• Nenhum resultado encontrado

Report #11795

N/A
N/A
Info
Descarregar agora
Protected

Academic year: 2023

Share "Report #11795"

Copied!
171
0
0

Carregando.... (Ver texto completo agora)

Descarregar agora ( 171 páginas )

Texto

(1)

Binary

DLL False

Size 1.90MB

trid 64.5% Win32 Executable MS Visual C++

13.6% Win32 Dynamic Link Library 9.3% Win32 Executable

4.1% OS/2 Executable

4.1% Generic Win/DOS Executable

type PE

wordsize 32

Subsystem Windows GUI

Hashes

md5 5d2815c47bde378a11e87e5cd5b81eb0

sha1 afcadc4ce4b314afb59f6899a093139e8a495560

crc32 0x96465d18

sha224 2ad61db2c819b652a3b038dfc201657ee891fde6d7b076f899da8430

sha256 a6e9581dc1658b0c8cd8d9852a4dfd9619a0fb6f5008f582b975b5ed11b537 40

sha384 a9333d5097d577b0621a7c5f2f02f251813ccc502982b004bca3b06c73555b da28d8bef1fdd5a29a18f65d529838db21

sha512 5094a0ad2d138e5152ddd405c3f93fe97e9be4bf3ae8b1b5dc0763cc4c2d0c dbb0ea73eaa7af4404bce6a37158e90b2a9cb67757253a0d49a185f86badb 587b6

ssdeep 24576:KmOMSPE21AS7webNMBPkjxzm+kNEdkbNMBPkRyPFLNMD:sPLsebul k1zmf7bulkEfQ

Report #11795

Creation Date: Sept. 22, 2020, 5:41 p.m.

Last Update: Sept. 22, 2020, 5:48 p.m.

File:

5313_66618_directDownload_true.exe Results:

(2)

Community

Google False

HashLib False

YARA

Matches VC8_Microsoft_Corporation, RIPEMD160_Constants, domain, contentis_base 64, anti_dbg, screenshot, url, HasRichSignature, SHA1_Constants, Microsoft _Visual_Cpp_8, Armadillo_v4x, win_registry, HasDebugData, HasOverlay, wi n_files_operation, CRC32_poly_Constant, win_token, IsPE32, escalate_priv, I sWindowsGUI, IP

Suspicious True

Strings

List

<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">

d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb 7Acw.lC

S6.iT

%s.%d.tmp B.Si

2.Me 1.ug 2.cv 5p.by Crypt32.dll i2.Mq W.bF W.tJ i2.Mq v.mk

COMCTL32.dll riched32.dll riched20.dll industria.exe startup.exe Extracting %s SeSecurityPrivilege SeRestorePrivilege

Unknown encryption method in %s$The specified password is incorrect.

H`oD UC,E

Cannot create folder %sHChecksum error in the encrypted file %s. Corrupt file or wrong password.

G(wRi n&fDn

name="Microsoft.Windows.Common-Controls"

(3)

tfD7

%ne8^

with this one?

2ncM%4gi 93O%a }dH%n]?

`%E&Hlv

`%E&Hlv

`/|%%

%te{m g%@s%o g%@s%o

%te{m s}F%cl Ny/w%o n%E@+

`Fs%A(

%i^}E aL%a[D a%E\s

__tmp_rar_sfx_access_check_%u CreateThread failed

Delete

%sydW

%teUO

-el -s2 "-d%s" "-p%s" "-sp%s"

Software\Microsoft\Windows\CurrentVersion rtmp%d

Next volume is required Extracting from %s

Please download a fresh copy and retry the installation All files 2The archive is either in unknown format or damaged

Please close all applications, reboot Windows and restart this installation\Some installation files are corrupt.

Skipping %s

AYou may need to run this self-extracting archive as administrator Cannot copy %s to %s.

Cannot open %s Software\WinRAR SFX

You need to have the following volume to continue extraction:

Cannot create %s Unknown method in %s Read error in the file %s GETPASSWORD1

GETPASSWORD1

winrarsfxmappingfile.tmp

Extracting files to %s folder$Extracting files to temporary folder i_[fTp

mscoree.dll

<head><meta http-equiv="content-type" content="text/html; charset=

SeCreateSymbolicLinkPrivilege Shell.Explorer

<requestedPrivileges>

publicKeyToken="6595b64144ccf1df"

GetProcAddress

WaitForMultipleObjects error %d, GetLastError %d ExitProcess

Presetup CreateEventW

(4)

SetupCode

IsDebuggerPresent

The file "%s" header is corrupt Installation progress

TerminateProcess OpenProcessToken DeviceIoControl ShellExecuteExW VirtualAlloc CoCreateInstance

Foremost

Matches 1501.rar, 50 KB, 0.exe, 750 KB

Suspicious True

Heuristics

IPs hasIPs: False

Allowed Suspicious

hasAllowed: False hasSuspicious: False

URLs Allowed: http://schemas.microsoft.com/smi/2005/windowssettings hasURLs: True

Suspicious

hasAllowed: True hasSuspicious: False

Files Allowed: KERNEL32.DLL, Crypt32.dll, riched32.dll, riched20.dll, mscoree.dl l, ADVAPI32.dll, SHLWAPI.dll, OLEAUT32.dll, SHELL32.dll, GDI32.dll, COMCTL 32.dll, ole32.dll, USER32.DLL, COMDLG32.dll

hasFiles: True

Suspicious: %s.%d.tmp, winrarsfxmappingfile.tmp hasAllowed: True

hasSuspicious: True

Binary

Sizes RVA

RVA: 16

Suspicious: False Code

Size: 602112 Suspicious: False Image

Address: 4194304 Suspicious: False Stack

(5)

Stack: 4096 Suspicious: False Headers

Headers: 1024 Suspicious: False Suspicious: False

Symbols Number

Number: 0

Suspicious: True Pointer

Pointer: 0

Suspicious: True Directories Number: 16 Suspicious: False

Checksum Value: 0

Suspicous: True

Sections Allowed: .text, .rdata, .data, .rsrc Suspicious

hasAllowed: True hasSections: True hasSuspicious: False

Versions OS

Version: 5

Suspicious: False Image

Version: True Suspicious: 5 Linker

Version: 9.0 Suspicious: False Subsystem

Version: 5.0 Suspicious: False Suspicious: False

EntryPoint Address: 119835

Suspicious: False

Anomalies Anomalies: The header checksum and the calculated checksum do not ma tch.

hasAnomalies: True

Libraries Allowed: kernel32.dll, crypt32.dll, riched32.dll, riched20.dll, mscoree.dll, a dvapi32.dll, shlwapi.dll, oleaut32.dll, shell32.dll, gdi32.dll, comctl32.dll, ole 32.dll, user32.dll, comdlg32.dll

(6)

hasLibs: True Suspicious

hasAllowed: True hasSuspicious: False

Timestamp Past: False

Valid: True

Value: 2014-05-18 05:06:54 Future: False

Compilation Packed: False

Missing: False Packers

Compiled: True

Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation XOR: False

Fuzzing: True

PEDetector

Matches None

Suspicious False

Disassembly

hasTricks True

Tricks

pushret .data: 1

.rsrc: 23 .text: 2

pushpopmath .rsrc: 15

.text: 5 .rdata: 9

garbagebytes .data: 1

.rsrc: 12 .text: 2

stealthimport .rdata: 1

fakeconditionaljumps .rsrc: 1

(7)

programcontrolflowchange .data: 1 .rsrc: 11 .text: 2

cpuinstructionsresultscomparison .rsrc: 23

AVclass

autoit 1

VirusTotal

md5 5d2815c47bde378a11e87e5cd5b81eb0

sha1 afcadc4ce4b314afb59f6899a093139e8a495560

SCANS (DETECTION RATE = 68.66%)

AVG result: Win32:Broban-A [Trj]

update: 20180323 version: 18.2.3827.0 detected: True

CMC update: 20180323

version: 1.1.0.977 detected: False

MAX result: malware (ai score=100)

update: 20180323 version: 2017.11.15.1 detected: True

Bkav update: 20180322

version: 1.3.0.9466 detected: False

K7GW update: 20180323

version: 10.42.26597 detected: False

ALYac result: Trojan.GenericKD.2936213

update: 20180323 version: 1.1.1.5 detected: True

(8)

Avast result: Win32:Broban-A [Trj]

update: 20180323 version: 18.2.3827.0 detected: True

Avira result: DR/AutoIt.Gen

update: 20180323 version: 8.3.3.6 detected: True

Baidu update: 20180323

version: 1.0.0.2 detected: False

Cyren result: W32/Trojan.ZCCE-5696

update: 20180323 version: 5.4.30.7 detected: True

DrWeb result: Trojan.Inject1.43075

update: 20180323 version: 7.0.28.2020 detected: True

GData result: Trojan.GenericKD.2936213

update: 20180323

version: A:25.16481B:25.11861 detected: True

Panda result: Trj/OCJ.E

update: 20180323 version: 4.6.4.2 detected: True

VBA32 result: Trojan.Autoit.Banker

update: 20180323 version: 3.12.28.0 detected: True

VIPRE result: Trojan.Win32.Generic!BT

update: 20180323 version: 65478 detected: True

Zoner update: 20180323

version: 1.0 detected: False

(9)

AVware result: Trojan.Win32.Generic!BT update: 20180323

version: 1.5.0.42 detected: True

ClamAV update: 20180323

version: 0.99.2.0 detected: False

Comodo result: UnclassifiedMalware

update: 20180323 version: 28733 detected: True

F-Prot result: W32/Trojan5.PYM

update: 20180323 version: 4.7.1.166 detected: True

Ikarus result: Win32.SuspectCrc

update: 20180323 version: 0.1.5.2 detected: True

McAfee result: Artemis!5D2815C47BDE

update: 20180323 version: 6.0.6.653 detected: True

Rising update: 20180323

version: 25.0.0.1 detected: False

Sophos result: Troj/AutoIt-AAV

update: 20180323 version: 4.98.0 detected: True

Yandex update: 20180323

version: 5.5.1.3 detected: False

Zillya result: Trojan.Autoit.Win32.28858

update: 20180323 version: 2.0.0.3519

(10)

Arcabit result: Trojan.Generic.D2CCD95 update: 20180323

version: 1.0.0.831 detected: True

Cylance result: Unsafe

update: 20180323 version: 2.3.1.101 detected: True

Endgame result: malicious (moderate confidence) update: 20180316

version: 2.0.5 detected: True

Tencent result: Win32.Trojan.Autoit.Swlc

update: 20180323 version: 1.0.0.1 detected: True

ViRobot update: 20180323

version: 2014.3.20.0 detected: False

eGambit update: 20180323

version: v4.3.5 detected: False

Ad-Aware result: Trojan.GenericKD.2936213

update: 20180323 version: 3.0.3.1010 detected: True

AegisLab result: Troj.W32.Autoit.gen!c

update: 20180323 version: 4.2 detected: True

Emsisoft result: Trojan.GenericKD.2936213 (B) update: 20180323

version: 4.0.2.899 detected: True

F-Secure result: Trojan.GenericKD.2936213

update: 20180323 version: 11.0.19100.45

(11)

detected: True

Fortinet result: W32/Autoit.AAV!tr

update: 20180323 version: 5.4.247.0 detected: True

Invincea result: heuristic

update: 20180121 version: 6.3.4.26036 detected: True

Jiangmin result: Trojan.Autoit.hdm

update: 20180323 version: 16.0.100 detected: True

Kingsoft result: Win32.Troj.Undef.(kcloud) update: 20180323

version: 2013.8.14.323 detected: True

Paloalto result: generic.ml

update: 20180323 version: 1.0 detected: True

Symantec result: Trojan.Gen

update: 20180323 version: 1.5.0.0 detected: True

nProtect update: 20180323

version: 2018-03-23.02 detected: False

AhnLab-V3 update: 20180323

version: 3.12.0.20130 detected: False

Antiy-AVL update: 20180323

version: 3.0.0.1 detected: False

Kaspersky result: HEUR:Trojan.Win32.Autoit.gen update: 20180323

(12)

detected: True

Microsoft update: 20180323

version: 1.1.14600.4 detected: False

Qihoo-360 result: Win32/Trojan.a43

update: 20180323 version: 1.0.0.1120 detected: True

TheHacker update: 20180319

version: 6.8.0.5.2551 detected: False

ZoneAlarm result: HEUR:Trojan.Win32.Autoit.gen update: 20180323

version: 1.0 detected: True

Cybereason result: malicious.47bde3

update: 20180225 version: 1.2.27 detected: True

ESET-NOD32 result: Win32/TrojanDownloader.Banload.TNI update: 20180323

version: 17106 detected: True

TrendMicro result: TROJ_UTOTI.TYZAV

update: 20180323 version: 9.862.0.1074 detected: True

WhiteArmor update: 20180223

detected: False

BitDefender result: Trojan.GenericKD.2936213 update: 20180323

version: 7.2 detected: True

CrowdStrike result: malicious_confidence_90% (D) update: 20170201

version: 1.0 detected: True

(13)

K7AntiVirus update: 20180323 version: 10.42.26598 detected: False

SentinelOne result: static engine - malicious update: 20180225

version: 1.0.15.206 detected: True

Avast-Mobile update: 20180323

version: 180323-04 detected: False

Malwarebytes update: 20180323

version: 2.1.1.1115 detected: False

TotalDefense update: 20180323

version: 37.1.62.1 detected: False

CAT-QuickHeal result: Trojan.Autoit update: 20180323 version: 14.00 detected: True

NANO-Antivirus result: Trojan.Win32.Autoit.czndnz update: 20180323

version: 1.0.100.22043 detected: True

MicroWorld-eScan result: Trojan.GenericKD.2936213 update: 20180323

version: 14.0.297.0 detected: True

SUPERAntiSpyware update: 20180323

version: 5.6.0.1032 detected: False

McAfee-GW-Edition result: BehavesLike.Win32.Dropper.th update: 20180323

version: v2015 detected: True

(14)

TrendMicro-HouseCall result: TROJ_UTOTI.TYZAV update: 20180323

version: 9.950.0.1006 detected: True

total 67

sha256 a6e9581dc1658b0c8cd8d9852a4dfd9619a0fb6f5008f582b975b5ed11b537 40

scan_id a6e9581dc1658b0c8cd8d9852a4dfd9619a0fb6f5008f582b975b5ed11b537 40-1521841578

resource 5d2815c47bde378a11e87e5cd5b81eb0

permalink https://www.virustotal.com/gui/file/a6e9581dc1658b0c8cd8d9852a4dfd961 9a0fb6f5008f582b975b5ed11b53740/detection/f-a6e9581dc1658b0c8cd8d 9852a4dfd9619a0fb6f5008f582b975b5ed11b53740-1521841578

positives 46

scan_date 2018-03-23 21:46:18

verbose_msg Scan finished, information embedded

response_code 1

File

Trace

22/9/202 0 - 16:45:

42.747 Op en

2 1 7 2

C:\malware.exe C:\RICHED20.dll

22/9/202 0 - 16:45:

42.747 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\riched20.dll

22/9/202 0 - 16:45:

42.747 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\riched20.dll

22/9/202 0 - 16:45:

42.747 Op en

2 1 7 2

C:\malware.exe C:\Windows\Globalization\Sorting\SortDefault.nls

22/9/202 Un 2

(15)

0 - 16:45:

42.747 kn ow n

1 7 2

C:\malware.exe C:\Windows\Globalization\Sorting\SortDefault.nls SortDefault.nls

22/9/202 0 - 16:45:

42.762 Op en

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 Re 2

(16)

0 - 16:45:

42.762

ad 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 Re 2 1

(17)

0 - 16:45:

42.762

ad 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 2 1

(18)

42.762 ad 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45: Re

2

1 C:\malware.exe C:\malware.exe

(19)

42.762 ad 7 2

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45: Re

2

1 C:\malware.exe C:\malware.exe

(20)

42.762 2

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1

7 C:\malware.exe C:\malware.exe

(21)

2

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45: Re

ad 2 1

7 C:\malware.exe C:\malware.exe

(22)

2

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

(23)

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.762 Op en

2 1 7 2

C:\malware.exe C:\dwmapi.dll

22/9/202 0 - 16:45:

42.762 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\dwmapi.dll

22/9/202 0 - 16:45:

42.762 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\dwmapi.dll

22/9/202 0 - 16:45:

42.762 Op en

2 1 7 2

C:\malware.exe C:\malware.exe.Local

(24)

22/9/202 0 - 16:45:

42.762 Op en

2 1 7 2

C:\malware.exe

C:\Windows\winsxs\x86_microsoft.windows.common-cont rols_6595b64144ccf1df_6.0.7601.18837_none_41e85514 2bd5705d

22/9/202 0 - 16:45:

42.762 Un kn ow n

2 1 7 2

C:\malware.exe

C:\Windows\winsxs\x86_microsoft.windows.common-cont rols_6595b64144ccf1df_6.0.7601.18837_none_41e85514 2bd5705d

22/9/202 0 - 16:45:

42.762 Op en

2 1 7 2

C:\malware.exe

C:\Windows\winsxs\x86_microsoft.windows.common-cont rols_6595b64144ccf1df_6.0.7601.18837_none_41e85514 2bd5705d

22/9/202 0 - 16:45:

42.762 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\uxtheme.dll.Config

22/9/202 0 - 16:45:

42.762 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\uxtheme.dll

22/9/202 0 - 16:45:

42.762 Op en

2 1 7 2

C:\malware.exe C:\malware.exe.Local

22/9/202 0 - 16:45:

42.762 Op en

2 1 7 2

C:\malware.exe

C:\Windows\winsxs\x86_microsoft.windows.common-cont rols_6595b64144ccf1df_6.0.7601.18837_none_41e85514 2bd5705d

22/9/202 0 - 16:45:

42.762 Un kn ow n

2 1 7 2

C:\malware.exe

C:\Windows\winsxs\x86_microsoft.windows.common-cont rols_6595b64144ccf1df_6.0.7601.18837_none_41e85514 2bd5705d

22/9/202 0 - 16:45:

42.762 Op en

2 1 7 2

C:\malware.exe

C:\Windows\winsxs\x86_microsoft.windows.common-cont rols_6595b64144ccf1df_6.0.7601.18837_none_41e85514 2bd5705d

22/9/202 0 - 16:45:

42.762 Un kn ow n

2 1 7 2

C:\malware.exe

C:\Windows\winsxs\x86_microsoft.windows.common-cont rols_6595b64144ccf1df_6.0.7601.18837_none_41e85514 2bd5705d

22/9/202 0 - 16:45:

42.778 Op en

2 1 7 2

C:\malware.exe C:\Windows\win.ini

(25)

22/9/202 0 - 16:45:

42.778 Re ad

2 1 7 2

C:\malware.exe C:\Windows\win.ini

22/9/202 0 - 16:45:

42.778 Op en

2 1 7 2

C:\malware.exe C:\Windows\Fonts\StaticCache.dat

22/9/202 0 - 16:45:

42.778 Re ad

2 1 7 2

C:\malware.exe C:\Windows\Fonts\StaticCache.dat StaticCache.dat

22/9/202 0 - 16:45:

42.778 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\shell32.dll

22/9/202 0 - 16:45:

42.778 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\shell32.dll

22/9/202 0 - 16:45:

42.778 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\shell32.dll

22/9/202 0 - 16:45:

42.778 Op en

2 1 7 2

C:\malware.exe C:\malware.exe.Local

22/9/202 0 - 16:45:

42.778 Op en

2 1 7 2

C:\malware.exe

C:\Windows\winsxs\x86_microsoft.windows.common-cont rols_6595b64144ccf1df_6.0.7601.18837_none_41e85514 2bd5705d

22/9/202 0 - 16:45:

42.778 Un kn ow n

2 1 7 2

C:\malware.exe

C:\Windows\winsxs\x86_microsoft.windows.common-cont rols_6595b64144ccf1df_6.0.7601.18837_none_41e85514 2bd5705d

22/9/202 0 - 16:45:

42.778 Op en

2 1 7 2

C:\malware.exe

C:\Windows\winsxs\x86_microsoft.windows.common-cont rols_6595b64144ccf1df_6.0.7601.18837_none_41e85514 2bd5705d

22/9/202 0 - 16:45:

42.778 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\shell32.dll

(26)

22/9/202 0 - 16:45:

42.778 Op en

1 7 2

C:\malware.exe C:\Windows\SysWOW64\shell32.dll

22/9/202 0 - 16:45:

42.778 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\shell32.dll

22/9/202 0 - 16:45:

42.778 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\shell32.dll

22/9/202 0 - 16:45:

42.778 Op en

2 1 7 2

C:\malware.exe C:\Program Files (x86)\Common Files\microsoft shared\in k\tiptsf.dll

22/9/202 0 - 16:45:

42.778 Op en

2 1 7 2

C:\malware.exe C:\Program Files (x86)\Common Files\microsoft shared\in k\tiptsf.dll

22/9/202 0 - 16:45:

42.793 Op en

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.793 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.793 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.793 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.793 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.793 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 2

(27)

0 - 16:45:

42.793 Re ad

1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.793 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.793 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.793 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.793 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.793 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.793 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.793 Un kn ow n

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.793 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\ole32.dll

22/9/202 0 - 16:45:

42.793 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\ole32.dll

22/9/202 0 - 16:45:

42.793 Op en

2 1 7 2

C:\malware.exe C:\Users

2

(28)

0 - 16:45:

42.793 Op en

1 7 2

C:\malware.exe C:\Users

22/9/202 0 - 16:45:

42.793 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users

22/9/202 0 - 16:45:

42.793 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot

22/9/202 0 - 16:45:

42.793 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot

22/9/202 0 - 16:45:

42.793 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot

22/9/202 0 - 16:45:

42.793 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData

22/9/202 0 - 16:45:

42.793 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData

22/9/202 0 - 16:45:

42.793 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData

22/9/202 0 - 16:45:

42.793 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming

22/9/202 0 - 16:45:

42.793 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming

22/9/202 0 - 16:45:

42.793 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming

22/9/202 Op

2 1

(29)

0 - 16:45:

42.793

en 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming

22/9/202 0 - 16:45:

42.793 Un kn ow n

2 1 7 2

C:\malware.exe C:\Monitor

22/9/202 0 - 16:45:

42.793 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\__tmp_rar_sfx_acce ss_check_1114328

22/9/202 0 - 16:45:

42.793 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\__tmp_rar_sfx_acce ss_check_1114328

__tmp_rar_sfx_a ccess_check_11 14328

22/9/202 0 - 16:45:

42.793 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\__tmp_rar_sfx_acce ss_check_1114328

22/9/202 0 - 16:45:

42.793 Op en

2 1 7 2

C:\malware.exe C:\Monitor\Files\DeletedFiles\__tmp_rar_sfx_access_check _1114328

22/9/202 0 - 16:45:

42.793 Un kn ow n

2 1 7 2

C:\malware.exe C:\Monitor\Files\DeletedFiles\__tmp_rar_sfx_access_check _1114328

__tmp_rar_sfx_a ccess_check_11 14328

22/9/202 0 - 16:45:

42.793 De let e

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\__tmp_rar_sfx_acce ss_check_1114328

__tmp_rar_sfx_a ccess_check_11 14328

22/9/202 0 - 16:45:

42.793 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\__tmp_rar_sfx_acce ss_check_1114328

__tmp_rar_sfx_a ccess_check_11 14328

22/9/202 0 - 16:45:

42.793 Op en

2 1 7 2

C:\malware.exe C:\Monitor\Malware

22/9/202 0 - 16:45:

42.793 Un kn ow n

2 1 7 2

C:\malware.exe C:\Monitor\Malware

22/9/202 2

(30)

0 - 16:45:

42.793

en 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.793 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.793 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.793 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.793 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.793 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.793 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.793 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.793 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.793 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.793 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45: Re

2

1 C:\malware.exe C:\malware.exe

(31)

42.793 ad 7 2

22/9/202 0 - 16:45:

42.793 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.793 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.793 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe

22/9/202 0 - 16:45:

42.793 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe

22/9/202 0 - 16:45:

42.793 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe

22/9/202 0 - 16:45:

42.793 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe industria.exe

22/9/202 0 - 16:45:

42.793 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe industria.exe

22/9/202 0 - 16:45:

42.793 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.793 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.809 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45: Re

2

1 C:\malware.exe C:\malware.exe

(32)

42.809 2

22/9/202 0 - 16:45:

42.809 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.809 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.809 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.809 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.825 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.825 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.825 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.825 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.825 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.825 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45: Re

ad 2 1

7 C:\malware.exe C:\malware.exe

(33)

42.825 2

22/9/202 0 - 16:45:

42.825 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.840 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.840 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.840 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.840 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.840 Wr ite

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe industria.exe

22/9/202 0 - 16:45:

42.840 Wr ite

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe industria.exe

22/9/202 0 - 16:45:

42.840 Wr ite

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe industria.exe

22/9/202 0 - 16:45:

42.840 Wr ite

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe industria.exe

22/9/202 0 - 16:45:

42.840 Wr ite

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe industria.exe

22/9/202 0 - 16:45: Wr

ite 2 1

7 C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe industria.exe

(34)

2

22/9/202 0 - 16:45:

42.840 Wr ite

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe industria.exe

22/9/202 0 - 16:45:

42.840 Wr ite

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe industria.exe

22/9/202 0 - 16:45:

42.840 Wr ite

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe industria.exe

22/9/202 0 - 16:45:

42.840 Wr ite

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe industria.exe

22/9/202 0 - 16:45:

42.840 Wr ite

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe industria.exe

22/9/202 0 - 16:45:

42.840 Wr ite

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe industria.exe

22/9/202 0 - 16:45:

42.840 Wr ite

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe industria.exe

22/9/202 0 - 16:45:

42.840 Wr ite

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe industria.exe

22/9/202 0 - 16:45:

42.840 Wr ite

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe industria.exe

22/9/202 0 - 16:45:

42.840 Wr ite

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe industria.exe

22/9/202 0 - 16:45:

42.840 Wr ite

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe industria.exe

(35)

22/9/202 0 - 16:45:

42.840 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe industria.exe

22/9/202 0 - 16:45:

42.840 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe

22/9/202 0 - 16:45:

42.840 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe industria.exe

22/9/202 0 - 16:45:

42.840 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe industria.exe

22/9/202 0 - 16:45:

42.840 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.840 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.840 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\startup.exe

22/9/202 0 - 16:45:

42.840 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\startup.exe

22/9/202 0 - 16:45:

42.840 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\startup.exe

22/9/202 0 - 16:45:

42.840 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\startup.exe

22/9/202 0 - 16:45:

42.840 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\startup.exe

(36)

22/9/202 0 - 16:45:

42.840 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.840 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.840 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.856 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.856 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.856 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.856 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.856 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.856 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.856 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.856 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

2

(37)

22/9/202 0 - 16:45:

42.856 Re ad

1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.856 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.856 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.856 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.856 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.856 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.997 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.997 Wr ite

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\startup.exe

22/9/202 0 - 16:45:

42.997 Wr ite

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\startup.exe

22/9/202 0 - 16:45:

42.997 Wr ite

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\startup.exe

22/9/202 0 - 16:45:

42.997 Wr ite

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\startup.exe

2

(38)

0 - 16:45:

42.997 Wr ite

1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\startup.exe

22/9/202 0 - 16:45:

42.997 Wr ite

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\startup.exe

22/9/202 0 - 16:45:

42.997 Wr ite

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\startup.exe

22/9/202 0 - 16:45:

42.997 Wr ite

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\startup.exe

22/9/202 0 - 16:45:

42.997 Wr ite

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\startup.exe

22/9/202 0 - 16:45:

42.997 Wr ite

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\startup.exe

22/9/202 0 - 16:45:

42.997 Wr ite

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\startup.exe

22/9/202 0 - 16:45:

42.997 Wr ite

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\startup.exe

22/9/202 0 - 16:45:

42.997 Wr ite

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\startup.exe

22/9/202 0 - 16:45:

42.997 Wr ite

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\startup.exe

22/9/202 0 - 16:45:

42.997 Wr ite

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\startup.exe

22/9/202 Wr

2 1

(39)

0 - 16:45:

42.997

ite 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\startup.exe

22/9/202 0 - 16:45:

42.997 Wr ite

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\startup.exe

22/9/202 0 - 16:45:

42.997 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\startup.exe

22/9/202 0 - 16:45:

42.997 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\startup.exe

22/9/202 0 - 16:45:

42.997 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\startup.exe

22/9/202 0 - 16:45:

42.997 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\startup.exe

22/9/202 0 - 16:45:

42.997 Re ad

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.997 Un kn ow n

2 1 7 2

C:\malware.exe C:\malware.exe

22/9/202 0 - 16:45:

42.997 Op en

2 1 7 2

C:\malware.exe C:\Monitor\Malware

22/9/202 0 - 16:45:

42.997 Un kn ow n

2 1 7 2

C:\malware.exe C:\Monitor\Malware

22/9/202 0 - 16:45:

42.997 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe

22/9/202 Un 2

(40)

0 - 16:45:

42.997 ow n

7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe industria.exe

22/9/202 0 - 16:45:

42.997 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming

22/9/202 0 - 16:45:

42.997 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming

22/9/202 0 - 16:45:

42.997 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe

22/9/202 0 - 16:45:

42.997 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe industria.exe

22/9/202 0 - 16:45:

42.997 Op en

2 1 7 2

C:\malware.exe C:\PROPSYS.dll

22/9/202 0 - 16:45:

42.997 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\propsys.dll

22/9/202 0 - 16:45:

42.997 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\propsys.dll

22/9/202 0 - 16:45:

43.43

Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Local\Microsoft\Windows\Cac hes

22/9/202 0 - 16:45:

43.43

Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Local\Microsoft\Windows\Cac hes\cversions.1.db

22/9/202 0 - 16:45:

43.43

Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Local\Microsoft\Windows\Cac hes

22/9/202 Op

2

1 C:\Users\Behemot\AppData\Local\Microsoft\Windows\Cac

(41)

0 - 16:45:

43.43

en 7 2

C:\malware.exe hes\cversions.1.db

22/9/202 0 - 16:45:

43.43

Op en

2 1 7 2

C:\malware.exe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Cac hes\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver 0x0000000000000000.db

22/9/202 0 - 16:45:

43.43

Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\Desktop\desktop.ini

22/9/202 0 - 16:45:

43.43

Re ad

2 1 7 2

C:\malware.exe C:\Users\Behemot\Desktop\desktop.ini

22/9/202 0 - 16:45:

43.43

Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot\Desktop\desktop.ini

22/9/202 0 - 16:45:

43.43

Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\propsys.dll

22/9/202 0 - 16:45:

43.43

Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\propsys.dll

22/9/202 0 - 16:45:

43.43

Op en

2 1 7 2

C:\malware.exe C:\Windows\System32\propsys.dll

22/9/202 0 - 16:45:

43.43

Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\propsys.dll

22/9/202 0 - 16:45:

43.43

Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\propsys.dll

22/9/202 0 - 16:45:

43.43

Op en

2 1 7 2

C:\malware.exe C:\Windows\System32\propsys.dll

22/9/202 Op

2 1

(42)

43.137 en 7 2

22/9/202 0 - 16:45:

43.137 Un kn ow n

2 1 7 2

C:\malware.exe C:\

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\Users\desktop.ini

22/9/202 0 - 16:45:

43.137 Re ad

2 1 7 2

C:\malware.exe C:\Users\desktop.ini

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\Users

22/9/202 0 - 16:45:

43.137 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot

22/9/202 0 - 16:45:

43.137 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\Searches\desktop.ini

22/9/202 0 - 16:45:

43.137 Re ad

2 1 7 2

C:\malware.exe C:\Users\Behemot\Searches\desktop.ini

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\

22/9/202 0 - 16:45:

Un kn ow

2 1

7 C:\malware.exe C:\

(43)

43.137 n 2

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\Users

22/9/202 0 - 16:45:

43.137 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot

22/9/202 0 - 16:45:

43.137 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\Videos\desktop.ini

22/9/202 0 - 16:45:

43.137 Re ad

2 1 7 2

C:\malware.exe C:\Users\Behemot\Videos\desktop.ini

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\

22/9/202 0 - 16:45:

43.137 Un kn ow n

2 1 7 2

C:\malware.exe C:\

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\Users

22/9/202 0 - 16:45:

43.137 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users

22/9/202 0 - 16:45: Op

en 2 1

7 C:\malware.exe C:\Users\Behemot

(44)

2

22/9/202 0 - 16:45:

43.137 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\Pictures\desktop.ini

22/9/202 0 - 16:45:

43.137 Re ad

2 1 7 2

C:\malware.exe C:\Users\Behemot\Pictures\desktop.ini

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\

22/9/202 0 - 16:45:

43.137 Un kn ow n

2 1 7 2

C:\malware.exe C:\

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\Users

22/9/202 0 - 16:45:

43.137 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot

22/9/202 0 - 16:45:

43.137 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\

22/9/202 0 - 16:45:

43.137 Un kn ow

2 1

7 C:\malware.exe C:\

(45)

n 2

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\Users

22/9/202 0 - 16:45:

43.137 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot

22/9/202 0 - 16:45:

43.137 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\Contacts\desktop.ini

22/9/202 0 - 16:45:

43.137 Re ad

2 1 7 2

C:\malware.exe C:\Users\Behemot\Contacts\desktop.ini

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\

22/9/202 0 - 16:45:

43.137 Un kn ow n

2 1 7 2

C:\malware.exe C:\

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\Users

22/9/202 0 - 16:45:

43.137 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users

22/9/202 0 - 16:45:

43.137 Op en

2 1

7 C:\malware.exe C:\Users\Behemot

(46)

22/9/202 0 - 16:45:

43.137 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\Favorites\desktop.ini

22/9/202 0 - 16:45:

43.137 Re ad

2 1 7 2

C:\malware.exe C:\Users\Behemot\Favorites\desktop.ini

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\

22/9/202 0 - 16:45:

43.137 Un kn ow n

2 1 7 2

C:\malware.exe C:\

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\Users

22/9/202 0 - 16:45:

43.137 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot

22/9/202 0 - 16:45:

43.137 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\Music\desktop.ini

22/9/202 0 - 16:45:

43.137 Re ad

2 1 7 2

C:\malware.exe C:\Users\Behemot\Music\desktop.ini

(47)

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\

22/9/202 0 - 16:45:

43.137 Un kn ow n

2 1 7 2

C:\malware.exe C:\

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\Users

22/9/202 0 - 16:45:

43.137 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot

22/9/202 0 - 16:45:

43.137 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\Downloads\desktop.ini

22/9/202 0 - 16:45:

43.137 Re ad

2 1 7 2

C:\malware.exe C:\Users\Behemot\Downloads\desktop.ini

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\

22/9/202 0 - 16:45:

43.137 Un kn ow n

2 1 7 2

C:\malware.exe C:\

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\Users

(48)

22/9/202 0 - 16:45:

43.137 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot

22/9/202 0 - 16:45:

43.137 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\Documents\desktop.ini

22/9/202 0 - 16:45:

43.137 Re ad

2 1 7 2

C:\malware.exe C:\Users\Behemot\Documents\desktop.ini

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\

22/9/202 0 - 16:45:

43.137 Un kn ow n

2 1 7 2

C:\malware.exe C:\

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\Users

22/9/202 0 - 16:45:

43.137 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users

22/9/202 0 - 16:45:

43.137 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot

22/9/202 0 - 16:45:

43.137 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot

2

(49)

22/9/202 0 - 16:45:

43.137 Op en

1 7 2

C:\malware.exe C:\Users\Behemot\Links\desktop.ini

22/9/202 0 - 16:45:

43.137 Re ad

2 1 7 2

C:\malware.exe C:\Users\Behemot\Links\desktop.ini

22/9/202 0 - 16:45:

43.200 Op en

2 1 7 2

C:\malware.exe C:\

22/9/202 0 - 16:45:

43.200 Un kn ow n

2 1 7 2

C:\malware.exe C:\

22/9/202 0 - 16:45:

43.200 Op en

2 1 7 2

C:\malware.exe C:\Users

22/9/202 0 - 16:45:

43.200 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users

22/9/202 0 - 16:45:

43.200 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot

22/9/202 0 - 16:45:

43.200 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot

22/9/202 0 - 16:45:

43.200 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\Saved Games\desktop.ini

22/9/202 0 - 16:45:

43.200 Re ad

2 1 7 2

C:\malware.exe C:\Users\Behemot\Saved Games\desktop.ini

22/9/202 0 - 16:45:

43.200 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\shdocvw.dll

2

(50)

0 - 16:45:

43.200 Op en

1 7 2

C:\malware.exe C:\Windows\AppPatch\sysmain.sdb

22/9/202 0 - 16:45:

43.200 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64

22/9/202 0 - 16:45:

43.200 Un kn ow n

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64

22/9/202 0 - 16:45:

43.200 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\shdocvw.dll

22/9/202 0 - 16:45:

43.200 Op en

2 1 7 2

C:\malware.exe C:\

22/9/202 0 - 16:45:

43.200 Un kn ow n

2 1 7 2

C:\malware.exe C:\

22/9/202 0 - 16:45:

43.200 Op en

2 1 7 2

C:\malware.exe C:\Windows

22/9/202 0 - 16:45:

43.200 Un kn ow n

2 1 7 2

C:\malware.exe C:\Windows

22/9/202 0 - 16:45:

43.200 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64

22/9/202 0 - 16:45:

43.200 Un kn ow n

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64

22/9/202 0 - 16:45:

43.200 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64

22/9/202 Un 2

(51)

0 - 16:45:

43.200 kn ow n

1 7 2

C:\malware.exe C:\Windows\SysWOW64

22/9/202 0 - 16:45:

43.200 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\shdocvw.dll

22/9/202 0 - 16:45:

43.200 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\shdocvw.dll

22/9/202 0 - 16:45:

43.403 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\shdocvw.dll

22/9/202 0 - 16:45:

43.403 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\shdocvw.dll

22/9/202 0 - 16:45:

43.403 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\shdocvw.dll

22/9/202 0 - 16:45:

43.403 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\shdocvw.dll

22/9/202 0 - 16:45:

43.403 Re ad

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\shdocvw.dll

22/9/202 0 - 16:45:

43.403 Re ad

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\shdocvw.dll

22/9/202 0 - 16:45:

43.403 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\shdocvw.dll

22/9/202 0 - 16:45:

43.403 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\shdocvw.dll

2

(52)

0 - 16:45:

43.403 Op en

1 7 2

C:\malware.exe C:\Windows\SysWOW64\shdocvw.dll

22/9/202 0 - 16:45:

43.403 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot

22/9/202 0 - 16:45:

43.403 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot

22/9/202 0 - 16:45:

43.403 Op en

2 1 7 2

C:\malware.exe C:\

22/9/202 0 - 16:45:

43.403 Un kn ow n

2 1 7 2

C:\malware.exe C:\

22/9/202 0 - 16:45:

43.403 Op en

2 1 7 2

C:\malware.exe C:\Users

22/9/202 0 - 16:45:

43.403 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users

22/9/202 0 - 16:45:

43.403 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\urlmon.dll

22/9/202 0 - 16:45:

43.403 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\urlmon.dll

22/9/202 0 - 16:45:

43.403 Op en

2 1 7 2

C:\malware.exe C:\version.DLL

22/9/202 0 - 16:45:

43.403 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\version.dll

22/9/202 2

(53)

0 - 16:45:

43.403 Op en

1 7 2

C:\malware.exe C:\Windows\SysWOW64\version.dll

22/9/202 0 - 16:45:

43.418 Op en

2 1 7 2

C:\malware.exe C:\Secur32.dll

22/9/202 0 - 16:45:

43.418 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\secur32.dll

22/9/202 0 - 16:45:

43.418 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\secur32.dll

22/9/202 0 - 16:45:

43.418 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Local\Microsoft\Windows\Tem porary Internet Files

22/9/202 0 - 16:45:

43.418 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Local\Microsoft\Windows\Tem porary Internet Files

22/9/202 0 - 16:45:

43.418 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\

Cookies

22/9/202 0 - 16:45:

43.418 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\

Cookies

22/9/202 0 - 16:45:

43.418 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe

22/9/202 0 - 16:45:

43.418 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe industria.exe

22/9/202 0 - 16:45:

43.418 Op en

2 1 7 2

C:\malware.exe C:\

22/9/202 Un 2

(54)

0 - 16:45:

43.418 ow n

7 2

C:\malware.exe C:\

22/9/202 0 - 16:45:

43.418 Op en

2 1 7 2

C:\malware.exe C:\Users

22/9/202 0 - 16:45:

43.418 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users

22/9/202 0 - 16:45:

43.418 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot

22/9/202 0 - 16:45:

43.418 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot

22/9/202 0 - 16:45:

43.418 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData

22/9/202 0 - 16:45:

43.418 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData

22/9/202 0 - 16:45:

43.418 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe

22/9/202 0 - 16:45:

43.418 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe industria.exe

22/9/202 0 - 16:45:

43.418 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming

22/9/202 0 - 16:45:

43.418 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming

22/9/202 0 - 16:45: Op

2

1 C:\malware.exe C:\Users\Behemot\AppData

(55)

43.418 en 7 2

22/9/202 0 - 16:45:

43.418 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData

22/9/202 0 - 16:45:

43.418 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot

22/9/202 0 - 16:45:

43.418 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users\Behemot

22/9/202 0 - 16:45:

43.418 Op en

2 1 7 2

C:\malware.exe C:\Users

22/9/202 0 - 16:45:

43.418 Un kn ow n

2 1 7 2

C:\malware.exe C:\Users

22/9/202 0 - 16:45:

43.418 Op en

2 1 7 2

C:\malware.exe C:\Users\Behemot\AppData\Roaming\industria.exe

22/9/202 0 - 16:45:

43.418 Op en

2 1 7 2

C:\malware.exe C:\api-ms-win-downlevel-advapi32-l2-1-0.dll

22/9/202 0 - 16:45:

43.418 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32- l2-1-0.dll

22/9/202 0 - 16:45:

43.418 Un kn ow n

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32- l2-1-0.dll

api-ms-win-dow nlevel-advapi32 -l2-1-0.dll

22/9/202 0 - 16:45:

43.418 Op en

2 1 7 2

C:\malware.exe C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32- l2-1-0.dll

22/9/202 Un kn

2

1 C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32- api-ms-win-dow

Referências

Descarregar agora ( PDF - 171 páginas - 574.14 KB )

Documentos relacionados

Report #12003

ws2_32.dll ws2_32.dll olepro32.dll comctl32.dll comctl32.dll comctl32.dll comctl32.dll comctl32.dll wship6.dll version.dll WINMM.dll UxTheme.dll wininet.dll uxtheme.dll 0.0.0.0

Report #453

Files Allowed: kernel32.dll, USER32.dll, mscoree.dll, GDI32.dll hasFiles:

Report #13925

report.log COMCTL32.dll MSVCR110.dll WS2_32.dll WININET.dll ,&amp;combase.dll WINTRUST.dll data\surfaud.dat WINMM.dll WINMM.dll UxTheme.dll iphlpapi.dll dbghelp.dll

Report #7211

Libraries Allowed: mapi32.dll, mtxex.dll, ws2_32.dll, user32.dll, uxtheme.dll, dwmap i.dll, wininet.dll, ole32.dll, imm32.dll, advapi32.dll, comctl32.dll, shfolder.dll,

Report #582

Files Allowed: rarext64.dll, rarext.dll, riched20.dll, KERNEL32.DLL, cabinet.dll, U nAceV2.Dll, Wkernel32.dll, mscoree.dll, \SOFTWARE\Microsoft\Windows\Curr

Report #9218

Files Allowed: user32.dll, kernel32.dll, uxtheme.dll, gdi32.dll, crypt32.dll, coleto r.dll, vcltest3.dll, pstorec.dll, MAPI32.DLL, version.dll, comctl32.dll, shell32.d ll,

Report #432

Files Allowed: 2ntdll.dll, WININET.dll, shlwapi.dll, MSVCR110.dll, CRYPT32.dll, SH ELL32.dll, user32.dll, ADVAPI32.dll, PSAPI.DLL, kernel32.dll, GDI32.dll, msvc rt.dll,

Report #317

Files Allowed: kernel32.dll, ntdll.dll, psapi.dll, mscoree.dll, dnsapi.dll,