Report #432

(1)

Binary

DLL False

Size 1.14MB

trid 35.0% InstallShield setup

33.8% Win32 EXE PECompact compressed 22.4% Win64 Executable

3.6% Win32 Executable 1.6% OS/2 Executable

type PE

wordsize 32

Subsystem Windows CLI

Hashes

md5 3b7e22e97a6856fb6843704c9452ad87

sha1 c721ec219a9d6836bf12ac24cf4e22aa822fcb67

crc32 0x924e52ec

sha224 9625529e902294429a0dead35c7847d9266ee36b3959b34fc27ca9a1

sha256 cac61bfaf19636a4db63b11eca87a84e79e37b0d230354a11a37878927faaa e5

sha384 841860d393635b6659eb8dedb5fb4990db1623a8f12d007758cb2c796a65e b8cd15d7f1731b86c47470781542450f2a3

sha512 4d588d389c4117033cbf9b4807d212389507c974983a8e0bcb56c0303c587 2830460f409547521e72348968fd90a87adab345ef8e51381b6410061431b 960164

ssdeep 24576:Fp+6k/gxr/nIiYWMf9dQnPoY20k0XgBq/bPEUpPhOZy+hz7FFUj9SD+s w4LOTc:qFgxr/nIiYWMf9dQnPoY20k0XgBq/bPg

Report #432

Creation Date: Oct. 12, 2019, 3:39 p.m.

Last Update: Oct. 12, 2019, 3:43 p.m.

File:

044 Results:

(2)

Community

Google False

HashLib False

YARA

Matches maldoc_getEIP_method_1, domain, IP, win_private_profile, Dropper_Strings, Intel_Virtualization_Wizard_exe, HasDebugData, network_dropper, Antivirus , BASE64_table, escalate_priv, HasRichSignature, possible_includes_base64 _packed_functions, VM_Generic_Detection, VC8_Microsoft_Corporation, Deb uggerException__SetConsoleCtrl, spreading_share, IsConsole, create_servic e, network_dns, cred_local, network_http, win_files_operation, IsPE32, win_

hook, disable_dep, contentis_base64, network_tcp_socket, SEH__vectored, screenshot, win_token, win_mutex, keylogger, Misc_Suspicious_Strings, mal doc_find_kernel32_base_method_1, migrate_apc, antisb_threatExpert, Debu ggerHiding__Thread, anti_dbg, network_tcp_listen, DebuggerCheck__QueryI nfo, url, Microsoft_Visual_Cpp_8, win_registry, Typical_Malware_String_Trans forms, HasOverlay, network_dga, Advapi_Hash_API, Big_Numbers5, Crypt32 _CryptBinaryToString_API, create_com_service, Big_Numbers0

Suspicious True

Strings

List

<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

1.3/">

<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

1.3/">

<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.

3/">

<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

1.3/">

<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.

3/">

<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.

3/">

<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/x ap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">

<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/x ap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">

<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3 /">

<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

1.3/">

<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

1.3/">

<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/x

(3)

ap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">

<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xa p/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">

<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xa p/1.0/">

<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/

1.0/">

<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xa p/1.0/">

<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xa p/1.0/">

<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap /1.0/">

<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/x ap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">

<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/x ap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">

<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

1.3/">

<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

1.3/">

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.

3/">

</dc:rights></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:

tiff="http://ns.adobe.com/tiff/1.0/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" x mlns:exif="http://ns.adobe.com/exif/1.0/"/></rdf:RDF></x:xmpmeta>

</dc:rights></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:

tiff="http://ns.adobe.com/tiff/1.0/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" x mlns:exif="http://ns.adobe.com/exif/1.0/"/></rdf:RDF></x:xmpmeta>

<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/x ap/1.0/mm/">

<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xa p/1.0/mm/">

<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/

1.0/">

<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/x ap/1.0/mm/">

<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1 .0/">

<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/x ap/1.0/mm/">

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xa p/1.0/mm/">

<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/x ap/1.0/mm/">

<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1 .0/">

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1 .0/">

<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/

1.0/">

<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.

0/">

<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:xapMM="http://ns.adobe.com/

xap/1.0/mm/">

<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0 /">

<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/

">

(4)

<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.

0/">

<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.

3/">

<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.

0/">

<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/

1.0/">

<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/

1.0/">

<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1 .0/">

<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.

0/">

<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1 .0/">

<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/

1.0/">

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0 /">

<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xa p/1.0/">

<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xa p/1.0/">

<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/

1.0/">

<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/

1.0/">

<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0 /">

<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.

0/">

<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1 .0/">

<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/

1.0/">

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.

0/">

<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/

1.0/">

<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.co m/photoshop/1.0/">

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com /photoshop/1.0/">

<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.c om/photoshop/1.0/">

<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.co m/photoshop/1.0/">

<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.co m/photoshop/1.0/">

<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.c om/photoshop/1.0/">

<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.c om/photoshop/1.0/">

<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.co m/photoshop/1.0/">

<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.co m/photoshop/1.0/">

<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.co

(5)

m/photoshop/1.0/">

<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com /photoshop/1.0/">

<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif /1.0/">

<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/

1.0/">

<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif /1.0/">

<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif /1.0/">

<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/

1.0/">

<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exi f/1.0/">

<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exi f/1.0/">

<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.c om/photoshop/1.0/">

<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.c om/photoshop/1.0/">

1. Visit https://tox.chat/download.html qhttp://ns.adobe.com/xap/1.0/

qhttp://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

=http://ns.adobe.com/xap/1.0/

1. Download Tor browser - https://www.torproject.org/

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:dc="http://purl.org/dc/elements/

1.1/">

Foremost

Matches 0.exe, 94 KB

Heuristics

IPs hasIPs: False

Allowed Suspicious

hasAllowed: False

(6)

hasSuspicious: False

URLs Allowed

hasURLs: True

Suspicious: http://gdcbghvjyqy7jclk.onion/3a23db8448d3b2b, https://tox.c hat/download.html, https://www.torproject.org/

hasAllowed: False hasSuspicious: True

Files Allowed: 2ntdll.dll, WININET.dll, shlwapi.dll, MSVCR110.dll, CRYPT32.dll, SH ELL32.dll, user32.dll, ADVAPI32.dll, PSAPI.DLL, kernel32.dll, GDI32.dll, msvc rt.dll, urlmon.dll, encryption.dll

hasFiles: True

Suspicious: GDCB-DECRYPT.txt, %s\GDCB-DECRYPT.txt, ntuser.dat, ntuser.

dat.log, thumbs.db, iconcache.db hasAllowed: True

hasSuspicious: True

Binary

Sizes RVA

RVA: 16

Suspicious: False Code

Size: 93696

Suspicious: False Image

Address: 4194304 Suspicious: False Stack

Stack: 4096 Suspicious: False Headers

Headers: 1024 Suspicious: False Suspicious: False

Symbols Number

Number: 0

Suspicious: True Pointer

Pointer: 0

Suspicious: True Directories Number: 16 Suspicious: False

Checksum Value: 0

Suspicous: True

Sections Allowed: .text, .rdata, .data, .rsrc, .reloc

(7)

Suspicious

hasAllowed: True hasSections: True hasSuspicious: False

Versions OS

Version: 6

Suspicious: False Image

Version: True Suspicious: 6 Linker

Version: 11.0 Suspicious: False Subsystem

Version: 6.0 Suspicious: False Suspicious: False

EntryPoint Address: 4951

Suspicious: False

Anomalies Anomalies: The header checksum and the calculated checksum do not ma tch.

hasAnomalies: True

Libraries Allowed: wininet.dll, shlwapi.dll, crypt32.dll, shell32.dll, user32.dll, advapi 32.dll, psapi.dll, kernel32.dll, gdi32.dll, msvcrt.dll, urlmon.dll

hasLibs: True

Suspicious: 2ntdll.dll, msvcr110.dll, encryption.dll hasAllowed: True

hasSuspicious: True

Timestamp Past: False

Valid: True

Value: 2019-08-28 13:35:58 Future: False

Compilation Packed: False

Missing: False Packers

Compiled: True

Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation XOR: True

Fuzzing: False

PEDetector

(8)

Matches 6304, 78097

Disassembly

hasTricks True

Tricks

ldr .rsrc: 2

pushret .rsrc: 11

.text: 1

nopsequence .rsrc: 2

pushpopmath .rsrc: 13

sizeofimage .rsrc: 2

garbagebytes .rsrc: 4

.text: 1

hookdetection .rsrc: 1

programcontrolflowchange .rsrc: 4 .text: 1

cpuinstructionsresultscomparison .rdata: 1

AVclass

wapomi 1

VirusTotal

md5 3b7e22e97a6856fb6843704c9452ad87

sha1 c721ec219a9d6836bf12ac24cf4e22aa822fcb67

SCANS (DETECTION RATE = 71.43%)

(9)

AVG result: Win32:Rootkit-gen [Rtk]

update: 20190910 version: 18.4.3895.0 detected: True

CMC update: 20190321

version: 1.1.0.977 detected: False

MAX result: malware (ai score=82)

APEX result: Malicious

update: 20190910 version: 5.62 detected: True

Bkav update: 20190910

K7GW update: 20190910

version: 11.66.31967 detected: False

ALYac result: Win32.VJadtre.3

Avast result: Win32:Rootkit-gen [Rtk]

Avira result: W32/Jadtre.B

Baidu result: Win32.Virus.Otwycal.d

(10)

Cyren result: W32/PatchLoad.E update: 20190910 version: 6.2.0.1 detected: True

DrWeb result: Trojan.Encoder.24384

GData result: Win32.VJadtre.3

update: 20190910

version: A:25.23339B:26.15997 detected: True

Panda result: Generic Suspicious

VBA32 result: Virus.Nimnul.19209

update: 20190910 version: 4.0.0 detected: True

VIPRE result: Trojan.Win32.Generic!BT

update: 20190910 version: 77768 detected: True

Zoner update: 20190910

ClamAV result: Win.Ransomware.Gandcrab-6502432-0

Comodo update: 20190910

version: 31455 detected: False

F-Prot result: W32/PatchLoad.E

(11)

Ikarus result: Virus.Win32.Wapomi update: 20190910

version: 0.1.5.2 detected: True

McAfee result: Artemis!3B7E22E97A68

Rising result: Ransom.GandCrab!1.B8D6 (CLASSIC)

Sophos result: Mal/Generic-S

Yandex update: 20190910

Zillya update: 20190910

Acronis update: 20190904

Alibaba result: Virus:Win32/Nimnul.e04fd7e6

Arcabit result: Win32.VJadtre.3

Cylance update: 20190910

(12)

Endgame result: malicious (high confidence) update: 20190819

version: 3.0.14 detected: True

FireEye result: Generic.mg.3b7e22e97a6856fb

TACHYON update: 20190910

version: 2019-09-10.02 detected: False

Tencent result: Virus.Win32.Loader.aab

ViRobot update: 20190910

Webroot update: 20190910

eGambit result: Trojan.Generic

update: 20190910 version: v5.0.5 detected: True

Ad-Aware result: Win32.VJadtre.3

AegisLab result: Virus.Win32.Nimnul.n!c

Emsisoft result: Win32.VJadtre.3 (B)

(13)

F-Secure result: Malware.W32/Jadtre.B update: 20190910

Fortinet result: W32/Wapomi.BA!tr

Invincea update: 20190904

Jiangmin update: 20190910

Kingsoft update: 20190910

Paloalto result: generic.ml

Symantec result: ML.Attribute.HighConfidence update: 20190910

Trapmine update: 20190826

AhnLab-V3 result: Trojan/Win32.Xtrat.C3450632 update: 20190910

Antiy-AVL result: Virus/Win32.Nimnul.f

(14)

Kaspersky result: Virus.Win32.Nimnul.f update: 20190910

Microsoft result: Ransom:Win32/GandCrab.AE

Qihoo-360 result: Win32/Virus.IM.01a

ZoneAlarm result: Virus.Win32.Nimnul.f

Cybereason result: malicious.97a685

ESET-NOD32 result: Win32/Wapomi.BA

update: 20190910 version: 19995 detected: True

TrendMicro result: PE_WAPOMI.BM

BitDefender result: Win32.VJadtre.3

CrowdStrike result: win/malicious_confidence_60% (W) update: 20190702

version: 1.0 detected: True

K7AntiVirus update: 20190910

(15)

SentinelOne result: DFI - Malicious PE update: 20190807 version: 1.0.31.22 detected: True

Avast-Mobile update: 20190910

version: 190910-00 detected: False

Malwarebytes result: Virus.Wapomi

TotalDefense result: Win32/Nimnul.A

CAT-QuickHeal update: 20190909

version: 14.00 detected: False

NANO-Antivirus result: Trojan.Win32.Banload.cstqaj update: 20190910

MicroWorld-eScan result: Win32.VJadtre.3 update: 20190910 version: 14.0.297.0 detected: True

SUPERAntiSpyware update: 20190906

McAfee-GW-Edition result: BehavesLike.Win32.Ramnit.tm update: 20190910

version: v2017.3010 detected: True

TrendMicro-HouseCall result: PE_WAPOMI.BM update: 20190910 version: 10.0.0.1040

(16)

total 70

sha256 cac61bfaf19636a4db63b11eca87a84e79e37b0d230354a11a37878927faaa e5

scan_id cac61bfaf19636a4db63b11eca87a84e79e37b0d230354a11a37878927faaa e5-1568144177

resource 3b7e22e97a6856fb6843704c9452ad87

permalink https://www.virustotal.com/file/cac61bfaf19636a4db63b11eca87a84e79e3 7b0d230354a11a37878927faaae5/analysis/1568144177/

positives 50

scan_date 2019-09-10 19:36:17

verbose_msg Scan finished, information embedded

response_code 1

File

Trace

3/5/20 18 - 1 8:45:4 3.512

U n k n o w n

C:\malware.ex

e C:\Monitor\proc.exe

3/5/20 18 - 1 8:45:4 3.512

O p e n

C:\malware.ex

e C:\Windows\SysWOW64\apphelp.dll

3/5/20 18 - 1 8:45:4 3.512

O p e n

C:\malware.ex

e C:\Windows\SysWOW64\apphelp.dll

3/5/20 18 - 1 8:45:4 3.512

O p e n

C:\malware.ex

e C:\Windows\AppPatch\sysmain.sdb

3/5/20 18 - 1 8:45:4

O p e

C:\malware.ex

e C:\Monitor

(17)

3.512 n

3/5/20 18 - 1 8:45:4 3.512

U n k n o w n

C:\malware.ex

e C:\Monitor

3/5/20 18 - 1 8:45:4 3.512

O p e n

C:\malware.ex

3/5/20 18 - 1 8:45:4 3.512

U n k n o w n

C:\malware.ex

3/5/20 18 - 1 8:45:4 3.512

O p e n

C:\malware.ex

e C:\

3/5/20 18 - 1 8:45:4 3.512

U n k n o w n

C:\malware.ex

e C:\

3/5/20 18 - 1 8:45:4 3.512

O p e n

C:\malware.ex

e C:\Monitor

3/5/20 18 - 1 8:45:4 3.512

U n k n o w n

C:\malware.ex

e C:\Monitor

3/5/20 18 - 1 8:45:4 3.512

O p e n

C:\malware.ex

e C:\Monitor

3/5/20 U n

(18)

18 - 1 8:45:4 3.512

n o w n

C:\malware.ex e

C:\Monitor

3/5/20 18 - 1 8:45:4 3.512

O p e n

C:\malware.ex

3/5/20 18 - 1 8:45:4 3.512

R e a d

C:\malware.ex

3/5/20 18 - 1 8:45:4 3.512

O p e n

C:\malware.ex

e C:\Monitor\ui\SwDRM.dll

3/5/20 18 - 1 8:45:4 3.512

O p e n

C:\malware.ex

3/5/20 18 - 1 8:45:4 3.512

O p e n

C:\malware.ex

3/5/20 18 - 1 8:45:4 3.512

U n k n o w n

C:\malware.ex

3/5/20 18 - 1 8:45:4 3.512

O p e n

C:\malware.ex

3/5/20 18 - 1 8:45:4 3.512

U n k n o w n

C:\malware.ex

3/5/20 18 - 1 8:45:4

U n k n o

C:\malware.ex

(19)

3.512 w n

3/5/20 18 - 1 8:45:4 3.512

U n k n o w n

C:\malware.ex

3/5/20 18 - 1 8:45:4 3.512

U n k n o w n

C:\malware.ex

e C:\Windows

3/5/20 18 - 1 8:45:4 3.512

U n k n o w n

C:\malware.ex

e C:\Monitor

3/5/20 18 - 1 8:45:4 3.528

O p e n

C:\Monitor\pro

c.exe C:\Windows\Prefetch\PROC.EXE-5509F567.pf

3/5/20 18 - 1 8:45:4 3.528

O p e n

C:\Monitor\pro

c.exe C:\Windows

3/5/20 18 - 1 8:45:4 3.528

O p e n

C:\Monitor\pro

c.exe C:\Windows\System32\wow64.dll

3/5/20 18 - 1 8:45:4 3.528

O p e n

C:\Monitor\pro

c.exe C:\Windows\System32\wow64.dll

3/5/20 18 - 1 8:45:4 3.528

O p e n

C:\Monitor\pro

c.exe C:\Windows\System32\wow64win.dll

3/5/20 18 - 1 8:45:4

O p

e C:\Monitor\pro

c.exe C:\Windows\System32\wow64win.dll

(20)

3/5/20 18 - 1 8:45:4 3.528

O p e n

C:\Monitor\pro

c.exe C:\Windows\System32\wow64cpu.dll

3/5/20 18 - 1 8:45:4 3.528

O p e n

C:\Monitor\pro

c.exe C:\Windows\System32\wow64cpu.dll

3/5/20 18 - 1 8:45:4 3.528

O p e n

C:\Monitor\pro

c.exe C:\Windows\System32\wow64log.dll

3/5/20 18 - 1 8:45:4 3.528

O p e n

C:\Monitor\pro

c.exe C:\Windows

3/5/20 18 - 1 8:45:4 3.528

U n k n o w n

C:\Monitor\pro

c.exe C:\Windows

3/5/20 18 - 1 8:45:4 3.528

O p e n

C:\Monitor\pro

c.exe C:\Monitor

3/5/20 18 - 1 8:45:4 3.528

O p e n

C:\Monitor\pro

c.exe C:\Monitor\proc.exe

3/5/20 18 - 1 8:45:4 3.528

U n k n o w n

C:\Monitor\pro

c.exe C:\Monitor\proc.exe

3/5/20 18 - 1 8:45:4 3.528

O p e n

C:\Monitor\pro

c.exe C:\Windows\SysWOW64\sechost.dll

3/5/20 18 - 1 8:45:4 3.528

O p e n

C:\Monitor\pro

c.exe C:\Windows\SysWOW64\sechost.dll

(21)

3/5/20 18 - 1 8:45:4 3.528

O p e n

C:\Monitor\pro

c.exe C:\Monitor\version.DLL

3/5/20 18 - 1 8:45:4 3.528

O p e n

C:\Monitor\pro

c.exe C:\Windows\SysWOW64\version.dll

3/5/20 18 - 1 8:45:4 3.528

O p e n

C:\Monitor\pro

c.exe C:\Windows\SysWOW64\version.dll

3/5/20 18 - 1 8:45:4 3.543

O p e n

C:\Monitor\pro

c.exe C:\Windows\SysWOW64\imm32.dll

3/5/20 18 - 1 8:45:4 3.543

O p e n

C:\Monitor\pro

3/5/20 18 - 1 8:45:4 3.543

O p e n

C:\Monitor\pro

3/5/20 18 - 1 8:45:4 3.543

O p e n

C:\Monitor\pro

3/5/20 18 - 1 8:45:4 3.543

O p e n

C:\Monitor\pro

3/5/20 18 - 1 8:45:4 3.543

O p e n

C:\Monitor\pro

3/5/20 18 - 1 8:45:4 3.543

O p e n

C:\Monitor\pro

c.exe C:\Users\Behemot\AppData\Local\Temp\vSQshX.exe

3/5/20 18 - 1 8:45:4 3.543

W ri t e

C:\Monitor\pro

(22)

3/5/20 18 - 1 8:45:4 3.543

U n k n o w n

C:\Monitor\pro

3/5/20 18 - 1 8:45:4 3.543

O p e n

C:\Monitor\pro

3/5/20 18 - 1 8:45:4 3.543

U n k n o w n

C:\Monitor\pro

3/5/20 18 - 1 8:45:4 3.543

O p e n

C:\Monitor\pro

3/5/20 18 - 1 8:45:4 3.543

U n k n o w n

C:\Monitor\pro

3/5/20 18 - 1 8:45:4 3.543

O p e n

C:\Monitor\pro

3/5/20 18 - 1 8:45:4 3.543

W ri t e

C:\Monitor\pro

3/5/20 18 - 1 8:45:4 3.543

U n k n o w n

C:\Monitor\pro

3/5/20 18 - 1 8:45:4 3.543

O p e n

C:\Monitor\pro

c.exe C:\Windows\SysWOW64\apphelp.dll

(23)

3/5/20 18 - 1 8:45:4 3.543

O p e n

C:\Monitor\pro

c.exe C:\Windows\SysWOW64\apphelp.dll

3/5/20 18 - 1 8:45:4 3.543

O p e n

C:\Monitor\pro

c.exe C:\Windows\AppPatch\sysmain.sdb

3/5/20 18 - 1 8:45:4 3.543

O p e n

C:\Monitor\pro

c.exe C:\Users\Behemot\AppData\Local\Temp

3/5/20 18 - 1 8:45:4 3.543

U n k n o w n

C:\Monitor\pro

3/5/20 18 - 1 8:45:4 3.543

O p e n

C:\Monitor\pro

3/5/20 18 - 1 8:45:4 3.543

U n k n o w n

C:\Monitor\pro

3/5/20 18 - 1 8:45:4 3.543

O p e n

C:\Monitor\pro

c.exe C:\

3/5/20 18 - 1 8:45:4 3.543

U n k n o w n

C:\Monitor\pro

c.exe C:\

3/5/20 18 - 1 8:45:4 3.543

O p e n

C:\Monitor\pro

c.exe C:\Users

3/5/20 U n

(24)

18 - 1 8:45:4 3.543

n o w n

C:\Monitor\pro

c.exe C:\Users

3/5/20 18 - 1 8:45:4 3.543

O p e n

C:\Monitor\pro

c.exe C:\Users\Behemot

3/5/20 18 - 1 8:45:4 3.543

U n k n o w n

C:\Monitor\pro

c.exe C:\Users\Behemot

3/5/20 18 - 1 8:45:4 3.543

O p e n

C:\Monitor\pro

c.exe C:\Users\Behemot\AppData

3/5/20 18 - 1 8:45:4 3.543

U n k n o w n

C:\Monitor\pro

c.exe C:\Users\Behemot\AppData

3/5/20 18 - 1 8:45:4 3.543

O p e n

C:\Monitor\pro

c.exe C:\Users\Behemot\AppData\Local

3/5/20 18 - 1 8:45:4 3.543

U n k n o w n

C:\Monitor\pro

c.exe C:\Users\Behemot\AppData\Local

3/5/20 18 - 1 8:45:4 3.543

O p e n

C:\Monitor\pro

3/5/20 18 - 1 8:45:4 3.543

U n k n o w n

C:\Monitor\pro

(25)

3/5/20 18 - 1 8:45:4 3.543

O p e n

C:\Monitor\pro

3/5/20 18 - 1 8:45:4 3.543

U n k n o w n

C:\Monitor\pro

3/5/20 18 - 1 8:45:4 3.543

O p e n

C:\Monitor\pro

3/5/20 18 - 1 8:45:4 3.543

R e a d

C:\Monitor\pro

3/5/20 18 - 1 8:45:4 3.559

O p e n

C:\Monitor\pro

c.exe C:\Users\Behemot\AppData\Local\Temp\ui\SwDRM.dll

3/5/20 18 - 1 8:45:4 3.559

O p e n

C:\Monitor\pro

3/5/20 18 - 1 8:45:4 3.559

O p e n

C:\Monitor\pro

3/5/20 18 - 1 8:45:4 3.559

U n k n o w n

C:\Monitor\pro

3/5/20 18 - 1 8:45:4 3.559

O p e n

C:\Monitor\pro

3/5/20 18 - 1

U n k

n C:\Monitor\pro C:\Users\Behemot\AppData\Local\Temp\vSQshX.exe

(26)

3.559 o w n

3/5/20 18 - 1 8:45:4 3.559

U n k n o w n

C:\Monitor\pro

3/5/20 18 - 1 8:45:4 3.559

U n k n o w n

C:\Monitor\pro

3/5/20 18 - 1 8:45:4 3.653

O p e n

C:\Users\Behe mot\AppData\L ocal\Temp\vSQ shX.exe

C:\Windows\Prefetch\VSQSHX.EXE-1464A4CE.pf

3/5/20 18 - 1 8:45:4 3.653

O p e n

C:\Windows

3/5/20 18 - 1 8:45:4 3.653

O p e n

C:\Windows\System32\wow64.dll

3/5/20 18 - 1 8:45:4 3.653

O p e n

C:\Windows\System32\wow64.dll

3/5/20 18 - 1 8:45:4 3.653

O p e n

C:\Windows\System32\wow64win.dll

3/5/20 18 - 1 8:45:4 3.653

O p e n

C:\Windows\System32\wow64win.dll

3/5/20 18 - 1 8:45:4 3.653

O p e n

C:\Windows\System32\wow64cpu.dll

3/5/20 O C:\Users\Behe

(27)

18 - 1 8:45:4 3.653

p e n

mot\AppData\L ocal\Temp\vSQ shX.exe

C:\Windows\System32\wow64cpu.dll

3/5/20 18 - 1 8:45:4 3.653

O p e n

C:\Windows\System32\wow64log.dll

3/5/20 18 - 1 8:45:4 3.653

O p e n

C:\Windows

3/5/20 18 - 1 8:45:4 3.653

U n k n o w n

C:\Windows

3/5/20 18 - 1 8:45:4 3.653

O p e n

C:\Monitor

3/5/20 18 - 1 8:45:4 3.668

O p e n

C:\Windows\SysWOW64\sechost.dll

3/5/20 18 - 1 8:45:4 3.668

O p e n

C:\Windows\SysWOW64\sechost.dll

3/5/20 18 - 1 8:45:4 3.668

O p e n

C:\Users\Behemot\AppData\Local\Temp\version.DLL

3/5/20 18 - 1 8:45:4 3.668

O p e n

C:\Windows\SysWOW64\version.dll

3/5/20 18 - 1 8:45:4 3.668

O p e n

C:\Windows\SysWOW64\version.dll

3/5/20 18 - 1 8:45:4 3.668

O p e n

C:\Windows\SysWOW64\imm32.dll

(28)

3/5/20 18 - 1 8:45:4 3.668

O p e n

3/5/20 18 - 1 8:45:4 3.668

O p e n

3/5/20 18 - 1 8:45:4 3.668

O p e n

3/5/20 18 - 1 8:45:4 3.668

O p e n

3/5/20 18 - 1 8:45:4 3.668

O p e n

3/5/20 18 - 1 8:45:4 3.668

O p e n

C:\Users\Behemot\AppData\Local\Temp\vSQshX.exe

3/5/20 18 - 1 8:45:4 3.668

U n k n o w n

3/5/20 18 - 1 8:45:4 3.668

O p e n

3/5/20 18 - 1 8:45:4 3.668

R e a d

3/5/20 18 - 1 8:45:4 3.731

O p e n

C:\Windows\Globalization\Sorting\SortDefault.nls

3/5/20 U n

C:\Users\Behe

(29)

18 - 1 8:45:4 3.731

k n o w n

C:\Windows\Globalization\Sorting\SortDefault.nls SortDefault.nls

3/5/20 18 - 1 8:45:4 3.731

O p e n

C:\Windows\SysWOW64\uxtheme.dll

3/5/20 18 - 1 8:45:4 3.731

O p e n

C:\Windows\SysWOW64\uxtheme.dll

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\Users\Behemot\AppData\Local\Temp\api-ms-win-downlev el-shlwapi-l2-1-0.dll

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1- 0.dll

3/5/20 18 - 1 8:45:4 3.778

U n k n o w n

api-ms-win-downlevel-sh lwapi-l2-1-0.dll

3/5/20 18 - 1 8:45:4 3.778

O p e n

3/5/20 18 - 1 8:45:4 3.778

U n k n o w n

api-ms-win-downlevel-sh lwapi-l2-1-0.dll

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\Users\Behemot\AppData\Local\Temp\Secur32.dll

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\Windows\SysWOW64\secur32.dll

(30)

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\Windows\SysWOW64\secur32.dll

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Tempor ary Internet Files

3/5/20 18 - 1 8:45:4 3.778

U n k n o w n

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\Users\Behemot\AppData\Local\Temp\api-ms-win-downlev el-advapi32-l2-1-0.dll

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1 -0.dll

3/5/20 18 - 1 8:45:4 3.778

U n k n o w n

api-ms-win-downlevel-a dvapi32-l2-1-0.dll

3/5/20 18 - 1 8:45:4 3.778

O p e n

3/5/20 18 - 1 8:45:4 3.778

U n k n o w n

api-ms-win-downlevel-a dvapi32-l2-1-0.dll

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\

3/5/20 18 - 1

O p

C:\Users\Behe

mot\AppData\L C:\$Recycle.Bin

(31)

8:45:4 3.778

e n

ocal\Temp\vSQ shX.exe

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\$Recycle.Bin\S-1-5-21-2148495166-3420019059-128609 3062-1001

3/5/20 18 - 1 8:45:4 3.778

U n k n o w n

C:\$Recycle.Bin\S-1-5-21-2148495166-3420019059-128609 3062-1001

3/5/20 18 - 1 8:45:4 3.778

U n k n o w n

C:\$Recycle.Bin

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\Arquivos de Programas

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\Arquivos de Programas

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\Monitor

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\Monitor\Files

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\Monitor\Files\DeletedFiles

3/5/20 18 - 1 8:45:4 3.778

U n k n o w n

C:\Monitor\Files\DeletedFiles

(32)

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\Monitor\Files\Logs

3/5/20 18 - 1 8:45:4 3.778

U n k n o w n

C:\Monitor\Files\Logs

3/5/20 18 - 1 8:45:4 3.778

U n k n o w n

C:\Monitor\Files

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\Monitor\Malware

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\malware.exe

3/5/20 18 - 1 8:45:4 3.778

U n k n o w n

C:\malware.exe

3/5/20 18 - 1 8:45:4 3.778

U n k n o w n

C:\malware.exe

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\malware.exe

3/5/20 18 - 1 8:45:4

U n k n o

C:\Users\Behe mot\AppData\L

ocal\Temp\vSQ C:\malware.exe

(33)

3.778 w n

shX.exe

3/5/20 18 - 1 8:45:4 3.778

U n k n o w n

C:\malware.exe

3/5/20 18 - 1 8:45:4 3.778

U n k n o w n

C:\Monitor\Malware

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\Monitor\proc.exe

3/5/20 18 - 1 8:45:4 3.778

U n k n o w n

C:\Monitor\proc.exe

3/5/20 18 - 1 8:45:4 3.778

U n k n o w n

C:\Monitor\proc.exe

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\Monitor\proc.exe

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\Monitor\WindowsKernelCaptureDriver Package

3/5/20 18 - 1 8:45:4 3.778

U n k n o w

C:\Monitor\WindowsKernelCaptureDriver Package

(34)

n

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\Monitor\WKCDController.exe

3/5/20 18 - 1 8:45:4 3.778

U n k n o w n

C:\Monitor\WKCDController.exe WKCDController.exe

3/5/20 18 - 1 8:45:4 3.778

U n k n o w n

C:\Monitor\WKCDController.exe WKCDController.exe

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\Monitor\WKCDController.exe

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\Monitor\WKCD_Load_Use.exe

3/5/20 18 - 1 8:45:4 3.778

U n k n o w n

C:\Monitor\WKCD_Load_Use.exe WKCD_Load_Use.exe

3/5/20 18 - 1 8:45:4 3.778

U n k n o w n

C:\Monitor\WKCD_Load_Use.exe WKCD_Load_Use.exe

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\Monitor\WKCD_Load_Use.exe

3/5/20 18 - 1 8:45:4

O p e

ocal\Temp\vSQ C:\Monitor\zip.exe

(35)

3.778 n shX.exe

3/5/20 18 - 1 8:45:4 3.778

U n k n o w n

C:\Monitor\zip.exe

3/5/20 18 - 1 8:45:4 3.778

U n k n o w n

C:\Monitor\zip.exe

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\Monitor\zip.exe

3/5/20 18 - 1 8:45:4 3.778

U n k n o w n

C:\Monitor\zip.exe

3/5/20 18 - 1 8:45:4 3.778

U n k n o w n

C:\Monitor\zip.exe

3/5/20 18 - 1 8:45:4 3.778

U n k n o w n

C:\Monitor\zip.exe

3/5/20 18 - 1 8:45:4 3.778

W ri t e

C:\Monitor\zip.exe

3/5/20 18 - 1 8:45:4 3.778

W ri t e

C:\Monitor\zip.exe

(36)

3/5/20 18 - 1 8:45:4 3.778

W ri t e

C:\Monitor\zip.exe

3/5/20 18 - 1 8:45:4 3.778

U n k n o w n

C:\Monitor\zip.exe

3/5/20 18 - 1 8:45:4 3.778

U n k n o w n

C:\Monitor\zip.exe

3/5/20 18 - 1 8:45:4 3.778

U n k n o w n

C:\Monitor

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\PerfLogs

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\PerfLogs\Admin

3/5/20 18 - 1 8:45:4 3.778

U n k n o w n

C:\PerfLogs\Admin

3/5/20 18 - 1 8:45:4 3.778

U n k n o w n

C:\PerfLogs

(37)

18 - 1 8:45:4 3.778

p e n

C:\Program Files

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\Program Files\Arquivos Comuns

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\Program Files\Arquivos Comuns

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\Program Files\DVD Maker

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\Program Files\DVD Maker\DVDMaker.exe

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\Program Files\DVD Maker\DVDMaker.exe

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\Program Files\DVD Maker\pt-BR

3/5/20 18 - 1 8:45:4 3.778

U n k n o w n

C:\Program Files\DVD Maker\pt-BR

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\Program Files\DVD Maker\Shared

3/5/20 18 - 1 8:45:4 3.778

O p e n

C:\Program Files\DVD Maker\Shared\DvdStyles

3/5/20 18 - 1 8:45:4 3.793

O p e n

C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy

(38)

3/5/20 18 - 1 8:45:4 3.793

R e a d

3/5/20 18 - 1 8:45:4 3.856

O p e n

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Tempor ary Internet Files\counters.dat

3/5/20 18 - 1 8:45:4 3.872

O p e n

C:\Windows\SysWOW64\winhttp.dll

3/5/20 18 - 1 8:45:4 3.872

O p e n

C:\Windows\SysWOW64\winhttp.dll

3/5/20 18 - 1 8:45:4 3.872

O p e n

C:\Windows\SysWOW64\webio.dll

3/5/20 18 - 1 8:45:4 3.872

O p e n

C:\Windows\SysWOW64\webio.dll

3/5/20 18 - 1 8:45:4 3.872

U n k n o w n

3/5/20 18 - 1 8:45:4 3.872

O p e n

C:\Users\Behemot\AppData\Local\Temp\IPHLPAPI.DLL

3/5/20 18 - 1 8:45:4 3.872

O p e n

C:\Windows\SysWOW64\IPHLPAPI.DLL

3/5/20 18 - 1 8:45:4 3.872

O p e n

C:\Windows\SysWOW64\IPHLPAPI.DLL

3/5/20 18 - 1

O p

C:\Users\Behe

mot\AppData\L C:\Users\Behemot\AppData\Local\Temp\WINNSI.DLL

(39)

8:45:4 3.872

e n

ocal\Temp\vSQ shX.exe

3/5/20 18 - 1 8:45:4 3.872

O p e n

C:\Windows\SysWOW64\winnsi.dll

3/5/20 18 - 1 8:45:4 3.872

O p e n

C:\Windows\SysWOW64\winnsi.dll

3/5/20 18 - 1 8:45:4 3.872

O p e n

C:\Users\Behemot\AppData\Local\Temp\DNSAPI.dll

3/5/20 18 - 1 8:45:4 3.872

O p e n

C:\Windows\SysWOW64\dnsapi.dll

3/5/20 18 - 1 8:45:4 3.872

O p e n

C:\Windows\SysWOW64\dnsapi.dll

3/5/20 18 - 1 8:45:4 3.872

O p e n

C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl

3/5/20 18 - 1 8:45:4 3.872

R e a d

3/5/20 18 - 1 8:45:4 3.918

O p e n

C:\Windows\SysWOW64\mswsock.dll

3/5/20 18 - 1 8:45:4 3.918

O p e n

C:\Windows\SysWOW64\mswsock.dll

3/5/20 18 - 1 8:45:4 3.918

O p e n

C:\Windows\SysWOW64\wship6.dll

3/5/20 18 - 1 8:45:4

O p e

ocal\Temp\vSQ C:\Windows\SysWOW64\wship6.dll

(40)

3.918 n shX.exe

3/5/20 18 - 1 8:45:4 3.918

O p e n

C:\Users\Behemot

3/5/20 18 - 1 8:45:4 3.918

O p e n

C:\Users\Behemot

3/5/20 18 - 1 8:45:4 3.918

U n k n o w n

C:\Users\Behemot

3/5/20 18 - 1 8:45:4 3.918

O p e n

C:\Users\Behemot\AppData\Local

3/5/20 18 - 1 8:45:4 3.918

O p e n

3/5/20 18 - 1 8:45:4 3.918

U n k n o w n

3/5/20 18 - 1 8:45:4 3.918

O p e n

3/5/20 18 - 1 8:45:4 3.918

O p e n

3/5/20 18 - 1 8:45:4 3.918

U n k n o w n

(41)

3/5/20 18 - 1 8:45:4 3.918

O p e n

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Tempor ary Internet Files\Content.IE5

3/5/20 18 - 1 8:45:4 3.918

U n k n o w n

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Tempor ary Internet Files\Content.IE5

3/5/20 18 - 1 8:45:4 3.918

O p e n

C:\Users\Behemot

3/5/20 18 - 1 8:45:4 3.918

O p e n

C:\Users\Behemot

3/5/20 18 - 1 8:45:4 3.918

U n k n o w n

C:\Users\Behemot

3/5/20 18 - 1 8:45:4 3.918

O p e n

C:\Users\Behemot\AppData\Roaming

3/5/20 18 - 1 8:45:4 3.918

O p e n

3/5/20 18 - 1 8:45:4 3.918

U n k n o w n

3/5/20 18 - 1 8:45:4 3.918

O p e n

C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Coo kies

3/5/20 18 - 1

O p

C:\Users\Behe

mot\AppData\L C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Coo

(42)

3.918 n shX.exe

3/5/20 18 - 1 8:45:4 3.918

U n k n o w n

3/5/20 18 - 1 8:45:4 3.918

O p e n

3/5/20 18 - 1 8:45:4 3.918

U n k n o w n

3/5/20 18 - 1 8:45:4 3.918

O p e n

C:\Users\Behemot

3/5/20 18 - 1 8:45:4 3.918

O p e n

C:\Users\Behemot

3/5/20 18 - 1 8:45:4 3.918

U n k n o w n

C:\Users\Behemot

3/5/20 18 - 1 8:45:4 3.918

O p e n

3/5/20 18 - 1 8:45:4 3.918

O p e n

3/5/20 18 - 1 8:45:4 3.918

U n k n o

(43)

w n

3/5/20 18 - 1 8:45:4 3.918

O p e n

C:\Users\Behemot\AppData\Local\Microsoft\Windows\History

3/5/20 18 - 1 8:45:4 3.918

O p e n

3/5/20 18 - 1 8:45:4 3.918

U n k n o w n

3/5/20 18 - 1 8:45:4 3.918

O p e n

\History.IE5

3/5/20 18 - 1 8:45:4 3.918

U n k n o w n

\History.IE5

3/5/20 18 - 1 8:45:4 3.918

U n k n o w n

3/5/20 18 - 1 8:45:4 3.918

O p e n

C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage

3/5/20 18 - 1 8:45:4 3.918

R e a d

3/5/20 18 - 1 8:45:4 3.965

O p e n

C:\Windows\SysWOW64\rpcss.dll

(44)

3/5/20 18 - 1 8:45:4 3.965

O p e n

C:\Windows\SysWOW64\rpcss.dll

3/5/20 18 - 1 8:45:4 3.965

U n k n o w n

3/5/20 18 - 1 8:45:4 3.965

O p e n

C:\Program Files\DVD Maker\Shared\DvdStyles\Full

3/5/20 18 - 1 8:45:4 3.965

R e a d

3/5/20 18 - 1 8:45:4 4.12

O p e n

C:\Windows\SysWOW64\netprofm.dll

3/5/20 18 - 1 8:45:4 4.12

O p e n

C:\Windows\SysWOW64\netprofm.dll

3/5/20 18 - 1 8:45:4 4.12

O p e n

C:\Windows\SysWOW64\nlaapi.dll

3/5/20 18 - 1 8:45:4 4.12

O p e n

C:\Windows\SysWOW64\nlaapi.dll

3/5/20 18 - 1 8:45:4 4.12

U n k n o w n

3/5/20 18 - 1 8:45:4 4.12

O p e n

C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle

(45)

3/5/20 18 - 1 8:45:4 4.12

R e a d

3/5/20 18 - 1 8:45:4 4.59

O p e n

C:\Users\Behemot\AppData\Local\Temp\dhcpcsvc6.DLL

3/5/20 18 - 1 8:45:4 4.59

O p e n

C:\Windows\SysWOW64\dhcpcsvc6.dll

3/5/20 18 - 1 8:45:4 4.59

U n k n o w n

C:\Windows\SysWOW64\dhcpcsvc6.dll dhcpcsvc6.dll

3/5/20 18 - 1 8:45:4 4.59

O p e n

C:\Windows\SysWOW64\dhcpcsvc6.dll

3/5/20 18 - 1 8:45:4 4.59

U n k n o w n

C:\Windows\SysWOW64\dhcpcsvc6.dll dhcpcsvc6.dll

3/5/20 18 - 1 8:45:4 4.59

U n k n o w n

3/5/20 18 - 1 8:45:4 4.59

O p e n

C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles

3/5/20 18 - 1 8:45:4 4.59

R e a d

C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles

(46)

18 - 1 8:45:4 4.106

p e n

C:\Windows\SysWOW64\WSHTCPIP.DLL

3/5/20 18 - 1 8:45:4 4.106

O p e n

C:\Windows\SysWOW64\WSHTCPIP.DLL

3/5/20 18 - 1 8:45:4 4.106

O p e n

C:\Users\Behemot\AppData\Local\Temp\dhcpcsvc.DLL

3/5/20 18 - 1 8:45:4 4.106

O p e n

C:\Windows\SysWOW64\dhcpcsvc.dll

3/5/20 18 - 1 8:45:4 4.106

O p e n

C:\Windows\SysWOW64\dhcpcsvc.dll

3/5/20 18 - 1 8:45:4 4.106

O p e n

C:\Users\Behemot\AppData\Local\Temp\CRYPTSP.dll

3/5/20 18 - 1 8:45:4 4.106

O p e n

C:\Windows\SysWOW64\cryptsp.dll

3/5/20 18 - 1 8:45:4 4.106

O p e n

C:\Windows\SysWOW64\cryptsp.dll

3/5/20 18 - 1 8:45:4 4.106

O p e n

C:\Windows\SysWOW64\rsaenh.dll

3/5/20 18 - 1 8:45:4 4.106

O p e n

3/5/20 18 - 1 8:45:4 4.106

O p e n

3/5/20 18 - 1

O p

C:\Users\Behe

mot\AppData\L C:\Windows\SysWOW64\rsaenh.dll