• Nenhum resultado encontrado

Report #6972

N/A
N/A
Info
Descarregar agora
Protected

Academic year: 2023

Share "Report #6972"

Copied!
53
0
0

Carregando.... (Ver texto completo agora)

Descarregar agora ( 53 páginas )

Texto

(1)

Binary

DLL False

Size 66.99KB

trid 64.5% Win32 Executable MS Visual C++

13.6% Win32 Dynamic Link Library 9.3% Win32 Executable

4.1% OS/2 Executable

4.1% Generic Win/DOS Executable

type PE

wordsize 32

Subsystem Windows GUI

Hashes

md5 251281b7881a6e7cbb18e1a6b525a8e1

sha1 79782c06fb5952905b2a43ddf833c38ce03baad9

crc32 0x9bcfdbca

sha224 126c215e1380e0cb02aa8ecb0d2c6cba4f0a07fc1144c755b4dd8a8e sha256 0f86139a56cfffd27bafa3358ccff6b57b9cd522f99467cbac25dd0c2eb75b4a

sha384 cf7b8ca65a08f1067afcf49cd44986cb5bfdfb2812d90e04522168c233cc3b3 241d936d9cf7fced0bf0752753ab4660e

sha512 554d6ac3ff00ab1b2c7440b393dd705f398ae3f1b571d48c803efa91dd92a5 bad9f89d844c1c4a5dbc06cda93d883d859d46b498843a2c17ce5e85b1154 fb514

ssdeep 1536:dw4fpS/nSciztM74N0DIDidcByS2X9KCO8qNeQY0SJwQUw/niEHxO2KLt:

dw4gnScGuDI2dcByjX9P+pSJpHniQxWt

Community

Report #6972

Creation Date: Feb. 19, 2020, 5:34 p.m.

Last Update: Feb. 20, 2020, 3:51 a.m.

File:

Restituicao65679124.exe Results:

(2)

Google False

HashLib False

YARA

Matches domain, contentis_base64, screenshot, win_private_profile, url, IsWindowsG UI, win_files_operation, win_registry, IsPacked, HasOverlay, CRC32_poly_Co nstant, win_token, IsPE32, escalate_priv, HasRichSignature, IP

Suspicious True

Strings

List

http://nsis.sf.net/NSIS_Error

%s%s.dll COMCTL32.dll

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.

v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="*" name="Nullsoft.NSIS.

exehead" type="win32"/><description>Nullsoft Install System v3.0</description><dependency><dependentAss embly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" process orArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency>

<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionL evel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="

urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50 a15a9a}"/><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{4a2f28e3-53b 9-4441-ba9c-d69d4a4a6e38}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/></application

></compatibility></assembly>

1Rh-D I:YS%

verifying installer: %d%%

Software\Microsoft\Windows\CurrentVersion installer's author to obtain a new copy.

Installer integrity check has failed. Common causes include Control Panel\Desktop\ResourceLocale

.DEFAULT\Control Panel\International [Rename]

SeShutdownPrivilege uDSSh

GetProcAddress ExitProcess NullsoftInstV SShG

GetDiskFreeSpaceA CreateProcessA OpenProcessToken ShellExecuteA CoCreateInstance RegOpenKeyExA CreateFileA

(3)

CopyFileA

GetModuleFileNameA MoveFileA

SetFileTime

GetModuleHandleA LoadLibraryExA FreeLibrary SetFilePointer FindNextFileA FindFirstFileA RemoveDirectoryA DeleteFileA

RegDeleteKeyA RegDeleteKeyExA RegEnumKeyA OleInitialize RegDeleteValueA WriteFile

MoveFileExA RegCreateKeyExA RegSetValueExA RegQueryValueExA CreateDirectoryA ReadFile

Error writing temporary file. Make sure your temp folder is valid.

GetTickCount SetTimer MS Shell Dlg MS Shell Dlg MS Shell Dlg Sleep CRYPTBASE GetDC

\Microsoft\Internet Explorer\Quick Launch SetClassLongA

incomplete download and damaged media. Contact the cOls6<4

aid\*i85

Error launching installer msctls_progress32 RichEd20

RichEd32 RichEdit20A SysListView32

`.rdata SHFOLDER

More information at:

*?|<>/":

#es9B:

GetDiskFreeSpaceExA RichEdit

fei5uFK

@.data USERENV UXTHEME APPHELP VERSION -o_hR /Ogt*

(4)

)Olm\

PROPSYS 2fAT2 .ndata softuW NSIS Error

AdjustTokenPrivileges SWSh<s@

V\[RPnt

\Temp OLEACC DWMAPI NulluN E neS`Cm YtS9]

Foremost

Matches 0.exe, 34 KB

Suspicious True

Heuristics

IPs hasIPs: False

Allowed Suspicious

hasAllowed: False hasSuspicious: False

URLs Allowed

hasURLs: True

Suspicious: http://nsis.sf.net/nsis_error hasAllowed: False

hasSuspicious: True

Files Allowed: ADVAPI32.dll, ole32.dll, SHELL32.dll, COMCTL32.dll, GDI32.dll, %s

%s.dll, USER32.dll, KERNEL32.dll hasFiles: True

Suspicious

hasAllowed: True hasSuspicious: False

Binary

Sizes RVA

RVA: 16

Suspicious: False Code

Size: 162816 Suspicious: False

(5)

Image

Address: 4194304 Suspicious: False Stack

Stack: 4096 Suspicious: False Headers

Headers: 1024 Suspicious: False Suspicious: False

Symbols Number

Number: 0

Suspicious: True Pointer

Pointer: 0

Suspicious: True Directories Number: 16 Suspicious: False

Checksum Value: 0

Suspicous: True

Sections Allowed: .text, .rdata, .data, .ndata, .rsrc Suspicious

hasAllowed: True hasSections: True hasSuspicious: False

Versions OS

Version: 4

Suspicious: False Image

Version: False Suspicious: 4 Linker

Version: 6.0 Suspicious: False Subsystem

Version: 4.0 Suspicious: False Suspicious: False

EntryPoint Address: 12559

Suspicious: False

Anomalies Anomalies: The header checksum and the calculated checksum do not ma tch.

hasAnomalies: True

(6)

Libraries Allowed: advapi32.dll, ole32.dll, shell32.dll, comctl32.dll, gdi32.dll, user32.

dll, kernel32.dll hasLibs: True Suspicious: %s%s.dll hasAllowed: True hasSuspicious: True

Timestamp Past: False

Valid: True

Value: 2016-07-24 21:55:54 Future: False

Compilation Packed: False

Missing: True Packers

Compiled: False Compilers

Obfuscation XOR: False

Fuzzing: False

PEDetector

Matches None

Suspicious False

Disassembly

hasTricks True

Tricks

pushpopmath .data: 1

.rsrc: 1

AVclass

alien 1

VirusTotal

md5 251281b7881a6e7cbb18e1a6b525a8e1

sha1 79782c06fb5952905b2a43ddf833c38ce03baad9

(7)

SCANS (DETECTION RATE = 66.67%)

AVG result: Win32:Malware-gen

update: 20180608 version: 18.4.3895.0 detected: True

CMC update: 20180608

version: 1.1.0.977 detected: False

MAX result: malware (ai score=100)

update: 20180609 version: 2017.11.15.1 detected: True

Bkav result: HW32.Packed.D831

update: 20180608 version: 1.3.0.9466 detected: True

K7GW result: Trojan ( 0050ac791 )

update: 20180608 version: 10.48.27410 detected: True

ALYac result: Trojan.Agent.CHCF

update: 20180608 version: 1.1.1.5 detected: True

Avast result: Win32:Malware-gen

update: 20180608 version: 18.4.3895.0 detected: True

Avira result: TR/Drop.Agent.mfwsc

update: 20180608 version: 8.3.3.6 detected: True

Baidu result: JS.Trojan-Downloader.Agent.vo

update: 20180608 version: 1.0.0.2 detected: True

Cyren result: JS/Agent.YY!Eldorado

(8)

update: 20180608 version: 6.0.0.4 detected: True

DrWeb result: Trojan.DownLoader24.39451

update: 20180608 version: 7.0.28.2020 detected: True

GData result: Trojan.Agent.CHCF

update: 20180608

version: A:25.17362B:25.12446 detected: True

Panda result: Trj/CI.A

update: 20180608 version: 4.6.4.2 detected: True

VBA32 result: TrojanDownloader.Alien

update: 20180608 version: 3.12.32.0 detected: True

VIPRE result: Trojan.Win32.Generic!BT

update: 20180608 version: 67028 detected: True

Zoner update: 20180608

version: 1.0 detected: False

AVware result: Trojan.Win32.Generic!BT

update: 20180608 version: 1.5.0.42 detected: True

ClamAV update: 20180608

version: 0.99.2.0 detected: False

Comodo result: UnclassifiedMalware

update: 20180608 version: 29149 detected: True

(9)

F-Prot result: JS/Agent.YY!Eldorado update: 20180608

version: 4.7.1.166 detected: True

McAfee result: Artemis!251281B7881A

update: 20180608 version: 6.0.6.653 detected: True

Rising update: 20180608

version: 25.0.0.1 detected: False

Sophos result: Mal/Generic-S

update: 20180608 version: 4.98.0 detected: True

Yandex update: 20180608

version: 5.5.1.3 detected: False

Zillya result: Trojan.GenericKD.Win32.45213

update: 20180608 version: 2.0.0.3570 detected: True

Arcabit update: 20180608

version: 1.0.0.831 detected: False

Babable update: 20180406

version: 9107201 detected: False

Cylance update: 20180609

version: 2.3.1.101 detected: False

Endgame result: malicious (high confidence) update: 20180507

version: 2.1.2 detected: True

TACHYON update: 20180608

version: 2018-06-08.02

(10)

detected: False

Tencent result: Win32.Trojan-downloader.Alien.Hoek update: 20180609

version: 1.0.0.1 detected: True

ViRobot update: 20180608

version: 2014.3.20.0 detected: False

Webroot update: 20180609

version: 1.0.0.403 detected: False

eGambit update: 20180609

detected: False

Ad-Aware result: Trojan.Agent.CHCF

update: 20180608 version: 3.0.5.370 detected: True

AegisLab result: Troj.Script.Agent!c

update: 20180608 version: 4.2 detected: True

Emsisoft result: Trojan-Downloader.Agent (A) update: 20180608

version: 4.0.2.899 detected: True

Fortinet result: JS/Agent.PYK!tr.dldr

update: 20180608 version: 5.4.247.0 detected: True

Invincea result: heuristic

update: 20180601 version: 6.3.5.26121 detected: True

Jiangmin update: 20180608

version: 16.0.100 detected: False

(11)

Kingsoft update: 20180609 version: 2013.8.14.323 detected: False

Paloalto update: 20180609

version: 1.0 detected: False

Symantec result: ML.Attribute.HighConfidence update: 20180608

version: 1.6.0.0 detected: True

AhnLab-V3 update: 20180608

version: 3.12.1.20996 detected: False

Antiy-AVL update: 20180608

version: 3.0.0.1 detected: False

Kaspersky result: HEUR:Trojan.Win32.Generic update: 20180608

version: 15.0.1.13 detected: True

Microsoft update: 20180608

version: 1.1.14901.4 detected: False

Qihoo-360 result: Win32/Trojan.Multi.daf update: 20180609

version: 1.0.0.1120 detected: True

TheHacker update: 20180608

version: 6.8.0.5.3091 detected: False

ZoneAlarm result: HEUR:Trojan.Win32.Generic update: 20180608

version: 1.0 detected: True

Cybereason result: malicious.7881a6

update: 20180225

(12)

version: 1.2.27 detected: True

ESET-NOD32 result: NSIS/TrojanDropper.Agent.CJ update: 20180608

version: 17520 detected: True

TrendMicro result: TROJ_GEN.R002C0PBF18

update: 20180608 version: 10.0.0.1040 detected: True

BitDefender result: Trojan.Agent.CHCF

update: 20180608 version: 7.2 detected: True

CrowdStrike result: malicious_confidence_100% (W) update: 20180530

version: 1.0 detected: True

K7AntiVirus result: Trojan ( 0050ac791 ) update: 20180608

version: 10.48.27411 detected: True

SentinelOne result: static engine - malicious update: 20180225

version: 1.0.15.206 detected: True

Avast-Mobile update: 20180608

version: 180608-04 detected: False

Malwarebytes result: Trojan.Dropper.NSIS update: 20180608

version: 2.1.1.1115 detected: True

TotalDefense update: 20180608

version: 37.1.62.1 detected: False

CAT-QuickHeal result: Trojandownloader.Alien

(13)

update: 20180608 version: 14.00 detected: True

NANO-Antivirus result: Trojan.Script.Agent.emfcqa update: 20180608

version: 1.0.106.22618 detected: True

MicroWorld-eScan result: Trojan.Agent.CHCF update: 20180608 version: 14.0.297.0 detected: True

SUPERAntiSpyware update: 20180608 version: 5.6.0.1032 detected: False

McAfee-GW-Edition result: BehavesLike.Win32.Downloader.kc update: 20180608

version: v2017.2786 detected: True

TrendMicro-HouseCall result: TROJ_GEN.R002C0PBF18 update: 20180608

version: 9.950.0.1006 detected: True

total 66

sha256 0f86139a56cfffd27bafa3358ccff6b57b9cd522f99467cbac25dd0c2eb75b4a

scan_id 0f86139a56cfffd27bafa3358ccff6b57b9cd522f99467cbac25dd0c2eb75b4a- 1528495378

resource 251281b7881a6e7cbb18e1a6b525a8e1

permalink https://www.virustotal.com/file/0f86139a56cfffd27bafa3358ccff6b57b9cd52 2f99467cbac25dd0c2eb75b4a/analysis/1528495378/

positives 44

scan_date 2018-06-08 22:02:58

verbose_msg Scan finished, information embedded

response_code 1

File

(14)

Trace

20/2/202 0 - 2:45:4 2.700

Un kn ow n

1 4 8 0

C:\malware.ex e

C:\Users\Behemot\AppData\Local\Temp\nsjFFFE.tmp\System .dll

20/2/202 0 - 2:45:5 8.700

Op en

1 4 8 0

C:\malware.ex

e C:\ProgramData\1Qx87z

20/2/202 0 - 2:45:5 8.700

Op en

1 4 8 0

C:\malware.ex

e C:\ProgramData\1Qx87z

20/2/202 0 - 2:45:5 8.700

Op en

1 4 8 0

C:\malware.ex

e C:\ProgramData\1Qx87z

20/2/202 0 - 2:45:5 8.700

Re ad

1 4 8 0

C:\malware.ex

e C:\malware.exe

20/2/202 0 - 2:45:5 8.700

Re ad

1 4 8 0

C:\malware.ex

e C:\malware.exe

20/2/202 0 - 2:45:5 8.700

Re ad

1 4 8 0

C:\malware.ex

e C:\malware.exe

20/2/202 0 - 2:45:5 8.700

Re ad

1 4 8 0

C:\malware.ex

e C:\malware.exe

20/2/202 0 - 2:45:5 8.700

Wri te

1 4 8 0

C:\malware.ex

e C:\ProgramData\1Qx87z

20/2/202 0 - 2:45:5 8.700

Un kn ow n

1 4 8 0

C:\malware.ex

e C:\ProgramData\1Qx87z

20/2/202 Un kn

1

4 C:\malware.ex

(15)

0 - 2:45:5 8.700

ow n

8 0

e C:\ProgramData\1Qx87z

20/2/202 0 - 2:45:5 8.700

Op en

1 4 8 0

C:\malware.ex

e C:\ProgramData\ocS8au.gif

20/2/202 0 - 2:45:5 8.700

Op en

1 4 8 0

C:\malware.ex

e C:\ProgramData\ocS8au.gif

20/2/202 0 - 2:45:5 8.700

Op en

1 4 8 0

C:\malware.ex

e C:\ProgramData\ocS8au.gif

20/2/202 0 - 2:45:5 8.700

Re ad

1 4 8 0

C:\malware.ex

e C:\malware.exe

20/2/202 0 - 2:45:5 8.700

Re ad

1 4 8 0

C:\malware.ex

e C:\malware.exe

20/2/202 0 - 2:45:5 8.700

Re ad

1 4 8 0

C:\malware.ex

e C:\malware.exe

20/2/202 0 - 2:45:5 8.700

Re ad

1 4 8 0

C:\malware.ex

e C:\malware.exe

20/2/202 0 - 2:45:5 8.700

Wri te

1 4 8 0

C:\malware.ex

e C:\ProgramData\ocS8au.gif

20/2/202 0 - 2:45:5 8.700

Un kn ow n

1 4 8 0

C:\malware.ex

e C:\ProgramData\ocS8au.gif

20/2/202 0 - 2:45:5 8.700

Un kn ow n

1 4 8 0

C:\malware.ex

e C:\ProgramData\ocS8au.gif

20/2/202 0 - 2:45:5 Op

1

4 C:\malware.ex C:\ProgramData\gKoig6.png

(16)

8.700 en 8 0

e

20/2/202 0 - 2:45:5 8.700

Op en

1 4 8 0

C:\malware.ex

e C:\ProgramData\gKoig6.png

20/2/202 0 - 2:45:5 8.700

Op en

1 4 8 0

C:\malware.ex

e C:\ProgramData\gKoig6.png

20/2/202 0 - 2:45:5 8.700

Re ad

1 4 8 0

C:\malware.ex

e C:\malware.exe

20/2/202 0 - 2:45:5 8.700

Re ad

1 4 8 0

C:\malware.ex

e C:\malware.exe

20/2/202 0 - 2:45:5 8.700

Re ad

1 4 8 0

C:\malware.ex

e C:\malware.exe

20/2/202 0 - 2:45:5 8.700

Re ad

1 4 8 0

C:\malware.ex

e C:\malware.exe

20/2/202 0 - 2:45:5 8.700

Wri te

1 4 8 0

C:\malware.ex

e C:\ProgramData\gKoig6.png

20/2/202 0 - 2:45:5 8.700

Un kn ow n

1 4 8 0

C:\malware.ex

e C:\ProgramData\gKoig6.png

20/2/202 0 - 2:45:5 8.700

Un kn ow n

1 4 8 0

C:\malware.ex

e C:\ProgramData\gKoig6.png

20/2/202 0 - 2:45:5 8.700

Op en

1 4 8 0

C:\malware.ex

e C:\ProgramData\1Qx87z

20/2/202 0 - 2:45:5 Op

en 1 4

8 C:\malware.ex

e C:\ProgramData

(17)

8.700 0

20/2/202 0 - 2:45:5 8.700

Un kn ow n

1 4 8 0

C:\malware.ex

e C:\ProgramData\1Qx87z

20/2/202 0 - 2:45:5 8.700

Un kn ow n

1 4 8 0

C:\malware.ex

e C:\ProgramData

20/2/202 0 - 2:45:5 8.700

Op en

1 4 8 0

C:\malware.ex

e C:\wscript.exe

20/2/202 0 - 2:45:5 8.700

Op en

1 4 8 0

C:\malware.ex

e C:\ProgramData\wscript.exe

20/2/202 0 - 2:45:5 8.700

Op en

1 4 8 0

C:\malware.ex

e C:\Windows\SysWOW64\wscript.exe

20/2/202 0 - 2:45:5 8.700

Op en

1 4 8 0

C:\malware.ex

e C:\Windows\SysWOW64\wscript.exe

20/2/202 0 - 2:45:5 8.700

Op en

1 4 8 0

C:\malware.ex

e C:\Windows\SysWOW64\wscript.exe

20/2/202 0 - 2:45:5 8.903

Op en

1 4 8 0

C:\malware.ex

e C:\Windows\AppPatch\sysmain.sdb

20/2/202 0 - 2:45:5 8.903

Op en

1 4 8 0

C:\malware.ex

e C:\Windows\SysWOW64

20/2/202 0 - 2:45:5 8.903

Un kn ow n

1 4 8 0

C:\malware.ex

e C:\Windows\SysWOW64

20/2/202 0 - 2:45:5 8.903

Op en

1 4 8

C:\malware.ex

e C:\Windows\SysWOW64\wscript.exe

(18)

0

20/2/202 0 - 2:45:5 8.903

Op en

1 4 8 0

C:\malware.ex

e C:\

20/2/202 0 - 2:45:5 8.903

Un kn ow n

1 4 8 0

C:\malware.ex

e C:\

20/2/202 0 - 2:45:5 8.903

Op en

1 4 8 0

C:\malware.ex

e C:\Windows

20/2/202 0 - 2:45:5 8.903

Un kn ow n

1 4 8 0

C:\malware.ex

e C:\Windows

20/2/202 0 - 2:45:5 8.903

Op en

1 4 8 0

C:\malware.ex

e C:\Windows\SysWOW64

20/2/202 0 - 2:45:5 8.903

Un kn ow n

1 4 8 0

C:\malware.ex

e C:\Windows\SysWOW64

20/2/202 0 - 2:45:5 8.903

Op en

1 4 8 0

C:\malware.ex

e C:\Windows\SysWOW64

20/2/202 0 - 2:45:5 8.903

Un kn ow n

1 4 8 0

C:\malware.ex

e C:\Windows\SysWOW64

20/2/202 0 - 2:45:5 8.903

Op en

1 4 8 0

C:\malware.ex

e C:\Windows\SysWOW64\wscript.exe

20/2/202 0 - 2:45:5 8.903

Re ad

1 4 8 0

C:\malware.ex

e C:\Windows\SysWOW64\wscript.exe

20/2/202 0 - 2:45:5 8.903

Re ad

1 4 8 0

C:\malware.ex

e C:\Windows\SysWOW64\wscript.exe

(19)

20/2/202 0 - 2:45:5 8.903

Re ad

1 4 8 0

C:\malware.ex

e C:\Windows\SysWOW64\wscript.exe

20/2/202 0 - 2:45:5 8.903

Re ad

1 4 8 0

C:\malware.ex

e C:\Windows\SysWOW64\wscript.exe

20/2/202 0 - 2:45:5 8.903

Op en

1 4 8 0

C:\malware.ex

e C:\Windows\SysWOW64\ui\SwDRM.dll

20/2/202 0 - 2:45:5 8.918

Op en

1 4 8 0

C:\malware.ex

e C:\Windows\SysWOW64\wscript.exe

20/2/202 0 - 2:45:5 8.918

Op en

1 4 8 0

C:\malware.ex

e C:\Windows\SysWOW64\wscript.exe

20/2/202 0 - 2:45:5 8.918

Op en

1 4 8 0

C:\malware.ex

e C:\Windows\SysWOW64\wscript.exe

20/2/202 0 - 2:45:5 8.918

Op en

1 4 8 0

C:\malware.ex

e C:\Windows\SysWOW64\en\wscript.exe.mui

20/2/202 0 - 2:45:5 8.918

Op en

1 4 8 0

C:\malware.ex

e C:\Windows\System32\en\wscript.exe.mui

20/2/202 0 - 2:45:5 8.918

Op en

1 4 8 0

C:\malware.ex

e C:\Windows\SysWOW64\wscript.exe

20/2/202 0 - 2:45:5 8.918

Re ad

1 4 8 0

C:\malware.ex

e C:\Windows\SysWOW64\wscript.exe

20/2/202 0 - 2:45:5 8.918

Op en

1 4 8 0

C:\malware.ex e

C:\Users\Behemot\AppData\Local\Temp\nsjFFFE.tmp\System .dll

(20)

20/2/202 0 - 2:45:5 8.918

Un kn ow n

1 4 8 0

C:\malware.ex e

C:\Users\Behemot\AppData\Local\Temp\nsjFFFE.tmp\System .dll

20/2/202 0 - 2:45:5 8.918

Op en

1 4 8 0

C:\malware.ex e

C:\Users\Behemot\AppData\Local\Temp\nsjFFFE.tmp\System .dll

20/2/202 0 - 2:45:5 8.918

Op en

1 4 8 0

C:\malware.ex

e C:\Users\Behemot\AppData\Local\Temp

20/2/202 0 - 2:45:5 8.918

Un kn ow n

1 4 8 0

C:\malware.ex

e C:\Users\Behemot\AppData\Local\Temp

20/2/202 0 - 2:45:5 8.918

Op en

1 4 8 0

C:\malware.ex

e C:\Users\Behemot\AppData\Local

20/2/202 0 - 2:45:5 8.918

Un kn ow n

1 4 8 0

C:\malware.ex

e C:\Users\Behemot\AppData\Local

20/2/202 0 - 2:45:5 8.918

Op en

1 4 8 0

C:\malware.ex

e C:\Users\Behemot\AppData

20/2/202 0 - 2:45:5 8.918

Un kn ow n

1 4 8 0

C:\malware.ex

e C:\Users\Behemot\AppData

20/2/202 0 - 2:45:5 8.918

Op en

1 4 8 0

C:\malware.ex

e C:\Users\Behemot

20/2/202 0 - 2:45:5 8.918

Un kn ow n

1 4 8 0

C:\malware.ex

e C:\Users\Behemot

20/2/202 0 - 2:45:5 8.918

Op en

1 4 8 0

C:\malware.ex

e C:\Users

Un 1

(21)

20/2/202 0 - 2:45:5 8.918

kn ow n

4 8 0

C:\malware.ex e

C:\Users

20/2/202 0 - 2:45:5 8.918

Op en

1 4 8 0

C:\malware.ex

e C:\

20/2/202 0 - 2:45:5 8.918

Un kn ow n

1 4 8 0

C:\malware.ex

e C:\

20/2/202 0 - 2:45:5 8.918

Op en

1 4 8 0

C:\malware.ex

e C:\

20/2/202 0 - 2:45:5 8.918

Un kn ow n

1 4 8 0

C:\malware.ex

e C:\

20/2/202 0 - 2:45:5 8.918

Op en

1 4 8 0

C:\malware.ex

e C:\Users\Behemot\AppData\Local\Temp\nsjFFFE.tmp

20/2/202 0 - 2:45:5 8.918

Op en

1 4 8 0

C:\malware.ex e

C:\Users\Behemot\AppData\Local\Temp\nsjFFFE.tmp\System .dll

20/2/202 0 - 2:45:5 8.918

Un kn ow n

1 4 8 0

C:\malware.ex e

C:\Users\Behemot\AppData\Local\Temp\nsjFFFE.tmp\System .dll

20/2/202 0 - 2:45:5 8.918

Op en

1 4 8 0

C:\malware.ex e

C:\Users\Behemot\AppData\Local\Temp\nsjFFFE.tmp\System .dll

20/2/202 0 - 2:45:5 8.918

Un kn ow n

1 4 8 0

C:\malware.ex e

C:\Users\Behemot\AppData\Local\Temp\nsjFFFE.tmp\System .dll

20/2/202 0 - 2:45:5 8.918

Un kn ow n

1 4 8 0

C:\malware.ex e

C:\Users\Behemot\AppData\Local\Temp\nsjFFFE.tmp\System .dll

20/2/202 Op 1

4 C:\malware.ex C:\Users\Behemot\AppData\Local\Temp\nsjFFFE.tmp\System

(22)

0 - 2:45:5 8.918

en 8 0

e .dll

20/2/202 0 - 2:45:5 8.918

Op en

1 4 8 0

C:\malware.ex

e C:\Monitor\Files\DeletedFiles

20/2/202 0 - 2:45:5 8.918

Del ete

1 4 8 0

C:\malware.ex e

C:\Users\Behemot\AppData\Local\Temp\nsjFFFE.tmp\System .dll

20/2/202 0 - 2:45:5 8.918

Un kn ow n

1 4 8 0

C:\malware.ex e

C:\Users\Behemot\AppData\Local\Temp\nsjFFFE.tmp\System .dll

20/2/202 0 - 2:45:5 8.918

Un kn ow n

1 4 8 0

C:\malware.ex e

C:\Users\Behemot\AppData\Local\Temp\nsjFFFE.tmp\System .dll

20/2/202 0 - 2:45:5 8.918

Un kn ow n

1 4 8 0

C:\malware.ex

e C:\Users\Behemot\AppData\Local\Temp\nsjFFFE.tmp

20/2/202 0 - 2:45:5 8.918

Op en

1 4 8 0

C:\malware.ex

e C:\Users\Behemot\AppData\Local\Temp

20/2/202 0 - 2:45:5 8.918

Un kn ow n

1 4 8 0

C:\malware.ex

e C:\Users\Behemot\AppData\Local\Temp

20/2/202 0 - 2:45:5 8.918

Op en

1 4 8 0

C:\malware.ex

e C:\Users\Behemot\AppData\Local\Temp\nsjFFFE.tmp

20/2/202 0 - 2:45:5 8.918

Un kn ow n

1 4 8 0

C:\malware.ex

e C:\Users\Behemot\AppData\Local\Temp\nsjFFFE.tmp

20/2/202 0 - 2:45:5 8.918

Op en

1 4 8 0

C:\malware.ex

e C:\Users\Behemot\AppData\Local\Temp\nsjFFFE.tmp

20/2/202 Un kn

1

4 C:\malware.ex

(23)

0 - 2:45:5 8.918

ow n

8 0

e C:\Users\Behemot\AppData\Local\Temp\nsjFFFE.tmp

20/2/202 0 - 2:45:5 8.918

Un kn ow n

1 4 8 0

C:\malware.ex

e C:\Users\Behemot\AppData\Local\Temp\nsjFFFE.tmp

20/2/202 0 - 2:45:5 8.918

Op en

1 4 8 0

C:\malware.ex

e C:\Users\Behemot\AppData\Local\Temp\nsjFFFE.tmp

20/2/202 0 - 2:45:5 8.918

Op en

1 4 8 0

C:\malware.ex

e C:\Monitor\Files\DeletedFiles

20/2/202 0 - 2:45:5 8.918

Del ete

1 4 8 0

C:\malware.ex

e C:\Users\Behemot\AppData\Local\Temp\nsjFFFE.tmp

20/2/202 0 - 2:45:5 8.918

Un kn ow n

1 4 8 0

C:\malware.ex

e C:\Users\Behemot\AppData\Local\Temp\nsjFFFE.tmp

20/2/202 0 - 2:45:5 8.918

Un kn ow n

1 4 8 0

C:\malware.ex e

C:\Windows\winsxs\x86_microsoft.windows.common-control s_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5 705d

20/2/202 0 - 2:45:5 8.918

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\Prefetch\WSCRIPT.EXE-9093C9D0.pf

20/2/202 0 - 2:45:5 8.918

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows

20/2/202 0 - 2:45:5 8.918

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\System32\wow64.dll

20/2/202 0 - 2:45:5 8.918

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\System32\wow64.dll

20/2/202 0 - 2:45:5 Op

2

1 C:\Windows\Sy

sWOW64\wscri C:\Windows\System32\wow64win.dll

(24)

8.918 en 7 2

pt.exe

20/2/202 0 - 2:45:5 8.918

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\System32\wow64win.dll

20/2/202 0 - 2:45:5 8.918

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\System32\wow64cpu.dll

20/2/202 0 - 2:45:5 8.918

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\System32\wow64cpu.dll

20/2/202 0 - 2:45:5 8.918

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\System32\wow64log.dll

20/2/202 0 - 2:45:5 8.918

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows

20/2/202 0 - 2:45:5 8.918

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows

20/2/202 0 - 2:45:5 8.918

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\ProgramData

20/2/202 0 - 2:45:5 8.918

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\wscript.exe

20/2/202 0 - 2:45:5 8.934

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\wscript.exe

20/2/202 0 - 2:45:5 8.934

Un kn ow n

1 4 8 0

C:\malware.ex

e C:\Windows

20/2/202 0 - 2:45:5

Un kn ow

1 4 8

C:\malware.ex e

C:\Windows\winsxs\x86_microsoft.windows.common-control s_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5

(25)

8.934 n 0 705d

20/2/202 0 - 2:45:5 8.934

Un kn ow n

1 4 8 0

C:\malware.ex

e C:\ProgramData

20/2/202 0 - 2:45:5 8.950

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\sechost.dll

20/2/202 0 - 2:45:5 8.950

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\sechost.dll

20/2/202 0 - 2:45:5 8.950

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\version.dll

20/2/202 0 - 2:45:5 8.950

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\version.dll

20/2/202 0 - 2:45:5 8.950

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\imm32.dll

20/2/202 0 - 2:45:5 8.950

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\imm32.dll

20/2/202 0 - 2:45:5 8.950

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\imm32.dll

20/2/202 0 - 2:45:5 8.950

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\imm32.dll

20/2/202 0 - 2:45:5 8.950

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\imm32.dll

20/2/202 0 - 2:45:5 8.950

Op en

2 1 7

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\imm32.dll

(26)

2

20/2/202 0 - 2:45:5 8.950

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\rpcss.dll

20/2/202 0 - 2:45:5 8.950

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\rpcss.dll

20/2/202 0 - 2:45:5 8.950

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\uxtheme.dll

20/2/202 0 - 2:45:5 8.950

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\uxtheme.dll

20/2/202 0 - 2:45:5 9.153

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\wscript.exe

20/2/202 0 - 2:45:5 9.153

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\wscript.exe

20/2/202 0 - 2:45:5 9.153

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\wscript.exe

20/2/202 0 - 2:45:5 9.153

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\wscript.exe

20/2/202 0 - 2:45:5 9.153

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\wscript.exe

20/2/202 0 - 2:45:5 9.153

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\wscript.exe

20/2/202 0 - 2:45:5 9.153

Re ad

2 1 7

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\wscript.exe

(27)

2

20/2/202 0 - 2:45:5 9.153

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\Globalization\Sorting\SortDefault.nls

20/2/202 0 - 2:45:5 9.153

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\Globalization\Sorting\SortDefault.nls SortDefault.nls

20/2/202 0 - 2:45:5 9.153

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\wscript.exe

20/2/202 0 - 2:45:5 9.153

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\wscript.exe

20/2/202 0 - 2:45:5 9.153

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\wscript.exe

20/2/202 0 - 2:45:5 9.153

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\wscript.exe

20/2/202 0 - 2:45:5 9.153

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\wscript.exe

20/2/202 0 - 2:45:5 9.153

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\wscript.exe

20/2/202 0 - 2:45:5 9.153

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\wscript.exe

20/2/202 0 - 2:45:5 9.153

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\wscript.exe

20/2/202 0 - 2:45:5 9.153

Re ad

2 1 7

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\wscript.exe

(28)

2

20/2/202 0 - 2:45:5 9.153

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri

pt.exe C:\Windows\SysWOW64\wscript.exe

20/2/202 0 - 2:45:5 9.153

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\wscript.exe

20/2/202 0 - 2:45:5 9.153

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\wscript.exe

20/2/202 0 - 2:45:5 9.153

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\wscript.exe

20/2/202 0 - 2:45:5 9.153

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\sxs.dll

20/2/202 0 - 2:45:5 9.153

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\sxs.dll

20/2/202 0 - 2:45:5 9.200

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\dwmapi.dll

20/2/202 0 - 2:45:5 9.200

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\dwmapi.dll

20/2/202 0 - 2:45:5 9.200

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\jscript.dll

20/2/202 0 - 2:45:5 9.200

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\jscript.dll

20/2/202 0 - 2:45:5 9.200

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\ProgramData\1Qx87z.js

(29)

20/2/202 0 - 2:45:5 9.200

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\advapi32.dll

20/2/202 0 - 2:45:5 9.200

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\advapi32.dll

20/2/202 0 - 2:45:5 9.200

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\ProgramData\1Qx87z.js

20/2/202 0 - 2:45:5 9.200

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\ProgramData\1Qx87z.js

20/2/202 0 - 2:45:5 9.200

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\ProgramData\1Qx87z.js

20/2/202 0 - 2:45:5 9.200

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\ProgramData\1Qx87z.js

20/2/202 0 - 2:45:5 9.200

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\ProgramData\1Qx87z.js

20/2/202 0 - 2:45:5 9.200

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\ProgramData

20/2/202 0 - 2:45:5 9.200

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\ProgramData

20/2/202 0 - 2:45:5 9.200

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\ProgramData

20/2/202 0 - 2:45:5 9.200

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\ProgramData

(30)

20/2/202 0 - 2:45:5 9.200

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\ProgramData

20/2/202 0 - 2:45:5 9.200

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\ProgramData

20/2/202 0 - 2:45:5 9.200

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\ProgramData

20/2/202 0 - 2:45:5 9.200

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\ProgramData

20/2/202 0 - 2:45:5 9.200

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\ProgramData

20/2/202 0 - 2:45:5 9.200

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\ProgramData\1Qx87z.js

20/2/202 0 - 2:45:5 9.200

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\ProgramData

20/2/202 0 - 2:45:5 9.200

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\ProgramData

20/2/202 0 - 2:45:5 9.200

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\ProgramData\1Qx87z.js

20/2/202 0 - 2:45:5 9.200

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\cryptsp.dll

20/2/202 0 - 2:45:5 9.200

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\cryptsp.dll

2

(31)

20/2/202 0 - 2:45:5 9.200

Op en

1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\rsaenh.dll

20/2/202 0 - 2:45:5 9.200

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\rsaenh.dll

20/2/202 0 - 2:45:5 9.200

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\rsaenh.dll

20/2/202 0 - 2:45:5 9.200

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\rsaenh.dll

20/2/202 0 - 2:45:5 9.200

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\rsaenh.dll

20/2/202 0 - 2:45:5 9.200

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\rsaenh.dll

20/2/202 0 - 2:45:5 9.200

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\rsaenh.dll

20/2/202 0 - 2:45:5 9.200

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\rsaenh.dll

20/2/202 0 - 2:45:5 9.200

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\rsaenh.dll

20/2/202 0 - 2:45:5 9.200

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\rsaenh.dll

20/2/202 0 - 2:45:5 9.215

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\rsaenh.dll

20/2/202 2

C:\Windows\Sy

(32)

0 - 2:45:5 9.215

Op en

1 7 2

sWOW64\wscri pt.exe

C:\Windows\SysWOW64\rsaenh.dll

20/2/202 0 - 2:45:5 9.215

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri

pt.exe C:\Windows\SysWOW64\msisip.dll

20/2/202 0 - 2:45:5 9.215

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\msisip.dll

20/2/202 0 - 2:45:5 9.215

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\ProgramData\1Qx87z.js

20/2/202 0 - 2:45:5 9.215

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\ProgramData\1Qx87z.js

20/2/202 0 - 2:45:5 9.215

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\ProgramData\1Qx87z.js

20/2/202 0 - 2:45:5 9.215

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\ProgramData\1Qx87z.js

20/2/202 0 - 2:45:5 9.215

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\ProgramData\1Qx87z.js

20/2/202 0 - 2:45:5 9.215

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\wshext.dll

20/2/202 0 - 2:45:5 9.215

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\wshext.dll

20/2/202 0 - 2:45:5 9.215

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\wscript.exe.Local

20/2/202 Op

2

1 C:\Windows\Sy C:\Windows\winsxs\x86_microsoft.windows.common-control

(33)

0 - 2:45:5 9.215

en 7 2

sWOW64\wscri pt.exe

s_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858 ec0bc

20/2/202 0 - 2:45:5 9.215

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\winsxs\x86_microsoft.windows.common-control s_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858 ec0bc

20/2/202 0 - 2:45:5 9.215

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\winsxs\x86_microsoft.windows.common-control s_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858 ec0bc

20/2/202 0 - 2:45:5 9.215

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\winsxs\x86_microsoft.windows.common-control s_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858 ec0bc\comctl32.dll

20/2/202 0 - 2:45:5 9.215

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\winsxs\x86_microsoft.windows.common-control s_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858 ec0bc\comctl32.dll

20/2/202 0 - 2:45:5 9.215

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\ProgramData\1Qx87z.js

20/2/202 0 - 2:45:5 9.215

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\scrobj.dll

20/2/202 0 - 2:45:5 9.215

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\scrobj.dll

20/2/202 0 - 2:45:5 9.231

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\ProgramData\1Qx87z.js

20/2/202 0 - 2:45:5 9.231

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\RpcRtRemote.dll

20/2/202 0 - 2:45:5 9.231

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\RpcRtRemote.dll RpcRtRemote.dll

20/2/202 0 - 2:45:5 Op

2

1 C:\Windows\Sy

sWOW64\wscri C:\Windows\SysWOW64\RpcRtRemote.dll

(34)

9.231 en 7 2

pt.exe

20/2/202 0 - 2:45:5 9.231

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\RpcRtRemote.dll RpcRtRemote.dll

20/2/202 0 - 2:45:5 9.372

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\msxml3.dll

20/2/202 0 - 2:45:5 9.372

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\msxml3.dll

20/2/202 0 - 2:45:5 9.372

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\bcrypt.dll

20/2/202 0 - 2:45:5 9.372

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\bcrypt.dll

20/2/202 0 - 2:45:5 9.372

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui

20/2/202 0 - 2:45:5 9.372

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\msxml3r.dll

20/2/202 0 - 2:45:5 9.372

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\msxml3r.dll

20/2/202 0 - 2:45:5 9.372

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\msxml3.dll\1

20/2/202 0 - 2:45:5 9.372

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\msxml3.dll

20/2/202 0 - 2:45:5 Re

2

1 C:\Windows\Sy

sWOW64\wscri C:\Windows\SysWOW64\msxml3.dll

(35)

9.372 ad 7 2

pt.exe

20/2/202 0 - 2:45:5 9.372

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\msxml3.dll

20/2/202 0 - 2:45:5 9.372

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\msxml3.dll

20/2/202 0 - 2:45:5 9.372

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\msxml3.dll

20/2/202 0 - 2:45:5 9.372

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\msxml3.dll

20/2/202 0 - 2:45:5 9.372

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\msxml3.dll

20/2/202 0 - 2:45:5 9.372

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\msxml3.dll

20/2/202 0 - 2:45:5 9.372

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\msxml3.dll

20/2/202 0 - 2:45:5 9.372

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\msxml3.dll

20/2/202 0 - 2:45:5 9.372

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\msxml3.dll

20/2/202 0 - 2:45:5 9.372

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\msxml3.dll

20/2/202 0 - 2:45:5 Re

ad 2 1 7

C:\Windows\Sy

sWOW64\wscri C:\Windows\SysWOW64\msxml3.dll

(36)

9.372 2 pt.exe

20/2/202 0 - 2:45:5 9.372

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\msxml3.dll

20/2/202 0 - 2:45:5 9.372

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\msxml3.dll

20/2/202 0 - 2:45:5 9.372

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\msxml3.dll

20/2/202 0 - 2:45:5 9.372

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\msxml3.dll

20/2/202 0 - 2:45:5 9.372

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\msxml3.dll

20/2/202 0 - 2:45:5 9.372

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\msxml3.dll

20/2/202 0 - 2:45:5 9.372

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\msxml3.dll

20/2/202 0 - 2:45:5 9.372

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\msxml3.dll

20/2/202 0 - 2:45:5 9.372

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\msxml3.dll

20/2/202 0 - 2:45:5 9.372

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\msxml3.dll

20/2/202 0 - 2:45:5 9.372

Re ad

2 1 7

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\msxml3.dll

(37)

2

20/2/202 0 - 2:45:5 9.372

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\msxml3.dll

20/2/202 0 - 2:45:5 9.372

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\msxml3.dll

20/2/202 0 - 2:45:5 9.372

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\msxml3.dll

20/2/202 0 - 2:45:5 9.372

Re ad

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\msxml3.dll

20/2/202 0 - 2:45:5 9.372

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1- 0.dll

20/2/202 0 - 2:45:5 9.372

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1- 0.dll

api-ms-win-downl evel-shlwapi-l2-1- 0.dll

20/2/202 0 - 2:45:5 9.372

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1- 0.dll

20/2/202 0 - 2:45:5 9.372

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1- 0.dll

api-ms-win-downl evel-shlwapi-l2-1- 0.dll

20/2/202 0 - 2:45:5 9.387

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\secur32.dll

20/2/202 0 - 2:45:5 9.387

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\secur32.dll

20/2/202 0 - 2:45:5 9.387

Op en

2 1 7

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Tempor ary Internet Files

(38)

2

20/2/202 0 - 2:45:5 9.387

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Tempor ary Internet Files

20/2/202 0 - 2:45:5 9.387

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2- 1-0.dll

20/2/202 0 - 2:45:5 9.387

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2- 1-0.dll

api-ms-win-downl evel-advapi32-l2- 1-0.dll

20/2/202 0 - 2:45:5 9.387

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2- 1-0.dll

20/2/202 0 - 2:45:5 9.387

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2- 1-0.dll

api-ms-win-downl evel-advapi32-l2- 1-0.dll

20/2/202 0 - 2:45:5 9.387

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Tempor ary Internet Files\counters.dat

20/2/202 0 - 2:45:5 9.387

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\winhttp.dll

20/2/202 0 - 2:45:5 9.387

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\winhttp.dll

20/2/202 0 - 2:45:5 9.387

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\webio.dll

20/2/202 0 - 2:45:5 9.387

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\webio.dll

20/2/202 0 - 2:45:5 9.387

Op en

2 1 7

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertifi cates\My\Certificates

(39)

2

20/2/202 0 - 2:45:5 9.387

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertifi cates\My\Certificates

20/2/202 0 - 2:45:5 9.387

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertifi cates\My\CRLs

20/2/202 0 - 2:45:5 9.387

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertifi cates\My\CRLs

20/2/202 0 - 2:45:5 9.387

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertifi cates\My\CTLs

20/2/202 0 - 2:45:5 9.387

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertifi cates\My\CTLs

20/2/202 0 - 2:45:5 9.387

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\IPHLPAPI.DLL

20/2/202 0 - 2:45:5 9.387

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\IPHLPAPI.DLL

20/2/202 0 - 2:45:5 9.387

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\winnsi.dll

20/2/202 0 - 2:45:5 9.387

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\winnsi.dll

20/2/202 0 - 2:45:5 9.387

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\dnsapi.dll

20/2/202 0 - 2:45:5 9.387

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\dnsapi.dll

(40)

20/2/202 0 - 2:45:5 9.450

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\mswsock.dll

20/2/202 0 - 2:45:5 9.450

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri

pt.exe C:\Windows\SysWOW64\mswsock.dll

20/2/202 0 - 2:45:5 9.450

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\wship6.dll

20/2/202 0 - 2:45:5 9.450

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\wship6.dll

20/2/202 0 - 2:45:5 9.450

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot

20/2/202 0 - 2:45:5 9.450

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot

20/2/202 0 - 2:45:5 9.450

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot

20/2/202 0 - 2:45:5 9.450

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Local

20/2/202 0 - 2:45:5 9.450

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Local

20/2/202 0 - 2:45:5 9.450

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Local

20/2/202 0 - 2:45:5 9.450

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Tempor ary Internet Files

(41)

20/2/202 0 - 2:45:5 9.450

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Tempor ary Internet Files

20/2/202 0 - 2:45:5 9.450

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Tempor ary Internet Files

20/2/202 0 - 2:45:5 9.450

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Tempor ary Internet Files\Content.IE5

20/2/202 0 - 2:45:5 9.450

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Tempor ary Internet Files\Content.IE5

20/2/202 0 - 2:45:5 9.450

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot

20/2/202 0 - 2:45:5 9.450

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot

20/2/202 0 - 2:45:5 9.450

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot

20/2/202 0 - 2:45:5 9.450

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Roaming

20/2/202 0 - 2:45:5 9.450

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Roaming

20/2/202 0 - 2:45:5 9.450

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Roaming

20/2/202 0 - 2:45:5 9.450

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Coo kies

2

(42)

20/2/202 0 - 2:45:5 9.450

Op en

1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Coo kies

20/2/202 0 - 2:45:5 9.450

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Coo kies

20/2/202 0 - 2:45:5 9.450

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Coo kies

20/2/202 0 - 2:45:5 9.450

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Coo kies

20/2/202 0 - 2:45:5 9.450

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot

20/2/202 0 - 2:45:5 9.450

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot

20/2/202 0 - 2:45:5 9.450

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot

20/2/202 0 - 2:45:5 9.450

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Local

20/2/202 0 - 2:45:5 9.450

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Local

20/2/202 0 - 2:45:5 9.450

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Local

20/2/202 0 - 2:45:5 9.450

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\History

2

(43)

20/2/202 0 - 2:45:5 9.450

Op en

1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\History

20/2/202 0 - 2:45:5 9.450

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\History

20/2/202 0 - 2:45:5 9.450

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\History

\History.IE5

20/2/202 0 - 2:45:5 9.450

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\History

\History.IE5

20/2/202 0 - 2:45:5 9.559

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\netprofm.dll

20/2/202 0 - 2:45:5 9.559

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\netprofm.dll

20/2/202 0 - 2:45:5 9.559

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\nlaapi.dll

20/2/202 0 - 2:45:5 9.559

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\nlaapi.dll

20/2/202 0 - 2:45:5 9.606

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\dhcpcsvc6.dll

20/2/202 0 - 2:45:5 9.606

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\dhcpcsvc6.dll dhcpcsvc6.dll

20/2/202 0 - 2:45:5 9.606

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\dhcpcsvc6.dll

20/2/202 Un 2

C:\Windows\Sy

(44)

0 - 2:45:5 9.606

kn ow n

1 7 2

sWOW64\wscri pt.exe

C:\Windows\SysWOW64\dhcpcsvc6.dll dhcpcsvc6.dll

20/2/202 0 - 2:45:5 9.653

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\npmproxy.dll

20/2/202 0 - 2:45:5 9.653

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\npmproxy.dll

20/2/202 0 - 2:45:5 9.653

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\WSHTCPIP.DLL

20/2/202 0 - 2:45:5 9.653

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\WSHTCPIP.DLL

20/2/202 0 - 2:45:5 9.653

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\dhcpcsvc.dll

20/2/202 0 - 2:45:5 9.653

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\dhcpcsvc.dll

20/2/202 0 - 2:45:5 9.700

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\rasadhlp.dll

20/2/202 0 - 2:45:5 9.700

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\rasadhlp.dll

20/2/202 0 - 2:46:0 .293

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\syswow64\pt\KERNELBASE.dll.mui

20/2/202 0 - 2:46:0 .293

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui

20/2/202 Op

2

1 C:\Windows\Sy

(45)

0 - 2:46:0 .293

en 7 2

sWOW64\wscri pt.exe

C:\Windows\SysWOW64\en\KERNELBASE.dll.mui

20/2/202 0 - 2:46:0 .293

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\netmsg.dll

20/2/202 0 - 2:46:0 .293

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\netmsg.dll

20/2/202 0 - 2:46:0 .856

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\wininet.dll

20/2/202 0 - 2:46:0 .856

Op en

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\wininet.dll

20/2/202 0 - 2:46:2 5.825

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\wscript.exe

20/2/202 0 - 2:46:2 6.59

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows

20/2/202 0 - 2:46:2 6.59

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\ProgramData

20/2/202 0 - 2:46:2 6.59

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\winsxs\x86_microsoft.windows.common-control s_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858 ec0bc

20/2/202 0 - 2:46:2 6.59

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui KernelBase.dll.m ui

20/2/202 0 - 2:46:2 6.59

Un kn ow n

2 1 7 2

C:\Windows\Sy sWOW64\wscri pt.exe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Tempor ary Internet Files\counters.dat

(46)

Process

Trace

20/2/2020 - 2:45:58.903 Create 1480 C:\malware.exe 2172 C:\Windows\SysWOW64\wscript.exe 20/2/2020 - 2:46:26.59 Terminate 1480 C:\malware.exe 2172 C:\Windows\SysWOW64\wscript.exe

Analysis

Reason Finished

Status Sucessfully Executed

Results 1

Registry

Trace

20/2/2020 - 2:45:59.38 7

Wr ite

2 1 7 2

C:\Windows\SysW OW64\wscript.ex e

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Set tings\ZoneMap

ProxyBypa ss

20/2/2020 - 2:45:59.38 7

Wr ite

2 1 7 2

C:\Windows\SysW OW64\wscript.ex e

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Set tings\ZoneMap

IntranetNa me

20/2/2020 - 2:45:59.38 7

Wr ite

2 1 7 2

C:\Windows\SysW OW64\wscript.ex e

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Set tings\ZoneMap

UNCAsIntr anet

20/2/2020 - 2:45:59.38 7

Wr ite

2 1 7 2

C:\Windows\SysW OW64\wscript.ex e

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Set tings\ZoneMap

AutoDetec t

20/2/2020 - 2:45:59.38 7

Wr ite

2 1 7 2

C:\Windows\SysW OW64\wscript.ex e

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Set tings\ZoneMap

ProxyBypa ss

2

Referências

Descarregar agora ( PDF - 53 páginas - 217.94 KB )

Outline

Registry

Documentos relacionados

Package MVar.pt. September 11, 2021

grid = TRUE, color = TRUE, linlab = NA, axes = TRUE, class = NA, classcolor = NA, posleg = 2, boxleg = TRUE, savptc = FALSE, width = 3236, height = 2000, res = 300, casc =

ORTOFOTO, TRUE E SEMI-TRUE ORTOFOTO

Portanto, uma Tru, ou True Ortofoto não mais se trata de um rearranjo de pixels de uma imagem, mas sim, da mosaicagem, patchwork, ou uma “colcha de retalhos” com a inserção

Report #7151

Sections Allowed: .text, .itext, .data, .bss, .idata, .didata, .edata, .tls, .rdata, .reloc, .rsr

Report #7699

Suspicious: 7-zip cannot load mapi32.dll, 7z.dll hasAllowed: True.

Report #13811

hasAllowed: True hasSections: True hasSuspicious: False.

Report #453

Files Allowed: kernel32.dll, USER32.dll, mscoree.dll, GDI32.dll hasFiles:

Report #6046

Sections Allowed: .text, .rdata, .data, .rsrc, .reloc Suspicious. hasAllowed: True hasSections: True

Report #1065

Sections Allowed: .text, .itext, .data, .bss, .idata, .tls, .rdata, .reloc, .rsrc Suspicious. hasAllowed: True hasSections: True