Report #3529

(1)

Binary

DLL False

Size 2.60MB

trid 44.3% Win32 Executable Borland Delphi 7

30.0% Win32 Executable Borland Delphi 5 17.5% Win32 Executable Borland Delphi 6 2.8% InstallShield setup

2.7% Win32 EXE PECompact compressed

type PE

wordsize 32

Subsystem Windows GUI

Hashes

md5 40ac7f774293ce39c6ddcfe06ea655a0

sha1 f3085f5b1382ae73619fde2dea97e8c6a39e5794

crc32 0xd23bd612

sha224 1d513bb928dc5f79d47e0168dccab0626b1f24f332a730e081e14c64

sha256 1056d419d7bf4839ca927d88b346911d6bd2a03ee08f714856e88ce2461a4 b89

sha384 fa47b6b2dbcf575de6d2039aab21f42bc881cdf1da39bcc555ef06a910f3667 95911dc45aa988ef874b411ebb1794da8

sha512 8b02205a31f337c772b0187e6ce6a66c3cacb6c626a62dddc5954b18780c3 9b33c0666864cecd9660ed37ec4cdde5cb7d347f185677624259e2985500c 751591

ssdeep 49152:OWAG13kIMOevimgOPvGiuVbEY9YZqIfpeTiTPxWBWA:ObG9eBulE8IR TIBWA

Report #3529

Creation Date: Nov. 17, 2019, 3 p.m.

Last Update: Nov. 17, 2019, 6:31 p.m.

File:

Nota-Digital32874879e.exe Results:

(2)

Community

Google False

HashLib False

YARA

Matches domain, Borland, Borland_Delphi_30_, network_dropper, CRC32_poly_Const ant, BASE64_table, Delphi_DecodeDate, network_ssl, RIPEMD160_Constant s, borland_delphi, VMWare_Detection, Delphi_FormShow, network_dns, net work_tcp_listen, CRC32_table, anti_dbgtools, Microsoft_Visual_Cpp_v50v60_

MFC, win_files_operation, IsPE32, win_hook, RijnDael_AES_CHAR, contentis_

base64, network_tcp_socket, screenshot, Borland_Delphi_v40_v50, keylogg er, win_mutex, Borland_Delphi_40_additional, VirtualPC_Detection, Borland_

Delphi_40, vmdetect, Delphi_Random, IsWindowsGUI, network_udp_sock, D elphi_Copy, anti_dbg, Borland_Delphi_Setup_Module, Borland_Delphi_DLL, u rl, SHA1_Constants, win_registry, Delphi_CompareCall, RijnDael_AES_LONG, Delphi_StrToInt, Borland_Delphi_30_additional, Borland_Delphi_v30, System _Tools

Suspicious True

Strings

List

the appropriate version of this product at http://www.componentace.com Web site: http://www.componentace.com

C:\Program Files (x86)\Borland\Delphi7\Lib\bsEffects.pas C:\Program Files (x86)\Borland\Delphi7\Lib\bsEffects.pas C:\Program Files (x86)\Borland\Delphi7\Lib\bsEffects.pas C:\Program Files (x86)\Borland\Delphi7\Lib\bsEffects.pas C:\Program Files (x86)\Borland\Delphi7\Lib\AdvTBXPVS.pas t.Ht

DefaultFont.Name DefaultFont.Name DefaultFont.Name DefaultFont.Name DefaultFont.Name Font.Name Font.Style Font.Style Font.Name Font.Style Font.Name DefaultFont.Style DefaultFont.Style DefaultFont.Style DefaultFont.Style DefaultFont.Style

(3)

BoundLabel.Active BoundLabel.Active BoundLabel.Active BoundLabel.Active BoundLabel.Active BoundLabel.Active BoundLabel.Active

Invalid compressed size, rfs.size = %d, count = %d MenuDefaultFont.Name

MenuDefaultFont.Style

%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group feel free to contact us at [email protected]

t.hK C.Ph

System\CurrentControlSet\Control\Keyboard Layouts\%.8x procmon.exe

F.Ph

clGreen Pen.Style

\Software\Borland\C++Builder 0sr4r2we5.adi

\Software\Borland\Delphi

<p><hr width="100%%"><i>%1:s</i></body></html>;Circular Protection detected, Protection Object is invalid.

P.rsrc Options.dat Options.dat Options.dat

SOFTWARE\Borland\Delphi\RTL Delphi%.8X

Software\Borland\Locales Software\Borland\Delphi\Locales

\Software\Borland\BDS comctl32.dll

comctl32.dll msimg32.dll comctl32.dll comctl32.dll comctl32.dll msimg32.dll olepro32.dll comctl32.dll version.dll uxtheme.dll vcltest3.dll ThirdPanels dwmapi.dll filemon.exe Network is down.

RdPS

Host is down.

Hashed list of file names is invalid regmon.exe

Username Username Username

The compression scheme is Password for "%s"

EDIT_DELETE=Delete OnExit\fD

(4)

OnStartDock\fD OnStartDock\fD OnStartDock\fD OnStartDock\fD OnStartDock\fD OnStartDock\fD OnStartDock\fD OnStartDock\fD OnStartDock\fD OnStartDock\fD OnStartDock\fD OnStartDock\fD OnStartDock\fD Socket Error # %d OnDeleteErrorhwH OnDeleteErrorhwH Paint.NET v3.5.11G

Foremost

Matches 5253.bmp, 1 KB, 5256.bmp, 1 KB, 5260.bmp, 1 KB, 5263.bmp, 1 KB, 5267.

bmp, 1 KB, 5270.bmp, 822 B, 5272.bmp, 1 KB, 5276.bmp, 1 KB, 5279.bmp, 1 KB, 5282.bmp, 1 KB, 5310.bmp, 774 B, 0.exe, 2 MB, 5208.png, 3 KB, 521 5.png, 3 KB, 5221.png, 3 KB, 5235.png, 1 KB, 5237.png, 1 KB, 5239.png, 41 7 B, 5240.png, 1 KB, 5243.png, 1 KB, 5287.png, 305 B, 5288.png, 174 B, 52 88.png, 178 B, 5288.png, 305 B, 5289.png, 368 B, 5290.png, 148 B, 5290.p ng, 296 B, 5290.png, 345 B, 5291.png, 290 B, 5292.png, 149 B, 5292.png, 284 B, 5293.png, 376 B, 5293.png, 190 B, 5294.png, 150 B, 5294.png, 327 B

Suspicious True

Heuristics

IPs hasIPs: False

Allowed Suspicious

hasAllowed: False hasSuspicious: False

URLs Allowed

hasURLs: True

Suspicious: http://www.componentace.com hasAllowed: False

hasSuspicious: True

Files Allowed: URLMON.DLL, User32.dll, MAPI32.DLL, DWMAPI.DLL, WS2_32.DLL , uxtheme.dll, comctl32.dll, ole32.dll, advapi32.dll, olepro32.dll, gdi32.dll, g diplus.dll, oleaut32.dll, mtxex.dll, kernel32.dll, imm32.dll, vcltest3.dll, shell 32.dll, version.dll, msimg32.dll

hasFiles: True

Suspicious: Options.dat, 2.tmp, 1.tmp

(5)

hasSuspicious: True

Binary

Sizes RVA

RVA: 16

Suspicious: False Code

Size: 489472 Suspicious: False Image

Address: 4194304 Suspicious: False Stack

Stack: 16384 Suspicious: False Headers

Headers: 1024 Suspicious: False Suspicious: False

Symbols Number

Number: 0

Suspicious: True Pointer

Pointer: 0

Suspicious: True Directories Number: 16 Suspicious: False

Checksum Value: 0

Suspicous: True

Sections Allowed: code, data, bss, .idata, .tls, .rdata, .reloc, .rsrc Suspicious

hasAllowed: True hasSections: True hasSuspicious: False

Versions OS

Version: 4

Suspicious: False Image

Version: True Suspicious: 4 Linker

Version: 2.25 Suspicious: False Subsystem

Version: 4.0 Suspicious: False

(6)

Suspicious: False

EntryPoint Address: 2243132

Suspicious: False

Anomalies Anomalies: The header checksum and the calculated checksum do not ma tch.

hasAnomalies: True

Libraries Allowed: urlmon.dll, user32.dll, mapi32.dll, dwmapi.dll, ws2_32.dll, uxthem e.dll, comctl32.dll, ole32.dll, advapi32.dll, olepro32.dll, gdi32.dll, gdiplus.dll , oleaut32.dll, mtxex.dll, kernel32.dll, imm32.dll, shell32.dll, version.dll, msi mg32.dll

hasLibs: True

Suspicious: vcltest3.dll hasAllowed: True hasSuspicious: True

Timestamp Past: True

Valid: True

Value: 1992-06-19 19:22:17 Future: False

Compilation Packed: False

Missing: False Packers

Compiled: True

Compilers: Borland Delphi 3.0 (???), Borland Delphi 4.0, Borland Delphi v3.

0

Obfuscation XOR: False

Fuzzing: False

PEDetector

Matches None

Suspicious False

Disassembly

hasTricks True

Tricks

pushret none: 344

.rsrc: 38

(7)

.rsrc: 51 .reloc: 68

garbagebytes none: 320

.rsrc: 14

hookdetection none: 9

.reloc: 10

software breakpoint none: 20 .rsrc: 1 .reloc: 31

programcontrolflowchange none: 320 .rsrc: 14

cpuinstructionsresultscomparison none: 55 .rsrc: 121 .reloc: 2

AVclass

banload 1

VirusTotal

md5 40ac7f774293ce39c6ddcfe06ea655a0

sha1 f3085f5b1382ae73619fde2dea97e8c6a39e5794

SCANS (DETECTION RATE = 57.75%)

AVG result: Win32:Trojan-gen

update: 20190315 version: 18.4.3895.0 detected: True

CMC update: 20190314

version: 1.1.0.977 detected: False

MAX result: malware (ai score=80)

(8)

Bkav update: 20190314

K7GW result: Trojan-Downloader ( 005406871 )

update: 20190315 version: 11.33.30291 detected: True

ALYac update: 20190315

Avast result: Win32:Trojan-gen

Avira result: HEUR/AGEN.1022917

Baidu update: 20190306

Cyren result: W32/Trojan.WQXT-0513

DrWeb update: 20190315

GData result: Win32.Riskware.Vamti.A

update: 20190315

version: A:25.21109B:25.14605 detected: True

Panda result: Trj/GdSda.A

update: 20190314

(9)

detected: True

VBA32 result: TScope.Trojan.Delf

VIPRE update: 20190315

version: 73728 detected: False

Zoner update: 20190315

version: 1.0 detected: False

ClamAV update: 20190314

Comodo result: Malware@#32ww0etilh1ll

update: 20190315 version: 30571 detected: True

F-Prot update: 20190315

Ikarus result: Trojan-Downloader.Win32.Banload update: 20190314

version: 0.1.5.2 detected: True

McAfee result: Artemis!40AC7F774293

Rising result: Downloader.Banload!8.15B (CLOUD) update: 20190315

Sophos result: Mal/Generic-S

update: 20190315 version: 4.98.0

(10)

detected: True

Yandex update: 20190314

Zillya result: Downloader.Banload.Win32.88367

Acronis update: 20190313

Alibaba update: 20190306

Arcabit result: Trojan.Heur2.EEEA3B

Babable update: 20180918

version: 9107201 detected: False

Cylance result: Unsafe

Endgame result: malicious (high confidence) update: 20190215

version: 3.0.3 detected: True

TACHYON update: 20190315

version: 2019-03-15.02 detected: False

Tencent result: Win32.Trojan.Heur2.Pbpk

(11)

Webroot update: 20190315

eGambit result: Unsafe.AI_Score_98%

update: 20190315 version: v4.3.6 detected: True

Ad-Aware result: Gen:Trojan.Heur2.LPTMIW@bGlnFSiQb update: 20190315

AegisLab update: 20190315

Emsisoft result: Gen:Trojan.Heur2.LPTMIW@bGlnFSiQb (B) update: 20190315

F-Secure result: Heuristic.HEUR/AGEN.1022917 update: 20190315

Fortinet result: W32/Banload.YHI!tr

Invincea result: heuristic

Jiangmin update: 20190315

version: 16.0.100 detected: False

(12)

Kingsoft update: 20190315 version: 2013.8.14.323 detected: False

Paloalto result: generic.ml

update: 20190315 version: 1.0 detected: True

Symantec result: Trojan.Gen.2

Trapmine update: 20190301

AhnLab-V3 result: Malware/Gen.Generic.C3034329 update: 20190314

Antiy-AVL result: Trojan[Downloader]/Win32.Banload update: 20190315

Kaspersky update: 20190315

Microsoft result: Trojan:Win32/Occamy.C

Qihoo-360 result: Win32/Trojan.2ff

TheHacker update: 20190315

version: 6.8.0.5.4078 detected: False

Trustlook update: 20190315

(13)

detected: False

ZoneAlarm update: 20190315

Cybereason result: malicious.74293c

ESET-NOD32 result: a variant of Win32/TrojanDownloader.Banload.YHI update: 20190315

version: 19030 detected: True

TrendMicro update: 20190315

BitDefender result: Gen:Trojan.Heur2.LPTMIW@bGlnFSiQb update: 20190315

version: 7.2 detected: True

CrowdStrike result: win/malicious_confidence_100% (W) update: 20190212

version: 1.0 detected: True

K7AntiVirus result: Trojan-Downloader ( 005406871 ) update: 20190315

version: 11.33.30291 detected: True

SentinelOne result: DFI - Malicious PE update: 20190311 version: 1.0.24.288 detected: True

Avast-Mobile update: 20190314

version: 190314-04 detected: False

Malwarebytes update: 20190315

version: 2.1.1.1115

(14)

detected: False

TotalDefense update: 20190315

CAT-QuickHeal result: Trojan.Graftor update: 20190314 version: 14.00 detected: True

NANO-Antivirus update: 20190315

MicroWorld-eScan result: Gen:Trojan.Heur2.LPTMIW@bGlnFSiQb update: 20190315

SUPERAntiSpyware update: 20190314 version: 5.6.0.1032 detected: False

McAfee-GW-Edition result: BehavesLike.Win32.Dropper.vh update: 20190315

version: v2017.3010 detected: True

TrendMicro-HouseCall result: TROJ_GEN.R002H0CBJ19 update: 20190315

total 71

sha256 1056d419d7bf4839ca927d88b346911d6bd2a03ee08f714856e88ce2461a4 b89

scan_id 1056d419d7bf4839ca927d88b346911d6bd2a03ee08f714856e88ce2461a4 b89-1552633775

resource 40ac7f774293ce39c6ddcfe06ea655a0

permalink https://www.virustotal.com/file/1056d419d7bf4839ca927d88b346911d6bd2 a03ee08f714856e88ce2461a4b89/analysis/1552633775/

positives 41

(15)

verbose_msg Scan finished, information embedded

response_code 1

File

Trace

17/11/20 19 - 17:4 5:43.622

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Monitor\Malware

17/11/20 19 - 17:4 5:43.622

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\Monitor\Malware

17/11/20 19 - 17:4 5:43.622

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\

17/11/20 19 - 17:4 5:43.622

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\

17/11/20 19 - 17:4 5:43.622

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Monitor

17/11/20 19 - 17:4 5:43.622

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\Monitor

17/11/20 19 - 17:4 5:43.622

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Monitor\Malware

17/11/20 19 - 17:4 5:43.622

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\Monitor\Malware

(16)

17/11/20 19 - 17:4 5:43.622

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\propsys.dll

17/11/20 19 - 17:4 5:43.622

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\propsys.dll

17/11/20 19 - 17:4 5:43.622

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Cach es

17/11/20 19 - 17:4 5:43.622

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Cach es\cversions.1.db

17/11/20 19 - 17:4 5:43.622

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Cach es

17/11/20 19 - 17:4 5:43.622

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Cach es\cversions.1.db

17/11/20 19 - 17:4 5:43.622

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Cach es\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0 000000000000000.db

17/11/20 19 - 17:4 5:43.622

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Users\Behemot\Desktop\desktop.ini

17/11/20 19 - 17:4 5:43.622

Re ad

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:43.622

U nk no w n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:43.684

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\WindowsCodecs.dll

(17)

17/11/20 19 - 17:4 5:43.684

O pe n

4 8 0

alwa re.e xe

C:\Windows\SysWOW64\WindowsCodecs.dll

17/11/20 19 - 17:4 5:43.684

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\WindowsCodecs.dll WindowsCodecs.dll

17/11/20 19 - 17:4 5:43.684

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\WindowsCodecs.dll

17/11/20 19 - 17:4 5:43.684

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\WindowsCodecs.dll WindowsCodecs.dll

17/11/20 19 - 17:4 5:43.684

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\apphelp.dll

17/11/20 19 - 17:4 5:43.684

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\apphelp.dll

17/11/20 19 - 17:4 5:43.684

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\apphelp.dll

17/11/20 19 - 17:4 5:43.684

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\EhStorShell.dll

17/11/20 19 - 17:4 5:43.684

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\EhStorShell.dll EhStorShell.dll

17/11/20 19 - 17:4 5:43.684

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\AppPatch\sysmain.sdb

17/11/20 O 1 C:\m

(18)

19 - 17:4 5:43.684

pe n

4 8 0

alwa re.e xe

C:\Windows\SysWOW64

17/11/20 19 - 17:4 5:43.684

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64

17/11/20 19 - 17:4 5:43.684

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:43.684

U nk no w n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:43.684

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\

17/11/20 19 - 17:4 5:43.684

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\

17/11/20 19 - 17:4 5:43.684

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows

17/11/20 19 - 17:4 5:43.684

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\Windows

17/11/20 19 - 17:4 5:43.684

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64

17/11/20 19 - 17:4 5:43.684

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64

17/11/20 19 - 17:4

O pe

1 4

C:\m

alwa C:\Windows\SysWOW64\EhStorShell.dll

(19)

0 xe

17/11/20 19 - 17:4 5:43.684

U nk no w n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:43.684

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:43.684

Re ad

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:43.747

Re ad

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:43.793

Re ad

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:43.840

Re ad

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:43.887

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\pt-BR\EhStorShell.dll.mui

17/11/20 19 - 17:4 5:43.934

Re ad

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\pt-BR\EhStorShell.dll.mui EhStorShell.dll.mui

17/11/20 19 - 17:4 5:43.981

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:43.981

U nk no w n

1 4 8 0

C:\m alwa re.e xe

17/11/20 O 1 C:\m

(20)

19 - 17:4 5:43.981

pe n

4 8 0

alwa re.e xe

17/11/20 19 - 17:4 5:43.981

U nk no w n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:43.981

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\pt-BR\EhStorShell.dll.mui

17/11/20 19 - 17:4 5:43.981

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\pt-BR\EhStorShell.dll.mui EhStorShell.dll.mui

17/11/20 19 - 17:4 5:43.981

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:43.981

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:43.981

Re ad

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:43.981

Re ad

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:43.981

Re ad

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:43.981

U nk no w n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:43.981

O pe n

1 4 8 0

C:\m alwa re.e xe

(21)

17/11/20 19 - 17:4 5:43.981

O pe n

4 8 0

alwa re.e xe

17/11/20 19 - 17:4 5:43.981

U nk no w n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:43.981

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:43.981

Re ad

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:43.981

U nk no w n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:43.981

Re ad

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:43.981

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\ntshrui.dll

17/11/20 19 - 17:4 5:43.981

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\AppPatch\sysmain.sdb

17/11/20 19 - 17:4 5:43.981

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64

17/11/20 19 - 17:4 5:43.981

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64

17/11/20 19 - 17:4

O pe

1 4 8

C:\m alwa

re.e C:\Windows\SysWOW64\ntshrui.dll

(22)

5:43.981 n 0 xe

17/11/20 19 - 17:4 5:43.981

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\

17/11/20 19 - 17:4 5:43.981

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\

17/11/20 19 - 17:4 5:43.981

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows

17/11/20 19 - 17:4 5:43.981

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\Windows

17/11/20 19 - 17:4 5:43.981

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64

17/11/20 19 - 17:4 5:43.981

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64

17/11/20 19 - 17:4 5:43.981

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64

17/11/20 19 - 17:4 5:43.981

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64

17/11/20 19 - 17:4 5:43.981

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:43.981

O pe n

1 4 8 0

C:\m alwa re.e xe

(23)

17/11/20 19 - 17:4 5:43.997

O pe n

4 8 0

alwa re.e xe

17/11/20 19 - 17:4 5:43.997

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:43.997

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:43.997

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:43.997

Re ad

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:43.997

Re ad

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:43.997

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:43.997

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:43.997

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:43.997

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\srvcli.dll

17/11/20 19 - 17:4 5:43.997

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\srvcli.dll

(24)

17/11/20 19 - 17:4 5:43.997

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\srvcli.dll

17/11/20 19 - 17:4 5:44.90

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\cscapi.dll

17/11/20 19 - 17:4 5:44.90

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\cscapi.dll

17/11/20 19 - 17:4 5:44.90

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\cscapi.dll

17/11/20 19 - 17:4 5:44.90

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\slc.dll

17/11/20 19 - 17:4 5:44.90

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\slc.dll

17/11/20 19 - 17:4 5:44.90

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\slc.dll

17/11/20 19 - 17:4 5:44.90

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\imageres.dll

17/11/20 19 - 17:4 5:44.90

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.90

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.90

O pe n

1 4 8 0

C:\m alwa re.e xe

1 C:\m

(25)

19 - 17:4 5:44.90

pe n

8 0

re.e xe

C:\Windows\SysWOW64\pt-BR\imageres.dll.mui

17/11/20 19 - 17:4 5:44.90

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\System32\pt-BR\imageres.dll.mui

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\windows\SysWOW64\pt\imageres.dll.mui

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\en-US\imageres.dll.mui

17/11/20 19 - 17:4 5:44.106

Re ad

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\en-US\imageres.dll.mui imageres.dll.mui

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

1 C:\m

(26)

17/11/20 19 - 17:4 5:44.106

O pe n

4 8 0

alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

U nk no w n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

(27)

17/11/20 19 - 17:4 5:44.106

nk no w n

4 8 0

alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

U nk no w n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

(28)

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

U nk no w n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

(29)

17/11/20 19 - 17:4 5:44.106

O pe n

4 8 0

alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

U nk no w n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

(30)

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

U nk no w n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.106

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

(31)

17/11/20 19 - 17:4 5:44.122

O pe n

4 8 0

alwa re.e xe

17/11/20 19 - 17:4 5:44.122

U nk no w n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

U nk no w

1 4 8

C:\m alwa

re.e C:\Windows\SysWOW64\en-US\imageres.dll.mui imageres.dll.mui

(32)

n 0 xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

U nk no w n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4

O pe

1 4

C:\m

alwa C:\Windows\SysWOW64\imageres.dll

(33)

0 xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

U nk no w n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 O 1 C:\m

(34)

19 - 17:4 5:44.122

pe n

4 8 0

alwa re.e xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

U nk no w n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\malware.exe

17/11/20 19 - 17:4 5:44.122

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\malware.exe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\malware.exe

17/11/20 19 - 17:4 5:44.122

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\malware.exe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\malware.exe

(35)

17/11/20 19 - 17:4 5:44.122

nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\malware.exe

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Monitor\Malware

17/11/20 19 - 17:4 5:44.122

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\Monitor\Malware

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\

17/11/20 19 - 17:4 5:44.122

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Monitor

17/11/20 19 - 17:4 5:44.122

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\Monitor

17/11/20 19 - 17:4 5:44.122

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Monitor\Malware

17/11/20 19 - 17:4 5:44.122

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\Monitor\Malware

17/11/20 19 - 17:4 5:45.465

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\ieframe.dll

(36)

17/11/20 19 - 17:4 5:45.465

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:45.465

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1 -0.dll

17/11/20 19 - 17:4 5:45.465

U nk no w n

1 4 8 0

C:\m alwa re.e xe

api-ms-win-downlevel-shell32-l 1-1-0.dll

17/11/20 19 - 17:4 5:45.465

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:45.465

U nk no w n

1 4 8 0

C:\m alwa re.e xe

api-ms-win-downlevel-shell32-l 1-1-0.dll

17/11/20 19 - 17:4 5:45.465

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:45.465

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\malware.exe.Local

17/11/20 19 - 17:4 5:45.465

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\winsxs\x86_microsoft.windows.common-contro ls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd 5705d

17/11/20 19 - 17:4 5:45.465

U nk no w n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:45.465

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:45.465

O pe n

1 4 8

C:\m alwa

re.e C:\api-ms-win-downlevel-shlwapi-l2-1-0.dll

(37)

17/11/20 19 - 17:4 5:45.465

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1 -0.dll

17/11/20 19 - 17:4 5:45.465

U nk no w n

1 4 8 0

C:\m alwa re.e xe

api-ms-win-downlevel-shlwapi- l2-1-0.dll

17/11/20 19 - 17:4 5:45.465

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:45.465

U nk no w n

1 4 8 0

C:\m alwa re.e xe

api-ms-win-downlevel-shlwapi- l2-1-0.dll

17/11/20 19 - 17:4 5:45.559

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Program Files (x86)\Common Files\System\ado\msado15 .dll

17/11/20 19 - 17:4 5:45.559

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Program Files (x86)\Common Files\System\ado\msado15 .dll

17/11/20 19 - 17:4 5:45.559

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Program Files (x86)\Common Files\System\ado\MSDART.

DLL

17/11/20 19 - 17:4 5:45.559

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\msdart.dll

17/11/20 19 - 17:4 5:45.559

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\msdart.dll

17/11/20 19 - 17:4 5:45.575

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\uxtheme.dll.Config

17/11/20 O 1 4

C:\m alwa

(38)

19 - 17:4 5:45.575

pe n

8 0

re.e xe

C:\Windows\SysWOW64\uxtheme.dll

17/11/20 19 - 17:4 5:45.575

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\malware.exe.Local

17/11/20 19 - 17:4 5:45.575

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:45.575

U nk no w n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:45.575

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:45.575

U nk no w n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:45.575

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\Fonts\sserife.fon

17/11/20 19 - 17:4 5:45.575

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\analysis

17/11/20 19 - 17:4 5:45.575

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Behemot1a

17/11/20 19 - 17:4 5:46.606

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Behemot1a

17/11/20 19 - 17:4 5:46.606

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Behemot1a

(39)

17/11/20 19 - 17:4 5:46.606

nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\Behemot1a

17/11/20 19 - 17:4 5:47.637

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Secur32.dll

17/11/20 19 - 17:4 5:47.637

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\secur32.dll

17/11/20 19 - 17:4 5:47.637

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\secur32.dll

17/11/20 19 - 17:4 5:47.637

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temp orary Internet Files

17/11/20 19 - 17:4 5:47.637

U nk no w n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:47.637

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\api-ms-win-downlevel-advapi32-l2-1-0.dll

17/11/20 19 - 17:4 5:47.637

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2 -1-0.dll

17/11/20 19 - 17:4 5:47.637

U nk no w n

1 4 8 0

C:\m alwa re.e xe

api-ms-win-downlevel-advapi3 2-l2-1-0.dll

17/11/20 19 - 17:4 5:47.637

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4

U nk no

1 4 8

C:\m alwa re.e

api-ms-win-downlevel-advapi3 2-l2-1-0.dll

(40)

5:47.637 w n

0 xe

17/11/20 19 - 17:4 5:47.637

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temp orary Internet Files\counters.dat

17/11/20 19 - 17:4 5:47.637

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\winhttp.dll

17/11/20 19 - 17:4 5:47.637

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\winhttp.dll

17/11/20 19 - 17:4 5:47.637

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\webio.dll

17/11/20 19 - 17:4 5:47.637

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\webio.dll

17/11/20 19 - 17:4 5:47.684

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Roaming\Microsoft\SystemCert ificates\My\Certificates

17/11/20 19 - 17:4 5:47.684

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Roaming\Microsoft\SystemCert ificates\My\Certificates

17/11/20 19 - 17:4 5:47.684

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Roaming\Microsoft\SystemCert ificates\My\CRLs

17/11/20 19 - 17:4 5:47.684

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Roaming\Microsoft\SystemCert ificates\My\CRLs

17/11/20 19 - 17:4 5:47.684

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Roaming\Microsoft\SystemCert ificates\My\CTLs

(41)

17/11/20 19 - 17:4 5:47.684

nk no w n

4 8 0

alwa re.e xe

C:\Users\Behemot\AppData\Roaming\Microsoft\SystemCert ificates\My\CTLs

17/11/20 19 - 17:4 5:47.684

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\IPHLPAPI.DLL

17/11/20 19 - 17:4 5:47.684

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\IPHLPAPI.DLL

17/11/20 19 - 17:4 5:47.684

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\IPHLPAPI.DLL

17/11/20 19 - 17:4 5:47.684

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\WINNSI.DLL

17/11/20 19 - 17:4 5:47.684

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\winnsi.dll

17/11/20 19 - 17:4 5:47.684

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\winnsi.dll

17/11/20 19 - 17:4 5:47.684

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\DNSAPI.dll

17/11/20 19 - 17:4 5:47.684

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\dnsapi.dll

17/11/20 19 - 17:4 5:47.684

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\dnsapi.dll

17/11/20 19 - 17:4 5:47.731

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\mswsock.dll

(42)

17/11/20 19 - 17:4 5:47.731

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\mswsock.dll

17/11/20 19 - 17:4 5:47.731

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\wship6.dll

17/11/20 19 - 17:4 5:47.731

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\wship6.dll

17/11/20 19 - 17:4 5:47.731

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Users\Behemot

17/11/20 19 - 17:4 5:47.731

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Users\Behemot

17/11/20 19 - 17:4 5:47.731

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\Users\Behemot

17/11/20 19 - 17:4 5:47.731

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local

17/11/20 19 - 17:4 5:47.731

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:47.731

U nk no w n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:47.731

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:47.731

O pe n

1 4 8

C:\m alwa re.e

(43)

17/11/20 19 - 17:4 5:47.731

U nk no w n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:47.731

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Content.IE5

17/11/20 19 - 17:4 5:47.731

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Content.IE5

17/11/20 19 - 17:4 5:47.731

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Users\Behemot

17/11/20 19 - 17:4 5:47.731

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Users\Behemot

17/11/20 19 - 17:4 5:47.731

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\Users\Behemot

17/11/20 19 - 17:4 5:47.731

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Roaming

17/11/20 19 - 17:4 5:47.731

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:47.731

U nk no w n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:47.731

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\C ookies

(44)

17/11/20 19 - 17:4 5:47.731

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:47.731

U nk no w n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:47.731

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:47.731

U nk no w n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:47.731

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Users\Behemot

17/11/20 19 - 17:4 5:47.731

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Users\Behemot

17/11/20 19 - 17:4 5:47.731

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\Users\Behemot

17/11/20 19 - 17:4 5:47.731

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:47.731

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:47.731

U nk no w n

1 4 8 0

C:\m alwa re.e xe

17/11/20 O 1 C:\m

(45)

5:47.731 n 8 0

re.e xe

y

17/11/20 19 - 17:4 5:47.731

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Histor y

17/11/20 19 - 17:4 5:47.731

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Histor y

17/11/20 19 - 17:4 5:47.731

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Histor y\History.IE5

17/11/20 19 - 17:4 5:47.731

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Histor y\History.IE5

17/11/20 19 - 17:4 5:47.825

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\netprofm.dll

17/11/20 19 - 17:4 5:47.825

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\netprofm.dll

17/11/20 19 - 17:4 5:47.825

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\nlaapi.dll

17/11/20 19 - 17:4 5:47.825

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\nlaapi.dll

17/11/20 19 - 17:4 5:47.872

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\dhcpcsvc6.DLL

17/11/20 19 - 17:4 5:47.872

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\dhcpcsvc6.dll

(46)

17/11/20 19 - 17:4 5:47.872

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\dhcpcsvc6.dll dhcpcsvc6.dll

17/11/20 19 - 17:4 5:47.872

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\dhcpcsvc6.dll

17/11/20 19 - 17:4 5:47.872

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\dhcpcsvc6.dll dhcpcsvc6.dll

17/11/20 19 - 17:4 5:47.918

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\CRYPTSP.dll

17/11/20 19 - 17:4 5:47.918

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\cryptsp.dll

17/11/20 19 - 17:4 5:47.918

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\cryptsp.dll

17/11/20 19 - 17:4 5:47.918

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\rsaenh.dll

17/11/20 19 - 17:4 5:47.918

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:47.918

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:47.918

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:47.918

O pe n

1 4 8

C:\m alwa

re.e C:\Windows\SysWOW64\rsaenh.dll

(47)

17/11/20 19 - 17:4 5:47.918

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:47.918

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:47.918

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:47.918

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:47.918

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:47.918

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:47.918

O pe n

1 4 8 0

C:\m alwa re.e xe

17/11/20 19 - 17:4 5:47.918

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\RpcRtRemote.dll

17/11/20 19 - 17:4 5:47.918

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\RpcRtRemote.dll

17/11/20 19 - 17:4 5:47.918

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\RpcRtRemote.dll RpcRtRemote.dll

17/11/20 19 - 17:4

O pe

1 4

C:\m

alwa C:\Windows\SysWOW64\RpcRtRemote.dll

(48)

5:47.918 n 8 0

re.e xe

17/11/20 19 - 17:4 5:47.918

U nk no w n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\RpcRtRemote.dll RpcRtRemote.dll

17/11/20 19 - 17:4 5:47.918

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\WSHTCPIP.DLL

17/11/20 19 - 17:4 5:47.918

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\WSHTCPIP.DLL

17/11/20 19 - 17:4 5:47.918

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\dhcpcsvc.DLL

17/11/20 19 - 17:4 5:47.918

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\dhcpcsvc.dll

17/11/20 19 - 17:4 5:47.918

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\dhcpcsvc.dll

17/11/20 19 - 17:4 5:47.981

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\rasadhlp.dll

17/11/20 19 - 17:4 5:47.981

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\rasadhlp.dll

17/11/20 19 - 17:4 5:47.981

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\rasadhlp.dll

17/11/20 19 - 17:4 5:48.75

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\npmproxy.dll

17/11/20 O 1 4

C:\m alwa