• Nenhum resultado encontrado

Report #8486

N/A
N/A
Info
Descarregar agora
Protected

Academic year: 2023

Share "Report #8486"

Copied!
74
0
0

Carregando.... (Ver texto completo agora)

Descarregar agora ( 74 páginas )

Texto

(1)

Binary

DLL False

Size 1.45MB

trid 72.3% Win64 Executable

11.8% Win32 Executable 5.3% OS/2 Executable

5.2% Generic Win/DOS Executable 5.2% DOS Executable Generic

type PE

wordsize 32

Subsystem Windows GUI

Hashes

md5 53f00904cbe8e71c48a2bdc0fe1286a4

sha1 d06a045dffbc7ae4ce2184d22db6f08251ed4390

crc32 0xfcc634aa

sha224 b3d1d9754ae7bccec3ad7035e735a7698c00527e032829238ca299ce

sha256 689e215197b2d150713685757d1de290c0bb7f41720df004262980d1d1d8b a8d

sha384 d770a728408a79ad8e3f104c8f0f9762b49e6b25ab1f81734c3c717bab9caf2 bb85f4ec2e8a97f91bebf33a7fcb53bb2

sha512 340568ca61440a16a424a965e91834d57df5c60686f52d12928f807c7355a b7e44b339e973c90e515cc81200d5f6a3a66bc9b87c1360c34ccf8549a441c b71a2

ssdeep 24576:ptb20pkaCqT5TBWgNQ7aSzSHkgiu89WQxhS7P+McEbzU2p5/oxE56A :6Vg5tQ7aSzmkgiJWQy7P+McO5/ok5

Report #8486

Creation Date: March 3, 2020, 4:33 p.m.

Last Update: March 4, 2020, 12:39 a.m.

File:

Comprovante-PDF.exe Results:

(2)

Community

Google False

HashLib False

YARA

Matches domain, HasDebugData, CRC32_poly_Constant, escalate_priv, HasRichSign ature, VC8_Microsoft_Corporation, CRC32_table, network_http, win_files_op eration, IsPacked, AutoIT_compiled_script, screenshot, IP, contentis_base64, keylogger, win_token, IsPE32, AutoIt, IsWindowsGUI, inject_thread, anti_dbg , Microsoft_Visual_Cpp_8, win_registry

Suspicious True

Strings

List

vYE.bD MM.Ls V.tC 6.sH

<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" language="*" p rocessorArchitecture="*" publicKeyToken="6595b64144ccf1df"/>

Gt.Ht$

Q.Qa 5.Rs

WSOCK32.dll

Software\AutoIt v3\AutoIt COMCTL32.dll

USERENV.dll VERSION.dll WININET.dll WINMM.dll UxTheme.dll 0.0.0.0 MPR.dll

AUTOITCALLVARIABLE%d 255.255.255.255

SeDebugPrivilege SeRestorePrivilege

@h,E }hfDE=D

<"t|<%tx<'tt<$tp<&tl<!th<otd<]t`<[t\<\tX<

\Include\

fewP;

fr-ch fr-ca fr-be

(3)

shroQd/Ou

&#%e1

%a<)i&F_;

?r%diw U%ne"

O%oT5F

This is a third-party compiled AutoIt script.

BACKSPACE G{b%nef RPmD Hebrew Include

TaskbarCreated HOTKEYSET HOTKEYPRESSED failed to get memory

invalid range in character class number is too big

closed

regular expression is too large too many forward references

\ at end of pattern

\c at end of pattern

two named subpatterns have the same name BROWSER_SEARCH

HKEY_CLASSES_ROOT TCPSHUTDOWN BROWSER_REFRESH

AutoIt has detected the stack has become corrupt.

BROWSER_FORWARD BROWSER_BACK BROWSER_STOP BROWSER_HOME LAUNCH_MAIL

BROWSER_FAVORTIES HKEY_LOCAL_MACHINE Line %d (File "%s"):

VOLUME_UP VOLUME_DOWN VOLUME_MUTE

] is an invalid data character in JavaScript compatibility mode LAUNCH_MEDIA

SOFTWARE\Classes\

Line %d:

a %oE TCPLISTEN FtpOpenFileW

SYSTEM\CurrentControlSet\Control\Nls\Language FtpGetFileSize

FTPSETPROXY SW_HIDE

AUTOITWINGETTITLE GETCURRENTSELECTION TCPCLOSESOCKET TCPCONNECT

HTTPSETUSERAGENT GETSELECTED GETSELECTEDCOUNT HTTPSETPROXY

(4)

WINGETCLASSLIST CWM_GETCONTROLNAME Control Panel\Mouse Control Panel\Appearance HttpOpenRequestW HttpSendRequestW /AutoIt3OutputDebug mscoree.dll

LAUNCH_APP1 LAUNCH_APP2 WIN_VISTA

Foremost

Matches 0.exe, 1 MB

Suspicious True

Heuristics

IPs hasIPs: True

Allowed: 255.255.255.255, 1, record Suspicious

hasAllowed: True hasSuspicious: False

URLs Allowed

hasURLs: False Suspicious

hasAllowed: False hasSuspicious: False

Files Allowed: USER32.DLL, kernel32.dll, mscoree.dll, combase.dll, ADVAPI32.dll , OLEAUT32.dll, VERSION.dll, UxTheme.dll, WSOCK32.dll, SHELL32.dll, PSAPI.DLL, COMCTL32.dll, ole32.dll, IPHLPAPI.DLL, WININET.dll, USERENV.dll , WINMM.dll, GDI32.dll, COMDLG32.dll, MPR.dll

hasFiles: True Suspicious

hasAllowed: True hasSuspicious: False

Binary

Sizes RVA

RVA: 16

Suspicious: False Code

Size: 951296 Suspicious: False Image

Address: 4194304

(5)

Suspicious: False Stack

Stack: 4096 Suspicious: False Headers

Headers: 1024 Suspicious: False Suspicious: False

Symbols Number

Number: 0

Suspicious: True Pointer

Pointer: 0

Suspicious: True Directories Number: 16 Suspicious: False

Checksum Value: 1563094

Suspicous: False

Sections Allowed: .text, .rdata, .data, .rsrc, .reloc Suspicious

hasAllowed: True hasSections: True hasSuspicious: False

Versions OS

Version: 5

Suspicious: False Image

Version: True Suspicious: 5 Linker

Version: 11.0 Suspicious: False Subsystem

Version: 5.1 Suspicious: False Suspicious: False

EntryPoint Address: 155508

Suspicious: False

Anomalies Anomalies: The Debug TimeDateStamp(s) and the file header TimeDateSt amp do not match.

hasAnomalies: True

Libraries Allowed: user32.dll, kernel32.dll, mscoree.dll, combase.dll, advapi32.dll, ol

(6)

eaut32.dll, version.dll, uxtheme.dll, wsock32.dll, shell32.dll, psapi.dll, comc tl32.dll, ole32.dll, wininet.dll, userenv.dll, winmm.dll, gdi32.dll, comdlg32.dll , mpr.dll

hasLibs: True

Suspicious: iphlpapi.dll hasAllowed: True hasSuspicious: True

Timestamp Past: False

Valid: True

Value: 2015-08-23 23:30:59 Future: False

Compilation Packed: False

Missing: False Packers

Compiled: True

Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation XOR: False

Fuzzing: True

PEDetector

Matches None

Suspicious False

Disassembly

hasTricks True

Tricks

pushret .data: 1

.rsrc: 379 .text: 2 .rdata: 10

nopsequence .text: 1

pushpopmath .rsrc: 156

.text: 30 .rdata: 6 .reloc: 17

ss register .rsrc: 8

(7)

garbagebytes .data: 1 .rsrc: 146 .text: 2 .rdata: 5

hookdetection .rsrc: 13

.rdata: 3 .reloc: 4

stealthimport .text: 1

software breakpoint .rsrc: 10 .text: 4 .rdata: 1 .reloc: 5

fakeconditionaljumps .rsrc: 13

programcontrolflowchange .data: 1 .rsrc: 133 .text: 2 .rdata: 5

cpuinstructionsresultscomparison .rdata: 8

AVclass

autoit 1

VirusTotal

md5 53f00904cbe8e71c48a2bdc0fe1286a4

sha1 d06a045dffbc7ae4ce2184d22db6f08251ed4390

SCANS (DETECTION RATE = 68.18%)

AVG result: FileRepMetagen [Malware]

update: 20180323 version: 18.2.3827.0 detected: True

CMC update: 20180323

(8)

version: 1.1.0.977 detected: False

MAX result: malware (ai score=81)

update: 20180324 version: 2017.11.15.1 detected: True

Bkav update: 20180322

version: 1.3.0.9466 detected: False

K7GW result: Trojan ( 004c84c41 )

update: 20180323 version: 10.42.26598 detected: True

ALYac result: AIT:Trojan.Autoit.CKU

update: 20180323 version: 1.1.1.5 detected: True

Avast result: FileRepMetagen [Malware]

update: 20180324 version: 18.2.3827.0 detected: True

Avira result: DR/Autoit.A.12547

update: 20180323 version: 8.3.3.6 detected: True

Baidu result: Win32.Trojan.WisdomEyes.16070401.9500.9644 update: 20180323

version: 1.0.0.2 detected: True

Cyren result: W32/Trojan.DDUK-7205

update: 20180323 version: 5.4.30.7 detected: True

DrWeb update: 20180323

version: 7.0.28.2020 detected: False

GData result: AIT:Trojan.Autoit.CKU (2x)

(9)

update: 20180323

version: A:25.16481B:25.11861 detected: True

Panda result: Trj/CI.A

update: 20180323 version: 4.6.4.2 detected: True

VBA32 result: Trojan.Autoit

update: 20180323 version: 3.12.28.0 detected: True

VIPRE result: Trojan.Win32.Generic.pak!cobra

update: 20180323 version: 65478 detected: True

Zoner update: 20180324

version: 1.0 detected: False

AVware result: Trojan.Win32.Generic.pak!cobra update: 20180323

version: 1.5.0.42 detected: True

ClamAV update: 20180323

version: 0.99.2.0 detected: False

Comodo update: 20180323

detected: False

F-Prot update: 20180323

version: 4.7.1.166 detected: False

Ikarus result: Trojan.Autoit

update: 20180323 version: 0.1.5.2 detected: True

McAfee result: Artemis!53F00904CBE8

update: 20180323 version: 6.0.6.653

(10)

detected: True

Rising update: 20180323

version: 25.0.0.1 detected: False

Sophos result: Troj/AutoIt-BCV

update: 20180323 version: 4.98.0 detected: True

Yandex update: 20180323

version: 5.5.1.3 detected: False

Zillya update: 20180323

version: 2.0.0.3519 detected: False

Arcabit result: AIT:Trojan.Autoit.CKU

update: 20180324 version: 1.0.0.831 detected: True

Cylance result: Unsafe

update: 20180324 version: 2.3.1.101 detected: True

Endgame result: malicious (moderate confidence) update: 20180316

version: 2.0.5 detected: True

Tencent result: Win32.Trojan.Autoit.Sxoi

update: 20180324 version: 1.0.0.1 detected: True

ViRobot update: 20180323

version: 2014.3.20.0 detected: False

Ad-Aware result: AIT:Trojan.Autoit.CKU

update: 20180324 version: 3.0.3.1010 detected: True

(11)

AegisLab result: Troj.W32.Autoit.ete!c update: 20180323

version: 4.2 detected: True

Emsisoft result: AIT:Trojan.Autoit.CKU (B) update: 20180323

version: 4.0.2.899 detected: True

F-Secure update: 20180321

version: 11.0.19100.45 detected: False

Fortinet result: W32/Autoit.BUS!tr

update: 20180323 version: 5.4.247.0 detected: True

Invincea result: heuristic

update: 20180121 version: 6.3.4.26036 detected: True

Jiangmin update: 20180324

version: 16.0.100 detected: False

Kingsoft update: 20180324

version: 2013.8.14.323 detected: False

Paloalto result: generic.ml

update: 20180324 version: 1.0 detected: True

Symantec result: Trojan.Gen

update: 20180323 version: 1.5.0.0 detected: True

nProtect update: 20180323

version: 2018-03-23.02 detected: False

(12)

AhnLab-V3 result: Trojan/Win32.Generic.C593975 update: 20180323

version: 3.12.0.20130 detected: True

Antiy-AVL update: 20180323

version: 3.0.0.1 detected: False

Kaspersky result: Trojan.Win32.Autoit.ete update: 20180323

version: 15.0.1.13 detected: True

Microsoft result: VirTool:AutoIt/Obfuscator.C update: 20180323

version: 1.1.14600.4 detected: True

Qihoo-360 result: HEUR/QVM10.1.Malware.Gen

update: 20180324 version: 1.0.0.1120 detected: True

TheHacker update: 20180319

version: 6.8.0.5.2551 detected: False

ZoneAlarm result: Trojan.Win32.Autoit.ete update: 20180324

version: 1.0 detected: True

Cybereason result: malicious.4cbe8e

update: 20180225 version: 1.2.27 detected: True

ESET-NOD32 result: a variant of Win32/TrojanDownloader.Banload.WLF update: 20180323

version: 17107 detected: True

TrendMicro result: TROJ_UTOTI.XXTUI

update: 20180323 version: 9.862.0.1074 detected: True

(13)

WhiteArmor update: 20180223 detected: False

BitDefender result: AIT:Trojan.Autoit.CKU update: 20180323

version: 7.2 detected: True

CrowdStrike result: malicious_confidence_100% (W) update: 20170201

version: 1.0 detected: True

K7AntiVirus result: Trojan ( 004c84c41 ) update: 20180323

version: 10.42.26598 detected: True

SentinelOne result: static engine - malicious update: 20180225

version: 1.0.15.206 detected: True

Avast-Mobile update: 20180323

version: 180323-04 detected: False

Malwarebytes result: Trojan.Agent.CLD update: 20180323 version: 2.1.1.1115 detected: True

TotalDefense update: 20180323

version: 37.1.62.1 detected: False

CAT-QuickHeal result: Trojan.Skeeyah update: 20180323 version: 14.00 detected: True

NANO-Antivirus result: Trojan.Win32.Autoit.dvrwok update: 20180323

version: 1.0.100.22043 detected: True

(14)

MicroWorld-eScan result: AIT:Trojan.Autoit.CKU update: 20180324

version: 14.0.297.0 detected: True

SUPERAntiSpyware update: 20180323

version: 5.6.0.1032 detected: False

McAfee-GW-Edition result: BehavesLike.Win32.Generic.tc update: 20180323

version: v2015 detected: True

TrendMicro-HouseCall result: TROJ_UTOTI.XXTUI update: 20180324 version: 9.950.0.1006 detected: True

total 66

sha256 689e215197b2d150713685757d1de290c0bb7f41720df004262980d1d1d8b a8d

scan_id 689e215197b2d150713685757d1de290c0bb7f41720df004262980d1d1d8b a8d-1521851491

resource 53f00904cbe8e71c48a2bdc0fe1286a4

permalink https://www.virustotal.com/file/689e215197b2d150713685757d1de290c0b b7f41720df004262980d1d1d8ba8d/analysis/1521851491/

positives 45

scan_date 2018-03-24 00:31:31

verbose_msg Scan finished, information embedded

response_code 1

File

Trace

3/3/202 0 - 23:4 6:3.637

Re ad

1 4 8 0

C:\m alwa re.e xe

C:\malware.exe

(15)

3/3/202 0 - 23:4 6:10.68 4

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\malware.exe

3/3/202 0 - 23:4 6:10.68 4

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\apphelp.dll

3/3/202 0 - 23:4 6:10.68 4

O pe n

1 4 8 0

C:\m alwa re.e xe

C:\Windows\SysWOW64\apphelp.dll

3/3/202 0 - 23:4 6:10.68 4

Un kn o w n

1 4 8 0

C:\m alwa re.e xe

C:\malware.exe

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\Prefetch\MALWARE.EXE-20920919.pf

3/3/202 0 - 23:4 8:35.85 6

Re ad

2 3 3 6

C:\m alwa re.e xe

C:\Windows\Prefetch\MALWARE.EXE-20920919.pf MALWARE.EXE-20920919.pf

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

\Device\HarddiskVolume2

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Monitor

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Monitor

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Monitor

3/3/202 0 - 23:4 8:35.85

O pe

2 3 3

C:\m alwa

re.e C:\Monitor\Malware

(16)

6 n 6 xe

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Monitor\Malware

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Monitor\Malware

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\Globalization

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\Globalization

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\Globalization

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\Globalization\Sorting

3/3/202 0 - 23:4

Un kn 2

3 C:\m alwa

(17)

8:35.85 6

o w n

3 6

re.e xe

C:\Windows\Globalization\Sorting

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\Globalization\Sorting

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\winsxs\x86_microsoft.windows.common-contro ls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd 5705d

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\winsxs\x86_microsoft.windows.common-contro ls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd 5705d

3/3/202 Un 2 C:\m

(18)

0 - 23:4 8:35.85 6

kn o w n

3 3 6

alwa re.e xe

C:\Windows\winsxs\x86_microsoft.windows.common-contro ls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd 5705d

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32\ntdll.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32\ntdll.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32\wow64.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32\wow64.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32\wow64win.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32\wow64win.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32\wow64cpu.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32\wow64cpu.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32\kernel32.dll

3/3/202 0 - 23:4

Un kn 2

3 C:\m alwa

(19)

8:35.85 6

o w n

3 6

re.e xe

C:\Windows\System32\kernel32.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\kernel32.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\kernel32.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32\user32.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32\user32.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\ntdll.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\ntdll.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32\apisetschema.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32\apisetschema.dll apisetschema.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\KernelBase.dll

3/3/202 0 - 23:4

Un kn o

2 3

C:\m

alwa C:\Windows\SysWOW64\KernelBase.dll KernelBase.dll

(20)

8:35.85 6

w n

3 6

re.e xe

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32\locale.nls

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32\locale.nls

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\malware.exe

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\malware.exe

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32\mctres.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32\mctres.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\ws2_32.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\ws2_32.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\msvcrt.dll

3/3/202 0 - 23:4 8:35.85

Un kn o

2 3 3

C:\m alwa

re.e C:\Windows\SysWOW64\msvcrt.dll

(21)

6 w n

6 xe

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\rpcrt4.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\rpcrt4.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\sspicli.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\sspicli.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\cryptbase.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\cryptbase.dll cryptbase.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\sechost.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\sechost.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\nsi.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\nsi.dll

(22)

n

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\version.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\version.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\winmm.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\winmm.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\user32.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\user32.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\gdi32.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\gdi32.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\lpk.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\lpk.dll

(23)

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\usp10.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\usp10.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\advapi32.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\advapi32.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\winsxs\x86_microsoft.windows.common-contro ls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd 5705d\comctl32.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\winsxs\x86_microsoft.windows.common-contro ls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd 5705d\comctl32.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\shlwapi.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\shlwapi.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\mpr.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\mpr.dll

3/3/202 2 C:\m

(24)

0 - 23:4 8:35.85 6

O pe n

3 3 6

alwa re.e xe

C:\Windows\SysWOW64\wininet.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\wininet.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1- 0.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1- 0.dll

api-ms-win-downlevel-user32-l 1-1-0.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1- 0.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1- 0.dll

api-ms-win-downlevel-shlwapi-l 1-1-0.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1- 0.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1- 0.dll

api-ms-win-downlevel-version-l 1-1-0.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1- 1-0.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1- 1-0.dll

api-ms-win-downlevel-normaliz -l1-1-0.dll

3/3/202

O 2 C:\m

(25)

0 - 23:4 8:35.85 6

pe n

3 3 6

alwa re.e xe

C:\Windows\SysWOW64\normaliz.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\normaliz.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\iertutil.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\iertutil.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1- 1-0.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1- 1-0.dll

api-ms-win-downlevel-advapi3 2-l1-1-0.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\userenv.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\userenv.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\profapi.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\profapi.dll

3/3/202 0 - 23:4 O

pe 2 3

C:\m

alwa C:\Windows\SysWOW64\psapi.dll

(26)

8:35.85 6

n 3 6

re.e xe

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\psapi.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\IPHLPAPI.DLL

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\IPHLPAPI.DLL

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\winnsi.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\winnsi.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\uxtheme.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\uxtheme.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\comdlg32.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\comdlg32.dll

3/3/202 0 - 23:4 8:35.85

O pe n

2 3 3

C:\m alwa

re.e C:\Windows\SysWOW64\shell32.dll

(27)

6 6 xe

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\shell32.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\ole32.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\ole32.dll

3/3/202 0 - 23:4 8:35.85 6

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\oleaut32.dll

3/3/202 0 - 23:4 8:35.85 6

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\oleaut32.dll

3/3/202 0 - 23:4 8:35.87 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\wsock32.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\wsock32.dll

3/3/202 0 - 23:4 8:35.87 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\imm32.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\imm32.dll

3/3/202 0 - 23:4 8:35.87 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\msctf.dll

(28)

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\msctf.dll

3/3/202 0 - 23:4 8:35.87 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\WindowsShell.Manifest

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\WindowsShell.Manifest WindowsShell.Manifest

3/3/202 0 - 23:4 8:35.87 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\dwmapi.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\dwmapi.dll

3/3/202 0 - 23:4 8:35.87 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\Globalization\Sorting\SortDefault.nls

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\Globalization\Sorting\SortDefault.nls SortDefault.nls

3/3/202 0 - 23:4 8:35.87 2

Re ad

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32\mctres.dll

3/3/202 0 - 23:4 8:35.87 2

Re ad

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\mpr.dll

3/3/202 0 - 23:4 8:35.87 2

Re ad

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\wsock32.dll

Un

(29)

3/3/202 0 - 23:4 8:35.87 2

kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32\locale.nls

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\WindowsShell.Manifest WindowsShell.Manifest

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\Globalization\Sorting\SortDefault.nls SortDefault.nls

3/3/202 0 - 23:4 8:35.87 2

Re ad

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32\mctres.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32\ntdll.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32\wow64.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32\wow64win.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32\wow64cpu.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32\kernel32.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\kernel32.dll

(30)

n

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32\user32.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\ntdll.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32\apisetschema.dll apisetschema.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\KernelBase.dll KernelBase.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\malware.exe

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\ws2_32.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\msvcrt.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\rpcrt4.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\sspicli.dll

(31)

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\cryptbase.dll cryptbase.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\sechost.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\nsi.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\version.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\winmm.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\user32.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\gdi32.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\lpk.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\usp10.dll

3/3/202 0 - 23:4

Un kn o

2 3

C:\m

alwa C:\Windows\SysWOW64\advapi32.dll

(32)

8:35.87 2

w n

3 6

re.e xe

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\winsxs\x86_microsoft.windows.common-contro ls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd 5705d\comctl32.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\shlwapi.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\wininet.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1- 0.dll

api-ms-win-downlevel-user32-l 1-1-0.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1- 0.dll

api-ms-win-downlevel-shlwapi-l 1-1-0.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1- 0.dll

api-ms-win-downlevel-version-l 1-1-0.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1- 1-0.dll

api-ms-win-downlevel-normaliz -l1-1-0.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\normaliz.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\iertutil.dll

(33)

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1- 1-0.dll

api-ms-win-downlevel-advapi3 2-l1-1-0.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\userenv.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\profapi.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\psapi.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\IPHLPAPI.DLL

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\winnsi.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\uxtheme.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\comdlg32.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\shell32.dll

3/3/202 Un

2 C:\m

(34)

0 - 23:4 8:35.87 2

kn o w n

3 3 6

alwa re.e xe

C:\Windows\SysWOW64\ole32.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\oleaut32.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\imm32.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\msctf.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\dwmapi.dll

3/3/202 0 - 23:4 8:35.87 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

\Device\HarddiskVolume2

3/3/202 0 - 23:4 8:35.87 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows

3/3/202 0 - 23:4 8:35.87 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32\wow64.dll

3/3/202 0 - 23:4 8:35.88 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32\wow64.dll

3/3/202 0 - 23:4 8:35.88 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32\wow64win.dll

3/3/202

O 2 C:\m

(35)

0 - 23:4 8:35.88 7

pe n

3 3 6

alwa re.e xe

C:\Windows\System32\wow64win.dll

3/3/202 0 - 23:4 8:35.88 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32\wow64cpu.dll

3/3/202 0 - 23:4 8:35.88 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32\wow64cpu.dll

3/3/202 0 - 23:4 8:35.88 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\System32\wow64log.dll

3/3/202 0 - 23:4 8:35.88 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows

3/3/202 0 - 23:4 8:35.88 7

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows

3/3/202 0 - 23:4 8:35.88 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Monitor

3/3/202 0 - 23:4 8:35.88 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\sechost.dll

3/3/202 0 - 23:4 8:35.88 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\sechost.dll

3/3/202 0 - 23:4 8:35.88 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\version.dll

3/3/202 0 - 23:4 8:35.88 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\version.dll

3/3/202 2 C:\m

(36)

0 - 23:4 8:35.88 7

O pe n

3 3 6

alwa re.e xe

C:\Windows\SysWOW64\version.dll

3/3/202 0 - 23:4 8:35.88 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\SHFolder.dll

3/3/202 0 - 23:4 8:35.88 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\shfolder.dll

3/3/202 0 - 23:4 8:35.88 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\shfolder.dll

3/3/202 0 - 23:4 8:35.90 3

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\malware.exe.Local

3/3/202 0 - 23:4 8:35.90 3

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\winsxs\x86_microsoft.windows.common-contro ls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd 5705d

3/3/202 0 - 23:4 8:35.90 3

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\winsxs\x86_microsoft.windows.common-contro ls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd 5705d

3/3/202 0 - 23:4 8:35.90 3

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\winsxs\x86_microsoft.windows.common-contro ls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd 5705d

3/3/202 0 - 23:4 8:35.90 3

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\winsxs\x86_microsoft.windows.common-contro ls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd 5705d\comctl32.dll

3/3/202 0 - 23:4 8:35.90 3

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\winsxs\x86_microsoft.windows.common-contro ls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd 5705d\comctl32.dll

3/3/202 0 - 23:4 8:35.90 3

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\winsxs\x86_microsoft.windows.common-contro ls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd 5705d\comctl32.dll

(37)

3/3/202 0 - 23:4 8:35.90 3

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\winsxs\x86_microsoft.windows.common-contro ls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd 5705d\comctl32.dll

3/3/202 0 - 23:4 8:35.90 3

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\imm32.dll

3/3/202 0 - 23:4 8:35.90 3

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\imm32.dll

3/3/202 0 - 23:4 8:35.90 3

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\imm32.dll

3/3/202 0 - 23:4 8:35.90 3

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\imm32.dll

3/3/202 0 - 23:4 8:35.90 3

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\imm32.dll

3/3/202 0 - 23:4 8:35.90 3

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\imm32.dll

3/3/202 0 - 23:4 8:35.90 3

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\WindowsShell.Manifest

3/3/202 0 - 23:4 8:35.90 3

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\WindowsShell.Manifest WindowsShell.Manifest

3/3/202 0 - 23:4 8:35.90 3

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\malware.PTB

3/3/202 0 - 23:4 8:35.91 8

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\malware.PTB.DLL

(38)

3/3/202 0 - 23:4 8:35.91 8

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\malware.PT

3/3/202 0 - 23:4 8:35.91 8

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\malware.PT.DLL

3/3/202 0 - 23:4 8:35.91 8

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\uxtheme.dll

3/3/202 0 - 23:4 8:35.91 8

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\uxtheme.dll

3/3/202 0 - 23:4 8:35.98 1

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\dwmapi.dll

3/3/202 0 - 23:4 8:35.98 1

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\dwmapi.dll

3/3/202 0 - 23:4 8:35.98 1

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\dwmapi.dll

3/3/202 0 - 23:4 8:35.98 1

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\Fonts\StaticCache.dat

3/3/202 0 - 23:4 8:35.98 1

Re ad

2 3 3 6

C:\m alwa re.e xe

C:\Windows\Fonts\StaticCache.dat StaticCache.dat

3/3/202 0 - 23:4 8:35.98 1

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\Globalization\Sorting\SortDefault.nls

3/3/202 0 - 23:4 8:35.98 1

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\Globalization\Sorting\SortDefault.nls SortDefault.nls

(39)

3/3/202 0 - 23:4 8:36.59

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local

3/3/202 0 - 23:4 8:36.59

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local

3/3/202 0 - 23:4 8:36.59

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Secur32.dll

3/3/202 0 - 23:4 8:36.59

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\secur32.dll

3/3/202 0 - 23:4 8:36.59

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\secur32.dll

3/3/202 0 - 23:4 8:36.59

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Tempo rary Internet Files

3/3/202 0 - 23:4 8:36.59

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Tempo rary Internet Files

3/3/202 0 - 23:4 8:36.59

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\api-ms-win-downlevel-advapi32-l2-1-0.dll

3/3/202 0 - 23:4 8:36.59

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2- 1-0.dll

3/3/202 0 - 23:4 8:36.59

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2- 1-0.dll

api-ms-win-downlevel-advapi3 2-l2-1-0.dll

3/3/202 O 2 3

C:\m

alwa C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-

(40)

0 - 23:4 8:36.59

pe n

3 6

re.e xe

1-0.dll

3/3/202 0 - 23:4 8:36.59

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2- 1-0.dll

api-ms-win-downlevel-advapi3 2-l2-1-0.dll

3/3/202 0 - 23:4 8:36.12 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Tempo rary Internet Files\counters.dat

3/3/202 0 - 23:4 8:36.12 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\winhttp.dll

3/3/202 0 - 23:4 8:36.12 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\winhttp.dll

3/3/202 0 - 23:4 8:36.12 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\webio.dll

3/3/202 0 - 23:4 8:36.12 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\webio.dll

3/3/202 0 - 23:4 8:36.12 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\IPHLPAPI.DLL

3/3/202 0 - 23:4 8:36.12 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\IPHLPAPI.DLL

3/3/202 0 - 23:4 8:36.12 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\IPHLPAPI.DLL

3/3/202 0 - 23:4 8:36.12 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\WINNSI.DLL

3/3/202 2 C:\m

(41)

0 - 23:4 8:36.13 7

O pe n

3 3 6

alwa re.e xe

C:\Windows\SysWOW64\winnsi.dll

3/3/202 0 - 23:4 8:36.13 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\winnsi.dll

3/3/202 0 - 23:4 8:36.13 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\api-ms-win-downlevel-shlwapi-l2-1-0.dll

3/3/202 0 - 23:4 8:36.13 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1- 0.dll

3/3/202 0 - 23:4 8:36.13 7

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1- 0.dll

api-ms-win-downlevel-shlwapi-l 2-1-0.dll

3/3/202 0 - 23:4 8:36.13 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1- 0.dll

3/3/202 0 - 23:4 8:36.13 7

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1- 0.dll

api-ms-win-downlevel-shlwapi-l 2-1-0.dll

3/3/202 0 - 23:4 8:36.13 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\DNSAPI.dll

3/3/202 0 - 23:4 8:36.13 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\dnsapi.dll

3/3/202 0 - 23:4 8:36.13 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\dnsapi.dll

3/3/202 0 - 23:4 8:36.18 4

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\mswsock.dll

(42)

3/3/202 0 - 23:4 8:36.18 4

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\mswsock.dll

3/3/202 0 - 23:4 8:36.18 4

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\wship6.dll

3/3/202 0 - 23:4 8:36.18 4

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\wship6.dll

3/3/202 0 - 23:4 8:36.23 1

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\rpcss.dll

3/3/202 0 - 23:4 8:36.23 1

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\rpcss.dll

3/3/202 0 - 23:4 8:36.27 8

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\netprofm.dll

3/3/202 0 - 23:4 8:36.27 8

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\netprofm.dll

3/3/202 0 - 23:4 8:36.27 8

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\nlaapi.dll

3/3/202 0 - 23:4 8:36.27 8

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\nlaapi.dll

3/3/202 0 - 23:4 8:36.32 5

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\dhcpcsvc6.DLL

3/3/202 0 - 23:4 8:36.32 5

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\dhcpcsvc6.dll

(43)

3/3/202 0 - 23:4 8:36.32 5

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\dhcpcsvc6.dll dhcpcsvc6.dll

3/3/202 0 - 23:4 8:36.32 5

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\dhcpcsvc6.dll

3/3/202 0 - 23:4 8:36.32 5

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\dhcpcsvc6.dll dhcpcsvc6.dll

3/3/202 0 - 23:4 8:36.37 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\CRYPTSP.dll

3/3/202 0 - 23:4 8:36.37 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\cryptsp.dll

3/3/202 0 - 23:4 8:36.37 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\cryptsp.dll

3/3/202 0 - 23:4 8:36.37 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\rsaenh.dll

3/3/202 0 - 23:4 8:36.37 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\rsaenh.dll

3/3/202 0 - 23:4 8:36.37 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\rsaenh.dll

3/3/202 0 - 23:4 8:36.37 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\rsaenh.dll

3/3/202 0 - 23:4 8:36.37 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\rsaenh.dll

(44)

3/3/202 0 - 23:4 8:36.37 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\rsaenh.dll

3/3/202 0 - 23:4 8:36.37 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\rsaenh.dll

3/3/202 0 - 23:4 8:36.37 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\rsaenh.dll

3/3/202 0 - 23:4 8:36.37 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\rsaenh.dll

3/3/202 0 - 23:4 8:36.37 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\rsaenh.dll

3/3/202 0 - 23:4 8:36.37 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\rsaenh.dll

3/3/202 0 - 23:4 8:36.37 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\rsaenh.dll

3/3/202 0 - 23:4 8:36.37 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\RpcRtRemote.dll

3/3/202 0 - 23:4 8:36.37 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\RpcRtRemote.dll

3/3/202 0 - 23:4 8:36.37 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\RpcRtRemote.dll RpcRtRemote.dll

3/3/202 0 - 23:4 8:36.37 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\RpcRtRemote.dll

(45)

3/3/202 0 - 23:4 8:36.37 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\RpcRtRemote.dll RpcRtRemote.dll

3/3/202 0 - 23:4 8:36.37 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Roaming\Microsoft\SystemCerti ficates\My\Certificates

3/3/202 0 - 23:4 8:36.37 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Roaming\Microsoft\SystemCerti ficates\My\Certificates

3/3/202 0 - 23:4 8:36.37 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Roaming\Microsoft\SystemCerti ficates\My\CRLs

3/3/202 0 - 23:4 8:36.37 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Roaming\Microsoft\SystemCerti ficates\My\CRLs

3/3/202 0 - 23:4 8:36.37 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Roaming\Microsoft\SystemCerti ficates\My\CTLs

3/3/202 0 - 23:4 8:36.37 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Roaming\Microsoft\SystemCerti ficates\My\CTLs

3/3/202 0 - 23:4 8:36.37 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot

3/3/202 0 - 23:4 8:36.37 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot

3/3/202 0 - 23:4 8:36.37 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot

(46)

3/3/202 0 - 23:4 8:36.37 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local

3/3/202 0 - 23:4 8:36.37 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local

3/3/202 0 - 23:4 8:36.37 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local

3/3/202 0 - 23:4 8:36.37 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Tempo rary Internet Files

3/3/202 0 - 23:4 8:36.37 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Tempo rary Internet Files

3/3/202 0 - 23:4 8:36.37 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Tempo rary Internet Files

3/3/202 0 - 23:4 8:36.37 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Tempo rary Internet Files\Content.IE5

3/3/202 0 - 23:4 8:36.37 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Tempo rary Internet Files\Content.IE5

3/3/202 0 - 23:4 8:36.37 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot

3/3/202 0 - 23:4 8:36.37 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot

3/3/202 0 - 23:4

Un kn o

2 3

C:\m

alwa C:\Users\Behemot

(47)

8:36.37 2

w n

3 6

re.e xe

3/3/202 0 - 23:4 8:36.37 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Roaming

3/3/202 0 - 23:4 8:36.37 2

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Roaming

3/3/202 0 - 23:4 8:36.37 2

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Roaming

3/3/202 0 - 23:4 8:36.38 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Co okies

3/3/202 0 - 23:4 8:36.38 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Co okies

3/3/202 0 - 23:4 8:36.38 7

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Co okies

3/3/202 0 - 23:4 8:36.38 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Co okies

3/3/202 0 - 23:4 8:36.38 7

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Co okies

3/3/202 0 - 23:4 8:36.38 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot

3/3/202 0 - 23:4 8:36.38 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot

(48)

3/3/202 0 - 23:4 8:36.38 7

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot

3/3/202 0 - 23:4 8:36.38 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local

3/3/202 0 - 23:4 8:36.38 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local

3/3/202 0 - 23:4 8:36.38 7

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local

3/3/202 0 - 23:4 8:36.38 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Histor y

3/3/202 0 - 23:4 8:36.38 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Histor y

3/3/202 0 - 23:4 8:36.38 7

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Histor y

3/3/202 0 - 23:4 8:36.38 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Histor y\History.IE5

3/3/202 0 - 23:4 8:36.38 7

Un kn o w n

2 3 3 6

C:\m alwa re.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Histor y\History.IE5

3/3/202 0 - 23:4 8:36.38 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\WSHTCPIP.DLL

3/3/202 0 - 23:4 O 2

3 C:\m alwa

(49)

8:36.38 7

pe n

3 6

re.e xe

C:\Windows\SysWOW64\WSHTCPIP.DLL

3/3/202 0 - 23:4 8:36.38 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\dhcpcsvc.DLL

3/3/202 0 - 23:4 8:36.38 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\dhcpcsvc.dll

3/3/202 0 - 23:4 8:36.38 7

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\dhcpcsvc.dll

3/3/202 0 - 23:4 8:36.43 4

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\rasadhlp.dll

3/3/202 0 - 23:4 8:36.43 4

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\rasadhlp.dll

3/3/202 0 - 23:4 8:36.43 4

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\rasadhlp.dll

3/3/202 0 - 23:4 8:36.48 1

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\npmproxy.dll

3/3/202 0 - 23:4 8:36.48 1

O pe n

2 3 3 6

C:\m alwa re.e xe

C:\Windows\SysWOW64\npmproxy.dll

3/3/202 0 - 23:4 8:36.66 8

Un kn o w n

1 4 8 0

C:\m alwa re.e xe

C:\Windows

3/3/202 0 - 23:4 8:36.66 8

Un kn o w n

1 4 8 0

C:\m alwa re.e xe

C:\Monitor

Referências

Descarregar agora ( PDF - 74 páginas - 294.20 KB )

Documentos relacionados

Report #453

Files Allowed: kernel32.dll, USER32.dll, mscoree.dll, GDI32.dll hasFiles:

Report #13925

report.log COMCTL32.dll MSVCR110.dll WS2_32.dll WININET.dll ,&amp;combase.dll WINTRUST.dll data\surfaud.dat WINMM.dll WINMM.dll UxTheme.dll iphlpapi.dll dbghelp.dll

Report #7211

Libraries Allowed: mapi32.dll, mtxex.dll, ws2_32.dll, user32.dll, uxtheme.dll, dwmap i.dll, wininet.dll, ole32.dll, imm32.dll, advapi32.dll, comctl32.dll, shfolder.dll,

Report #582

Files Allowed: rarext64.dll, rarext.dll, riched20.dll, KERNEL32.DLL, cabinet.dll, U nAceV2.Dll, Wkernel32.dll, mscoree.dll, \SOFTWARE\Microsoft\Windows\Curr

Report #9218

Files Allowed: user32.dll, kernel32.dll, uxtheme.dll, gdi32.dll, crypt32.dll, coleto r.dll, vcltest3.dll, pstorec.dll, MAPI32.DLL, version.dll, comctl32.dll, shell32.d ll,

Report #432

Files Allowed: 2ntdll.dll, WININET.dll, shlwapi.dll, MSVCR110.dll, CRYPT32.dll, SH ELL32.dll, user32.dll, ADVAPI32.dll, PSAPI.DLL, kernel32.dll, GDI32.dll, msvc rt.dll,

Report #11795

Files Allowed: KERNEL32.DLL, Crypt32.dll, riched32.dll, riched20.dll, mscoree.dl l, ADVAPI32.dll, SHLWAPI.dll, OLEAUT32.dll, SHELL32.dll, GDI32.dll, COMCTL 32.dll,

Report #317

Files Allowed: kernel32.dll, ntdll.dll, psapi.dll, mscoree.dll, dnsapi.dll,