3
9/4/2020 - 17:45:44.747Unknown1480C:\malware.exeC:\Users\Public\Music\Sample Music\Sleep Away.mp3Sleep Away.mp3
9/4/2020 - 17:45:44.747Open1480C:\malware.exeC:\Users\Public\Music\Sample Music\Sleep Away.mp3
9/4/2020 - 17:45:44.747Unknown1480C:\malware.exeC:\Users\Public\Music\Sample Music\Sleep Away.mp3Sleep Away.mp3
9/4/2020 - 17:45:44.747Open1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg
9/4/2020 - 17:45:44.747Unknown1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpgChrysanthemum.jpg
9/4/2020 - 17:45:44.747Open1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg
9/4/2020 - 17:45:44.747Unknown1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpgChrysanthemum.jpg
9/4/2020 - 17:45:44.747Open1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Desert.jpg
9/4/2020 - 17:45:44.747Open1480C:\malware.exeC:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv
9/4/2020 - 17:45:44.747Open1480C:\malware.exeC:\Users\Public\Videos\Sample Videos\Wildlife.wmv
9/4/2020 - 17:45:44.747Open1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:44.747Open1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:44.747Open1480C:\malware.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages
9/4/2020 - 17:45:44.747Open1480C:\malware.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages
9/4/2020 - 17:45:44.747Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages
9/4/2020 - 17:45:44.747Open1480C:\malware.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages
9/4/2020 - 17:45:44.747Open1480C:\malware.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages
9/4/2020 - 17:45:44.747Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages
9/4/2020 - 17:45:44.747Open1480C:\malware.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages
9/4/2020 - 17:45:44.747Open1480C:\malware.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages
9/4/2020 - 17:45:44.747Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages
9/4/2020 - 17:45:44.747Open1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
9/4/2020 - 17:45:44.747Open1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
9/4/2020 - 17:45:44.747Open1480C:\malware.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages
9/4/2020 - 17:45:44.747Open1480C:\malware.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages
9/4/2020 - 17:45:44.747Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages
9/4/2020 - 17:45:44.747Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\cryptsp.dll
9/4/2020 - 17:45:44.747Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\cryptsp.dll
9/4/2020 - 17:45:44.747Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\rsaenh.dll
9/4/2020 - 17:45:44.747Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\rsaenh.dll
9/4/2020 - 17:45:44.747Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\rsaenh.dll
9/4/2020 - 17:45:44.747Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\rsaenh.dll
9/4/2020 - 17:45:44.747Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\rsaenh.dll
9/4/2020 - 17:45:44.747Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\rsaenh.dll
9/4/2020 - 17:45:44.747Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\rsaenh.dll
9/4/2020 - 17:45:44.747Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\rsaenh.dll
9/4/2020 - 17:45:44.747Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\rsaenh.dll
9/4/2020 - 17:45:44.747Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\rsaenh.dll
9/4/2020 - 17:45:44.762Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\rsaenh.dll
9/4/2020 - 17:45:44.762Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\rsaenh.dll
9/4/2020 - 17:45:44.762Open344C:\Windows\System32\vssadmin.exeC:\Windows\Globalization\Sorting\SortDefault.nls
9/4/2020 - 17:45:44.762Unknown344C:\Windows\System32\vssadmin.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
9/4/2020 - 17:45:44.762Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\RpcRtRemote.dll
9/4/2020 - 17:45:44.762Unknown344C:\Windows\System32\vssadmin.exeC:\Windows\System32\RpcRtRemote.dllRpcRtRemote.dll
9/4/2020 - 17:45:44.762Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\RpcRtRemote.dll
9/4/2020 - 17:45:44.762Unknown344C:\Windows\System32\vssadmin.exeC:\Windows\System32\RpcRtRemote.dllRpcRtRemote.dll
9/4/2020 - 17:45:44.762Open1480C:\malware.exeC:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US
9/4/2020 - 17:45:44.762Unknown1480C:\malware.exeC:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US
9/4/2020 - 17:45:44.762Open1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets
9/4/2020 - 17:45:44.762Open1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets
9/4/2020 - 17:45:44.762Unknown1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0
9/4/2020 - 17:45:44.762Open1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\pt-BR
9/4/2020 - 17:45:44.762Read1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\pt-BR
9/4/2020 - 17:45:44.762Open1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList
9/4/2020 - 17:45:44.762Unknown1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList
9/4/2020 - 17:45:44.762Open1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml
9/4/2020 - 17:45:44.762Unknown1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xmlWinFXList.xml
9/4/2020 - 17:45:44.762Open1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml
9/4/2020 - 17:45:44.762Unknown1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xmlWinFXList.xml
9/4/2020 - 17:45:44.684Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\To_Do_List.jtp
9/4/2020 - 17:45:44.762Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\blank.jtp
9/4/2020 - 17:45:44.762Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\blank.jtp
9/4/2020 - 17:45:44.762Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\blank.jtp
9/4/2020 - 17:45:44.762Unknown1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5
9/4/2020 - 17:45:44.762Unknown1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5
9/4/2020 - 17:45:44.762Write1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.infWindowsKernelCaptureDriver.inf
9/4/2020 - 17:45:44.778Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US
9/4/2020 - 17:45:44.778Unknown1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US
9/4/2020 - 17:45:44.778Open1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets
9/4/2020 - 17:45:44.778Open1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets
9/4/2020 - 17:45:44.778Unknown1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0
9/4/2020 - 17:45:44.778Open1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\pt-BR
9/4/2020 - 17:45:44.778Read1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\pt-BR
9/4/2020 - 17:45:44.778Open1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList
9/4/2020 - 17:45:44.778Unknown1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList
9/4/2020 - 17:45:44.778Open1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList
9/4/2020 - 17:45:44.778Unknown1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList
9/4/2020 - 17:45:44.778Open1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml
9/4/2020 - 17:45:44.778Unknown1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xmlWinFXList.xml
9/4/2020 - 17:45:44.778Open1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml
9/4/2020 - 17:45:44.778Unknown1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xmlWinFXList.xml
9/4/2020 - 17:45:44.778Unknown1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5
9/4/2020 - 17:45:44.778Unknown1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5
9/4/2020 - 17:45:44.778Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US
9/4/2020 - 17:45:44.778Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US
9/4/2020 - 17:45:44.778Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US
9/4/2020 - 17:45:44.778Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR
9/4/2020 - 17:45:44.778Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR
9/4/2020 - 17:45:44.778Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US
9/4/2020 - 17:45:44.778Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US
9/4/2020 - 17:45:44.778Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.778Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.778Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.778Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.778Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.778Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.793Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.793Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.793Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.793Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.793Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.793Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.793Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.793Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.793Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.793Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
9/4/2020 - 17:45:44.793Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR
9/4/2020 - 17:45:44.793Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
9/4/2020 - 17:45:44.793Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR
9/4/2020 - 17:45:44.793Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\DRM\Server
9/4/2020 - 17:45:44.793Unknown1480C:\malware.exeC:\ProgramData\Microsoft\DRM\Server
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\eHome\logs
9/4/2020 - 17:45:44.793Unknown1480C:\malware.exeC:\ProgramData\Microsoft\eHome\logs
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\ilrcache.xml
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\ilrcache.xml
9/4/2020 - 17:45:44.793Unknown1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\ilrcache.xml
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xml
9/4/2020 - 17:45:44.793Unknown1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xmlimcrcache.xml
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xml
9/4/2020 - 17:45:44.793Unknown1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xmlimcrcache.xml
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\MF\Active.GRL
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\MF\Active.GRL
9/4/2020 - 17:45:44.793Unknown1480C:\malware.exeC:\ProgramData\Microsoft\MF\Active.GRL
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:44.793Unknown1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Connections
9/4/2020 - 17:45:44.793Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Connections
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader
9/4/2020 - 17:45:44.793Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\Outbound
9/4/2020 - 17:45:44.793Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\Outbound
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData
9/4/2020 - 17:45:44.793Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData
9/4/2020 - 17:45:44.809Read1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData
9/4/2020 - 17:45:44.809Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\Temp
9/4/2020 - 17:45:44.809Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\Temp
9/4/2020 - 17:45:44.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data
9/4/2020 - 17:45:44.809Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data
9/4/2020 - 17:45:44.809Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Administrator.dat
9/4/2020 - 17:45:44.809Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Administrator.datAdministrator.dat
9/4/2020 - 17:45:44.809Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Administrator.dat
9/4/2020 - 17:45:44.809Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Administrator.datAdministrator.dat
9/4/2020 - 17:45:44.809Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
9/4/2020 - 17:45:44.809Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
9/4/2020 - 17:45:44.809Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
9/4/2020 - 17:45:44.809Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures
9/4/2020 - 17:45:44.809Read1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures
9/4/2020 - 17:45:44.809Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:44.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\AIT
9/4/2020 - 17:45:44.809Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\AIT
9/4/2020 - 17:45:44.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore
9/4/2020 - 17:45:44.809Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore
9/4/2020 - 17:45:44.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM
9/4/2020 - 17:45:44.809Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM
9/4/2020 - 17:45:44.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\GameExplorer
9/4/2020 - 17:45:44.809Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\GameExplorer
9/4/2020 - 17:45:44.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics
9/4/2020 - 17:45:44.809Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics
9/4/2020 - 17:45:44.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones
9/4/2020 - 17:45:44.809Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones
9/4/2020 - 17:45:44.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Sqm
9/4/2020 - 17:45:44.809Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Sqm
9/4/2020 - 17:45:44.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu
9/4/2020 - 17:45:44.825Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Templates
9/4/2020 - 17:45:44.825Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Templates
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER
9/4/2020 - 17:45:44.825Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.825Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.825Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSScan
9/4/2020 - 17:45:44.825Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSScan
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\WwanSvc\Profiles
9/4/2020 - 17:45:44.825Unknown1480C:\malware.exeC:\ProgramData\Microsoft\WwanSvc\Profiles
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance
9/4/2020 - 17:45:44.825Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto
9/4/2020 - 17:45:44.825Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage
9/4/2020 - 17:45:44.825Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\DeviceSync
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\DeviceSync
9/4/2020 - 17:45:44.825Unknown1480C:\malware.exeC:\ProgramData\Microsoft\DeviceSync
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\DRM
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\DRM
9/4/2020 - 17:45:44.825Unknown1480C:\malware.exeC:\ProgramData\Microsoft\DRM
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\eHome
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\eHome
9/4/2020 - 17:45:44.825Unknown1480C:\malware.exeC:\ProgramData\Microsoft\eHome
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\IdentityCRL
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\IdentityCRL
9/4/2020 - 17:45:44.825Unknown1480C:\malware.exeC:\ProgramData\Microsoft\IdentityCRL
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache
9/4/2020 - 17:45:44.825Unknown1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\MF
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\MF
9/4/2020 - 17:45:44.825Unknown1480C:\malware.exeC:\ProgramData\Microsoft\MF
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Network
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Network
9/4/2020 - 17:45:44.825Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC
9/4/2020 - 17:45:44.825Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Search
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Search
9/4/2020 - 17:45:44.825Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Vault
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Vault
9/4/2020 - 17:45:44.825Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Vault
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows
9/4/2020 - 17:45:44.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows
9/4/2020 - 17:45:44.840Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT
9/4/2020 - 17:45:44.840Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\WwanSvc
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\WwanSvc
9/4/2020 - 17:45:44.840Unknown1480C:\malware.exeC:\ProgramData\Microsoft\WwanSvc
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client
9/4/2020 - 17:45:44.840Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\DSS
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\DSS
9/4/2020 - 17:45:44.840Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\DSS
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys
9/4/2020 - 17:45:44.840Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA
9/4/2020 - 17:45:44.840Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device
9/4/2020 - 17:45:44.840Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task
9/4/2020 - 17:45:44.840Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\DRM\Server
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\DRM\Server
9/4/2020 - 17:45:44.840Unknown1480C:\malware.exeC:\ProgramData\Microsoft\DRM\Server
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\eHome\logs
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\eHome\logs
9/4/2020 - 17:45:44.840Unknown1480C:\malware.exeC:\ProgramData\Microsoft\eHome\logs
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\ilrcache.xml
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\ilrcache.xml
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xml
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xml
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\MF\Active.GRL
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\MF\Active.GRL
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Connections
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Connections
9/4/2020 - 17:45:44.840Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Connections
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader
9/4/2020 - 17:45:44.840Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\Outbound
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\Outbound
9/4/2020 - 17:45:44.840Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\Outbound
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData
9/4/2020 - 17:45:44.840Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data
9/4/2020 - 17:45:44.840Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\AIT
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\AIT
9/4/2020 - 17:45:44.840Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\AIT
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore
9/4/2020 - 17:45:44.840Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM
9/4/2020 - 17:45:44.856Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM
9/4/2020 - 17:45:44.856Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM
9/4/2020 - 17:45:44.856Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\GameExplorer
9/4/2020 - 17:45:44.856Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\GameExplorer
9/4/2020 - 17:45:44.856Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\GameExplorer
9/4/2020 - 17:45:44.856Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics
9/4/2020 - 17:45:44.856Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics
9/4/2020 - 17:45:44.856Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics
9/4/2020 - 17:45:44.856Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones
9/4/2020 - 17:45:44.856Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones
9/4/2020 - 17:45:44.856Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Sqm
9/4/2020 - 17:45:44.856Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Sqm
9/4/2020 - 17:45:44.856Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Sqm
9/4/2020 - 17:45:44.856Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu
9/4/2020 - 17:45:44.856Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu
9/4/2020 - 17:45:44.856Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu
9/4/2020 - 17:45:44.856Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Templates
9/4/2020 - 17:45:44.856Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Templates
9/4/2020 - 17:45:44.856Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Templates
9/4/2020 - 17:45:44.856Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER
9/4/2020 - 17:45:44.856Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER
9/4/2020 - 17:45:44.856Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER
9/4/2020 - 17:45:44.856Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.856Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.856Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.856Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.856Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSScan
9/4/2020 - 17:45:44.856Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSScan
9/4/2020 - 17:45:44.856Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSScan
9/4/2020 - 17:45:44.856Open1480C:\malware.exeC:\ProgramData\Microsoft\WwanSvc\Profiles
9/4/2020 - 17:45:44.856Open1480C:\malware.exeC:\ProgramData\Microsoft\WwanSvc\Profiles
9/4/2020 - 17:45:44.856Unknown1480C:\malware.exeC:\ProgramData\Microsoft\WwanSvc\Profiles
9/4/2020 - 17:45:44.856Open1480C:\malware.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64
9/4/2020 - 17:45:44.856Open1480C:\malware.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64
9/4/2020 - 17:45:44.856Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64
9/4/2020 - 17:45:44.856Open1480C:\malware.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86
9/4/2020 - 17:45:44.856Open1480C:\malware.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86
9/4/2020 - 17:45:44.856Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86
9/4/2020 - 17:45:44.856Open1480C:\malware.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86
9/4/2020 - 17:45:44.856Open1480C:\malware.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86
9/4/2020 - 17:45:44.856Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86
9/4/2020 - 17:45:44.856Open1480C:\malware.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64
9/4/2020 - 17:45:44.856Open1480C:\malware.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64
9/4/2020 - 17:45:44.856Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64
9/4/2020 - 17:45:44.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Adobe\Flash Player
9/4/2020 - 17:45:44.856Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Adobe\Flash Player
9/4/2020 - 17:45:44.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Identities\{5F13A065-9132-4C6F-A394-1C4D0DE64D1F}
9/4/2020 - 17:45:44.856Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Identities\{5F13A065-9132-4C6F-A394-1C4D0DE64D1F}
9/4/2020 - 17:45:44.856Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\Files
9/4/2020 - 17:45:44.856Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\Files
9/4/2020 - 17:45:44.856Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\Malware
9/4/2020 - 17:45:44.872Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\Malware
9/4/2020 - 17:45:44.872Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package
9/4/2020 - 17:45:44.872Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package
9/4/2020 - 17:45:44.872Read1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor.zip
9/4/2020 - 17:45:44.872Read1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor.zip
9/4/2020 - 17:45:44.872Write1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor.zip
9/4/2020 - 17:45:44.872Write1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor.zip
9/4/2020 - 17:45:44.872Write1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor.zip
9/4/2020 - 17:45:44.747Open1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
9/4/2020 - 17:45:44.872Open1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
9/4/2020 - 17:45:44.872Unknown1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
9/4/2020 - 17:45:44.872Open1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Desert.jpg
9/4/2020 - 17:45:44.872Unknown1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Desert.jpg
9/4/2020 - 17:45:44.872Unknown1480C:\malware.exeC:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtvwin7_scenic-demoshort_raw.wtv
9/4/2020 - 17:45:44.872Open1480C:\malware.exeC:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv
9/4/2020 - 17:45:44.872Unknown1480C:\malware.exeC:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtvwin7_scenic-demoshort_raw.wtv
9/4/2020 - 17:45:44.872Open1480C:\malware.exeC:\Users\Public\Videos\Sample Videos\Wildlife.wmv
9/4/2020 - 17:45:44.872Unknown1480C:\malware.exeC:\Users\Public\Videos\Sample Videos\Wildlife.wmv
9/4/2020 - 17:45:44.872Open1480C:\malware.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64
9/4/2020 - 17:45:44.872Open1480C:\malware.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64
9/4/2020 - 17:45:44.872Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64
9/4/2020 - 17:45:44.872Open1480C:\malware.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86
9/4/2020 - 17:45:44.872Open1480C:\malware.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86
9/4/2020 - 17:45:44.872Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86
9/4/2020 - 17:45:44.872Open1480C:\malware.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86
9/4/2020 - 17:45:44.872Open1480C:\malware.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86
9/4/2020 - 17:45:44.872Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86
9/4/2020 - 17:45:44.872Open1480C:\malware.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64
9/4/2020 - 17:45:44.872Open1480C:\malware.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64
9/4/2020 - 17:45:44.872Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64
9/4/2020 - 17:45:44.872Open1480C:\malware.exeC:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk
9/4/2020 - 17:45:44.872Unknown1480C:\malware.exeC:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk
9/4/2020 - 17:45:44.762Open1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets
9/4/2020 - 17:45:44.872Unknown1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.TargetsWorkflow.Targets
9/4/2020 - 17:45:44.872Open1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets
9/4/2020 - 17:45:44.872Unknown1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.TargetsWorkflow.Targets
9/4/2020 - 17:45:44.762Open1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets
9/4/2020 - 17:45:44.872Unknown1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.TargetsWorkflow.VisualBasic.Targets
9/4/2020 - 17:45:44.872Open1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets
9/4/2020 - 17:45:44.872Open1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets
9/4/2020 - 17:45:44.872Open1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets
9/4/2020 - 17:45:44.872Unknown1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.TargetsWorkflow.Targets
9/4/2020 - 17:45:44.872Open1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets
9/4/2020 - 17:45:44.872Open1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets
9/4/2020 - 17:45:44.872Open1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets
9/4/2020 - 17:45:44.872Unknown1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\pt-BR
9/4/2020 - 17:45:44.872Open1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml
9/4/2020 - 17:45:44.606Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Dotted_Line.jtp
9/4/2020 - 17:45:44.872Unknown1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Dotted_Line.jtpDotted_Line.jtp
9/4/2020 - 17:45:44.872Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Dotted_Line.jtp
9/4/2020 - 17:45:44.872Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Dotted_Line.jtp
9/4/2020 - 17:45:44.887Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Dotted_Line.jtp
9/4/2020 - 17:45:44.606Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Genko_1.jtp
9/4/2020 - 17:45:44.887Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Genko_1.jtp
9/4/2020 - 17:45:44.887Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Genko_1.jtp
9/4/2020 - 17:45:44.887Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Genko_1.jtp
9/4/2020 - 17:45:44.684Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Genko_2.jtp
9/4/2020 - 17:45:44.887Unknown1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5
9/4/2020 - 17:45:44.887Open1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\pt-BR
9/4/2020 - 17:45:44.887Read1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\pt-BR
9/4/2020 - 17:45:44.887Open1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList
9/4/2020 - 17:45:44.887Unknown1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList
9/4/2020 - 17:45:44.887Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk
9/4/2020 - 17:45:44.887Read1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk
9/4/2020 - 17:45:44.778Open1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets
9/4/2020 - 17:45:44.887Unknown1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.TargetsWorkflow.VisualBasic.Targets
9/4/2020 - 17:45:44.887Open1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets
9/4/2020 - 17:45:44.887Unknown1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.TargetsWorkflow.VisualBasic.Targets
9/4/2020 - 17:45:44.887Unknown1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.TargetsWorkflow.Targets
9/4/2020 - 17:45:44.887Open1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets
9/4/2020 - 17:45:44.887Unknown1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.TargetsWorkflow.Targets
9/4/2020 - 17:45:44.778Open1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets
9/4/2020 - 17:45:44.887Unknown1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.TargetsWorkflow.VisualBasic.Targets
9/4/2020 - 17:45:44.887Open1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets
9/4/2020 - 17:45:44.887Open1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets
9/4/2020 - 17:45:44.887Open1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets
9/4/2020 - 17:45:44.887Unknown1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.TargetsWorkflow.Targets
9/4/2020 - 17:45:44.887Open1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets
9/4/2020 - 17:45:44.887Open1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets
9/4/2020 - 17:45:44.887Open1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets
9/4/2020 - 17:45:44.887Unknown1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\pt-BR
9/4/2020 - 17:45:44.887Open1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml
9/4/2020 - 17:45:44.887Open1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\Client.xml
9/4/2020 - 17:45:44.887Unknown1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5
9/4/2020 - 17:45:44.887Open1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\pt-BR
9/4/2020 - 17:45:44.887Read1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\pt-BR
9/4/2020 - 17:45:44.887Open1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList
9/4/2020 - 17:45:44.887Unknown1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList
9/4/2020 - 17:45:44.887Open1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList
9/4/2020 - 17:45:44.887Unknown1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList
9/4/2020 - 17:45:44.887Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US
9/4/2020 - 17:45:44.887Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W
9/4/2020 - 17:45:44.887Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR
9/4/2020 - 17:45:44.887Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US
9/4/2020 - 17:45:44.887Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}
9/4/2020 - 17:45:44.887Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
9/4/2020 - 17:45:44.903Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.pngbackground.png
9/4/2020 - 17:45:44.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
9/4/2020 - 17:45:44.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
9/4/2020 - 17:45:44.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
9/4/2020 - 17:45:44.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
9/4/2020 - 17:45:44.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
9/4/2020 - 17:45:44.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
9/4/2020 - 17:45:44.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
9/4/2020 - 17:45:44.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
9/4/2020 - 17:45:44.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
9/4/2020 - 17:45:44.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
9/4/2020 - 17:45:44.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
9/4/2020 - 17:45:44.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:44.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:44.903Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:44.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:44.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:44.903Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:44.903Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf
9/4/2020 - 17:45:44.903Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdfRacWmiDatabase.sdf
9/4/2020 - 17:45:44.903Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf
9/4/2020 - 17:45:44.903Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdfRacWmiDatabase.sdf
9/4/2020 - 17:45:44.903Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData
9/4/2020 - 17:45:44.903Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData
9/4/2020 - 17:45:44.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications
9/4/2020 - 17:45:44.903Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications
9/4/2020 - 17:45:44.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Temp
9/4/2020 - 17:45:44.903Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Temp
9/4/2020 - 17:45:44.903Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:44.903Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:44.903Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:44.903Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:44.903Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:44.903Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:44.903Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:44.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US
9/4/2020 - 17:45:44.903Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US
9/4/2020 - 17:45:44.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
9/4/2020 - 17:45:44.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
9/4/2020 - 17:45:44.903Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
9/4/2020 - 17:45:44.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\Cache
9/4/2020 - 17:45:44.903Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\Cache
9/4/2020 - 17:45:44.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
9/4/2020 - 17:45:44.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
9/4/2020 - 17:45:44.903Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
9/4/2020 - 17:45:44.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
9/4/2020 - 17:45:44.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
9/4/2020 - 17:45:44.903Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
9/4/2020 - 17:45:44.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.sec
9/4/2020 - 17:45:44.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.sec
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.sec
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones
9/4/2020 - 17:45:44.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Sqm\Manifest
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Sqm\Manifest
9/4/2020 - 17:45:44.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Sqm\Sessions
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Sqm\Sessions
9/4/2020 - 17:45:44.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
9/4/2020 - 17:45:44.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programas
9/4/2020 - 17:45:44.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programas
9/4/2020 - 17:45:44.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
9/4/2020 - 17:45:44.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportArchive
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportArchive
9/4/2020 - 17:45:44.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\ActivityLog
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\ActivityLog
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Inbox
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Inbox
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Queue
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Queue
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\SentItems
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\SentItems
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpgWelcomeScan.jpg
9/4/2020 - 17:45:44.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
9/4/2020 - 17:45:44.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
9/4/2020 - 17:45:44.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
9/4/2020 - 17:45:44.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client
9/4/2020 - 17:45:44.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client
9/4/2020 - 17:45:44.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\DSS
9/4/2020 - 17:45:44.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\DSS
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\DSS
9/4/2020 - 17:45:44.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys
9/4/2020 - 17:45:44.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys
9/4/2020 - 17:45:44.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA
9/4/2020 - 17:45:44.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA
9/4/2020 - 17:45:44.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device
9/4/2020 - 17:45:44.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device
9/4/2020 - 17:45:44.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task
9/4/2020 - 17:45:44.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task
9/4/2020 - 17:45:44.918Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\DRM\Server
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\DRM\Server
9/4/2020 - 17:45:44.934Unknown1480C:\malware.exeC:\ProgramData\Microsoft\DRM\Server
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\eHome\logs
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\eHome\logs
9/4/2020 - 17:45:44.934Unknown1480C:\malware.exeC:\ProgramData\Microsoft\eHome\logs
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\ilrcache.xml
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\ilrcache.xml
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xml
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xml
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\MF\Active.GRL
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\MF\Active.GRL
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Connections
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Connections
9/4/2020 - 17:45:44.934Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Connections
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader
9/4/2020 - 17:45:44.934Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\Outbound
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\Outbound
9/4/2020 - 17:45:44.934Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\Outbound
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData
9/4/2020 - 17:45:44.934Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData
9/4/2020 - 17:45:44.934Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData
9/4/2020 - 17:45:44.934Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data
9/4/2020 - 17:45:44.934Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\AIT
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\AIT
9/4/2020 - 17:45:44.934Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\AIT
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore
9/4/2020 - 17:45:44.934Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM
9/4/2020 - 17:45:44.934Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\GameExplorer
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\GameExplorer
9/4/2020 - 17:45:44.934Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\GameExplorer
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics
9/4/2020 - 17:45:44.934Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones
9/4/2020 - 17:45:44.934Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones
9/4/2020 - 17:45:44.934Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Sqm
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Sqm
9/4/2020 - 17:45:44.934Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Sqm
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu
9/4/2020 - 17:45:44.934Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu
9/4/2020 - 17:45:44.934Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Templates
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Templates
9/4/2020 - 17:45:44.950Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Templates
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER
9/4/2020 - 17:45:44.950Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.950Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.950Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSScan
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSScan
9/4/2020 - 17:45:44.950Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSScan
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\WwanSvc\Profiles
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\WwanSvc\Profiles
9/4/2020 - 17:45:44.950Unknown1480C:\malware.exeC:\ProgramData\Microsoft\WwanSvc\Profiles
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0
9/4/2020 - 17:45:44.950Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\DSS\MachineKeys
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\DSS\MachineKeys
9/4/2020 - 17:45:44.950Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\DSS\MachineKeys
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
9/4/2020 - 17:45:44.950Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18
9/4/2020 - 17:45:44.950Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}
9/4/2020 - 17:45:44.950Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}
9/4/2020 - 17:45:44.950Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications
9/4/2020 - 17:45:44.950Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US
9/4/2020 - 17:45:44.950Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\Cache
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\Cache
9/4/2020 - 17:45:44.950Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\Cache
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.sec
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.sec
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Sqm\Manifest
9/4/2020 - 17:45:44.950Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Sqm\Manifest
9/4/2020 - 17:45:44.950Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Sqm\Manifest
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Sqm\Sessions
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Sqm\Sessions
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Sqm\Sessions
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programas
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programas
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programas
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programas
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportArchive
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportArchive
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportArchive
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\ActivityLog
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\ActivityLog
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\ActivityLog
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Inbox
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Inbox
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Inbox
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Queue
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Queue
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Queue
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\SentItems
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\SentItems
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\SentItems
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpgWelcomeScan.jpg
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Adobe\Flash Player\NativeCache
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Adobe\Flash Player\NativeCache
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\Files\DeletedFiles
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\Files\DeletedFiles
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\Files\Logs
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\Files\Logs
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.catwindowskernelcapturedriver.cat
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.catwindowskernelcapturedriver.cat
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.infWindowsKernelCaptureDriver.inf
9/4/2020 - 17:45:44.965Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf
9/4/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.infWindowsKernelCaptureDriver.inf
9/4/2020 - 17:45:44.747Open1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg
9/4/2020 - 17:45:44.997Unknown1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpgHydrangeas.jpg
9/4/2020 - 17:45:44.997Open1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg
9/4/2020 - 17:45:44.997Unknown1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpgHydrangeas.jpg
9/4/2020 - 17:45:44.747Open1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg
9/4/2020 - 17:45:44.997Unknown1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpgJellyfish.jpg
9/4/2020 - 17:45:44.997Open1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg
9/4/2020 - 17:45:44.997Unknown1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpgJellyfish.jpg
9/4/2020 - 17:45:44.747Open1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Koala.jpg
9/4/2020 - 17:45:44.997Open1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Koala.jpg
9/4/2020 - 17:45:44.997Unknown1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Koala.jpg
9/4/2020 - 17:45:44.747Open1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg
9/4/2020 - 17:45:44.997Unknown1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpgLighthouse.jpg
9/4/2020 - 17:45:44.997Open1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg
9/4/2020 - 17:45:44.997Unknown1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpgLighthouse.jpg
9/4/2020 - 17:45:44.747Open1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
9/4/2020 - 17:45:44.997Open1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
9/4/2020 - 17:45:44.997Unknown1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
9/4/2020 - 17:45:44.997Write1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor.zip
9/4/2020 - 17:45:44.997Write1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor.zip
9/4/2020 - 17:45:44.997Write1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor.zip
9/4/2020 - 17:45:44.997Unknown1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.TargetsWorkflow.VisualBasic.Targets
9/4/2020 - 17:45:45.12Open1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets
9/4/2020 - 17:45:45.12Unknown1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.TargetsWorkflow.VisualBasic.Targets
9/4/2020 - 17:45:45.12Unknown1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xmlFrameworkList.xml
9/4/2020 - 17:45:45.12Open1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml
9/4/2020 - 17:45:45.12Unknown1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xmlFrameworkList.xml
9/4/2020 - 17:45:45.12Unknown1480C:\malware.exeC:\Program Files\Windows Journal\Templates\To_Do_List.jtpTo_Do_List.jtp
9/4/2020 - 17:45:45.12Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\To_Do_List.jtp
9/4/2020 - 17:45:45.12Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\To_Do_List.jtp
9/4/2020 - 17:45:45.12Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\To_Do_List.jtp
9/4/2020 - 17:45:45.12Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Genko_2.jtp
9/4/2020 - 17:45:45.12Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Genko_2.jtp
9/4/2020 - 17:45:45.12Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Genko_2.jtp
9/4/2020 - 17:45:45.12Unknown1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\pt-BR
9/4/2020 - 17:45:45.12Open1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml
9/4/2020 - 17:45:45.12Unknown1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xmlFrameworkList.xml
9/4/2020 - 17:45:45.12Open1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml
9/4/2020 - 17:45:45.12Open1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml
9/4/2020 - 17:45:45.12Open1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml
9/4/2020 - 17:45:45.28Write1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.infWindowsKernelCaptureDriver.inf
9/4/2020 - 17:45:45.28Write1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.infWindowsKernelCaptureDriver.inf
9/4/2020 - 17:45:45.28Write1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.infWindowsKernelCaptureDriver.inf
9/4/2020 - 17:45:45.28Unknown1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk
9/4/2020 - 17:45:45.28Unknown1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xmlFrameworkList.xml
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml
9/4/2020 - 17:45:45.28Unknown1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xmlFrameworkList.xml
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\Client.xml
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\Client.xml
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\Client.xml
9/4/2020 - 17:45:45.28Unknown1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\pt-BR
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\Client.xml
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\Client.xml
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\Client.xml
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\Client.xml
9/4/2020 - 17:45:44.887Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck
9/4/2020 - 17:45:45.28Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W
9/4/2020 - 17:45:45.28Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:45.28Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_CValidator.H1D
9/4/2020 - 17:45:45.28Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_CValidator.H1DHelp_CValidator.H1D
9/4/2020 - 17:45:45.28Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR
9/4/2020 - 17:45:45.28Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_CValidator.H1D
9/4/2020 - 17:45:45.28Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_CValidator.H1DHelp_CValidator.H1D
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_AssetId.H1W
9/4/2020 - 17:45:45.28Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_CValidator.H1D
9/4/2020 - 17:45:45.28Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_CValidator.H1DHelp_CValidator.H1D
9/4/2020 - 17:45:45.28Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US
9/4/2020 - 17:45:45.28Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_CValidator.H1D
9/4/2020 - 17:45:45.28Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_CValidator.H1DHelp_CValidator.H1D
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_AssetId.H1W
9/4/2020 - 17:45:45.28Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}
9/4/2020 - 17:45:45.28Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.pngbackground.png
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
9/4/2020 - 17:45:44.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
9/4/2020 - 17:45:45.28Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.pngwatermark.png
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
9/4/2020 - 17:45:45.28Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
9/4/2020 - 17:45:45.28Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
9/4/2020 - 17:45:45.28Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdfRacDatabase.sdf
9/4/2020 - 17:45:45.28Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData
9/4/2020 - 17:45:45.28Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
9/4/2020 - 17:45:45.28Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
9/4/2020 - 17:45:45.28Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdfRacDatabase.sdf
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat
9/4/2020 - 17:45:45.43Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacMetaData.datRacMetaData.dat
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat
9/4/2020 - 17:45:45.43Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacMetaData.datRacMetaData.dat
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
9/4/2020 - 17:45:45.43Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.datRacWmiDataBookmarks.dat
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
9/4/2020 - 17:45:45.43Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.datRacWmiDataBookmarks.dat
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat
9/4/2020 - 17:45:45.43Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.datRacWmiEventData.dat
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat
9/4/2020 - 17:45:45.43Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.datRacWmiEventData.dat
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows
9/4/2020 - 17:45:45.43Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc
9/4/2020 - 17:45:45.43Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc
9/4/2020 - 17:45:45.43Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp
9/4/2020 - 17:45:44.809Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:45.43Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Administrator.dat
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Administrator.dat
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures
9/4/2020 - 17:45:44.840Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
9/4/2020 - 17:45:45.59Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma
9/4/2020 - 17:45:45.59Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
9/4/2020 - 17:45:45.59Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
9/4/2020 - 17:45:45.59Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
9/4/2020 - 17:45:45.59Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
9/4/2020 - 17:45:45.59Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
9/4/2020 - 17:45:45.59Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
9/4/2020 - 17:45:45.59Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
9/4/2020 - 17:45:45.59Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f
9/4/2020 - 17:45:45.59Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f
9/4/2020 - 17:45:45.59Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue
9/4/2020 - 17:45:45.59Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289
9/4/2020 - 17:45:45.59Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR
9/4/2020 - 17:45:45.59Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR
9/4/2020 - 17:45:45.59Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.59Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR
9/4/2020 - 17:45:45.59Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR
9/4/2020 - 17:45:45.59Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0
9/4/2020 - 17:45:45.59Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\DSS\MachineKeys
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\DSS\MachineKeys
9/4/2020 - 17:45:45.59Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\DSS\MachineKeys
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
9/4/2020 - 17:45:45.75Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18
9/4/2020 - 17:45:45.75Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}
9/4/2020 - 17:45:45.75Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}
9/4/2020 - 17:45:45.75Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}
9/4/2020 - 17:45:45.75Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications
9/4/2020 - 17:45:45.75Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\Cache
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\Cache
9/4/2020 - 17:45:45.75Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\Cache
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.sec
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.sec
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Sqm\Manifest
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Sqm\Manifest
9/4/2020 - 17:45:45.75Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Sqm\Manifest
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Sqm\Sessions
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Sqm\Sessions
9/4/2020 - 17:45:45.75Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Sqm\Sessions
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
9/4/2020 - 17:45:45.90Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programas
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programas
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programas
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programas
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
9/4/2020 - 17:45:45.90Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportArchive
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportArchive
9/4/2020 - 17:45:45.90Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportArchive
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue
9/4/2020 - 17:45:45.90Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\ActivityLog
9/4/2020 - 17:45:45.90Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\ActivityLog
9/4/2020 - 17:45:45.90Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\ActivityLog
9/4/2020 - 17:45:45.90Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.90Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages
9/4/2020 - 17:45:45.90Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages
9/4/2020 - 17:45:45.90Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages
9/4/2020 - 17:45:45.90Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.90Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Inbox
9/4/2020 - 17:45:45.90Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Inbox
9/4/2020 - 17:45:45.90Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Inbox
9/4/2020 - 17:45:45.90Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.90Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Queue
9/4/2020 - 17:45:45.90Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Queue
9/4/2020 - 17:45:45.90Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Queue
9/4/2020 - 17:45:45.90Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.90Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\SentItems
9/4/2020 - 17:45:45.90Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\SentItems
9/4/2020 - 17:45:45.90Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\SentItems
9/4/2020 - 17:45:45.90Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.90Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox
9/4/2020 - 17:45:45.90Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox
9/4/2020 - 17:45:45.90Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox
9/4/2020 - 17:45:45.90Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
9/4/2020 - 17:45:45.90Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpgWelcomeScan.jpg
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US
9/4/2020 - 17:45:45.90Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.90Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.90Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.90Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
9/4/2020 - 17:45:45.106Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.pngbackground.png
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
9/4/2020 - 17:45:45.106Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.pngwatermark.png
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR
9/4/2020 - 17:45:45.106Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
9/4/2020 - 17:45:45.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows
9/4/2020 - 17:45:45.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows
9/4/2020 - 17:45:45.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows
9/4/2020 - 17:45:45.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
9/4/2020 - 17:45:45.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
9/4/2020 - 17:45:45.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
9/4/2020 - 17:45:45.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
9/4/2020 - 17:45:45.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
9/4/2020 - 17:45:45.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
9/4/2020 - 17:45:45.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
9/4/2020 - 17:45:45.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
9/4/2020 - 17:45:45.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
9/4/2020 - 17:45:45.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
9/4/2020 - 17:45:45.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
9/4/2020 - 17:45:45.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
9/4/2020 - 17:45:45.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
9/4/2020 - 17:45:45.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
9/4/2020 - 17:45:45.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
9/4/2020 - 17:45:45.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
9/4/2020 - 17:45:45.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
9/4/2020 - 17:45:45.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
9/4/2020 - 17:45:45.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR
9/4/2020 - 17:45:45.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR
9/4/2020 - 17:45:45.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR
9/4/2020 - 17:45:45.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR
9/4/2020 - 17:45:45.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR
9/4/2020 - 17:45:45.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR
9/4/2020 - 17:45:45.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.122Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:45.122Read1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
9/4/2020 - 17:45:45.122Read1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
9/4/2020 - 17:45:45.122Write1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
9/4/2020 - 17:45:45.122Write1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
9/4/2020 - 17:45:45.122Write1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
9/4/2020 - 17:45:44.684Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Graph.jtp
9/4/2020 - 17:45:45.122Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Graph.jtp
9/4/2020 - 17:45:45.122Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Graph.jtp
9/4/2020 - 17:45:45.122Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Graph.jtp
9/4/2020 - 17:45:44.684Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Memo.jtp
9/4/2020 - 17:45:45.122Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Memo.jtp
9/4/2020 - 17:45:45.137Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Memo.jtp
9/4/2020 - 17:45:45.137Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Memo.jtp
9/4/2020 - 17:45:44.684Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Month_Calendar.jtp
9/4/2020 - 17:45:45.137Unknown1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Month_Calendar.jtpMonth_Calendar.jtp
9/4/2020 - 17:45:45.137Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Month_Calendar.jtp
9/4/2020 - 17:45:45.137Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Month_Calendar.jtp
9/4/2020 - 17:45:45.137Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Month_Calendar.jtp
9/4/2020 - 17:45:44.684Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Music.jtp
9/4/2020 - 17:45:45.137Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Music.jtp
9/4/2020 - 17:45:45.137Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Music.jtp
9/4/2020 - 17:45:45.137Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Music.jtp
9/4/2020 - 17:45:44.684Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Seyes.jtp
9/4/2020 - 17:45:45.137Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Seyes.jtp
9/4/2020 - 17:45:45.137Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Seyes.jtp
9/4/2020 - 17:45:45.137Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Seyes.jtp
9/4/2020 - 17:45:44.684Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Shorthand.jtp
9/4/2020 - 17:45:45.137Unknown1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Shorthand.jtpShorthand.jtp
9/4/2020 - 17:45:45.137Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Shorthand.jtp
9/4/2020 - 17:45:45.137Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Shorthand.jtp
9/4/2020 - 17:45:45.137Open1480C:\malware.exeC:\Program Files\Windows Journal\Templates\Shorthand.jtp
9/4/2020 - 17:45:45.137Unknown1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Galeria do Web Slice.urlGaleria do Web Slice.url
9/4/2020 - 17:45:45.137Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url
9/4/2020 - 17:45:45.137Read1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Galeria do Web Slice.urlGaleria do Web Slice.url
9/4/2020 - 17:45:45.137Read1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Galeria do Web Slice.urlGaleria do Web Slice.url
9/4/2020 - 17:45:45.137Write1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Galeria do Web Slice.urlGaleria do Web Slice.url
9/4/2020 - 17:45:45.137Write1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Galeria do Web Slice.urlGaleria do Web Slice.url
9/4/2020 - 17:45:45.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:45.137Open1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:45.137Open1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:45.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:45.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:45.137Open1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:45.137Open1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:45.137Read1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:45.137Read1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:45.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:45.137Open1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:45.137Open1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:45.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:45.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:45.137Unknown1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk
9/4/2020 - 17:45:45.137Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.APL
9/4/2020 - 17:45:45.137Unknown1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk
9/4/2020 - 17:45:45.137Unknown1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk
9/4/2020 - 17:45:45.137Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.APL
9/4/2020 - 17:45:45.137Unknown1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk
9/4/2020 - 17:45:45.137Unknown1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk
9/4/2020 - 17:45:45.137Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.APL
9/4/2020 - 17:45:45.137Unknown1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk
9/4/2020 - 17:45:45.137Unknown1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk
9/4/2020 - 17:45:45.137Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.APL
9/4/2020 - 17:45:45.137Unknown1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk
9/4/2020 - 17:45:45.137Unknown1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk
9/4/2020 - 17:45:45.137Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.CRT
9/4/2020 - 17:45:45.153Unknown1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xmlFrameworkList.xml
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml
9/4/2020 - 17:45:44.887Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W
9/4/2020 - 17:45:45.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W
9/4/2020 - 17:45:45.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:44.887Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H
9/4/2020 - 17:45:45.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR
9/4/2020 - 17:45:45.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_AssetId.H1W
9/4/2020 - 17:45:45.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:45.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US
9/4/2020 - 17:45:45.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_AssetId.H1W
9/4/2020 - 17:45:45.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:44.887Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
9/4/2020 - 17:45:44.887Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Config
9/4/2020 - 17:45:45.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Config
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs
9/4/2020 - 17:45:45.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
9/4/2020 - 17:45:45.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:45.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00003.log
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00003.log
9/4/2020 - 17:45:45.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00003.log
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrs
9/4/2020 - 17:45:45.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrsMSSres00001.jrs
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrs
9/4/2020 - 17:45:45.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrsMSSres00001.jrs
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrs
9/4/2020 - 17:45:45.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrsMSSres00002.jrs
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrs
9/4/2020 - 17:45:45.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrsMSSres00002.jrs
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:45.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
9/4/2020 - 17:45:45.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:45.168Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:45.168Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:45.168Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:45.168Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:45.168Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:45.168Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures
9/4/2020 - 17:45:45.168Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmpusertile10.bmp
9/4/2020 - 17:45:45.168Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp
9/4/2020 - 17:45:45.168Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp
9/4/2020 - 17:45:45.168Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp
9/4/2020 - 17:45:45.168Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Administrator.dat
9/4/2020 - 17:45:45.168Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Administrator.dat
9/4/2020 - 17:45:45.168Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
9/4/2020 - 17:45:45.168Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
9/4/2020 - 17:45:45.168Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures
9/4/2020 - 17:45:45.168Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures
9/4/2020 - 17:45:45.168Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures
9/4/2020 - 17:45:45.168Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.168Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.168Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:45.168Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:45.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
9/4/2020 - 17:45:45.168Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
9/4/2020 - 17:45:45.168Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
9/4/2020 - 17:45:45.168Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
9/4/2020 - 17:45:45.168Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
9/4/2020 - 17:45:45.168Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
9/4/2020 - 17:45:45.168Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
9/4/2020 - 17:45:45.168Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
9/4/2020 - 17:45:45.168Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
9/4/2020 - 17:45:45.168Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
9/4/2020 - 17:45:45.168Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
9/4/2020 - 17:45:45.168Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
9/4/2020 - 17:45:45.168Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma
9/4/2020 - 17:45:45.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma
9/4/2020 - 17:45:45.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wmaRingtone 01.wma
9/4/2020 - 17:45:45.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma
9/4/2020 - 17:45:45.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma
9/4/2020 - 17:45:45.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wmaRingtone 01.wma
9/4/2020 - 17:45:45.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wmaRingtone 01.wma
9/4/2020 - 17:45:45.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma
9/4/2020 - 17:45:45.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma
9/4/2020 - 17:45:45.184Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wmaRingtone 01.wma
9/4/2020 - 17:45:45.184Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wmaRingtone 01.wma
9/4/2020 - 17:45:45.184Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wmaRingtone 01.wma
9/4/2020 - 17:45:45.184Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wmaRingtone 01.wma
9/4/2020 - 17:45:45.184Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wmaRingtone 01.wma
9/4/2020 - 17:45:45.184Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wmaRingtone 01.wma
9/4/2020 - 17:45:45.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
9/4/2020 - 17:45:45.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
9/4/2020 - 17:45:45.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
9/4/2020 - 17:45:45.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
9/4/2020 - 17:45:45.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC
9/4/2020 - 17:45:45.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC
9/4/2020 - 17:45:45.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
9/4/2020 - 17:45:45.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
9/4/2020 - 17:45:45.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
9/4/2020 - 17:45:45.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.covconfident.cov
9/4/2020 - 17:45:45.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
9/4/2020 - 17:45:45.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
9/4/2020 - 17:45:45.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
9/4/2020 - 17:45:45.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
9/4/2020 - 17:45:45.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
9/4/2020 - 17:45:45.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
9/4/2020 - 17:45:45.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
9/4/2020 - 17:45:45.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax
9/4/2020 - 17:45:45.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
9/4/2020 - 17:45:45.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
9/4/2020 - 17:45:45.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US
9/4/2020 - 17:45:45.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US
9/4/2020 - 17:45:45.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR
9/4/2020 - 17:45:45.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR
9/4/2020 - 17:45:45.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR
9/4/2020 - 17:45:45.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US
9/4/2020 - 17:45:45.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US
9/4/2020 - 17:45:45.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\036633b0500d6344ff31cb25528737c8_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2120371a32f41a1da6c1688b6daff881_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6141f515b5ca1957233abdb43966b6b2_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8072febeee5d08c9943a7f8c79a3a602_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9940599c2180f4cec0665b6cf492f0c1_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
9/4/2020 - 17:45:45.200Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.pngbackground.png
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
9/4/2020 - 17:45:45.215Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.pngwatermark.png
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR
9/4/2020 - 17:45:45.215Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows
9/4/2020 - 17:45:45.215Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
9/4/2020 - 17:45:45.215Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
9/4/2020 - 17:45:45.215Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
9/4/2020 - 17:45:45.215Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
9/4/2020 - 17:45:45.215Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
9/4/2020 - 17:45:45.215Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
9/4/2020 - 17:45:45.215Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Config
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Config
9/4/2020 - 17:45:45.215Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Config
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs
9/4/2020 - 17:45:45.231Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00003.log
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00003.log
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrs
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrs
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrs
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrs
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
9/4/2020 - 17:45:45.231Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
9/4/2020 - 17:45:45.231Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
9/4/2020 - 17:45:45.231Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC
9/4/2020 - 17:45:45.231Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
9/4/2020 - 17:45:45.231Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
9/4/2020 - 17:45:45.231Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:45.231Write1480C:\malware.exeC:\Users\Behemot\Contacts\Behemot.contactBehemot.contact
9/4/2020 - 17:45:45.231Write1480C:\malware.exeC:\Users\Behemot\Contacts\Behemot.contactBehemot.contact
9/4/2020 - 17:45:45.231Write1480C:\malware.exeC:\Users\Behemot\Contacts\Behemot.contactBehemot.contact
9/4/2020 - 17:45:45.231Unknown1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
9/4/2020 - 17:45:45.231Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
9/4/2020 - 17:45:45.231Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
9/4/2020 - 17:45:45.231Unknown1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Desert.jpg
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Desert.jpg
9/4/2020 - 17:45:45.231Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Desert.jpg
9/4/2020 - 17:45:45.231Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Desert.jpg
9/4/2020 - 17:45:45.231Unknown1480C:\malware.exeC:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtvwin7_scenic-demoshort_raw.wtv
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv
9/4/2020 - 17:45:45.231Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Desert.jpg
9/4/2020 - 17:45:45.231Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Desert.jpg
9/4/2020 - 17:45:45.231Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
9/4/2020 - 17:45:45.231Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
9/4/2020 - 17:45:45.231Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Desert.jpg
9/4/2020 - 17:45:45.247Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Desert.jpg
9/4/2020 - 17:45:45.247Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
9/4/2020 - 17:45:45.247Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
9/4/2020 - 17:45:45.247Read1480C:\malware.exeC:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtvwin7_scenic-demoshort_raw.wtv
9/4/2020 - 17:45:45.247Read1480C:\malware.exeC:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtvwin7_scenic-demoshort_raw.wtv
9/4/2020 - 17:45:45.247Read1480C:\malware.exeC:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtvwin7_scenic-demoshort_raw.wtv
9/4/2020 - 17:45:45.247Read1480C:\malware.exeC:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtvwin7_scenic-demoshort_raw.wtv
9/4/2020 - 17:45:45.247Write1480C:\malware.exeC:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtvwin7_scenic-demoshort_raw.wtv
9/4/2020 - 17:45:45.247Write1480C:\malware.exeC:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtvwin7_scenic-demoshort_raw.wtv
9/4/2020 - 17:45:45.247Unknown1480C:\malware.exeC:\Users\Public\Videos\Sample Videos\Wildlife.wmv
9/4/2020 - 17:45:45.247Open1480C:\malware.exeC:\Users\Public\Videos\Sample Videos\Wildlife.wmv
9/4/2020 - 17:45:45.247Read1480C:\malware.exeC:\Users\Public\Videos\Sample Videos\Wildlife.wmv
9/4/2020 - 17:45:45.247Read1480C:\malware.exeC:\Users\Public\Videos\Sample Videos\Wildlife.wmv
9/4/2020 - 17:45:45.247Read1480C:\malware.exeC:\Users\Public\Videos\Sample Videos\Wildlife.wmv
9/4/2020 - 17:45:45.247Read1480C:\malware.exeC:\Users\Public\Videos\Sample Videos\Wildlife.wmv
9/4/2020 - 17:45:45.247Write1480C:\malware.exeC:\Users\Public\Videos\Sample Videos\Wildlife.wmv
9/4/2020 - 17:45:45.247Write1480C:\malware.exeC:\Users\Public\Videos\Sample Videos\Wildlife.wmv
9/4/2020 - 17:45:45.247Unknown1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.TargetsWorkflow.Targets
9/4/2020 - 17:45:45.247Open1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets
9/4/2020 - 17:45:45.247Read1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.TargetsWorkflow.Targets
9/4/2020 - 17:45:45.247Read1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.TargetsWorkflow.Targets
9/4/2020 - 17:45:45.247Unknown1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.TargetsWorkflow.VisualBasic.Targets
9/4/2020 - 17:45:45.247Read1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.TargetsWorkflow.Targets
9/4/2020 - 17:45:45.247Read1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.TargetsWorkflow.Targets
9/4/2020 - 17:45:45.247Write1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.TargetsWorkflow.Targets
9/4/2020 - 17:45:45.247Write1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.TargetsWorkflow.Targets
9/4/2020 - 17:45:45.247Open1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets
9/4/2020 - 17:45:45.247Read1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.TargetsWorkflow.VisualBasic.Targets
9/4/2020 - 17:45:45.247Read1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.TargetsWorkflow.VisualBasic.Targets
9/4/2020 - 17:45:45.247Read1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.TargetsWorkflow.VisualBasic.Targets
9/4/2020 - 17:45:45.247Read1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.TargetsWorkflow.VisualBasic.Targets
9/4/2020 - 17:45:45.247Write1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.TargetsWorkflow.VisualBasic.Targets
9/4/2020 - 17:45:45.247Write1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.TargetsWorkflow.VisualBasic.Targets
9/4/2020 - 17:45:45.247Unknown1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.TargetsWorkflow.Targets
9/4/2020 - 17:45:45.247Open1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets
9/4/2020 - 17:45:45.247Read1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.TargetsWorkflow.Targets
9/4/2020 - 17:45:45.247Read1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.TargetsWorkflow.Targets
9/4/2020 - 17:45:45.247Read1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.TargetsWorkflow.Targets
9/4/2020 - 17:45:45.247Read1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.TargetsWorkflow.Targets
9/4/2020 - 17:45:45.247Write1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.TargetsWorkflow.Targets
9/4/2020 - 17:45:45.247Write1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.TargetsWorkflow.Targets
9/4/2020 - 17:45:45.247Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}
9/4/2020 - 17:45:45.247Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
9/4/2020 - 17:45:45.262Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
9/4/2020 - 17:45:45.262Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
9/4/2020 - 17:45:45.262Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:45.262Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:45.262Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:45.262Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:45.262Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:45.262Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:45.262Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:45.262Read1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:45.262Read1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:45.262Write1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:45.262Write1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:45.262Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.262Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.262Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.262Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.262Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.262Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.262Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.262Read1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.262Read1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.262Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.262Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.262Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.262Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.262Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.262Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.catwindowskernelcapturedriver.cat
9/4/2020 - 17:45:45.262Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat
9/4/2020 - 17:45:45.262Read1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.catwindowskernelcapturedriver.cat
9/4/2020 - 17:45:45.262Read1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.catwindowskernelcapturedriver.cat
9/4/2020 - 17:45:45.262Write1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.catwindowskernelcapturedriver.cat
9/4/2020 - 17:45:45.262Write1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.catwindowskernelcapturedriver.cat
9/4/2020 - 17:45:45.262Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.infWindowsKernelCaptureDriver.inf
9/4/2020 - 17:45:45.262Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf
9/4/2020 - 17:45:45.262Read1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.infWindowsKernelCaptureDriver.inf
9/4/2020 - 17:45:45.262Read1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.infWindowsKernelCaptureDriver.inf
9/4/2020 - 17:45:45.262Read1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.infWindowsKernelCaptureDriver.inf
9/4/2020 - 17:45:45.262Write1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.infWindowsKernelCaptureDriver.inf
9/4/2020 - 17:45:45.262Write1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.infWindowsKernelCaptureDriver.inf
9/4/2020 - 17:45:45.262Unknown1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpgHydrangeas.jpg
9/4/2020 - 17:45:45.262Open1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg
9/4/2020 - 17:45:45.262Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpgHydrangeas.jpg
9/4/2020 - 17:45:45.262Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpgHydrangeas.jpg
9/4/2020 - 17:45:45.262Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpgHydrangeas.jpg
9/4/2020 - 17:45:45.262Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpgHydrangeas.jpg
9/4/2020 - 17:45:45.262Unknown1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpgJellyfish.jpg
9/4/2020 - 17:45:45.262Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpgHydrangeas.jpg
9/4/2020 - 17:45:45.262Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpgHydrangeas.jpg
9/4/2020 - 17:45:45.262Open1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg
9/4/2020 - 17:45:45.262Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpgJellyfish.jpg
9/4/2020 - 17:45:45.262Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpgJellyfish.jpg
9/4/2020 - 17:45:45.262Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpgJellyfish.jpg
9/4/2020 - 17:45:45.262Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpgJellyfish.jpg
9/4/2020 - 17:45:45.262Unknown1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Koala.jpg
9/4/2020 - 17:45:45.278Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpgJellyfish.jpg
9/4/2020 - 17:45:45.278Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpgJellyfish.jpg
9/4/2020 - 17:45:45.278Open1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Koala.jpg
9/4/2020 - 17:45:45.278Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Koala.jpg
9/4/2020 - 17:45:45.278Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Koala.jpg
9/4/2020 - 17:45:45.278Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Koala.jpg
9/4/2020 - 17:45:45.278Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Koala.jpg
9/4/2020 - 17:45:45.278Unknown1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpgLighthouse.jpg
9/4/2020 - 17:45:45.278Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Koala.jpg
9/4/2020 - 17:45:45.278Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Koala.jpg
9/4/2020 - 17:45:45.278Open1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg
9/4/2020 - 17:45:45.278Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpgLighthouse.jpg
9/4/2020 - 17:45:45.278Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpgLighthouse.jpg
9/4/2020 - 17:45:45.278Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpgLighthouse.jpg
9/4/2020 - 17:45:45.278Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpgLighthouse.jpg
9/4/2020 - 17:45:45.278Unknown1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
9/4/2020 - 17:45:45.278Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpgLighthouse.jpg
9/4/2020 - 17:45:45.278Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpgLighthouse.jpg
9/4/2020 - 17:45:45.278Open1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
9/4/2020 - 17:45:45.278Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
9/4/2020 - 17:45:45.278Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
9/4/2020 - 17:45:45.278Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
9/4/2020 - 17:45:45.278Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
9/4/2020 - 17:45:45.278Unknown1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.TargetsWorkflow.VisualBasic.Targets
9/4/2020 - 17:45:45.278Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
9/4/2020 - 17:45:45.278Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
9/4/2020 - 17:45:45.278Open1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets
9/4/2020 - 17:45:45.278Read1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.TargetsWorkflow.VisualBasic.Targets
9/4/2020 - 17:45:45.278Read1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.TargetsWorkflow.VisualBasic.Targets
9/4/2020 - 17:45:45.278Read1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.TargetsWorkflow.VisualBasic.Targets
9/4/2020 - 17:45:45.278Read1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.TargetsWorkflow.VisualBasic.Targets
9/4/2020 - 17:45:45.278Unknown1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xmlFrameworkList.xml
9/4/2020 - 17:45:45.278Write1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.TargetsWorkflow.VisualBasic.Targets
9/4/2020 - 17:45:45.278Write1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.TargetsWorkflow.VisualBasic.Targets
9/4/2020 - 17:45:45.278Open1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml
9/4/2020 - 17:45:45.278Read1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xmlFrameworkList.xml
9/4/2020 - 17:45:45.278Read1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xmlFrameworkList.xml
9/4/2020 - 17:45:45.278Read1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xmlFrameworkList.xml
9/4/2020 - 17:45:45.278Read1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xmlFrameworkList.xml
9/4/2020 - 17:45:45.278Unknown1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xmlWinFXList.xml
9/4/2020 - 17:45:45.278Write1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xmlFrameworkList.xml
9/4/2020 - 17:45:45.278Write1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xmlFrameworkList.xml
9/4/2020 - 17:45:45.278Open1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml
9/4/2020 - 17:45:45.293Read1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xmlWinFXList.xml
9/4/2020 - 17:45:45.293Read1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xmlWinFXList.xml
9/4/2020 - 17:45:45.293Read1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xmlWinFXList.xml
9/4/2020 - 17:45:45.293Write1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xmlWinFXList.xml
9/4/2020 - 17:45:45.293Write1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xmlWinFXList.xml
9/4/2020 - 17:45:45.356Unknown1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xmlFrameworkList.xml
9/4/2020 - 17:45:45.356Open1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml
9/4/2020 - 17:45:45.356Read1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xmlFrameworkList.xml
9/4/2020 - 17:45:45.356Read1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xmlFrameworkList.xml
9/4/2020 - 17:45:45.372Read1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xmlFrameworkList.xml
9/4/2020 - 17:45:45.372Read1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xmlFrameworkList.xml
9/4/2020 - 17:45:45.372Write1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xmlFrameworkList.xml
9/4/2020 - 17:45:45.372Write1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xmlFrameworkList.xml
9/4/2020 - 17:45:45.372Unknown1480C:\malware.exeC:\ProgramData\Microsoft\MF\Active.GRL
9/4/2020 - 17:45:45.372Open1480C:\malware.exeC:\ProgramData\Microsoft\MF\Active.GRL
9/4/2020 - 17:45:45.372Unknown1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xmlWinFXList.xml
9/4/2020 - 17:45:45.372Open1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml
9/4/2020 - 17:45:45.372Read1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xmlWinFXList.xml
9/4/2020 - 17:45:45.372Read1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xmlWinFXList.xml
9/4/2020 - 17:45:45.372Read1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xmlWinFXList.xml
9/4/2020 - 17:45:45.372Write1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xmlWinFXList.xml
9/4/2020 - 17:45:45.372Write1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xmlWinFXList.xml
9/4/2020 - 17:45:45.372Unknown1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpgChrysanthemum.jpg
9/4/2020 - 17:45:45.372Open1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg
9/4/2020 - 17:45:45.372Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpgChrysanthemum.jpg
9/4/2020 - 17:45:45.372Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpgChrysanthemum.jpg
9/4/2020 - 17:45:45.372Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpgChrysanthemum.jpg
9/4/2020 - 17:45:45.372Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpgChrysanthemum.jpg
9/4/2020 - 17:45:45.372Unknown1480C:\malware.exeC:\Users\Public\Music\Sample Music\Sleep Away.mp3Sleep Away.mp3
9/4/2020 - 17:45:45.372Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpgChrysanthemum.jpg
9/4/2020 - 17:45:45.372Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpgChrysanthemum.jpg
9/4/2020 - 17:45:45.372Open1480C:\malware.exeC:\Users\Public\Music\Sample Music\Sleep Away.mp3
9/4/2020 - 17:45:45.372Read1480C:\malware.exeC:\Users\Public\Music\Sample Music\Sleep Away.mp3Sleep Away.mp3
9/4/2020 - 17:45:45.372Read1480C:\malware.exeC:\Users\Public\Music\Sample Music\Sleep Away.mp3Sleep Away.mp3
9/4/2020 - 17:45:45.372Read1480C:\malware.exeC:\Users\Public\Music\Sample Music\Sleep Away.mp3Sleep Away.mp3
9/4/2020 - 17:45:45.372Read1480C:\malware.exeC:\Users\Public\Music\Sample Music\Sleep Away.mp3Sleep Away.mp3
9/4/2020 - 17:45:45.372Unknown1480C:\malware.exeC:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3Maid with the Flaxen Hair.mp3
9/4/2020 - 17:45:45.372Write1480C:\malware.exeC:\Users\Public\Music\Sample Music\Sleep Away.mp3Sleep Away.mp3
9/4/2020 - 17:45:45.372Write1480C:\malware.exeC:\Users\Public\Music\Sample Music\Sleep Away.mp3Sleep Away.mp3
9/4/2020 - 17:45:45.372Open1480C:\malware.exeC:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3
9/4/2020 - 17:45:45.372Read1480C:\malware.exeC:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3Maid with the Flaxen Hair.mp3
9/4/2020 - 17:45:45.372Read1480C:\malware.exeC:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3Maid with the Flaxen Hair.mp3
9/4/2020 - 17:45:45.372Read1480C:\malware.exeC:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3Maid with the Flaxen Hair.mp3
9/4/2020 - 17:45:45.372Read1480C:\malware.exeC:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3Maid with the Flaxen Hair.mp3
9/4/2020 - 17:45:45.372Unknown1480C:\malware.exeC:\Users\Public\Music\Sample Music\Kalimba.mp3
9/4/2020 - 17:45:45.372Write1480C:\malware.exeC:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3Maid with the Flaxen Hair.mp3
9/4/2020 - 17:45:45.372Write1480C:\malware.exeC:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3Maid with the Flaxen Hair.mp3
9/4/2020 - 17:45:45.372Open1480C:\malware.exeC:\Users\Public\Music\Sample Music\Kalimba.mp3
9/4/2020 - 17:45:45.372Read1480C:\malware.exeC:\Users\Public\Music\Sample Music\Kalimba.mp3
9/4/2020 - 17:45:45.372Read1480C:\malware.exeC:\Users\Public\Music\Sample Music\Kalimba.mp3
9/4/2020 - 17:45:45.387Read1480C:\malware.exeC:\Users\Public\Music\Sample Music\Kalimba.mp3
9/4/2020 - 17:45:45.387Read1480C:\malware.exeC:\Users\Public\Music\Sample Music\Kalimba.mp3
9/4/2020 - 17:45:45.387Unknown1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
9/4/2020 - 17:45:45.387Write1480C:\malware.exeC:\Users\Public\Music\Sample Music\Kalimba.mp3
9/4/2020 - 17:45:45.387Write1480C:\malware.exeC:\Users\Public\Music\Sample Music\Kalimba.mp3
9/4/2020 - 17:45:45.387Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url
9/4/2020 - 17:45:45.387Read1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
9/4/2020 - 17:45:45.387Read1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
9/4/2020 - 17:45:45.387Write1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
9/4/2020 - 17:45:45.387Write1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
9/4/2020 - 17:45:45.387Unknown1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.urlMSN Brasil.url
9/4/2020 - 17:45:45.387Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url
9/4/2020 - 17:45:45.387Read1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.urlMSN Brasil.url
9/4/2020 - 17:45:45.387Read1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.urlMSN Brasil.url
9/4/2020 - 17:45:45.387Write1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.urlMSN Brasil.url
9/4/2020 - 17:45:45.387Write1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.urlMSN Brasil.url
9/4/2020 - 17:45:45.387Unknown1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.urlMicrosoft Brasil.url
9/4/2020 - 17:45:45.387Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url
9/4/2020 - 17:45:45.387Read1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.urlMicrosoft Brasil.url
9/4/2020 - 17:45:45.387Read1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.urlMicrosoft Brasil.url
9/4/2020 - 17:45:45.387Write1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.urlMicrosoft Brasil.url
9/4/2020 - 17:45:45.387Write1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.urlMicrosoft Brasil.url
9/4/2020 - 17:45:45.387Unknown1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Sites Sugeridos.urlSites Sugeridos.url
9/4/2020 - 17:45:45.387Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Sites Sugeridos.url
9/4/2020 - 17:45:45.387Read1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Sites Sugeridos.urlSites Sugeridos.url
9/4/2020 - 17:45:45.387Read1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Sites Sugeridos.urlSites Sugeridos.url
9/4/2020 - 17:45:45.387Read1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Sites Sugeridos.urlSites Sugeridos.url
9/4/2020 - 17:45:45.387Write1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Sites Sugeridos.urlSites Sugeridos.url
9/4/2020 - 17:45:45.387Write1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Sites Sugeridos.urlSites Sugeridos.url
9/4/2020 - 17:45:45.418Unknown1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:45.418Open1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:45.418Open1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:45.418Unknown1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:45.418Unknown1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:45.418Open1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:45.418Open1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:45.418Open1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:45.418Open1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:45.418Unknown1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:45.418Unknown1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:45.418Read1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:45.418Read1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:45.434Write1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:45.434Write1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.CRT
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.CRT
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.CRT
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck
9/4/2020 - 17:45:45.434Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.LckHelp_MValidator.Lck
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck
9/4/2020 - 17:45:45.434Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.LckHelp_MValidator.Lck
9/4/2020 - 17:45:45.434Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H
9/4/2020 - 17:45:45.434Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_BestBet.H1W
9/4/2020 - 17:45:45.434Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_BestBet.H1W
9/4/2020 - 17:45:45.434Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1H
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_BestBet.H1W
9/4/2020 - 17:45:45.434Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_BestBet.H1W
9/4/2020 - 17:45:45.434Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MTOC_help.H1H
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex
9/4/2020 - 17:45:45.434Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex
9/4/2020 - 17:45:45.434Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp
9/4/2020 - 17:45:45.434Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmpusertile11.bmp
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp
9/4/2020 - 17:45:45.434Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmpusertile12.bmp
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp
9/4/2020 - 17:45:45.434Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmpusertile13.bmp
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
9/4/2020 - 17:45:45.465Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
9/4/2020 - 17:45:45.465Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
9/4/2020 - 17:45:45.465Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
9/4/2020 - 17:45:45.465Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
9/4/2020 - 17:45:45.465Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US
9/4/2020 - 17:45:45.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
9/4/2020 - 17:45:45.465Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
9/4/2020 - 17:45:45.465Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
9/4/2020 - 17:45:45.465Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
9/4/2020 - 17:45:45.465Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
9/4/2020 - 17:45:45.465Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
9/4/2020 - 17:45:45.465Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
9/4/2020 - 17:45:45.465Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
9/4/2020 - 17:45:45.465Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma
9/4/2020 - 17:45:45.465Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma
9/4/2020 - 17:45:45.465Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wmaRingtone 02.wma
9/4/2020 - 17:45:45.465Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma
9/4/2020 - 17:45:45.465Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma
9/4/2020 - 17:45:45.465Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wmaRingtone 02.wma
9/4/2020 - 17:45:45.465Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wmaRingtone 02.wma
9/4/2020 - 17:45:45.465Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma
9/4/2020 - 17:45:45.465Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma
9/4/2020 - 17:45:45.465Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wmaRingtone 02.wma
9/4/2020 - 17:45:45.465Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wmaRingtone 02.wma
9/4/2020 - 17:45:45.465Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wmaRingtone 02.wma
9/4/2020 - 17:45:45.465Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wmaRingtone 02.wma
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma
9/4/2020 - 17:45:45.465Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wmaRingtone 02.wma
9/4/2020 - 17:45:45.465Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wmaRingtone 02.wma
9/4/2020 - 17:45:45.465Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma
9/4/2020 - 17:45:45.465Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289
9/4/2020 - 17:45:45.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f\Report.wer
9/4/2020 - 17:45:45.465Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f\Report.wer
9/4/2020 - 17:45:45.465Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f\Report.wer
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
9/4/2020 - 17:45:45.465Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
9/4/2020 - 17:45:45.481Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tifWelcomeFax.tif
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
9/4/2020 - 17:45:45.481Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tifWelcomeFax.tif
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\resource.xml
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Config
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Config
9/4/2020 - 17:45:45.481Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Config
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs
9/4/2020 - 17:45:45.481Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00003.log
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00003.log
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrs
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrs
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrs
9/4/2020 - 17:45:45.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrs
9/4/2020 - 17:45:45.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:45.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:45.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
9/4/2020 - 17:45:45.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
9/4/2020 - 17:45:45.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
9/4/2020 - 17:45:45.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:45.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:45.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:45.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:45.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
9/4/2020 - 17:45:45.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
9/4/2020 - 17:45:45.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
9/4/2020 - 17:45:45.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
9/4/2020 - 17:45:45.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
9/4/2020 - 17:45:45.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
9/4/2020 - 17:45:45.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC
9/4/2020 - 17:45:45.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC
9/4/2020 - 17:45:45.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC
9/4/2020 - 17:45:45.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
9/4/2020 - 17:45:45.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
9/4/2020 - 17:45:45.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
9/4/2020 - 17:45:45.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex
9/4/2020 - 17:45:45.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex
9/4/2020 - 17:45:45.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex
9/4/2020 - 17:45:45.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex
9/4/2020 - 17:45:45.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex
9/4/2020 - 17:45:45.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex
9/4/2020 - 17:45:45.497Open1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:45.497Open1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:45.497Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:45.497Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:45.497Open1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:45.497Open1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:45.497Open1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:45.497Open1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:45.497Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:45.497Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:45.497Write1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:45.497Write1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:45.497Write1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:45.512Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}
9/4/2020 - 17:45:45.512Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR
9/4/2020 - 17:45:45.512Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR
9/4/2020 - 17:45:45.512Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR
9/4/2020 - 17:45:45.512Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
9/4/2020 - 17:45:45.512Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
9/4/2020 - 17:45:45.512Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
9/4/2020 - 17:45:45.512Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
9/4/2020 - 17:45:45.512Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
9/4/2020 - 17:45:45.512Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
9/4/2020 - 17:45:45.512Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
9/4/2020 - 17:45:45.512Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
9/4/2020 - 17:45:45.528Open1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package
9/4/2020 - 17:45:45.528Unknown1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.catwindowskernelcapturedriver.cat
9/4/2020 - 17:45:45.528Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.528Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.528Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.528Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.528Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.528Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.528Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.528Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.528Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.528Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.528Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.528Read1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.528Read1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.528Write1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.528Write1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.137Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.CSD
9/4/2020 - 17:45:44.887Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D
9/4/2020 - 17:45:45.622Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:45.622Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D
9/4/2020 - 17:45:45.622Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:45.622Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W
9/4/2020 - 17:45:45.622Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W
9/4/2020 - 17:45:45.622Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H
9/4/2020 - 17:45:45.622Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H
9/4/2020 - 17:45:45.215Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D
9/4/2020 - 17:45:45.622Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
9/4/2020 - 17:45:45.622Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
9/4/2020 - 17:45:45.622Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1QHelp{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
9/4/2020 - 17:45:45.622Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
9/4/2020 - 17:45:45.622Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
9/4/2020 - 17:45:45.622Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1QHelp{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
9/4/2020 - 17:45:45.622Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:45.622Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1H
9/4/2020 - 17:45:45.622Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.Lck
9/4/2020 - 17:45:45.622Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.Lck
9/4/2020 - 17:45:45.622Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.LckHelp_MValidator.Lck
9/4/2020 - 17:45:45.622Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.Lck
9/4/2020 - 17:45:45.622Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.Lck
9/4/2020 - 17:45:45.622Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.LckHelp_MValidator.Lck
9/4/2020 - 17:45:45.622Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:45.622Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MTOC_help.H1H
9/4/2020 - 17:45:45.622Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:44.887Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
9/4/2020 - 17:45:45.622Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
9/4/2020 - 17:45:45.622Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
9/4/2020 - 17:45:45.622Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
9/4/2020 - 17:45:44.887Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
9/4/2020 - 17:45:45.622Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
9/4/2020 - 17:45:45.622Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.pngbackground.png
9/4/2020 - 17:45:45.622Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
9/4/2020 - 17:45:45.622Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
9/4/2020 - 17:45:45.622Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
9/4/2020 - 17:45:45.622Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
9/4/2020 - 17:45:45.622Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
9/4/2020 - 17:45:45.622Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
9/4/2020 - 17:45:45.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
9/4/2020 - 17:45:45.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
9/4/2020 - 17:45:45.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
9/4/2020 - 17:45:45.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
9/4/2020 - 17:45:45.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
9/4/2020 - 17:45:45.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
9/4/2020 - 17:45:45.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
9/4/2020 - 17:45:45.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
9/4/2020 - 17:45:45.637Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wmaRingtone 01.wma
9/4/2020 - 17:45:45.637Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Desert.jpg
9/4/2020 - 17:45:45.637Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
9/4/2020 - 17:45:45.637Write1480C:\malware.exeC:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtvwin7_scenic-demoshort_raw.wtv
9/4/2020 - 17:45:45.637Write1480C:\malware.exeC:\Users\Public\Videos\Sample Videos\Wildlife.wmv
9/4/2020 - 17:45:45.637Write1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.TargetsWorkflow.Targets
9/4/2020 - 17:45:45.637Write1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.TargetsWorkflow.VisualBasic.Targets
9/4/2020 - 17:45:45.637Write1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.infWindowsKernelCaptureDriver.inf
9/4/2020 - 17:45:45.637Write1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.catwindowskernelcapturedriver.cat
9/4/2020 - 17:45:45.637Write1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:45.637Write1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.TargetsWorkflow.Targets
9/4/2020 - 17:45:45.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
9/4/2020 - 17:45:45.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
9/4/2020 - 17:45:45.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
9/4/2020 - 17:45:45.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
9/4/2020 - 17:45:45.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
9/4/2020 - 17:45:45.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
9/4/2020 - 17:45:45.637Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpgHydrangeas.jpg
9/4/2020 - 17:45:45.637Write1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.infWindowsKernelCaptureDriver.inf
9/4/2020 - 17:45:45.637Write1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.infWindowsKernelCaptureDriver.inf
9/4/2020 - 17:45:45.637Write1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.infWindowsKernelCaptureDriver.inf
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
9/4/2020 - 17:45:45.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
9/4/2020 - 17:45:45.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
9/4/2020 - 17:45:45.637Write1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.catwindowskernelcapturedriver.cat
9/4/2020 - 17:45:45.637Write1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.catwindowskernelcapturedriver.cat
9/4/2020 - 17:45:45.637Write1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.catwindowskernelcapturedriver.cat
9/4/2020 - 17:45:45.637Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpgJellyfish.jpg
9/4/2020 - 17:45:45.637Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Koala.jpg
9/4/2020 - 17:45:45.637Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpgLighthouse.jpg
9/4/2020 - 17:45:45.637Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
9/4/2020 - 17:45:45.653Write1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.TargetsWorkflow.VisualBasic.Targets
9/4/2020 - 17:45:45.653Write1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xmlFrameworkList.xml
9/4/2020 - 17:45:45.653Write1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xmlWinFXList.xml
9/4/2020 - 17:45:45.653Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpgChrysanthemum.jpg
9/4/2020 - 17:45:45.653Write1480C:\malware.exeC:\Users\Public\Music\Sample Music\Sleep Away.mp3Sleep Away.mp3
9/4/2020 - 17:45:45.653Write1480C:\malware.exeC:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3Maid with the Flaxen Hair.mp3
9/4/2020 - 17:45:45.653Write1480C:\malware.exeC:\Users\Public\Music\Sample Music\Kalimba.mp3
9/4/2020 - 17:45:45.653Write1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
9/4/2020 - 17:45:45.653Write1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.urlMSN Brasil.url
9/4/2020 - 17:45:45.653Write1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.urlMicrosoft Brasil.url
9/4/2020 - 17:45:45.653Write1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Sites Sugeridos.urlSites Sugeridos.url
9/4/2020 - 17:45:45.653Open1480C:\malware.exeC:\Users\Behemot\Downloads
9/4/2020 - 17:45:45.653Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor.zip
9/4/2020 - 17:45:45.653Write1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xmlWinFXList.xml
9/4/2020 - 17:45:45.653Write1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xmlFrameworkList.xml
9/4/2020 - 17:45:45.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
9/4/2020 - 17:45:45.653Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
9/4/2020 - 17:45:45.653Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
9/4/2020 - 17:45:45.653Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
9/4/2020 - 17:45:45.653Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
9/4/2020 - 17:45:45.653Write1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:45.653Write1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Sites Sugeridos.urlSites Sugeridos.url
9/4/2020 - 17:45:45.653Write1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Sites Sugeridos.urlSites Sugeridos.url
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
9/4/2020 - 17:45:45.653Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
9/4/2020 - 17:45:45.653Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
9/4/2020 - 17:45:45.653Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.pngbackground.png
9/4/2020 - 17:45:45.653Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
9/4/2020 - 17:45:45.653Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
9/4/2020 - 17:45:45.653Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wmaRingtone 02.wma
9/4/2020 - 17:45:45.653Unknown1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package
9/4/2020 - 17:45:45.653Unknown1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat.cb5649
9/4/2020 - 17:45:45.653Write1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:45.653Write1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Galeria do Web Slice.urlGaleria do Web Slice.url
9/4/2020 - 17:45:45.653Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
9/4/2020 - 17:45:45.653Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
9/4/2020 - 17:45:45.653Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
9/4/2020 - 17:45:45.653Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
9/4/2020 - 17:45:45.668Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package
9/4/2020 - 17:45:45.668Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.infWindowsKernelCaptureDriver.inf
9/4/2020 - 17:45:45.668Write1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Galeria do Web Slice.urlGaleria do Web Slice.url
9/4/2020 - 17:45:45.668Write1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Galeria do Web Slice.urlGaleria do Web Slice.url
9/4/2020 - 17:45:45.653Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
9/4/2020 - 17:45:45.668Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package
9/4/2020 - 17:45:45.668Unknown1480C:\malware.exeC:\Users\Behemot\Downloads
9/4/2020 - 17:45:45.668Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor.zip.cb5649
9/4/2020 - 17:45:45.668Write1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Sites Sugeridos.urlSites Sugeridos.url
9/4/2020 - 17:45:45.668Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links
9/4/2020 - 17:45:45.668Unknown1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Sites Sugeridos.urlSites Sugeridos.url
9/4/2020 - 17:45:45.668Write1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Galeria do Web Slice.urlGaleria do Web Slice.url
9/4/2020 - 17:45:45.668Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package
9/4/2020 - 17:45:45.668Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.inf.cb5649
9/4/2020 - 17:45:45.668Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links
9/4/2020 - 17:45:45.668Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.catwindowskernelcapturedriver.cat
9/4/2020 - 17:45:45.668Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
9/4/2020 - 17:45:45.668Unknown1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Galeria do Web Slice.urlGaleria do Web Slice.url
9/4/2020 - 17:45:45.668Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
9/4/2020 - 17:45:45.668Open1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\CB5649-Readme.txt
9/4/2020 - 17:45:45.668Open1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\CB5649-Readme.txt
9/4/2020 - 17:45:45.668Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package
9/4/2020 - 17:45:45.668Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\windowskernelcapturedriver.cat.cb5649
9/4/2020 - 17:45:45.668Open1480C:\malware.exeC:\Users\Behemot\Downloads\CB5649-Readme.txt
9/4/2020 - 17:45:45.668Open1480C:\malware.exeC:\Users\Behemot\Downloads\CB5649-Readme.txt
9/4/2020 - 17:45:45.668Write1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\CB5649-Readme.txtCB5649-Readme.txt
9/4/2020 - 17:45:45.668Unknown1480C:\malware.exeC:\Users\Behemot\Favorites\Links
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\CB5649-Readme.txt
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\CB5649-Readme.txt
9/4/2020 - 17:45:45.684Unknown1480C:\malware.exeC:\Users\Behemot\Favorites\Links
9/4/2020 - 17:45:45.684Write1480C:\malware.exeC:\Users\Behemot\Downloads\CB5649-Readme.txtCB5649-Readme.txt
9/4/2020 - 17:45:45.684Write1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\CB5649-Readme.txtCB5649-Readme.txt
9/4/2020 - 17:45:45.684Unknown1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Sites Sugeridos.url.cb5649
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\CB5649-Readme.txt
9/4/2020 - 17:45:45.684Unknown1480C:\malware.exeC:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url.cb5649
9/4/2020 - 17:45:45.684Unknown1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\CB5649-Readme.txtCB5649-Readme.txt
9/4/2020 - 17:45:45.684Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\CB5649-Readme.txtCB5649-Readme.txt
9/4/2020 - 17:45:45.684Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\CB5649-Readme.txtCB5649-Readme.txt
9/4/2020 - 17:45:45.684Unknown1480C:\malware.exeC:\Users\Behemot\Downloads\Monitor\Monitor\WindowsKernelCaptureDriver Package\CB5649-Readme.txtCB5649-Readme.txt
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links\CB5649-Readme.txt
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links\CB5649-Readme.txt
9/4/2020 - 17:45:45.668Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
9/4/2020 - 17:45:45.684Write1480C:\malware.exeC:\Users\Behemot\Favorites\Links\CB5649-Readme.txtCB5649-Readme.txt
9/4/2020 - 17:45:45.684Unknown1480C:\malware.exeC:\Users\Behemot\Favorites\Links\CB5649-Readme.txtCB5649-Readme.txt
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links\CB5649-Readme.txt
9/4/2020 - 17:45:45.684Unknown1480C:\malware.exeC:\Users\Behemot\Favorites\Links\CB5649-Readme.txtCB5649-Readme.txt
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png
9/4/2020 - 17:45:45.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
9/4/2020 - 17:45:45.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl
9/4/2020 - 17:45:45.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.CrwlSystemIndex.1.Crwl
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl
9/4/2020 - 17:45:45.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.CrwlSystemIndex.1.Crwl
9/4/2020 - 17:45:45.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.CrwlSystemIndex.1.Crwl
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl
9/4/2020 - 17:45:45.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.CrwlSystemIndex.1.Crwl
9/4/2020 - 17:45:45.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.CrwlSystemIndex.1.Crwl
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr
9/4/2020 - 17:45:45.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthrSystemIndex.1.gthr
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr
9/4/2020 - 17:45:45.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthrSystemIndex.1.gthr
9/4/2020 - 17:45:45.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthrSystemIndex.1.gthr
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr
9/4/2020 - 17:45:45.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthrSystemIndex.1.gthr
9/4/2020 - 17:45:45.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthrSystemIndex.1.gthr
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer
9/4/2020 - 17:45:45.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap
9/4/2020 - 17:45:45.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore
9/4/2020 - 17:45:45.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore
9/4/2020 - 17:45:45.465Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp
9/4/2020 - 17:45:45.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmpusertile44.bmp
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp
9/4/2020 - 17:45:45.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmpusertile14.bmp
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
9/4/2020 - 17:45:45.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
9/4/2020 - 17:45:45.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms
9/4/2020 - 17:45:45.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wmaRingtone 10.wma
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma
9/4/2020 - 17:45:45.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wmaRingtone 10.wma
9/4/2020 - 17:45:45.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wmaRingtone 10.wma
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma
9/4/2020 - 17:45:45.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma
9/4/2020 - 17:45:45.700Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wmaRingtone 10.wma
9/4/2020 - 17:45:45.700Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wmaRingtone 10.wma
9/4/2020 - 17:45:45.715Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wmaRingtone 10.wma
9/4/2020 - 17:45:45.715Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wmaRingtone 10.wma
9/4/2020 - 17:45:45.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wmaRingtone 03.wma
9/4/2020 - 17:45:45.715Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wmaRingtone 10.wma
9/4/2020 - 17:45:45.715Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wmaRingtone 10.wma
9/4/2020 - 17:45:45.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma
9/4/2020 - 17:45:45.715Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wmaRingtone 10.wma
9/4/2020 - 17:45:45.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma
9/4/2020 - 17:45:45.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wmaRingtone 03.wma
9/4/2020 - 17:45:45.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wmaRingtone 03.wma
9/4/2020 - 17:45:45.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma
9/4/2020 - 17:45:45.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma
9/4/2020 - 17:45:45.715Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wmaRingtone 03.wma
9/4/2020 - 17:45:45.715Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wmaRingtone 03.wma
9/4/2020 - 17:45:45.715Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wmaRingtone 03.wma
9/4/2020 - 17:45:45.715Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wmaRingtone 03.wma
9/4/2020 - 17:45:45.715Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wmaRingtone 03.wma
9/4/2020 - 17:45:45.715Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wmaRingtone 03.wma
9/4/2020 - 17:45:45.715Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wmaRingtone 03.wma
9/4/2020 - 17:45:45.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xml
9/4/2020 - 17:45:45.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xmlDMIA26A.tmp.log.xml
9/4/2020 - 17:45:45.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xml
9/4/2020 - 17:45:45.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xmlDMIA26A.tmp.log.xml
9/4/2020 - 17:45:45.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xmlDMIA26A.tmp.log.xml
9/4/2020 - 17:45:45.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xml
9/4/2020 - 17:45:45.715Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xmlDMIA26A.tmp.log.xml
9/4/2020 - 17:45:45.715Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xmlDMIA26A.tmp.log.xml
9/4/2020 - 17:45:45.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
9/4/2020 - 17:45:45.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
9/4/2020 - 17:45:45.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
9/4/2020 - 17:45:45.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
9/4/2020 - 17:45:45.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
9/4/2020 - 17:45:45.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
9/4/2020 - 17:45:45.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
9/4/2020 - 17:45:45.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
9/4/2020 - 17:45:45.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
9/4/2020 - 17:45:45.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
9/4/2020 - 17:45:45.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.covconfident.cov
9/4/2020 - 17:45:45.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
9/4/2020 - 17:45:45.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
9/4/2020 - 17:45:45.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
9/4/2020 - 17:45:45.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
9/4/2020 - 17:45:45.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
9/4/2020 - 17:45:45.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
9/4/2020 - 17:45:45.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
9/4/2020 - 17:45:45.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
9/4/2020 - 17:45:45.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
9/4/2020 - 17:45:45.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
9/4/2020 - 17:45:45.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
9/4/2020 - 17:45:45.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
9/4/2020 - 17:45:45.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
9/4/2020 - 17:45:45.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
9/4/2020 - 17:45:45.715Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
9/4/2020 - 17:45:45.715Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
9/4/2020 - 17:45:45.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue
9/4/2020 - 17:45:45.731Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
9/4/2020 - 17:45:45.731Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
9/4/2020 - 17:45:45.731Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
9/4/2020 - 17:45:45.731Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
9/4/2020 - 17:45:45.731Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
9/4/2020 - 17:45:45.731Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671
9/4/2020 - 17:45:45.231Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
9/4/2020 - 17:45:45.731Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex
9/4/2020 - 17:45:45.731Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex
9/4/2020 - 17:45:45.731Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl
9/4/2020 - 17:45:45.731Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.CrwlSystemIndex.1.Crwl
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl
9/4/2020 - 17:45:45.731Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.CrwlSystemIndex.1.Crwl
9/4/2020 - 17:45:45.731Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.CrwlSystemIndex.1.Crwl
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl
9/4/2020 - 17:45:45.731Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.CrwlSystemIndex.1.Crwl
9/4/2020 - 17:45:45.731Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.CrwlSystemIndex.1.Crwl
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr
9/4/2020 - 17:45:45.731Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthrSystemIndex.1.gthr
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr
9/4/2020 - 17:45:45.731Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthrSystemIndex.1.gthr
9/4/2020 - 17:45:45.731Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthrSystemIndex.1.gthr
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr
9/4/2020 - 17:45:45.731Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthrSystemIndex.1.gthr
9/4/2020 - 17:45:45.731Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthrSystemIndex.1.gthr
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer
9/4/2020 - 17:45:45.731Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap
9/4/2020 - 17:45:45.731Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore
9/4/2020 - 17:45:45.731Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:45.731Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:45.731Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:45.731Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:45.731Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:45.731Open1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
9/4/2020 - 17:45:45.731Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
9/4/2020 - 17:45:45.747Read1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
9/4/2020 - 17:45:45.747Read1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
9/4/2020 - 17:45:45.747Write1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
9/4/2020 - 17:45:45.747Write1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
9/4/2020 - 17:45:45.747Write1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
9/4/2020 - 17:45:45.747Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR
9/4/2020 - 17:45:45.747Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR
9/4/2020 - 17:45:45.747Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR
9/4/2020 - 17:45:45.747Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
9/4/2020 - 17:45:45.747Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
9/4/2020 - 17:45:45.747Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
9/4/2020 - 17:45:45.747Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
9/4/2020 - 17:45:45.747Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
9/4/2020 - 17:45:45.747Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
9/4/2020 - 17:45:45.747Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
9/4/2020 - 17:45:45.747Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
9/4/2020 - 17:45:45.747Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
9/4/2020 - 17:45:45.747Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
9/4/2020 - 17:45:45.747Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
9/4/2020 - 17:45:45.747Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
9/4/2020 - 17:45:45.747Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
9/4/2020 - 17:45:45.747Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
9/4/2020 - 17:45:45.747Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
9/4/2020 - 17:45:45.747Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
9/4/2020 - 17:45:45.762Read1480C:\malware.exeC:\ProgramData\Microsoft\MF\Active.GRL
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.WIH
9/4/2020 - 17:45:45.778Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.CSD
9/4/2020 - 17:45:45.778Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.CSD
9/4/2020 - 17:45:45.778Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.CSD
9/4/2020 - 17:45:45.778Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W
9/4/2020 - 17:45:45.778Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W
9/4/2020 - 17:45:45.778Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W
9/4/2020 - 17:45:45.778Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W
9/4/2020 - 17:45:45.778Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H
9/4/2020 - 17:45:45.778Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H
9/4/2020 - 17:45:45.778Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D
9/4/2020 - 17:45:45.778Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D
9/4/2020 - 17:45:45.778Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck
9/4/2020 - 17:45:45.778Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1D
9/4/2020 - 17:45:45.778Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:45.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1D
9/4/2020 - 17:45:45.793Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.Lck
9/4/2020 - 17:45:45.793Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.LckHelp_MValidator.Lck
9/4/2020 - 17:45:45.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.Lck
9/4/2020 - 17:45:45.793Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.LckHelp_MValidator.Lck
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_CValidator.H1D
9/4/2020 - 17:45:45.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_CValidator.H1D
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_AssetId.H1W
9/4/2020 - 17:45:45.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_AssetId.H1W
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_BestBet.H1W
9/4/2020 - 17:45:45.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_BestBet.H1W
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1H
9/4/2020 - 17:45:45.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1H
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1D
9/4/2020 - 17:45:45.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1D
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.Lck
9/4/2020 - 17:45:45.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.Lck
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
9/4/2020 - 17:45:45.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_CValidator.H1D
9/4/2020 - 17:45:45.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_CValidator.H1D
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_AssetId.H1W
9/4/2020 - 17:45:45.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_AssetId.H1W
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_BestBet.H1W
9/4/2020 - 17:45:45.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_BestBet.H1W
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1H
9/4/2020 - 17:45:45.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1H
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1D
9/4/2020 - 17:45:45.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1D
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.Lck
9/4/2020 - 17:45:45.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.Lck
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D
9/4/2020 - 17:45:45.793Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:45.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D
9/4/2020 - 17:45:45.793Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.Lck
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_CValidator.H1D
9/4/2020 - 17:45:45.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_CValidator.H1D
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_AssetId.H1W
9/4/2020 - 17:45:45.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_AssetId.H1W
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_BestBet.H1W
9/4/2020 - 17:45:45.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_BestBet.H1W
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MTOC_help.H1H
9/4/2020 - 17:45:45.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MTOC_help.H1H
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D
9/4/2020 - 17:45:45.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.Lck
9/4/2020 - 17:45:45.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.Lck
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_CValidator.H1D
9/4/2020 - 17:45:45.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_CValidator.H1D
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_AssetId.H1W
9/4/2020 - 17:45:45.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_AssetId.H1W
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_BestBet.H1W
9/4/2020 - 17:45:45.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_BestBet.H1W
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MTOC_help.H1H
9/4/2020 - 17:45:45.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MTOC_help.H1H
9/4/2020 - 17:45:45.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D
9/4/2020 - 17:45:45.793Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D
9/4/2020 - 17:45:45.793Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
9/4/2020 - 17:45:45.793Open1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
9/4/2020 - 17:45:45.793Open1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
9/4/2020 - 17:45:45.793Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
9/4/2020 - 17:45:45.793Open1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
9/4/2020 - 17:45:45.793Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
9/4/2020 - 17:45:45.793Unknown1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
9/4/2020 - 17:45:45.793Open1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
9/4/2020 - 17:45:45.793Read1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
9/4/2020 - 17:45:45.793Read1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
9/4/2020 - 17:45:45.793Read1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
9/4/2020 - 17:45:45.793Read1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
9/4/2020 - 17:45:45.809Write1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
9/4/2020 - 17:45:45.809Write1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\boot.sdi
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles
9/4/2020 - 17:45:45.809Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:45.809Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
9/4/2020 - 17:45:45.809Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
9/4/2020 - 17:45:45.809Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:45.809Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001
9/4/2020 - 17:45:45.809Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002
9/4/2020 - 17:45:45.809Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp
9/4/2020 - 17:45:45.809Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmpusertile15.bmp
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp
9/4/2020 - 17:45:45.809Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmpusertile16.bmp
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp
9/4/2020 - 17:45:45.809Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmpusertile17.bmp
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma
9/4/2020 - 17:45:45.809Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wmaRingtone 04.wma
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma
9/4/2020 - 17:45:45.809Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wmaRingtone 04.wma
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 05.wma
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 05.wma
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289
9/4/2020 - 17:45:45.809Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671
9/4/2020 - 17:45:45.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671
9/4/2020 - 17:45:45.809Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671
9/4/2020 - 17:45:45.825Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xmlDMIA26A.tmp.log.xml
9/4/2020 - 17:45:45.825Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xmlDMIA26A.tmp.log.xml
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
9/4/2020 - 17:45:45.825Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.covconfident.cov
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\confident.cov
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\fyi.cov
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\generic.cov
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\pt-BR\urgent.cov
9/4/2020 - 17:45:45.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f
9/4/2020 - 17:45:45.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289
9/4/2020 - 17:45:45.825Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289
9/4/2020 - 17:45:45.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671
9/4/2020 - 17:45:45.825Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671\DMIA661.tmp.log.xml
9/4/2020 - 17:45:45.825Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671\DMIA661.tmp.log.xmlDMIA661.tmp.log.xml
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671\DMIA661.tmp.log.xml
9/4/2020 - 17:45:45.825Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671\DMIA661.tmp.log.xmlDMIA661.tmp.log.xml
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671\Report.wer
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671\Report.wer
9/4/2020 - 17:45:45.825Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671\Report.wer
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
9/4/2020 - 17:45:45.825Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tifWelcomeFax.tif
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\pt-BR\WelcomeFax.tif
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl
9/4/2020 - 17:45:45.825Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.CrwlSystemIndex.1.Crwl
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl
9/4/2020 - 17:45:45.825Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.CrwlSystemIndex.1.Crwl
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr
9/4/2020 - 17:45:45.825Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthrSystemIndex.1.gthr
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr
9/4/2020 - 17:45:45.825Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthrSystemIndex.1.gthr
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer
9/4/2020 - 17:45:45.825Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap
9/4/2020 - 17:45:45.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap
9/4/2020 - 17:45:45.825Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap
9/4/2020 - 17:45:45.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore
9/4/2020 - 17:45:45.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore
9/4/2020 - 17:45:45.840Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore
9/4/2020 - 17:45:45.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles
9/4/2020 - 17:45:45.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles
9/4/2020 - 17:45:45.840Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles
9/4/2020 - 17:45:45.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:45.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:45.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
9/4/2020 - 17:45:45.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
9/4/2020 - 17:45:45.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
9/4/2020 - 17:45:45.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
9/4/2020 - 17:45:45.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:45.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:45.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001
9/4/2020 - 17:45:45.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001
9/4/2020 - 17:45:45.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002
9/4/2020 - 17:45:45.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002
9/4/2020 - 17:45:45.840Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthrSystemIndex.1.gthr
9/4/2020 - 17:45:45.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr
9/4/2020 - 17:45:45.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr
9/4/2020 - 17:45:45.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr
9/4/2020 - 17:45:45.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr
9/4/2020 - 17:45:45.840Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthrSystemIndex.1.gthr
9/4/2020 - 17:45:45.840Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthrSystemIndex.1.gthr
9/4/2020 - 17:45:45.840Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
9/4/2020 - 17:45:45.840Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.cb5649
9/4/2020 - 17:45:45.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
9/4/2020 - 17:45:45.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
9/4/2020 - 17:45:45.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
9/4/2020 - 17:45:45.840Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
9/4/2020 - 17:45:45.856Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
9/4/2020 - 17:45:45.856Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
9/4/2020 - 17:45:45.856Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
9/4/2020 - 17:45:45.856Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\pt-BR\resource.xml
9/4/2020 - 17:45:45.856Read1480C:\malware.exeC:\ProgramData\Microsoft\MF\Active.GRL
9/4/2020 - 17:45:45.856Unknown1480C:\malware.exeC:\ProgramData\Microsoft\MF\Active.GRL
9/4/2020 - 17:45:45.137Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.LTS
9/4/2020 - 17:45:45.856Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.LTS
9/4/2020 - 17:45:45.856Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.LTS
9/4/2020 - 17:45:45.856Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.LTS
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.TTS
9/4/2020 - 17:45:45.856Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.TTS
9/4/2020 - 17:45:45.856Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.TTS
9/4/2020 - 17:45:45.856Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.TTS
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.UDT
9/4/2020 - 17:45:45.856Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci
9/4/2020 - 17:45:45.856Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci
9/4/2020 - 17:45:45.856Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci
9/4/2020 - 17:45:45.856Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.dir
9/4/2020 - 17:45:45.856Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.dir
9/4/2020 - 17:45:45.856Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.dir
9/4/2020 - 17:45:45.856Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid
9/4/2020 - 17:45:45.856Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid
9/4/2020 - 17:45:45.856Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid
9/4/2020 - 17:45:45.872Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.ci
9/4/2020 - 17:45:45.872Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.ci
9/4/2020 - 17:45:45.872Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.ci
9/4/2020 - 17:45:45.872Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.dir
9/4/2020 - 17:45:45.872Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.dir
9/4/2020 - 17:45:45.872Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.dir
9/4/2020 - 17:45:45.872Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid
9/4/2020 - 17:45:45.872Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid
9/4/2020 - 17:45:45.872Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid
9/4/2020 - 17:45:45.872Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wsb
9/4/2020 - 17:45:45.872Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wsb
9/4/2020 - 17:45:45.872Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wsb
9/4/2020 - 17:45:45.872Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.000
9/4/2020 - 17:45:45.872Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wmaRingtone 01.wma
9/4/2020 - 17:45:45.872Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wmaRingtone 01.wma
9/4/2020 - 17:45:45.872Read1480C:\malware.exeC:\ProgramData\Microsoft\MF\Active.GRL
9/4/2020 - 17:45:45.872Read1480C:\malware.exeC:\ProgramData\Microsoft\MF\Active.GRL
9/4/2020 - 17:45:45.872Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.000
9/4/2020 - 17:45:45.872Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.000
9/4/2020 - 17:45:45.872Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.001
9/4/2020 - 17:45:45.872Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.001
9/4/2020 - 17:45:45.872Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.001
9/4/2020 - 17:45:45.872Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.002
9/4/2020 - 17:45:45.872Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.002
9/4/2020 - 17:45:45.872Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.002
9/4/2020 - 17:45:45.872Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.000
9/4/2020 - 17:45:45.872Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.000
9/4/2020 - 17:45:45.872Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.000
9/4/2020 - 17:45:45.872Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.001
9/4/2020 - 17:45:45.872Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.001
9/4/2020 - 17:45:45.872Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.001
9/4/2020 - 17:45:45.872Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.002
9/4/2020 - 17:45:45.872Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.002
9/4/2020 - 17:45:45.872Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.002
9/4/2020 - 17:45:45.872Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.000
9/4/2020 - 17:45:45.872Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wmaRingtone 01.wma
9/4/2020 - 17:45:45.872Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wmaRingtone 01.wma
9/4/2020 - 17:45:45.872Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wmaRingtone 01.wma
9/4/2020 - 17:45:45.887Write1480C:\malware.exeC:\ProgramData\Microsoft\MF\Active.GRL
9/4/2020 - 17:45:45.887Write1480C:\malware.exeC:\ProgramData\Microsoft\MF\Active.GRL
9/4/2020 - 17:45:45.872Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.000
9/4/2020 - 17:45:45.887Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.000
9/4/2020 - 17:45:45.887Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.001
9/4/2020 - 17:45:45.887Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.001
9/4/2020 - 17:45:45.887Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.001
9/4/2020 - 17:45:45.887Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.002
9/4/2020 - 17:45:45.887Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.002
9/4/2020 - 17:45:45.887Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.002
9/4/2020 - 17:45:45.887Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000
9/4/2020 - 17:45:45.887Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000
9/4/2020 - 17:45:45.887Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000
9/4/2020 - 17:45:45.887Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.001
9/4/2020 - 17:45:45.887Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.001
9/4/2020 - 17:45:45.887Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.001
9/4/2020 - 17:45:45.887Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002
9/4/2020 - 17:45:45.887Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002
9/4/2020 - 17:45:45.887Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002
9/4/2020 - 17:45:45.887Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\SETTINGS.DIA
9/4/2020 - 17:45:45.887Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\SETTINGS.DIA
9/4/2020 - 17:45:45.887Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\SETTINGS.DIA
9/4/2020 - 17:45:45.465Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp
9/4/2020 - 17:45:45.887Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp
9/4/2020 - 17:45:45.887Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmpusertile43.bmp
9/4/2020 - 17:45:45.887Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp
9/4/2020 - 17:45:45.887Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp
9/4/2020 - 17:45:45.887Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp
9/4/2020 - 17:45:45.887Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp
9/4/2020 - 17:45:45.887Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp
9/4/2020 - 17:45:45.887Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp
9/4/2020 - 17:45:45.887Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmpusertile18.bmp
9/4/2020 - 17:45:45.887Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp
9/4/2020 - 17:45:45.887Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp
9/4/2020 - 17:45:45.887Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wma
9/4/2020 - 17:45:45.887Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wma
9/4/2020 - 17:45:45.887Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wmaRingtone 09.wma
9/4/2020 - 17:45:45.887Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wma
9/4/2020 - 17:45:45.887Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wma
9/4/2020 - 17:45:45.887Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wmaRingtone 09.wma
9/4/2020 - 17:45:45.887Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wmaRingtone 09.wma
9/4/2020 - 17:45:45.887Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wma
9/4/2020 - 17:45:45.887Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wma
9/4/2020 - 17:45:45.887Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wmaRingtone 09.wma
9/4/2020 - 17:45:45.887Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wmaRingtone 09.wma
9/4/2020 - 17:45:45.887Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wmaRingtone 09.wma
9/4/2020 - 17:45:45.887Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wmaRingtone 09.wma
9/4/2020 - 17:45:45.887Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wmaRingtone 09.wma
9/4/2020 - 17:45:45.887Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wmaRingtone 09.wma
9/4/2020 - 17:45:45.887Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 05.wmaRingtone 05.wma
9/4/2020 - 17:45:45.887Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 05.wma
9/4/2020 - 17:45:45.887Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 05.wma
9/4/2020 - 17:45:45.887Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 05.wmaRingtone 05.wma
9/4/2020 - 17:45:45.887Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 05.wmaRingtone 05.wma
9/4/2020 - 17:45:45.887Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 05.wma
9/4/2020 - 17:45:45.887Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 05.wma
9/4/2020 - 17:45:45.887Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 05.wmaRingtone 05.wma
9/4/2020 - 17:45:45.887Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 05.wmaRingtone 05.wma
9/4/2020 - 17:45:45.903Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 05.wmaRingtone 05.wma
9/4/2020 - 17:45:45.903Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 05.wmaRingtone 05.wma
9/4/2020 - 17:45:45.903Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 05.wmaRingtone 05.wma
9/4/2020 - 17:45:45.903Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 05.wmaRingtone 05.wma
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xml
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xml
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671\DMIA661.tmp.log.xml
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671\DMIA661.tmp.log.xml
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671\Report.wer
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671\Report.wer
9/4/2020 - 17:45:45.903Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xmlDMIA26A.tmp.log.xml
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xml
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xml
9/4/2020 - 17:45:45.903Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xmlDMIA26A.tmp.log.xml
9/4/2020 - 17:45:45.903Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xmlDMIA26A.tmp.log.xml
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xml
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xml
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xml
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xml
9/4/2020 - 17:45:45.903Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xmlDMIA26A.tmp.log.xml
9/4/2020 - 17:45:45.903Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xmlDMIA26A.tmp.log.xml
9/4/2020 - 17:45:45.903Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xmlDMIA26A.tmp.log.xml
9/4/2020 - 17:45:45.903Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xmlDMIA26A.tmp.log.xml
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xml
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xml
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671\DMIA661.tmp.log.xml
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671\DMIA661.tmp.log.xml
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671\Report.wer
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f41138ce89dcf347fa17318e894380b255473673_cab_07cca671\Report.wer
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles
9/4/2020 - 17:45:45.903Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.dir
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.dir
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.ci
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.ci
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.dir
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.dir
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wsb
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wsb
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.000
9/4/2020 - 17:45:45.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.000
9/4/2020 - 17:45:45.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.001
9/4/2020 - 17:45:45.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.001
9/4/2020 - 17:45:45.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.002
9/4/2020 - 17:45:45.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.002
9/4/2020 - 17:45:45.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.000
9/4/2020 - 17:45:45.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.000
9/4/2020 - 17:45:45.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.001
9/4/2020 - 17:45:45.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.001
9/4/2020 - 17:45:45.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.002
9/4/2020 - 17:45:45.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.002
9/4/2020 - 17:45:45.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.000
9/4/2020 - 17:45:45.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.000
9/4/2020 - 17:45:45.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.001
9/4/2020 - 17:45:45.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.001
9/4/2020 - 17:45:45.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.002
9/4/2020 - 17:45:45.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.002
9/4/2020 - 17:45:45.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000
9/4/2020 - 17:45:45.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000
9/4/2020 - 17:45:45.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.001
9/4/2020 - 17:45:45.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.001
9/4/2020 - 17:45:45.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002
9/4/2020 - 17:45:45.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002
9/4/2020 - 17:45:45.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\SETTINGS.DIA
9/4/2020 - 17:45:45.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\SETTINGS.DIA
9/4/2020 - 17:45:45.981Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:45.981Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:45.981Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:45.981Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:45.981Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:45.981Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:45.981Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
9/4/2020 - 17:45:45.981Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:45.981Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00003.log
9/4/2020 - 17:45:45.981Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrsMSSres00001.jrs
9/4/2020 - 17:45:45.981Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrsMSSres00002.jrs
9/4/2020 - 17:45:45.981Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrsMSSres00002.jrs
9/4/2020 - 17:45:45.981Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:45.981Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:45.981Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:45.981Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:45.981Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:45.981Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:45.981Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:45.981Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:45.981Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:45.981Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:45.981Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:45.981Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:45.981Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:45.981Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:45.981Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:45.981Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:45.981Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:45.997Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:45.997Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:45.997Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:45.997Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:45.997Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:45.997Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:45.997Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:45.997Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Administrator.datAdministrator.dat
9/4/2020 - 17:45:45.997Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Administrator.datAdministrator.dat
9/4/2020 - 17:45:45.997Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Administrator.dat
9/4/2020 - 17:45:45.997Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
9/4/2020 - 17:45:45.997Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
9/4/2020 - 17:45:45.997Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
9/4/2020 - 17:45:45.997Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
9/4/2020 - 17:45:45.997Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
9/4/2020 - 17:45:45.997Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
9/4/2020 - 17:45:45.997Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
9/4/2020 - 17:45:45.997Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:45.997Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:45.997Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
9/4/2020 - 17:45:45.997Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
9/4/2020 - 17:45:45.997Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
9/4/2020 - 17:45:45.997Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
9/4/2020 - 17:45:45.997Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
9/4/2020 - 17:45:45.997Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Administrator.datAdministrator.dat
9/4/2020 - 17:45:45.997Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Administrator.dat
9/4/2020 - 17:45:45.997Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Administrator.datAdministrator.dat
9/4/2020 - 17:45:45.997Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Administrator.datAdministrator.dat
9/4/2020 - 17:45:45.997Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdfRacWmiDatabase.sdf
9/4/2020 - 17:45:45.997Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf
9/4/2020 - 17:45:45.997Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf
9/4/2020 - 17:45:45.997Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdfRacWmiDatabase.sdf
9/4/2020 - 17:45:45.997Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdfRacWmiDatabase.sdf
9/4/2020 - 17:45:45.997Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf
9/4/2020 - 17:45:45.997Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf
9/4/2020 - 17:45:45.997Read1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdfRacWmiDatabase.sdf
9/4/2020 - 17:45:45.997Read1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdfRacWmiDatabase.sdf
9/4/2020 - 17:45:45.997Read1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdfRacWmiDatabase.sdf
9/4/2020 - 17:45:45.997Read1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdfRacWmiDatabase.sdf
9/4/2020 - 17:45:45.997Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
9/4/2020 - 17:45:45.997Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdfRacWmiDatabase.sdf
9/4/2020 - 17:45:45.997Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf
9/4/2020 - 17:45:45.997Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf
9/4/2020 - 17:45:45.997Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdfRacWmiDatabase.sdf
9/4/2020 - 17:45:45.997Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdfRacWmiDatabase.sdf
9/4/2020 - 17:45:45.997Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
9/4/2020 - 17:45:45.997Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdfRacDatabase.sdf
9/4/2020 - 17:45:45.997Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdfRacDatabase.sdf
9/4/2020 - 17:45:45.997Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f
9/4/2020 - 17:45:45.997Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wmaRingtone 04.wma
9/4/2020 - 17:45:45.997Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma
9/4/2020 - 17:45:45.997Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma
9/4/2020 - 17:45:45.997Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wmaRingtone 04.wma
9/4/2020 - 17:45:45.997Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wmaRingtone 04.wma
9/4/2020 - 17:45:45.997Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wmaRingtone 04.wma
9/4/2020 - 17:45:45.997Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wmaRingtone 04.wma
9/4/2020 - 17:45:45.997Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wmaRingtone 04.wma
9/4/2020 - 17:45:45.997Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wmaRingtone 04.wma
9/4/2020 - 17:45:45.997Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.CrwlSystemIndex.1.Crwl
9/4/2020 - 17:45:45.997Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl
9/4/2020 - 17:45:45.997Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl
9/4/2020 - 17:45:45.997Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl
9/4/2020 - 17:45:46.12Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl
9/4/2020 - 17:45:46.12Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.CrwlSystemIndex.1.Crwl
9/4/2020 - 17:45:46.12Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.CrwlSystemIndex.1.Crwl
9/4/2020 - 17:45:46.12Open1480C:\malware.exeC:\ProgramData\Microsoft\MF\Active.GRL
9/4/2020 - 17:45:46.12Open1480C:\malware.exeC:\ProgramData\Microsoft\MF\Active.GRL
9/4/2020 - 17:45:46.12Unknown1480C:\malware.exeC:\ProgramData\Microsoft\MF\Active.GRL
9/4/2020 - 17:45:46.12Unknown1480C:\malware.exeC:\ProgramData\Microsoft\MF\Active.GRL
9/4/2020 - 17:45:46.12Open1480C:\malware.exeC:\ProgramData\Microsoft\MF\Active.GRL
9/4/2020 - 17:45:46.12Open1480C:\malware.exeC:\ProgramData\Microsoft\MF\Active.GRL
9/4/2020 - 17:45:46.12Unknown1480C:\malware.exeC:\ProgramData\Microsoft\MF\Active.GRL
9/4/2020 - 17:45:46.12Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.WIH
9/4/2020 - 17:45:46.12Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.WIH
9/4/2020 - 17:45:46.12Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.WIH
9/4/2020 - 17:45:46.12Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.UDT
9/4/2020 - 17:45:46.12Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.UDT
9/4/2020 - 17:45:46.12Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.UDT
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp
9/4/2020 - 17:45:46.12Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmpusertile19.bmp
9/4/2020 - 17:45:46.12Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp
9/4/2020 - 17:45:46.12Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp
9/4/2020 - 17:45:46.12Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp
9/4/2020 - 17:45:46.12Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmpusertile20.bmp
9/4/2020 - 17:45:46.12Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Desert.jpg
9/4/2020 - 17:45:46.12Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Desert.jpg
9/4/2020 - 17:45:46.12Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp
9/4/2020 - 17:45:46.12Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp
9/4/2020 - 17:45:46.12Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp
9/4/2020 - 17:45:46.12Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmpusertile21.bmp
9/4/2020 - 17:45:46.12Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Desert.jpg
9/4/2020 - 17:45:46.12Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Desert.jpg
9/4/2020 - 17:45:46.12Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Desert.jpg
9/4/2020 - 17:45:46.12Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp
9/4/2020 - 17:45:46.12Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp
9/4/2020 - 17:45:46.12Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wma
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wma
9/4/2020 - 17:45:46.28Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wmaRingtone 06.wma
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wma
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wma
9/4/2020 - 17:45:46.28Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wmaRingtone 06.wma
9/4/2020 - 17:45:46.28Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wmaRingtone 06.wma
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wma
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wma
9/4/2020 - 17:45:46.28Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wmaRingtone 06.wma
9/4/2020 - 17:45:46.28Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wmaRingtone 06.wma
9/4/2020 - 17:45:46.28Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wmaRingtone 06.wma
9/4/2020 - 17:45:46.28Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wmaRingtone 06.wma
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 07.wma
9/4/2020 - 17:45:46.28Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wmaRingtone 06.wma
9/4/2020 - 17:45:46.28Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wmaRingtone 06.wma
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 07.wma
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.dir
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.dir
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.ci
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.ci
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.dir
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.dir
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wsb
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wsb
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.000
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.000
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.001
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.001
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.002
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.002
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.000
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.000
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.001
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.001
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.002
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.002
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.000
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.000
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.001
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.001
9/4/2020 - 17:45:46.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.002
9/4/2020 - 17:45:46.43Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.002
9/4/2020 - 17:45:46.43Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000
9/4/2020 - 17:45:46.43Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000
9/4/2020 - 17:45:46.43Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.001
9/4/2020 - 17:45:46.43Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.001
9/4/2020 - 17:45:46.43Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002
9/4/2020 - 17:45:46.43Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002
9/4/2020 - 17:45:46.43Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\SETTINGS.DIA
9/4/2020 - 17:45:46.43Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\SETTINGS.DIA
9/4/2020 - 17:45:46.43Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
9/4/2020 - 17:45:46.43Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
9/4/2020 - 17:45:46.43Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
9/4/2020 - 17:45:46.43Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
9/4/2020 - 17:45:46.43Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
9/4/2020 - 17:45:46.43Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
9/4/2020 - 17:45:46.43Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
9/4/2020 - 17:45:46.43Read1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
9/4/2020 - 17:45:46.43Read1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
9/4/2020 - 17:45:46.43Write1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
9/4/2020 - 17:45:46.43Write1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
9/4/2020 - 17:45:46.43Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:46.43Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:46.43Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:46.43Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:46.43Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:46.43Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:46.43Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:46.43Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:46.43Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:46.43Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:46.43Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:46.43Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00003.log
9/4/2020 - 17:45:46.43Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00003.log
9/4/2020 - 17:45:46.43Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00003.log
9/4/2020 - 17:45:46.43Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00003.log
9/4/2020 - 17:45:46.43Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00003.log
9/4/2020 - 17:45:46.43Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00003.log
9/4/2020 - 17:45:46.43Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00003.log
9/4/2020 - 17:45:46.43Read1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00003.log
9/4/2020 - 17:45:46.43Read1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00003.log
9/4/2020 - 17:45:46.43Write1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00003.log
9/4/2020 - 17:45:46.43Write1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00003.log
9/4/2020 - 17:45:46.43Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrsMSSres00001.jrs
9/4/2020 - 17:45:46.43Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrs
9/4/2020 - 17:45:46.43Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrs
9/4/2020 - 17:45:46.43Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrsMSSres00001.jrs
9/4/2020 - 17:45:46.43Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrsMSSres00001.jrs
9/4/2020 - 17:45:46.43Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrs
9/4/2020 - 17:45:46.43Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrs
9/4/2020 - 17:45:46.43Read1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrsMSSres00001.jrs
9/4/2020 - 17:45:46.43Read1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrsMSSres00001.jrs
9/4/2020 - 17:45:46.43Read1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrsMSSres00001.jrs
9/4/2020 - 17:45:46.43Read1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrsMSSres00001.jrs
9/4/2020 - 17:45:46.43Write1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrsMSSres00001.jrs
9/4/2020 - 17:45:46.43Write1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrsMSSres00001.jrs
9/4/2020 - 17:45:46.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H
9/4/2020 - 17:45:46.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1QHelp{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
9/4/2020 - 17:45:46.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1QHelp{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
9/4/2020 - 17:45:46.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.122Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.122Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_CValidator.H1DHelp_CValidator.H1D
9/4/2020 - 17:45:46.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_CValidator.H1D
9/4/2020 - 17:45:46.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_CValidator.H1D
9/4/2020 - 17:45:46.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_CValidator.H1DHelp_CValidator.H1D
9/4/2020 - 17:45:46.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_CValidator.H1DHelp_CValidator.H1D
9/4/2020 - 17:45:46.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_CValidator.H1D
9/4/2020 - 17:45:46.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_CValidator.H1D
9/4/2020 - 17:45:46.122Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_CValidator.H1DHelp_CValidator.H1D
9/4/2020 - 17:45:46.122Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_CValidator.H1DHelp_CValidator.H1D
9/4/2020 - 17:45:46.122Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.122Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.122Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_CValidator.H1DHelp_CValidator.H1D
9/4/2020 - 17:45:46.122Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_CValidator.H1DHelp_CValidator.H1D
9/4/2020 - 17:45:46.122Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.122Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.122Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_CValidator.H1DHelp_CValidator.H1D
9/4/2020 - 17:45:46.122Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_CValidator.H1DHelp_CValidator.H1D
9/4/2020 - 17:45:46.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.LckHelp_MValidator.Lck
9/4/2020 - 17:45:46.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.LckHelp_MValidator.Lck
9/4/2020 - 17:45:46.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.122Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.122Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_CValidator.H1DHelp_CValidator.H1D
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_CValidator.H1D
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_CValidator.H1D
9/4/2020 - 17:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_CValidator.H1DHelp_CValidator.H1D
9/4/2020 - 17:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_CValidator.H1DHelp_CValidator.H1D
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_CValidator.H1D
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_CValidator.H1D
9/4/2020 - 17:45:46.137Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_CValidator.H1DHelp_CValidator.H1D
9/4/2020 - 17:45:46.137Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_CValidator.H1DHelp_CValidator.H1D
9/4/2020 - 17:45:46.137Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.137Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.137Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_CValidator.H1DHelp_CValidator.H1D
9/4/2020 - 17:45:46.137Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_CValidator.H1DHelp_CValidator.H1D
9/4/2020 - 17:45:46.137Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.137Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.137Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_CValidator.H1DHelp_CValidator.H1D
9/4/2020 - 17:45:46.137Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_CValidator.H1DHelp_CValidator.H1D
9/4/2020 - 17:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:45.981Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
9/4/2020 - 17:45:45.981Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
9/4/2020 - 17:45:45.981Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00003.log
9/4/2020 - 17:45:45.981Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrs
9/4/2020 - 17:45:45.981Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrs
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrs
9/4/2020 - 17:45:45.981Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrs
9/4/2020 - 17:45:45.981Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:45.981Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
9/4/2020 - 17:45:45.981Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:46.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
9/4/2020 - 17:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
9/4/2020 - 17:45:45.997Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Administrator.dat
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Administrator.dat
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Behemot.dat
9/4/2020 - 17:45:45.997Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdfRacWmiDatabase.sdf
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdfRacWmiDatabase.sdf
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdfRacWmiDatabase.sdf
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdfRacWmiDatabase.sdf
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdfRacWmiDatabase.sdf
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
9/4/2020 - 17:45:46.153Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
9/4/2020 - 17:45:46.153Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
9/4/2020 - 17:45:46.153Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
9/4/2020 - 17:45:46.153Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
9/4/2020 - 17:45:46.153Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
9/4/2020 - 17:45:46.153Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
9/4/2020 - 17:45:46.153Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
9/4/2020 - 17:45:46.153Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
9/4/2020 - 17:45:46.168Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
9/4/2020 - 17:45:46.168Write1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdfRacWmiDatabase.sdf
9/4/2020 - 17:45:46.168Write1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdfRacWmiDatabase.sdf
9/4/2020 - 17:45:46.168Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.datRacWmiEventData.dat
9/4/2020 - 17:45:46.168Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.datRacWmiEventData.dat
9/4/2020 - 17:45:46.168Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.datRacWmiDataBookmarks.dat
9/4/2020 - 17:45:46.168Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.datRacWmiDataBookmarks.dat
9/4/2020 - 17:45:46.168Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
9/4/2020 - 17:45:46.168Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
9/4/2020 - 17:45:46.168Read1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.datRacWmiDataBookmarks.dat
9/4/2020 - 17:45:46.168Read1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.datRacWmiDataBookmarks.dat
9/4/2020 - 17:45:46.168Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacMetaData.datRacMetaData.dat
9/4/2020 - 17:45:46.168Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat
9/4/2020 - 17:45:46.168Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat
9/4/2020 - 17:45:46.168Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacMetaData.datRacMetaData.dat
9/4/2020 - 17:45:46.168Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacMetaData.datRacMetaData.dat
9/4/2020 - 17:45:46.168Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat
9/4/2020 - 17:45:46.168Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat
9/4/2020 - 17:45:46.168Read1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacMetaData.datRacMetaData.dat
9/4/2020 - 17:45:46.168Read1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacMetaData.datRacMetaData.dat
9/4/2020 - 17:45:46.168Write1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacMetaData.datRacMetaData.dat
9/4/2020 - 17:45:46.168Write1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacMetaData.datRacMetaData.dat
9/4/2020 - 17:45:46.168Read1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.datRacWmiDataBookmarks.dat
9/4/2020 - 17:45:46.168Read1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.datRacWmiDataBookmarks.dat
9/4/2020 - 17:45:46.168Write1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.datRacWmiDataBookmarks.dat
9/4/2020 - 17:45:46.168Write1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.datRacWmiDataBookmarks.dat
9/4/2020 - 17:45:46.168Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f
9/4/2020 - 17:45:46.168Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f\Report.wer
9/4/2020 - 17:45:46.168Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f\Report.wer
9/4/2020 - 17:45:46.168Unknown1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xmlimcrcache.xml
9/4/2020 - 17:45:46.168Open1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xml
9/4/2020 - 17:45:46.168Open1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xml
9/4/2020 - 17:45:46.168Unknown1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xmlimcrcache.xml
9/4/2020 - 17:45:46.168Unknown1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xmlimcrcache.xml
9/4/2020 - 17:45:46.168Open1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xml
9/4/2020 - 17:45:46.168Open1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xml
9/4/2020 - 17:45:46.168Read1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xmlimcrcache.xml
9/4/2020 - 17:45:46.168Read1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xmlimcrcache.xml
9/4/2020 - 17:45:46.168Unknown1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xmlimcrcache.xml
9/4/2020 - 17:45:46.168Open1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xml
9/4/2020 - 17:45:46.168Open1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xml
9/4/2020 - 17:45:46.168Unknown1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xmlimcrcache.xml
9/4/2020 - 17:45:46.168Unknown1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xmlimcrcache.xml
9/4/2020 - 17:45:45.153Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.UNT
9/4/2020 - 17:45:46.168Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.UNT
9/4/2020 - 17:45:46.168Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.UNT
9/4/2020 - 17:45:46.168Open1480C:\malware.exeC:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.UNT
9/4/2020 - 17:45:46.168Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.LckHelp_MValidator.Lck
9/4/2020 - 17:45:46.168Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck
9/4/2020 - 17:45:46.168Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck
9/4/2020 - 17:45:46.184Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.LckHelp_MValidator.Lck
9/4/2020 - 17:45:46.184Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.LckHelp_MValidator.Lck
9/4/2020 - 17:45:46.184Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.LckHelp_MValidator.Lck
9/4/2020 - 17:45:46.184Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.LckHelp_MValidator.Lck
9/4/2020 - 17:45:46.184Write1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.urlMicrosoft Brasil.url
9/4/2020 - 17:45:46.184Write1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.urlMicrosoft Brasil.url
9/4/2020 - 17:45:46.184Write1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
9/4/2020 - 17:45:46.184Write1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
9/4/2020 - 17:45:46.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H
9/4/2020 - 17:45:46.184Write1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:46.184Write1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:46.184Write1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:46.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H
9/4/2020 - 17:45:46.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H
9/4/2020 - 17:45:46.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H
9/4/2020 - 17:45:46.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H
9/4/2020 - 17:45:46.184Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpgChrysanthemum.jpg
9/4/2020 - 17:45:46.184Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpgChrysanthemum.jpg
9/4/2020 - 17:45:46.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H
9/4/2020 - 17:45:46.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.184Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpgHydrangeas.jpg
9/4/2020 - 17:45:46.184Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpgHydrangeas.jpg
9/4/2020 - 17:45:46.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D
9/4/2020 - 17:45:46.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D
9/4/2020 - 17:45:46.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.184Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.184Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpgJellyfish.jpg
9/4/2020 - 17:45:46.184Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpgJellyfish.jpg
9/4/2020 - 17:45:46.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D
9/4/2020 - 17:45:46.184Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D
9/4/2020 - 17:45:46.184Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.184Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.184Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Koala.jpg
9/4/2020 - 17:45:46.184Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Koala.jpg
9/4/2020 - 17:45:46.184Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpgLighthouse.jpg
9/4/2020 - 17:45:46.184Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpgLighthouse.jpg
9/4/2020 - 17:45:46.184Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
9/4/2020 - 17:45:46.184Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
9/4/2020 - 17:45:46.184Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
9/4/2020 - 17:45:46.184Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
9/4/2020 - 17:45:46.184Read1480C:\malware.exeC:\Users\Public\Music\Sample Music\Kalimba.mp3
9/4/2020 - 17:45:46.184Read1480C:\malware.exeC:\Users\Public\Music\Sample Music\Kalimba.mp3
9/4/2020 - 17:45:46.184Read1480C:\malware.exeC:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3Maid with the Flaxen Hair.mp3
9/4/2020 - 17:45:46.184Read1480C:\malware.exeC:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3Maid with the Flaxen Hair.mp3
9/4/2020 - 17:45:46.184Read1480C:\malware.exeC:\Users\Public\Music\Sample Music\Sleep Away.mp3Sleep Away.mp3
9/4/2020 - 17:45:46.184Read1480C:\malware.exeC:\Users\Public\Music\Sample Music\Sleep Away.mp3Sleep Away.mp3
9/4/2020 - 17:45:46.200Write1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.TargetsWorkflow.Targets
9/4/2020 - 17:45:46.200Write1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.TargetsWorkflow.Targets
9/4/2020 - 17:45:46.200Write1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.TargetsWorkflow.Targets
9/4/2020 - 17:45:46.200Write1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.TargetsWorkflow.Targets
9/4/2020 - 17:45:46.200Write1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.TargetsWorkflow.Targets
9/4/2020 - 17:45:46.200Write1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.TargetsWorkflow.Targets
9/4/2020 - 17:45:46.200Write1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.TargetsWorkflow.VisualBasic.Targets
9/4/2020 - 17:45:46.200Write1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.TargetsWorkflow.VisualBasic.Targets
9/4/2020 - 17:45:46.200Write1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.TargetsWorkflow.VisualBasic.Targets
9/4/2020 - 17:45:46.200Write1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.TargetsWorkflow.VisualBasic.Targets
9/4/2020 - 17:45:46.200Write1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.TargetsWorkflow.VisualBasic.Targets
9/4/2020 - 17:45:46.200Write1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.TargetsWorkflow.VisualBasic.Targets
9/4/2020 - 17:45:46.200Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wmaRingtone 02.wma
9/4/2020 - 17:45:46.200Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wmaRingtone 02.wma
9/4/2020 - 17:45:46.200Read1480C:\malware.exeC:\Users\Public\Videos\Sample Videos\Wildlife.wmv
9/4/2020 - 17:45:46.200Read1480C:\malware.exeC:\Users\Public\Videos\Sample Videos\Wildlife.wmv
9/4/2020 - 17:45:46.200Read1480C:\malware.exeC:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtvwin7_scenic-demoshort_raw.wtv
9/4/2020 - 17:45:46.200Read1480C:\malware.exeC:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtvwin7_scenic-demoshort_raw.wtv
9/4/2020 - 17:45:46.200Write1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xmlFrameworkList.xml
9/4/2020 - 17:45:46.200Write1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xmlFrameworkList.xml
9/4/2020 - 17:45:46.200Write1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xmlFrameworkList.xml
9/4/2020 - 17:45:46.200Write1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xmlFrameworkList.xml
9/4/2020 - 17:45:46.200Write1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xmlFrameworkList.xml
9/4/2020 - 17:45:46.200Write1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xmlFrameworkList.xml
9/4/2020 - 17:45:46.200Write1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xmlWinFXList.xml
9/4/2020 - 17:45:46.200Write1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xmlWinFXList.xml
9/4/2020 - 17:45:46.200Write1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xmlWinFXList.xml
9/4/2020 - 17:45:46.200Write1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xmlWinFXList.xml
9/4/2020 - 17:45:46.200Write1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xmlWinFXList.xml
9/4/2020 - 17:45:46.200Write1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xmlWinFXList.xml
9/4/2020 - 17:45:46.200Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
9/4/2020 - 17:45:46.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
9/4/2020 - 17:45:46.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
9/4/2020 - 17:45:46.200Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
9/4/2020 - 17:45:46.200Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
9/4/2020 - 17:45:46.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
9/4/2020 - 17:45:46.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
9/4/2020 - 17:45:46.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
9/4/2020 - 17:45:46.200Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpgChrysanthemum.jpg
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpgChrysanthemum.jpg
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpgChrysanthemum.jpg
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpgHydrangeas.jpg
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpgHydrangeas.jpg
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpgHydrangeas.jpg
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Music\Sample Music\Kalimba.mp3
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Music\Sample Music\Kalimba.mp3
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Music\Sample Music\Kalimba.mp3
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3Maid with the Flaxen Hair.mp3
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3Maid with the Flaxen Hair.mp3
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3Maid with the Flaxen Hair.mp3
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Music\Sample Music\Sleep Away.mp3Sleep Away.mp3
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Music\Sample Music\Sleep Away.mp3Sleep Away.mp3
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Music\Sample Music\Sleep Away.mp3Sleep Away.mp3
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.urlMSN Brasil.url
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.urlMSN Brasil.url
9/4/2020 - 17:45:46.200Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
9/4/2020 - 17:45:46.215Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmp
9/4/2020 - 17:45:46.215Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.215Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpgJellyfish.jpg
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpgJellyfish.jpg
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpgJellyfish.jpg
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Koala.jpg
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Koala.jpg
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Koala.jpg
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpgLighthouse.jpg
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpgLighthouse.jpg
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpgLighthouse.jpg
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wmaRingtone 02.wma
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wmaRingtone 02.wma
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wmaRingtone 02.wma
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Videos\Sample Videos\Wildlife.wmv
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Videos\Sample Videos\Wildlife.wmv
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Videos\Sample Videos\Wildlife.wmv
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtvwin7_scenic-demoshort_raw.wtv
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtvwin7_scenic-demoshort_raw.wtv
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtvwin7_scenic-demoshort_raw.wtv
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.215Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.278Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.278Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H
9/4/2020 - 17:45:46.278Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H
9/4/2020 - 17:45:46.278Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.278Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.278Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H
9/4/2020 - 17:45:46.278Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H
9/4/2020 - 17:45:46.278Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H
9/4/2020 - 17:45:46.278Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H
9/4/2020 - 17:45:46.278Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.278Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:45.981Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.278Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W
9/4/2020 - 17:45:45.981Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D
9/4/2020 - 17:45:46.278Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.278Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.278Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.278Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.278Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.278Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:45.981Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.278Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_AssetId.H1W
9/4/2020 - 17:45:45.981Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1H
9/4/2020 - 17:45:46.278Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1H
9/4/2020 - 17:45:46.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1H
9/4/2020 - 17:45:46.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
9/4/2020 - 17:45:46.278Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
9/4/2020 - 17:45:46.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
9/4/2020 - 17:45:46.278Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
9/4/2020 - 17:45:46.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.278Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.278Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:45.981Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.278Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_AssetId.H1W
9/4/2020 - 17:45:45.981Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MTOC_help.H1H
9/4/2020 - 17:45:46.278Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MTOC_help.H1H
9/4/2020 - 17:45:46.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MTOC_help.H1H
9/4/2020 - 17:45:46.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.Lck
9/4/2020 - 17:45:46.278Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.Lck
9/4/2020 - 17:45:46.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.Lck
9/4/2020 - 17:45:46.278Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.Lck
9/4/2020 - 17:45:46.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.278Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.278Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:45.997Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:46.278Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:46.293Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:46.293Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:46.293Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:46.293Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:46.293Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:46.293Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:46.293Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:46.293Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
9/4/2020 - 17:45:46.293Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:46.293Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:46.293Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:46.293Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:46.293Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:46.293Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:46.293Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:46.293Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:46.293Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:46.293Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:46.293Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
9/4/2020 - 17:45:45.997Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
9/4/2020 - 17:45:46.293Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
9/4/2020 - 17:45:45.997Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
9/4/2020 - 17:45:46.293Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.sec
9/4/2020 - 17:45:46.293Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.sec
9/4/2020 - 17:45:46.293Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.sec
9/4/2020 - 17:45:46.293Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.sec
9/4/2020 - 17:45:46.293Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.sec
9/4/2020 - 17:45:46.293Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.sec
9/4/2020 - 17:45:46.293Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.sec
9/4/2020 - 17:45:46.293Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.sec
9/4/2020 - 17:45:46.293Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.sec
9/4/2020 - 17:45:46.293Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.sec
9/4/2020 - 17:45:46.293Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.sec
9/4/2020 - 17:45:45.997Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
9/4/2020 - 17:45:46.293Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
9/4/2020 - 17:45:45.997Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
9/4/2020 - 17:45:46.293Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
9/4/2020 - 17:45:46.168Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat
9/4/2020 - 17:45:46.293Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat
9/4/2020 - 17:45:46.168Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat
9/4/2020 - 17:45:46.293Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat
9/4/2020 - 17:45:46.168Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
9/4/2020 - 17:45:46.293Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
9/4/2020 - 17:45:46.293Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.datRacWmiDataBookmarks.dat
9/4/2020 - 17:45:46.293Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f\Report.wer
9/4/2020 - 17:45:46.293Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f\Report.wer
9/4/2020 - 17:45:46.293Unknown1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\ilrcache.xml
9/4/2020 - 17:45:46.293Open1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\ilrcache.xml
9/4/2020 - 17:45:46.293Open1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\ilrcache.xml
9/4/2020 - 17:45:46.293Unknown1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\ilrcache.xml
9/4/2020 - 17:45:46.293Unknown1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\ilrcache.xml
9/4/2020 - 17:45:46.293Open1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\ilrcache.xml
9/4/2020 - 17:45:46.293Open1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\ilrcache.xml
9/4/2020 - 17:45:46.293Read1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\ilrcache.xml
9/4/2020 - 17:45:46.293Read1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\ilrcache.xml
9/4/2020 - 17:45:46.293Read1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\ilrcache.xml
9/4/2020 - 17:45:46.293Write1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\ilrcache.xml
9/4/2020 - 17:45:46.293Write1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\ilrcache.xml
9/4/2020 - 17:45:46.293Unknown1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xmlimcrcache.xml
9/4/2020 - 17:45:46.293Open1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xml
9/4/2020 - 17:45:46.293Open1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xml
9/4/2020 - 17:45:46.293Unknown1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xmlimcrcache.xml
9/4/2020 - 17:45:46.293Unknown1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xmlimcrcache.xml
9/4/2020 - 17:45:46.293Open1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xml
9/4/2020 - 17:45:46.293Open1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xml
9/4/2020 - 17:45:46.293Open1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xml
9/4/2020 - 17:45:46.293Open1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xml
9/4/2020 - 17:45:46.293Unknown1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xmlimcrcache.xml
9/4/2020 - 17:45:46.293Unknown1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xmlimcrcache.xml
9/4/2020 - 17:45:46.293Read1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xmlimcrcache.xml
9/4/2020 - 17:45:46.293Write1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xmlimcrcache.xml
9/4/2020 - 17:45:46.293Write1480C:\malware.exeC:\ProgramData\Microsoft\IlsCache\imcrcache.xmlimcrcache.xml
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma
9/4/2020 - 17:45:46.309Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wma
9/4/2020 - 17:45:46.309Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wma
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wma
9/4/2020 - 17:45:46.309Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wma
9/4/2020 - 17:45:46.309Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wmaRingtone 08.wma
9/4/2020 - 17:45:46.309Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wma
9/4/2020 - 17:45:46.309Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wma
9/4/2020 - 17:45:46.309Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wmaRingtone 08.wma
9/4/2020 - 17:45:46.309Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wmaRingtone 08.wma
9/4/2020 - 17:45:46.309Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wma
9/4/2020 - 17:45:46.309Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wma
9/4/2020 - 17:45:46.309Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wmaRingtone 08.wma
9/4/2020 - 17:45:46.309Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wmaRingtone 08.wma
9/4/2020 - 17:45:46.309Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.309Write1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
9/4/2020 - 17:45:46.309Write1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
9/4/2020 - 17:45:46.309Write1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13\Winre.wim
9/4/2020 - 17:45:46.309Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wmaRingtone 03.wma
9/4/2020 - 17:45:46.309Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wmaRingtone 03.wma
9/4/2020 - 17:45:46.309Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wmaRingtone 10.wma
9/4/2020 - 17:45:46.309Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma
9/4/2020 - 17:45:46.309Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma
9/4/2020 - 17:45:46.309Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wmaRingtone 10.wma
9/4/2020 - 17:45:46.309Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wmaRingtone 10.wma
9/4/2020 - 17:45:46.309Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma
9/4/2020 - 17:45:46.309Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma
9/4/2020 - 17:45:46.309Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma
9/4/2020 - 17:45:46.309Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma
9/4/2020 - 17:45:46.309Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wmaRingtone 10.wma
9/4/2020 - 17:45:46.309Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wmaRingtone 10.wma
9/4/2020 - 17:45:46.309Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wmaRingtone 08.wma
9/4/2020 - 17:45:46.309Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wmaRingtone 08.wma
9/4/2020 - 17:45:46.309Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wmaRingtone 03.wma
9/4/2020 - 17:45:46.309Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wmaRingtone 03.wma
9/4/2020 - 17:45:46.309Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wmaRingtone 03.wma
9/4/2020 - 17:45:46.309Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wmaRingtone 08.wma
9/4/2020 - 17:45:46.309Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wmaRingtone 08.wma
9/4/2020 - 17:45:46.340Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wmaRingtone 10.wma
9/4/2020 - 17:45:46.340Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wmaRingtone 10.wma
9/4/2020 - 17:45:46.340Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wmaRingtone 10.wma
9/4/2020 - 17:45:46.340Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wmaRingtone 10.wma
9/4/2020 - 17:45:46.340Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wmaRingtone 10.wma
9/4/2020 - 17:45:46.340Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:46.340Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wmaRingtone 01.wma
9/4/2020 - 17:45:46.340Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wmaRingtone 01.wma
9/4/2020 - 17:45:46.340Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wmaRingtone 01.wma
9/4/2020 - 17:45:46.340Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wmaRingtone 01.wma
9/4/2020 - 17:45:46.340Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wmaRingtone 01.wma
9/4/2020 - 17:45:46.387Open1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package
9/4/2020 - 17:45:46.387Unknown1480C:\malware.exeC:\Monitor\WindowsKernelCaptureDriver Package\WindowsKernelCaptureDriver.infWindowsKernelCaptureDriver.inf
9/4/2020 - 17:45:46.387Write1480C:\malware.exeC:\Users\Behemot\Searches\Everywhere.search-msEverywhere.search-ms
9/4/2020 - 17:45:46.387Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 05.wmaRingtone 05.wma
9/4/2020 - 17:45:46.387Open1480C:\malware.exeC:\Users\Behemot\Searches
9/4/2020 - 17:45:46.387Unknown1480C:\malware.exeC:\Users\Behemot\Searches\Everywhere.search-msEverywhere.search-ms
9/4/2020 - 17:45:46.387Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xmlDMIA26A.tmp.log.xml
9/4/2020 - 17:45:46.387Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\DMIA26A.tmp.log.xmlDMIA26A.tmp.log.xml
9/4/2020 - 17:45:46.153Open1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
9/4/2020 - 17:45:46.387Open1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\STATE.RSM
9/4/2020 - 17:45:46.387Open1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
9/4/2020 - 17:45:46.387Open1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\STATE.RSM
9/4/2020 - 17:45:46.387Open1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
9/4/2020 - 17:45:46.387Open1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\STATE.RSM
9/4/2020 - 17:45:46.387Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wmaRingtone 04.wma
9/4/2020 - 17:45:46.387Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wmaRingtone 06.wma
9/4/2020 - 17:45:46.387Write1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
9/4/2020 - 17:45:46.387Write1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00003.log
9/4/2020 - 17:45:46.387Write1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrsMSSres00001.jrs
9/4/2020 - 17:45:46.387Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.387Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_CValidator.H1DHelp_CValidator.H1D
9/4/2020 - 17:45:46.387Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.387Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_CValidator.H1DHelp_CValidator.H1D
9/4/2020 - 17:45:46.387Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
9/4/2020 - 17:45:46.387Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
9/4/2020 - 17:45:46.387Write1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdfRacWmiDatabase.sdf
9/4/2020 - 17:45:46.403Write1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacMetaData.datRacMetaData.dat
9/4/2020 - 17:45:46.403Write1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.datRacWmiDataBookmarks.dat
9/4/2020 - 17:45:46.403Write1480C:\malware.exeC:\ProgramData\Microsoft\MF\Active.GRL
9/4/2020 - 17:45:46.403Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.LckHelp_MValidator.Lck
9/4/2020 - 17:45:46.403Write1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.urlMicrosoft Brasil.url
9/4/2020 - 17:45:46.403Write1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
9/4/2020 - 17:45:46.403Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
9/4/2020 - 17:45:46.403Unknown1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.urlMicrosoft Brasil.url
9/4/2020 - 17:45:46.403Open1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0
9/4/2020 - 17:45:46.403Unknown1480C:\malware.exeC:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xmlWinFXList.xml
9/4/2020 - 17:45:46.403Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
9/4/2020 - 17:45:46.403Open1480C:\malware.exeC:\ProgramData\Microsoft\MF
9/4/2020 - 17:45:46.403Open1480C:\malware.exeC:\ProgramData\Microsoft\MF
9/4/2020 - 17:45:46.403Unknown1480C:\malware.exeC:\ProgramData\Microsoft\MF\Pending.GRL
9/4/2020 - 17:45:46.403Open1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList
9/4/2020 - 17:45:46.403Unknown1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xmlFrameworkList.xml
9/4/2020 - 17:45:46.403Write1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.urlMSN Brasil.url
9/4/2020 - 17:45:46.403Open1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0
9/4/2020 - 17:45:46.403Unknown1480C:\malware.exeC:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xmlWinFXList.xml
9/4/2020 - 17:45:46.403Open1480C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
9/4/2020 - 17:45:46.403Open1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0
9/4/2020 - 17:45:46.403Unknown1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.TargetsWorkflow.Targets
9/4/2020 - 17:45:46.403Open1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0
9/4/2020 - 17:45:46.403Unknown1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.TargetsWorkflow.Targets
9/4/2020 - 17:45:46.403Open1480C:\malware.exeC:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0
9/4/2020 - 17:45:46.403Open1480C:\malware.exeC:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0
9/4/2020 - 17:45:46.403Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289
9/4/2020 - 17:45:46.403Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d0c641ef89a8d207056286596bafe75f59844_cab_06c0a289\Report.wer
9/4/2020 - 17:45:46.403Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.403Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.434Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.434Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.434Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.434Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.434Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.434Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.434Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.450Read1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.450Read1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.450Write1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.450Write1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c5d91c0b736f4f8dbdd317cf8a037fced_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp
9/4/2020 - 17:45:46.465Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmpusertile23.bmp
9/4/2020 - 17:45:46.465Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp
9/4/2020 - 17:45:46.465Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp
9/4/2020 - 17:45:46.465Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp
9/4/2020 - 17:45:46.465Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmpusertile22.bmp
9/4/2020 - 17:45:46.465Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp
9/4/2020 - 17:45:46.465Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp
9/4/2020 - 17:45:46.465Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp
9/4/2020 - 17:45:46.465Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp
9/4/2020 - 17:45:46.465Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmpusertile10.bmp
9/4/2020 - 17:45:46.465Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp
9/4/2020 - 17:45:46.465Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp
9/4/2020 - 17:45:46.465Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp
9/4/2020 - 17:45:46.465Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp
9/4/2020 - 17:45:46.465Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp
9/4/2020 - 17:45:46.465Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp
9/4/2020 - 17:45:46.465Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 07.wmaRingtone 07.wma
9/4/2020 - 17:45:46.465Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 07.wma
9/4/2020 - 17:45:46.465Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 07.wma
9/4/2020 - 17:45:46.465Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 07.wmaRingtone 07.wma
9/4/2020 - 17:45:46.465Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 07.wmaRingtone 07.wma
9/4/2020 - 17:45:46.465Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 07.wma
9/4/2020 - 17:45:46.465Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 07.wma
9/4/2020 - 17:45:46.465Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 07.wmaRingtone 07.wma
9/4/2020 - 17:45:46.465Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 07.wmaRingtone 07.wma
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wma
9/4/2020 - 17:45:46.465Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 07.wmaRingtone 07.wma
9/4/2020 - 17:45:46.465Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 07.wmaRingtone 07.wma
9/4/2020 - 17:45:46.465Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 07.wmaRingtone 07.wma
9/4/2020 - 17:45:46.465Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 07.wmaRingtone 07.wma
9/4/2020 - 17:45:46.465Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wma
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 07.wma
9/4/2020 - 17:45:46.465Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 07.wma
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wma
9/4/2020 - 17:45:46.465Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wma
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 05.wma
9/4/2020 - 17:45:46.465Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 05.wma
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma
9/4/2020 - 17:45:46.465Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma
9/4/2020 - 17:45:46.465Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma
9/4/2020 - 17:45:46.465Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma
9/4/2020 - 17:45:45.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma
9/4/2020 - 17:45:46.465Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 09.wma
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 08.wma
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 07.wma
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wma
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 05.wma
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wma
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma
9/4/2020 - 17:45:45.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 01.wma
9/4/2020 - 17:45:46.465Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.465Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.481Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:46.481Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Desert.jpg
9/4/2020 - 17:45:46.481Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Desert.jpg
9/4/2020 - 17:45:46.481Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.481Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.481Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.481Read1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.481Write1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.481Write1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c4eccd106f69e31c1b12304e5463bb71d_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.481Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628cea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.481Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628cea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.481Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628cea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.481Read1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628cea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.481Read1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628cea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.481Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1D
9/4/2020 - 17:45:46.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1D
9/4/2020 - 17:45:46.481Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.481Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1D
9/4/2020 - 17:45:46.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1D
9/4/2020 - 17:45:46.481Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.481Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.481Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.LckHelp_MValidator.Lck
9/4/2020 - 17:45:46.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.Lck
9/4/2020 - 17:45:46.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.Lck
9/4/2020 - 17:45:46.481Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.LckHelp_MValidator.Lck
9/4/2020 - 17:45:46.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D
9/4/2020 - 17:45:46.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D
9/4/2020 - 17:45:46.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D
9/4/2020 - 17:45:46.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D
9/4/2020 - 17:45:46.497Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.497Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.497Unknown1480C:\malware.exeC:\Users\Behemot\Searches\Indexed Locations.search-msIndexed Locations.search-ms
9/4/2020 - 17:45:46.497Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
9/4/2020 - 17:45:46.497Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.cb5649
9/4/2020 - 17:45:46.497Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.cb5649
9/4/2020 - 17:45:46.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f\Report.wer
9/4/2020 - 17:45:46.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f\Report.wer
9/4/2020 - 17:45:46.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f\Report.wer
9/4/2020 - 17:45:46.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f\Report.wer
9/4/2020 - 17:45:46.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f\Report.wer
9/4/2020 - 17:45:46.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f\Report.wer
9/4/2020 - 17:45:46.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f\Report.wer
9/4/2020 - 17:45:46.497Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f\Report.wer
9/4/2020 - 17:45:46.497Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f\Report.wer
9/4/2020 - 17:45:46.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f\Report.wer
9/4/2020 - 17:45:46.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f\Report.wer
9/4/2020 - 17:45:46.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:46.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:46.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:46.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:46.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:46.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
9/4/2020 - 17:45:46.497Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpgChrysanthemum.jpg
9/4/2020 - 17:45:46.497Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpgChrysanthemum.jpg
9/4/2020 - 17:45:46.497Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpgChrysanthemum.jpg
9/4/2020 - 17:45:46.497Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpgChrysanthemum.jpg
9/4/2020 - 17:45:46.497Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpgChrysanthemum.jpg
9/4/2020 - 17:45:46.497Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Desert.jpg
9/4/2020 - 17:45:46.497Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Desert.jpg
9/4/2020 - 17:45:46.497Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Desert.jpg
9/4/2020 - 17:45:46.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D
9/4/2020 - 17:45:46.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D
9/4/2020 - 17:45:46.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1D
9/4/2020 - 17:45:46.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1D
9/4/2020 - 17:45:46.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628cea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628cea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628cea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f\Report.wer
9/4/2020 - 17:45:46.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f\Report.wer
9/4/2020 - 17:45:46.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
9/4/2020 - 17:45:46.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
9/4/2020 - 17:45:46.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
9/4/2020 - 17:45:46.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:46.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:46.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:46.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:46.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:46.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001
9/4/2020 - 17:45:46.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001
9/4/2020 - 17:45:46.497Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002
9/4/2020 - 17:45:46.497Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002
9/4/2020 - 17:45:46.497Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.497Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.512Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.512Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.512Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.512Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.512Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.512Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.512Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.512Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.512Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.512Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.512Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.512Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.512Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.512Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.512Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.512Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.512Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.512Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.512Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.512Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.512Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.512Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.512Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.512Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.512Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.512Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.512Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.512Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.512Read1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrsMSSres00002.jrs
9/4/2020 - 17:45:46.512Read1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrsMSSres00002.jrs
9/4/2020 - 17:45:46.512Read1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrsMSSres00002.jrs
9/4/2020 - 17:45:46.512Read1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrsMSSres00002.jrs
9/4/2020 - 17:45:46.512Write1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrsMSSres00002.jrs
9/4/2020 - 17:45:46.512Write1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrsMSSres00002.jrs
9/4/2020 - 17:45:46.512Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrsMSSres00002.jrs
9/4/2020 - 17:45:46.512Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrs
9/4/2020 - 17:45:46.512Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrs
9/4/2020 - 17:45:46.512Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrsMSSres00002.jrs
9/4/2020 - 17:45:46.512Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Administrator.datAdministrator.dat
9/4/2020 - 17:45:46.512Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Administrator.datAdministrator.dat
9/4/2020 - 17:45:46.512Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
9/4/2020 - 17:45:46.512Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
9/4/2020 - 17:45:46.512Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
9/4/2020 - 17:45:46.512Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
9/4/2020 - 17:45:46.512Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
9/4/2020 - 17:45:46.512Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
9/4/2020 - 17:45:46.512Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
9/4/2020 - 17:45:46.512Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:46.512Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:46.512Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:46.512Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:46.512Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:46.512Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:46.512Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:46.512Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:46.512Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:46.512Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:46.512Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:46.512Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:46.512Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:46.512Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:46.512Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:46.512Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:46.512Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:46.512Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:46.528Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:46.528Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:46.528Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:46.528Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:46.528Read1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdfRacDatabase.sdf
9/4/2020 - 17:45:46.528Read1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdfRacDatabase.sdf
9/4/2020 - 17:45:46.528Read1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdfRacDatabase.sdf
9/4/2020 - 17:45:46.528Read1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdfRacDatabase.sdf
9/4/2020 - 17:45:46.528Write1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdfRacDatabase.sdf
9/4/2020 - 17:45:46.528Write1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdfRacDatabase.sdf
9/4/2020 - 17:45:46.528Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdfRacDatabase.sdf
9/4/2020 - 17:45:46.528Open1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
9/4/2020 - 17:45:46.528Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdfRacDatabase.sdf
9/4/2020 - 17:45:46.528Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.528Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.528Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.528Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1H
9/4/2020 - 17:45:46.528Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1H
9/4/2020 - 17:45:46.528Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.528Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1QHelp{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
9/4/2020 - 17:45:46.528Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1QHelp{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
9/4/2020 - 17:45:46.528Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1QHelp{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
9/4/2020 - 17:45:46.528Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
9/4/2020 - 17:45:46.528Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1QHelp{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
9/4/2020 - 17:45:46.528Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1QHelp{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
9/4/2020 - 17:45:46.528Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.528Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1H
9/4/2020 - 17:45:46.528Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1H
9/4/2020 - 17:45:46.528Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1H
9/4/2020 - 17:45:46.528Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1H
9/4/2020 - 17:45:46.528Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.528Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.528Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1QHelp{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
9/4/2020 - 17:45:46.528Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1QHelp{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
9/4/2020 - 17:45:46.528Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1QHelp{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
9/4/2020 - 17:45:46.528Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.528Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.528Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.528Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.528Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.528Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.528Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.528Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MTOC_help.H1H
9/4/2020 - 17:45:46.528Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MTOC_help.H1H
9/4/2020 - 17:45:46.528Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp
9/4/2020 - 17:45:46.606Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmpusertile11.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp
9/4/2020 - 17:45:46.606Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmpusertile12.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp
9/4/2020 - 17:45:46.606Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmpusertile13.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp
9/4/2020 - 17:45:45.434Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp
9/4/2020 - 17:45:46.606Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmpusertile14.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp
9/4/2020 - 17:45:45.450Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp
9/4/2020 - 17:45:46.606Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmpusertile15.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp
9/4/2020 - 17:45:45.450Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp
9/4/2020 - 17:45:46.606Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmpusertile16.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp
9/4/2020 - 17:45:45.450Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp
9/4/2020 - 17:45:46.606Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmpusertile17.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp
9/4/2020 - 17:45:45.450Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp
9/4/2020 - 17:45:46.606Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmpusertile18.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp
9/4/2020 - 17:45:45.450Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp
9/4/2020 - 17:45:46.606Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmpusertile19.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp
9/4/2020 - 17:45:46.606Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp
9/4/2020 - 17:45:45.450Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp
9/4/2020 - 17:45:46.622Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmpusertile20.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp
9/4/2020 - 17:45:45.450Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp
9/4/2020 - 17:45:46.622Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmpusertile21.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp
9/4/2020 - 17:45:45.450Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp
9/4/2020 - 17:45:46.622Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmpusertile22.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp
9/4/2020 - 17:45:45.450Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp
9/4/2020 - 17:45:46.622Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmpusertile23.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp
9/4/2020 - 17:45:45.450Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp
9/4/2020 - 17:45:46.622Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmpusertile24.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp
9/4/2020 - 17:45:45.450Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp
9/4/2020 - 17:45:46.622Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmpusertile25.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp
9/4/2020 - 17:45:45.450Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.622Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.622Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.622Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:46.622Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:46.622Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:46.622Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:46.622Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:46.622Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:46.622Write1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:46.622Write1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:46.622Write1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:46.637Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628cea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.637Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628cea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.637Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628cea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.637Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628cea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.637Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628cea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.637Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1D
9/4/2020 - 17:45:46.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1D
9/4/2020 - 17:45:46.637Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.637Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1D
9/4/2020 - 17:45:46.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1D
9/4/2020 - 17:45:46.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1D
9/4/2020 - 17:45:46.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1D
9/4/2020 - 17:45:46.637Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.637Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.637Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D
9/4/2020 - 17:45:46.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D
9/4/2020 - 17:45:46.637Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.637Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D
9/4/2020 - 17:45:46.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D
9/4/2020 - 17:45:46.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D
9/4/2020 - 17:45:46.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1D
9/4/2020 - 17:45:46.637Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.637Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.637Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:46.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:46.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:46.637Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:46.637Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:46.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:46.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:46.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:46.637Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:46.637Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:46.637Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
9/4/2020 - 17:45:46.637Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.637Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.637Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.637Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.637Read1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628cea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.637Write1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628cea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.637Write1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\ea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628cea6ae2d06434f60d05b4f9bdaf4f95ef_fa25e266-6d0f-4de2-813a-bf4374e0628c
9/4/2020 - 17:45:46.637Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_17ef534f3f8c542d26cbacf2c3cc6157e70c6c8_cab_0564ae8f\Report.wer
9/4/2020 - 17:45:46.653Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:46.653Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:46.653Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:46.653Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.653Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.653Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.653Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MValidator.H1DHelp_MValidator.H1D
9/4/2020 - 17:45:46.653Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:46.653Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:46.653Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:46.653Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:46.653Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:46.653Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:46.653Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:46.653Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
9/4/2020 - 17:45:46.653Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.653Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.653Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.653Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrsMSSres00002.jrs
9/4/2020 - 17:45:46.653Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
9/4/2020 - 17:45:46.653Read1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
9/4/2020 - 17:45:46.653Read1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
9/4/2020 - 17:45:46.653Read1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001
9/4/2020 - 17:45:46.653Read1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002
9/4/2020 - 17:45:46.653Unknown1480C:\malware.exeC:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdfRacDatabase.sdf
9/4/2020 - 17:45:46.653Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.653Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.653Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1H
9/4/2020 - 17:45:46.653Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1H
9/4/2020 - 17:45:46.653Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1H
9/4/2020 - 17:45:46.653Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1H
9/4/2020 - 17:45:46.653Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.653Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.653Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1QHelp{A25A5CCD-80F4-4E02-AADD-7F39CC55E737}.H1Q
9/4/2020 - 17:45:46.653Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.653Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.653Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.653Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.653Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.668Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.668Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:46.668Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmp
9/4/2020 - 17:45:46.668Read1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
9/4/2020 - 17:45:46.668Read1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
9/4/2020 - 17:45:46.668Read1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
9/4/2020 - 17:45:46.668Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
9/4/2020 - 17:45:46.668Read1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
9/4/2020 - 17:45:46.668Read1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
9/4/2020 - 17:45:46.668Write1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
9/4/2020 - 17:45:46.668Write1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
9/4/2020 - 17:45:46.668Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
9/4/2020 - 17:45:46.668Read1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001
9/4/2020 - 17:45:46.668Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpgHydrangeas.jpg
9/4/2020 - 17:45:46.668Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpgHydrangeas.jpg
9/4/2020 - 17:45:46.668Read1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001
9/4/2020 - 17:45:46.668Write1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001
9/4/2020 - 17:45:46.668Write1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001
9/4/2020 - 17:45:46.668Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001
9/4/2020 - 17:45:46.668Read1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002
9/4/2020 - 17:45:46.684Read1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002
9/4/2020 - 17:45:46.684Write1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002
9/4/2020 - 17:45:46.684Write1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002
9/4/2020 - 17:45:46.684Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002
9/4/2020 - 17:45:46.684Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wmaRingtone 02.wma
9/4/2020 - 17:45:46.684Read1480C:\malware.exeC:\Users\Public\Music\Sample Music\Kalimba.mp3
9/4/2020 - 17:45:46.684Read1480C:\malware.exeC:\Users\Public\Music\Sample Music\Kalimba.mp3
9/4/2020 - 17:45:46.684Read1480C:\malware.exeC:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3Maid with the Flaxen Hair.mp3
9/4/2020 - 17:45:46.684Read1480C:\malware.exeC:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3Maid with the Flaxen Hair.mp3
9/4/2020 - 17:45:46.684Read1480C:\malware.exeC:\Users\Public\Music\Sample Music\Sleep Away.mp3Sleep Away.mp3
9/4/2020 - 17:45:46.684Read1480C:\malware.exeC:\Users\Public\Music\Sample Music\Sleep Away.mp3Sleep Away.mp3
9/4/2020 - 17:45:46.684Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\vss_ps.dll
9/4/2020 - 17:45:46.684Open344C:\Windows\System32\vssadmin.exeC:\Windows\System32\vss_ps.dll
9/4/2020 - 17:45:46.684Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpgHydrangeas.jpg
9/4/2020 - 17:45:46.684Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpgHydrangeas.jpg
9/4/2020 - 17:45:46.684Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpgHydrangeas.jpg
9/4/2020 - 17:45:46.684Write1480C:\malware.exeC:\Users\Public\Music\Sample Music\Kalimba.mp3
9/4/2020 - 17:45:46.684Write1480C:\malware.exeC:\Users\Public\Music\Sample Music\Kalimba.mp3
9/4/2020 - 17:45:46.684Write1480C:\malware.exeC:\Users\Public\Music\Sample Music\Kalimba.mp3
9/4/2020 - 17:45:46.684Write1480C:\malware.exeC:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3Maid with the Flaxen Hair.mp3
9/4/2020 - 17:45:46.684Write1480C:\malware.exeC:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3Maid with the Flaxen Hair.mp3
9/4/2020 - 17:45:46.684Write1480C:\malware.exeC:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3Maid with the Flaxen Hair.mp3
9/4/2020 - 17:45:46.684Write1480C:\malware.exeC:\Users\Public\Music\Sample Music\Sleep Away.mp3Sleep Away.mp3
9/4/2020 - 17:45:46.684Write1480C:\malware.exeC:\Users\Public\Music\Sample Music\Sleep Away.mp3Sleep Away.mp3
9/4/2020 - 17:45:46.684Write1480C:\malware.exeC:\Users\Public\Music\Sample Music\Sleep Away.mp3Sleep Away.mp3
9/4/2020 - 17:45:46.684Write1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
9/4/2020 - 17:45:46.684Write1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
9/4/2020 - 17:45:45.450Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp
9/4/2020 - 17:45:46.700Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp
9/4/2020 - 17:45:46.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmpusertile29.bmp
9/4/2020 - 17:45:46.700Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp
9/4/2020 - 17:45:46.700Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp
9/4/2020 - 17:45:46.700Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp
9/4/2020 - 17:45:46.700Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp
9/4/2020 - 17:45:46.700Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp
9/4/2020 - 17:45:46.700Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp
9/4/2020 - 17:45:45.450Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp
9/4/2020 - 17:45:46.700Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp
9/4/2020 - 17:45:46.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmpusertile28.bmp
9/4/2020 - 17:45:46.700Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp
9/4/2020 - 17:45:46.700Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp
9/4/2020 - 17:45:46.700Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp
9/4/2020 - 17:45:46.700Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp
9/4/2020 - 17:45:46.700Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp
9/4/2020 - 17:45:46.700Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp
9/4/2020 - 17:45:45.450Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp
9/4/2020 - 17:45:46.700Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp
9/4/2020 - 17:45:46.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmpusertile27.bmp
9/4/2020 - 17:45:46.700Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp
9/4/2020 - 17:45:46.700Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp
9/4/2020 - 17:45:46.700Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp
9/4/2020 - 17:45:46.700Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp
9/4/2020 - 17:45:46.700Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp
9/4/2020 - 17:45:46.700Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp
9/4/2020 - 17:45:46.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
9/4/2020 - 17:45:46.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
9/4/2020 - 17:45:46.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
9/4/2020 - 17:45:46.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
9/4/2020 - 17:45:46.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
9/4/2020 - 17:45:46.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
9/4/2020 - 17:45:46.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001
9/4/2020 - 17:45:46.715Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wmaRingtone 03.wma
9/4/2020 - 17:45:46.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
9/4/2020 - 17:45:46.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
9/4/2020 - 17:45:46.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
9/4/2020 - 17:45:46.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
9/4/2020 - 17:45:46.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
9/4/2020 - 17:45:46.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
9/4/2020 - 17:45:46.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002
9/4/2020 - 17:45:46.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001
9/4/2020 - 17:45:46.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001
9/4/2020 - 17:45:46.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001
9/4/2020 - 17:45:46.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001
9/4/2020 - 17:45:46.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001
9/4/2020 - 17:45:46.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001
9/4/2020 - 17:45:46.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001
9/4/2020 - 17:45:46.715Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpgJellyfish.jpg
9/4/2020 - 17:45:46.715Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpgJellyfish.jpg
9/4/2020 - 17:45:46.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002
9/4/2020 - 17:45:46.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002
9/4/2020 - 17:45:46.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002
9/4/2020 - 17:45:46.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002
9/4/2020 - 17:45:46.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002
9/4/2020 - 17:45:46.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002
9/4/2020 - 17:45:46.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002
9/4/2020 - 17:45:46.715Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Koala.jpg
9/4/2020 - 17:45:46.715Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Koala.jpg
9/4/2020 - 17:45:46.715Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpgLighthouse.jpg
9/4/2020 - 17:45:46.715Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpgLighthouse.jpg
9/4/2020 - 17:45:46.715Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
9/4/2020 - 17:45:46.715Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
9/4/2020 - 17:45:46.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wmaRingtone 02.wma
9/4/2020 - 17:45:46.715Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
9/4/2020 - 17:45:46.715Read1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
9/4/2020 - 17:45:46.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wmaRingtone 10.wma
9/4/2020 - 17:45:46.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma
9/4/2020 - 17:45:46.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wmaRingtone 10.wma
9/4/2020 - 17:45:46.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wmaRingtone 10.wma
9/4/2020 - 17:45:46.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma
9/4/2020 - 17:45:46.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wma
9/4/2020 - 17:45:46.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wmaRingtone 10.wma
9/4/2020 - 17:45:46.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wmaRingtone 10.wma
9/4/2020 - 17:45:46.715Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wmaRingtone 10.wma
9/4/2020 - 17:45:46.715Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wmaRingtone 10.wma
9/4/2020 - 17:45:46.715Read1480C:\malware.exeC:\Users\Public\Videos\Sample Videos\Wildlife.wmv
9/4/2020 - 17:45:46.715Read1480C:\malware.exeC:\Users\Public\Videos\Sample Videos\Wildlife.wmv
9/4/2020 - 17:45:46.715Read1480C:\malware.exeC:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtvwin7_scenic-demoshort_raw.wtv
9/4/2020 - 17:45:46.715Read1480C:\malware.exeC:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtvwin7_scenic-demoshort_raw.wtv
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp
9/4/2020 - 17:45:46.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmpusertile44.bmp
9/4/2020 - 17:45:46.715Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp
9/4/2020 - 17:45:46.715Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp
9/4/2020 - 17:45:46.715Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp
9/4/2020 - 17:45:46.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmpusertile43.bmp
9/4/2020 - 17:45:46.715Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp
9/4/2020 - 17:45:46.715Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp
9/4/2020 - 17:45:46.715Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp
9/4/2020 - 17:45:46.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmpusertile42.bmp
9/4/2020 - 17:45:46.715Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp
9/4/2020 - 17:45:46.715Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp
9/4/2020 - 17:45:46.715Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp
9/4/2020 - 17:45:45.43Open1480C:\malware.exeC:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp
9/4/2020 - 17:45:46.715Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wmaRingtone 03.wma
9/4/2020 - 17:45:46.715Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wmaRingtone 02.wma
9/4/2020 - 17:45:46.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma
9/4/2020 - 17:45:46.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma
9/4/2020 - 17:45:46.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wmaRingtone 02.wma
9/4/2020 - 17:45:46.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wmaRingtone 02.wma
9/4/2020 - 17:45:46.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wma
9/4/2020 - 17:45:46.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wmaRingtone 02.wma
9/4/2020 - 17:45:46.731Read1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdfRacWmiDatabase.sdf
9/4/2020 - 17:45:46.731Read1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdfRacWmiDatabase.sdf
9/4/2020 - 17:45:46.731Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wmaRingtone 02.wma
9/4/2020 - 17:45:46.731Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 02.wmaRingtone 02.wma
9/4/2020 - 17:45:46.731Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 04.wmaRingtone 04.wma
9/4/2020 - 17:45:46.731Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wmaRingtone 03.wma
9/4/2020 - 17:45:46.731Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 05.wmaRingtone 05.wma
9/4/2020 - 17:45:46.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma
9/4/2020 - 17:45:46.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma
9/4/2020 - 17:45:46.731Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wmaRingtone 03.wma
9/4/2020 - 17:45:46.731Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wmaRingtone 03.wma
9/4/2020 - 17:45:46.731Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wma
9/4/2020 - 17:45:46.731Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 03.wmaRingtone 03.wma
9/4/2020 - 17:45:46.731Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 06.wmaRingtone 06.wma
9/4/2020 - 17:45:46.731Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wmaRingtone 10.wma
9/4/2020 - 17:45:46.731Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wmaRingtone 10.wma
9/4/2020 - 17:45:46.731Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Ringtones\Ringtone 10.wmaRingtone 10.wma
9/4/2020 - 17:45:46.731Write1480C:\malware.exeC:\Users\Public\Videos\Sample Videos\Wildlife.wmv
9/4/2020 - 17:45:46.731Write1480C:\malware.exeC:\Users\Public\Videos\Sample Videos\Wildlife.wmv
9/4/2020 - 17:45:46.731Write1480C:\malware.exeC:\Users\Public\Videos\Sample Videos\Wildlife.wmv
9/4/2020 - 17:45:46.731Write1480C:\malware.exeC:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtvwin7_scenic-demoshort_raw.wtv
9/4/2020 - 17:45:46.731Write1480C:\malware.exeC:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtvwin7_scenic-demoshort_raw.wtv
9/4/2020 - 17:45:46.731Write1480C:\malware.exeC:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtvwin7_scenic-demoshort_raw.wtv
9/4/2020 - 17:45:46.747Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.747Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Help_MKWD_BestBet.H1WHelp_MKWD_BestBet.H1W
9/4/2020 - 17:45:46.747Read1480C:\malware.exeC:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
9/4/2020 - 17:45:46.747Read1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrsMSSres00001.jrs
9/4/2020 - 17:45:46.747Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.747Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.747Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1HHelp_MTOC_help.H1H
9/4/2020 - 17:45:46.747Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.747Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1WHelp_MKWD_AssetId.H1W
9/4/2020 - 17:45:46.747Read1480C:\malware.exeC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00003.log
9/4/2020 - 17:45:46.762Write1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdfRacWmiDatabase.sdf
9/4/2020 - 17:45:46.762Write1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdfRacWmiDatabase.sdf
9/4/2020 - 17:45:46.762Write1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdfRacWmiDatabase.sdf
9/4/2020 - 17:45:46.762Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpgJellyfish.jpg
9/4/2020 - 17:45:46.762Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpgJellyfish.jpg
9/4/2020 - 17:45:46.762Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpgJellyfish.jpg
9/4/2020 - 17:45:46.762Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Koala.jpg
9/4/2020 - 17:45:46.762Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Koala.jpg
9/4/2020 - 17:45:46.762Write1480C:\malware.exeC:\Users\Public\Pictures\Sample Pictures\Koala.jpg
9/4/2020 - 17:45:46.762Read1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdfRacWmiDatabase.sdf
9/4/2020 - 17:45:46.762Read1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdfRacWmiDatabase.sdf
9/4/2020 - 17:45:46.762Write1480C:\malware.exeC:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdfRacWmiDatabase.sdf