Report #6273

(1)

Binary

DLL False

Size 1.42MB

trid 46.5% Win32 Executable Borland Delphi 7

31.5% Win32 Executable Borland Delphi 5 18.3% Win32 Executable Borland Delphi 6 0.9% Win32 Executable Delphi generic 0.9% Windows screen saver

type PE

wordsize 32

Subsystem Windows GUI

Hashes

md5 fb1cc390e5b506679885762fbaa37cb4

sha1 6b117fa26d4309f773f123385301cc5e33efca68

crc32 0x7c155cac

sha224 cd92fec2a28328ec10dd0cb594b71cf8c645c16c8f5a0bf437a0b228

sha256 e7aeacbf201b0853482800ae6ac2db4985924abfa12d3b55d992750f92775 158

sha384 d18676ee6b7da9bb0c65eac7910946ab937d9c1527517f5b38a7acb7be5a6 c8028dc92af3acaf0b8e75b9830feec496d

sha512 4f56f8e08e095b0da76c5c90b219ff1f9dca015abfff388f4a4d4ef86cfd1ef39c 43a3299e952fca74c330e5273abbbcf17735e27f65e32aae2a5c5aa2ec08f7

ssdeep 24576:JCak6GIWDAnsRpdfPBP8EzxKJTEGGQPDZ7sDk/wdJisIndCHhYISTU+yT :J3lUpZ98EzzwZ7sDk2isMmqTPyT

Community

Report #6273

Creation Date: Feb. 14, 2020, 3:26 p.m.

Last Update: Feb. 14, 2020, 10:54 p.m.

File:

CONTRATO_VENCIDO_ATRASO-03-2017-HNS393.exe Results:

(2)

Google False

HashLib False

YARA

Matches domain, Borland, Borland_Delphi_30_, network_dropper, CRC32_poly_Const ant, BASE64_table, Delphi_DecodeDate, RIPEMD160_Constants, borland_de lphi, Delphi_FormShow, CRC32_table, Microsoft_Visual_Cpp_v50v60_MFC, wi n_files_operation, IsPE32, win_hook, RijnDael_AES_CHAR, contentis_base64, screenshot, Borland_Delphi_v40_v50, keylogger, win_mutex, Borland_Delph i_40_additional, Borland_Delphi_40, Delphi_Random, IsWindowsGUI, Delphi_

Copy, anti_dbg, Borland_Delphi_Setup_Module, Borland_Delphi_DLL, url, SH A1_Constants, win_registry, Delphi_CompareCall, RijnDael_AES_LONG, Delp hi_StrToInt, Borland_Delphi_30_additional, Borland_Delphi_v30

Suspicious True

Strings

List

http://www.quevenha2017.com/2feiradiadecomprarmoveis/coronabeats.zip the appropriate version of this product at http://www.componentace.com Web site: http://www.componentace.com

http://www.carnaval2017top.net/gynjard/notify.php t.Ht

Uh.aE Font.Style Font.Name

AddedTitle.Font.Name AddedTitle.Font.Style HintKind.Font.Name HintKind.Font.Style BoundLabel.Active BoundLabel.Active BoundLabel.Active BoundLabel.Active BoundLabel.Active BoundLabel.Active BoundLabel.Active BoundLabel.Active

Invalid compressed size, rfs.size = %d, count = %d MenuSupport.ExtraLineFont.Name

MenuSupport.ExtraLineFont.Style

%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group feel free to contact us at [email protected]

C.Ph t.hK

System\CurrentControlSet\Control\Keyboard Layouts\%.8x clGreen Pen.Style

\Software\Borland\C++Builder

(3)

\Software\Borland\Delphi P.rsrc

Options.dat Options.dat Options.dat

SOFTWARE\Borland\Delphi\RTL Delphi%.8X

Software\Borland\Locales Software\Borland\Delphi\Locales

\Software\Borland\BDS ThirdParty.ThirdTreeViews ThirdParty.ThirdWWEdits ThirdParty.ThirdEdits ThirdParty.ThirdGrids ThirdParty.ThirdGridEh comctl32.dll

comctl32.dll msimg32.dll comctl32.dll comctl32.dll comctl32.dll comctl32.dll version.dll wininet.dll vcltest3.dll uxtheme.dll ThirdPanels Urlmon.dll SHFolder.dll RdPS

Hashed list of file names is invalid The compression scheme is Password for "%s"

ThirdParty.ThirdUpDown

#212

ThirdParty.ThirdScrollControl

""fD**~T

ThirdParty.ThirdPanels ThirdParty.ThirdPageControl ThirdParty.ThirdTabControl ControlOfs%.8X%.8X WndProcPtr%.8X%.8X JumpID("","%s")

ThirdParty.ThirdButtons Likestook32

ThirdParty.ThirdSpeedButton WindowStated

Apartment

Sub-menu is not in menu

Cannot compress file '%s'. Zip64 mode is not enabled Division by zero

Load from file ACSBSC hFLO ACSBSC ACSBSC ACSBSC ACSBSC Stage

(4)

ACSBSC Author

TaskbarCreated bsSizeToolWin Rebuild Selected ToolWin pfDevice poDelete UhD%G

Unexpected nil pointer

Foremost

Matches 2897.bmp, 774 B, 0.exe, 1 MB, 2846.png, 3 KB, 2853.png, 3 KB, 2859.png, 3 KB, 2870.png, 1 KB, 2872.png, 1 KB, 2874.png, 417 B, 2875.png, 1 KB, 2 878.png, 1 KB

Suspicious True

Heuristics

IPs hasIPs: False

Allowed Suspicious

hasAllowed: False hasSuspicious: False

URLs Allowed

hasURLs: True

Suspicious: http://www.carnaval2017top.net/gynjard/notify.php, http://ww w.quevenha2017.com/2feiradiadecomprarmoveis/coronabeats.zip, http://w ww.componentace.com

hasAllowed: False hasSuspicious: True

Files Allowed: http://www.carnaval2017top.net/gynjard/notify.php, http://www.q uevenha2017.com/2feiradiadecomprarmoveis/coronabeats.zip, MAPI32.DLL , DWMAPI.DLL, Urlmon.dll, wininet.dll, user32.dll, uxtheme.dll, comctl32.dll, ole32.dll, imm32.dll, advapi32.dll, SHFolder.dll, oleaut32.dll, kernel32.dll, vc ltest3.dll, gdi32.dll, version.dll, shell32.dll, msimg32.dll

hasFiles: True

Suspicious: Options.dat, 2.tmp, 1.tmp hasAllowed: True

hasSuspicious: True

Binary

Sizes RVA

RVA: 16

Suspicious: False

(5)

Code

Size: 220672 Suspicious: False Image

Address: 4194304 Suspicious: False Stack

Stack: 16384 Suspicious: False Headers

Headers: 1024 Suspicious: False Suspicious: False

Symbols Number

Number: 0

Suspicious: True Pointer

Pointer: 0

Suspicious: True Directories Number: 16 Suspicious: False

Checksum Value: 0

Suspicous: True

Sections Allowed: code, data, bss, .idata, .tls, .rdata, .reloc, .rsrc Suspicious

hasAllowed: True hasSections: True hasSuspicious: False

Versions OS

Version: 4

Suspicious: False Image

Version: True Suspicious: 4 Linker

Version: 2.25 Suspicious: False Subsystem

Version: 4.0 Suspicious: False Suspicious: False

EntryPoint Address: 1274504

Suspicious: False

Anomalies Anomalies: The header checksum and the calculated checksum do not ma tch.

(6)

hasAnomalies: True

Libraries Allowed: mapi32.dll, dwmapi.dll, urlmon.dll, wininet.dll, user32.dll, uxthem e.dll, comctl32.dll, ole32.dll, imm32.dll, advapi32.dll, shfolder.dll, oleaut32.

dll, kernel32.dll, gdi32.dll, version.dll, shell32.dll, msimg32.dll hasLibs: True

Suspicious: vcltest3.dll hasAllowed: True hasSuspicious: True

Timestamp Past: True

Valid: True

Value: 1992-06-19 19:22:17 Future: False

Compilation Packed: False

Missing: False Packers

Compiled: True

Compilers: Borland Delphi 3.0 (???), Borland Delphi 4.0

Obfuscation XOR: False

Fuzzing: False

PEDetector

Matches None

Suspicious False

Disassembly

hasTricks True

Tricks

pushret none: 187

.rsrc: 13

pushpopmath none: 39

.rsrc: 21 .reloc: 51

garbagebytes none: 179

.rsrc: 2

(7)

hookdetection none: 2 .rsrc: 1 .reloc: 4

software breakpoint none: 14 .rsrc: 1 .reloc: 14

programcontrolflowchange none: 179 .rsrc: 2

cpuinstructionsresultscomparison none: 29 .rsrc: 24 .reloc: 2

AVclass

banload 1

VirusTotal

md5 fb1cc390e5b506679885762fbaa37cb4

sha1 6b117fa26d4309f773f123385301cc5e33efca68

SCANS (DETECTION RATE = 60.87%)

AVG result: Win32:Banker-NAY [Trj]

update: 20181009 version: 18.4.3895.0 detected: True

CMC update: 20181009

version: 1.1.0.977 detected: False

MAX result: malware (ai score=87)

Bkav update: 20181008

K7GW result: Trojan-Downloader ( 00508d6e1 )

(8)

update: 20181009 version: 11.6.28640 detected: True

ALYac result: Trojan.GenericKD.30343755

Avast result: Win32:Banker-NAY [Trj]

Avira result: HEUR/AGEN.1003861

Baidu update: 20181009

Cyren result: W32/GenBl.FB1CC390!Olympus

DrWeb update: 20181009

GData result: Trojan.GenericKD.30343755

update: 20181009

version: A:25.18831B:25.13404 detected: True

Panda result: Trj/GdSda.A

VBA32 result: TScope.Trojan.Delf

(9)

VIPRE result: Trojan.Win32.Generic!BT update: 20181009

version: 70162 detected: True

Zoner update: 20181008

version: 1.0 detected: False

AVware result: Trojan.Win32.Generic!BT

ClamAV update: 20181009

Comodo update: 20181009

detected: False

F-Prot update: 20181009

Ikarus result: Trojan-Downloader.Win32.Banload update: 20181009

version: 0.1.5.2 detected: True

McAfee result: Trojan-FLUG!FB1CC390E5B5

Rising result: Downloader.Banload!8.15B (TFE:4:6GYGcBssSuC) update: 20181009

Sophos result: Mal/Generic-S

Yandex result: Trojan.Agent!7jRLPO0teoU

update: 20181008

(10)

Zillya update: 20181008

Alibaba update: 20180921

Arcabit result: Trojan.Generic.D1CF024B

Babable update: 20180918

version: 9107201 detected: False

Cylance result: Unsafe

Endgame result: malicious (high confidence) update: 20180730

version: 3.0.1 detected: True

TACHYON update: 20181009

version: 2018-10-09.01 detected: False

Tencent result: Win32.Trojan.Generic.Ectw

ViRobot update: 20181008

Webroot update: 20181009

(11)

eGambit update: 20181009 detected: False

Ad-Aware result: Trojan.GenericKD.30343755

AegisLab result: Trojan.Win32.Generic.4!c update: 20181009

version: 4.2 detected: True

Emsisoft result: Trojan.GenericKD.30343755 (B) update: 20181009

F-Secure result: Trojan.GenericKD.30343755

Fortinet update: 20181009

Invincea result: heuristic

Jiangmin update: 20181009

version: 16.0.100 detected: False

Kingsoft update: 20181009

Paloalto result: generic.ml

update: 20181009 version: 1.0 detected: True

Symantec result: ML.Attribute.HighConfidence

(12)

AhnLab-V3 result: Trojan/Win32.Agent.C1880515 update: 20181008

Antiy-AVL result: Trojan/Win32.AGeneric update: 20181009

Kaspersky result: HEUR:Trojan.Win32.Generic update: 20181009

Microsoft result: TrojanDownloader:Win32/Banload update: 20181009

Qihoo-360 update: 20181009

TheHacker update: 20181008

version: 6.8.0.5.3729 detected: False

ZoneAlarm result: HEUR:Trojan.Win32.Generic update: 20181009

Cybereason result: malicious.0e5b50

ESET-NOD32 result: a variant of Win32/TrojanDownloader.Banload.XWC update: 20181009

version: 18183 detected: True

(13)

TrendMicro update: 20181009 version: 10.0.0.1040 detected: False

BitDefender result: Trojan.GenericKD.30343755 update: 20181009

CrowdStrike result: malicious_confidence_90% (D) update: 20180723

K7AntiVirus result: Trojan-Downloader ( 00508d6e1 ) update: 20181009

version: 11.6.28641 detected: True

SentinelOne update: 20180926

Avast-Mobile update: 20181008

version: 181008-00 detected: False

Malwarebytes update: 20181009

TotalDefense update: 20181009

CAT-QuickHeal result: Trojan.IGENERIC update: 20181008 version: 14.00 detected: True

NANO-Antivirus result: Trojan.Win32.Delphi.emtwgq update: 20181009

MicroWorld-eScan result: Trojan.GenericKD.30343755 update: 20181009

(14)

SUPERAntiSpyware update: 20181006 version: 5.6.0.1032 detected: False

McAfee-GW-Edition result: BehavesLike.Win32.Dropper.th update: 20181009

version: v2017.3010 detected: True

TrendMicro-HouseCall update: 20181009 version: 10.0.0.1040 detected: False

total 69

sha256 e7aeacbf201b0853482800ae6ac2db4985924abfa12d3b55d992750f92775 158

scan_id e7aeacbf201b0853482800ae6ac2db4985924abfa12d3b55d992750f92775 158-1539075801

resource fb1cc390e5b506679885762fbaa37cb4

permalink https://www.virustotal.com/file/e7aeacbf201b0853482800ae6ac2db498592 4abfa12d3b55d992750f92775158/analysis/1539075801/

positives 42

scan_date 2018-10-09 09:03:21

verbose_msg Scan finished, information embedded

response_code 1

File

Trace

14/2/2020 - 21:45:43.

997

Op en

1 4 8 0

C:\mal ware.e xe

C:\Monitor\Malware

14/2/2020 - 21:45:43.

997

Un kno wn

1 4 8

C:\mal ware.e xe

C:\Monitor\Malware

(15)

0

14/2/2020 - 21:45:43.

997

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\shell32.dll

14/2/2020 - 21:45:43.

997

Op en

1 4 8 0

C:\mal ware.e xe

C:\malware.exe.Local

14/2/2020 - 21:45:43.

997

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\winsxs\x86_microsoft.windows.common-controls_659 5b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d

14/2/2020 - 21:45:44.

12

Un kno wn

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

12

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

12

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\winsxs\x86_microsoft.windows.common-controls_659 5b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comc tl32.dll

14/2/2020 - 21:45:44.

12

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\winsxs\x86_microsoft.windows.common-controls_659 5b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comc tl32.dll

14/2/2020 - 21:45:44.

12

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\WindowsShell.Manifest

14/2/2020 - 21:45:44.

12

Un kno wn

1 4 8 0

C:\mal ware.e xe

C:\Windows\WindowsShell.Manifest WindowsShell.Man

ifest

14/2/2020 - 21:45:44.

12

Op en

1 4 8 0

C:\mal ware.e xe

C:\

14/2/2020 - 21:45:44.

12

Un kno wn

1 4 8 0

C:\mal ware.e xe

C:\

(16)

14/2/2020 - 21:45:44.

12

Op en

1 4 8 0

C:\mal ware.e xe

C:\Monitor

14/2/2020 - 21:45:44.

12

Un kno wn

1 4 8 0

C:\mal ware.e xe

C:\Monitor

14/2/2020 - 21:45:44.

12

Op en

1 4 8 0

C:\mal ware.e xe

C:\Monitor\Malware

14/2/2020 - 21:45:44.

12

Un kno wn

1 4 8 0

C:\mal ware.e xe

C:\Monitor\Malware

14/2/2020 - 21:45:44.

12

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\rpcss.dll

14/2/2020 - 21:45:44.

12

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\rpcss.dll

14/2/2020 - 21:45:44.

12

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\propsys.dll

14/2/2020 - 21:45:44.

12

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\propsys.dll

14/2/2020 - 21:45:44.

12

Op en

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches

14/2/2020 - 21:45:44.

12

Op en

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cver sions.1.db

14/2/2020 - 21:45:44.

12

Op en

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches

(17)

14/2/2020 - 21:45:44.

12

Op en

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cver sions.1.db

14/2/2020 - 21:45:44.

12

Op en

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AF BF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x00000000000 00000.db

14/2/2020 - 21:45:44.

12

Op en

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\Desktop\desktop.ini

14/2/2020 - 21:45:44.

12

Re ad

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

12

Un kno wn

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

137

Op en

1 4 8 0

C:\mal ware.e xe

C:\WindowsCodecs.dll

14/2/2020 - 21:45:44.

137

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\WindowsCodecs.dll

14/2/2020 - 21:45:44.

137

Un kno wn

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\WindowsCodecs.dll WindowsCodecs.dl l

14/2/2020 - 21:45:44.

137

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\WindowsCodecs.dll

14/2/2020 - 21:45:44.

137

Un kno wn

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\WindowsCodecs.dll WindowsCodecs.dl l

14/2/2020 - 21:45:44.

137

Op en

1 4 8 0

C:\mal ware.e xe

C:\apphelp.dll

(18)

14/2/2020 - 21:45:44.

137

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\apphelp.dll

14/2/2020 - 21:45:44.

137

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\apphelp.dll

14/2/2020 - 21:45:44.

137

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\EhStorShell.dll

14/2/2020 - 21:45:44.

137

Un kno wn

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\EhStorShell.dll EhStorShell.dll

14/2/2020 - 21:45:44.

137

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\AppPatch\sysmain.sdb

14/2/2020 - 21:45:44.

137

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64

14/2/2020 - 21:45:44.

137

Un kno wn

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64

14/2/2020 - 21:45:44.

137

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

137

Un kno wn

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

137

Op en

1 4 8 0

C:\mal ware.e xe

C:\

14/2/2020 - 21:45:44.

137

Un kno wn

1 4 8 0

C:\mal ware.e xe

C:\

1

(19)

14/2/2020 - 21:45:44.

137

Op en

4 8 0

C:\mal ware.e xe

C:\Windows

14/2/2020 - 21:45:44.

137

Un kno wn

1 4 8 0

C:\mal ware.e xe

C:\Windows

14/2/2020 - 21:45:44.

137

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64

14/2/2020 - 21:45:44.

137

Un kno wn

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64

14/2/2020 - 21:45:44.

137

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

137

Un kno wn

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

137

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

137

Re ad

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

200

Re ad

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

247

Re ad

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

293

Re ad

1 4 8 0

C:\mal ware.e xe

14/2/2020 1

C:\mal

(20)

- 21:45:44.

340

Op en

4 8 0

ware.e xe

C:\Windows\SysWOW64\pt-BR\EhStorShell.dll.mui

14/2/2020 - 21:45:44.

387

Re ad

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\pt-BR\EhStorShell.dll.mui EhStorShell.dll.mui

14/2/2020 - 21:45:44.

434

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

434

Un kno wn

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

434

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

434

Un kno wn

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

434

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\pt-BR\EhStorShell.dll.mui

14/2/2020 - 21:45:44.

434

Un kno wn

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\pt-BR\EhStorShell.dll.mui EhStorShell.dll.mui

14/2/2020 - 21:45:44.

434

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

434

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

434

Re ad

1 4 8 0

C:\mal ware.e xe

14/2/2020 Re

1

4 C:\mal

(21)

- 21:45:44.

434

ad 8 0

ware.e xe

14/2/2020 - 21:45:44.

434

Re ad

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

434

Un kno wn

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

434

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

434

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\ntshrui.dll

14/2/2020 - 21:45:44.

434

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\AppPatch\sysmain.sdb

14/2/2020 - 21:45:44.

434

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64

14/2/2020 - 21:45:44.

434

Un kno wn

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64

14/2/2020 - 21:45:44.

434

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

434

Op en

1 4 8 0

C:\mal ware.e xe

C:\

14/2/2020 - 21:45:44.

434

Un kno wn

1 4 8 0

C:\mal ware.e xe

C:\

14/2/2020 - 21:45:44. Op

1

4 C:\mal

ware.e C:\Windows

(22)

434 en 8 0

xe

14/2/2020 - 21:45:44.

434

Un kno wn

1 4 8 0

C:\mal ware.e xe

C:\Windows

14/2/2020 - 21:45:44.

434

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64

14/2/2020 - 21:45:44.

434

Un kno wn

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64

14/2/2020 - 21:45:44.

434

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64

14/2/2020 - 21:45:44.

450

Un kno wn

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64

14/2/2020 - 21:45:44.

450

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

450

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

450

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

450

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

450

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44. Op

en 1 4 8

C:\mal

ware.e C:\Windows\SysWOW64\ntshrui.dll

(23)

450 0 xe

14/2/2020 - 21:45:44.

450

Re ad

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

450

Re ad

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

450

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

450

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\imageres.dll

14/2/2020 - 21:45:44.

465

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

465

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

465

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

465

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\pt-BR\imageres.dll.mui

14/2/2020 - 21:45:44.

465

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\System32\pt-BR\imageres.dll.mui

14/2/2020 - 21:45:44.

465

Op en

1 4 8 0

C:\mal ware.e xe

C:\windows\SysWOW64\pt\imageres.dll.mui

14/2/2020 - 21:45:44.

465

Op en

1 4 8

C:\mal ware.e xe

C:\Windows\SysWOW64\en-US\imageres.dll.mui

(24)

0

14/2/2020 - 21:45:44.

465

Re ad

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\en-US\imageres.dll.mui imageres.dll.mui

14/2/2020 - 21:45:44.

465

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

465

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

465

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

465

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

465

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

465

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

465

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

465

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

465

Un kno wn

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

(25)

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Un kno wn

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

(26)

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Un kno wn

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

(27)

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Un kno wn

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

1

(28)

14/2/2020 - 21:45:44.

481

Op en

4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Un kno wn

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Un kno wn

1 4 8 0

C:\mal ware.e xe

1

(29)

14/2/2020 - 21:45:44.

481

Op en

4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Un kno wn

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 1

C:\mal

(30)

- 21:45:44.

481

Op en

4 8 0

ware.e xe

14/2/2020 - 21:45:44.

481

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

497

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

497

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

497

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

497

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

497

Un kno wn

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

497

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

497

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

497

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

497

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 Op

1

4 C:\mal

(31)

- 21:45:44.

497

en 8 0

ware.e xe

14/2/2020 - 21:45:44.

497

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

497

Op en

1 4 8 0

C:\mal ware.e

xe C:\windows\SysWOW64\pt\imageres.dll.mui

14/2/2020 - 21:45:44.

497

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

497

Un kno wn

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

497

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

497

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

497

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

497

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

497

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

497

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44. Op

1

4 C:\mal

ware.e C:\windows\SysWOW64\pt\imageres.dll.mui

(32)

497 en 8 0

xe

14/2/2020 - 21:45:44.

497

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

497

Un kno wn

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

497

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

497

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

497

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

497

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

497

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

497

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

497

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

497

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

Un kno

1

4 C:\mal ware.e

(33)

497 wn 8 0

xe C:\Windows\SysWOW64\en-US\imageres.dll.mui imageres.dll.mui

14/2/2020 - 21:45:44.

637

Op en

1 4 8 0

C:\mal ware.e xe

C:\malware.exe

14/2/2020 - 21:45:44.

637

Un kno wn

1 4 8 0

C:\mal ware.e xe

C:\malware.exe

14/2/2020 - 21:45:44.

637

Op en

1 4 8 0

C:\mal ware.e xe

C:\malware.exe

14/2/2020 - 21:45:44.

637

Un kno wn

1 4 8 0

C:\mal ware.e xe

C:\malware.exe

14/2/2020 - 21:45:44.

637

Op en

1 4 8 0

C:\mal ware.e xe

C:\malware.exe

14/2/2020 - 21:45:44.

637

Un kno wn

1 4 8 0

C:\mal ware.e xe

C:\malware.exe

14/2/2020 - 21:45:44.

637

Op en

1 4 8 0

C:\mal ware.e xe

C:\Monitor\Malware

14/2/2020 - 21:45:44.

637

Un kno wn

1 4 8 0

C:\mal ware.e xe

C:\Monitor\Malware

14/2/2020 - 21:45:44.

637

Op en

1 4 8 0

C:\mal ware.e xe

C:\

14/2/2020 - 21:45:44.

637

Un kno wn

1 4 8 0

C:\mal ware.e xe

C:\

14/2/2020 Op

1

4 C:\mal

(34)

- 21:45:44.

637

en 8 0

ware.e xe

C:\Monitor

14/2/2020 - 21:45:44.

637

Un kno wn

1 4 8 0

C:\mal ware.e xe

C:\Monitor

14/2/2020 - 21:45:44.

637

Op en

1 4 8 0

C:\mal ware.e xe

C:\Monitor\Malware

14/2/2020 - 21:45:44.

637

Un kno wn

1 4 8 0

C:\mal ware.e xe

C:\Monitor\Malware

14/2/2020 - 21:45:44.

637

Op en

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local

14/2/2020 - 21:45:44.

637

Un kno wn

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

637

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:45:44.

637

Un kno wn

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:5.7 31

Re ad

1 4 8 0

C:\mal ware.e xe

C:\malware.exe

14/2/2020 - 21:46:5.8 72

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\uxtheme.dll.Config

14/2/2020 - 21:46:5.8 72

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\uxtheme.dll

14/2/2020 Op

1

4 C:\mal

(35)

- 21:46:5.8 72

en 8 0

ware.e xe

C:\malware.exe.Local

14/2/2020 - 21:46:5.8 72

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:5.8 72

Un kno wn

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:5.8 72

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:5.8 72

Un kno wn

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:5.8 72

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\Fonts\sserife.fon

14/2/2020 - 21:46:6.8 72

Op en

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local\Likestook32

14/2/2020 - 21:46:6.8 72

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:6.8 72

Un kno wn

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:6.8 72

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:6.8 72

Un kno wn

1 4 8 0

C:\mal ware.e xe

14/2/2020 Op

1

4 C:\mal

(36)

- 21:46:6.8 87

en 8 0

ware.e xe

C:\api-ms-win-downlevel-shlwapi-l2-1-0.dll

14/2/2020 - 21:46:6.8 87

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

14/2/2020 - 21:46:6.8 87

Un kno wn

1 4 8 0

C:\mal ware.e xe

api-ms-win-downle vel-shlwapi-l2-1-0.

dll

14/2/2020 - 21:46:6.8 87

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:6.8 87

Un kno wn

1 4 8 0

C:\mal ware.e xe

api-ms-win-downle vel-shlwapi-l2-1-0.

dll

14/2/2020 - 21:46:6.8 87

Op en

1 4 8 0

C:\mal ware.e xe

C:\Secur32.dll

14/2/2020 - 21:46:6.8 87

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\secur32.dll

14/2/2020 - 21:46:6.8 87

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\secur32.dll

14/2/2020 - 21:46:6.8 87

Op en

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary I nternet Files

14/2/2020 - 21:46:6.8 87

Un kno wn

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:6.8 87

Op en

1 4 8 0

C:\mal ware.e xe

C:\api-ms-win-downlevel-advapi32-l2-1-0.dll

14/2/2020 Op

1

4 C:\mal

(37)

- 21:46:6.8 87

en 8 0

ware.e xe

C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll

14/2/2020 - 21:46:6.8 87

Un kno wn

1 4 8 0

C:\mal ware.e xe

api-ms-win-downle vel-advapi32-l2-1- 0.dll

14/2/2020 - 21:46:6.8 87

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:6.8 87

Un kno wn

1 4 8 0

C:\mal ware.e xe

api-ms-win-downle vel-advapi32-l2-1- 0.dll

14/2/2020 - 21:46:6.9 18

Op en

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary I nternet Files\counters.dat

14/2/2020 - 21:46:6.9 18

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\winhttp.dll

14/2/2020 - 21:46:6.9 18

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\winhttp.dll

14/2/2020 - 21:46:6.9 18

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\webio.dll

14/2/2020 - 21:46:6.9 18

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\webio.dll

14/2/2020 - 21:46:6.9 18

Op en

1 4 8 0

C:\mal ware.e xe

C:\IPHLPAPI.DLL

14/2/2020 - 21:46:6.9 18

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\IPHLPAPI.DLL

14/2/2020 Op

1

4 C:\mal

(38)

- 21:46:6.9 18

en 8 0

ware.e xe

C:\Windows\SysWOW64\IPHLPAPI.DLL

14/2/2020 - 21:46:6.9 18

Op en

1 4 8 0

C:\mal ware.e xe

C:\WINNSI.DLL

14/2/2020 - 21:46:6.9 18

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\winnsi.dll

14/2/2020 - 21:46:6.9 18

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\winnsi.dll

14/2/2020 - 21:46:6.9 34

Op en

1 4 8 0

C:\mal ware.e xe

C:\DNSAPI.dll

14/2/2020 - 21:46:6.9 34

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\dnsapi.dll

14/2/2020 - 21:46:6.9 34

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\dnsapi.dll

14/2/2020 - 21:46:6.9 81

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\mswsock.dll

14/2/2020 - 21:46:6.9 81

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\mswsock.dll

14/2/2020 - 21:46:6.9 81

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\wship6.dll

14/2/2020 - 21:46:6.9 81

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\wship6.dll

14/2/2020 Op

1

4 C:\mal

(39)

- 21:46:6.9 81

en 8 0

ware.e xe

C:\Users\Behemot

14/2/2020 - 21:46:6.9 81

Op en

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot

14/2/2020 - 21:46:6.9 81

Un kno wn

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot

14/2/2020 - 21:46:6.9 81

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:6.9 81

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:6.9 81

Un kno wn

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:6.9 81

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:6.9 81

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:6.9 81

Un kno wn

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:6.9 81

Op en

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary I nternet Files\Content.IE5

14/2/2020 - 21:46:6.9 81

Un kno wn

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary I nternet Files\Content.IE5

14/2/2020 Op

1

4 C:\mal

(40)

- 21:46:6.9 81

en 8 0

ware.e xe

C:\Users\Behemot

14/2/2020 - 21:46:6.9 81

Op en

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot

14/2/2020 - 21:46:6.9 81

Un kno wn

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot

14/2/2020 - 21:46:6.9 81

Op en

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Roaming

14/2/2020 - 21:46:6.9 81

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:6.9 81

Un kno wn

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:6.9 81

Op en

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies

14/2/2020 - 21:46:6.9 81

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:6.9 81

Un kno wn

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:6.9 81

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:6.9 81

Un kno wn

1 4 8 0

C:\mal ware.e xe

14/2/2020 Op

1

4 C:\mal

(41)

- 21:46:6.9 81

en 8 0

ware.e xe

C:\Users\Behemot

14/2/2020 - 21:46:6.9 81

Op en

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot

14/2/2020 - 21:46:6.9 81

Un kno wn

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot

14/2/2020 - 21:46:6.9 81

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:6.9 81

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:6.9 81

Un kno wn

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:6.9 81

Op en

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\History

14/2/2020 - 21:46:6.9 81

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:6.9 81

Un kno wn

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:6.9 81

Op en

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\History\Hist ory.IE5

14/2/2020 - 21:46:6.9 81

Un kno wn

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\History\Hist ory.IE5

14/2/2020 Op

1

4 C:\mal

(42)

- 21:46:7.7 5

en 8 0

ware.e xe

C:\Windows\SysWOW64\netprofm.dll

14/2/2020 - 21:46:7.7 5

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\netprofm.dll

14/2/2020 - 21:46:7.7 5

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\nlaapi.dll

14/2/2020 - 21:46:7.7 5

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\nlaapi.dll

14/2/2020 - 21:46:7.1 22

Op en

1 4 8 0

C:\mal ware.e xe

C:\dhcpcsvc6.DLL

14/2/2020 - 21:46:7.1 22

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\dhcpcsvc6.dll

14/2/2020 - 21:46:7.1 22

Un kno wn

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\dhcpcsvc6.dll dhcpcsvc6.dll

14/2/2020 - 21:46:7.1 22

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\dhcpcsvc6.dll

14/2/2020 - 21:46:7.1 22

Un kno wn

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\dhcpcsvc6.dll dhcpcsvc6.dll

14/2/2020 - 21:46:7.1 68

Op en

1 4 8 0

C:\mal ware.e xe

C:\CRYPTSP.dll

14/2/2020 - 21:46:7.1 68

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\cryptsp.dll

14/2/2020 1

4 C:\mal

(43)

- 21:46:7.1 68

Op en

8 0

ware.e xe

C:\Windows\SysWOW64\cryptsp.dll

14/2/2020 - 21:46:7.1 68

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\rsaenh.dll

14/2/2020 - 21:46:7.1 68

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:7.1 68

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:7.1 68

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:7.1 68

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:7.1 68

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:7.1 68

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:7.1 68

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:7.1 68

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:7.1 68

Op en

1 4 8 0

C:\mal ware.e

xe C:\Windows\SysWOW64\rsaenh.dll

1

(44)

14/2/2020 - 21:46:7.1 68

Op en

4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:7.1 68

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:7.1 68

Op en

1 4 8 0

C:\mal ware.e xe

C:\RpcRtRemote.dll

14/2/2020 - 21:46:7.1 68

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\RpcRtRemote.dll

14/2/2020 - 21:46:7.1 68

Un kno wn

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\RpcRtRemote.dll RpcRtRemote.dll

14/2/2020 - 21:46:7.1 68

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\RpcRtRemote.dll

14/2/2020 - 21:46:7.1 68

Un kno wn

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\RpcRtRemote.dll RpcRtRemote.dll

14/2/2020 - 21:46:7.1 68

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\WSHTCPIP.DLL

14/2/2020 - 21:46:7.1 68

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\WSHTCPIP.DLL

14/2/2020 - 21:46:7.1 68

Op en

1 4 8 0

C:\mal ware.e

xe C:\dhcpcsvc.DLL

14/2/2020 - 21:46:7.1 68

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\dhcpcsvc.dll

14/2/2020 1

C:\mal

(45)

- 21:46:7.1 68

Op en

4 8 0

ware.e xe

C:\Windows\SysWOW64\dhcpcsvc.dll

14/2/2020 - 21:46:7.2 31

Op en

1 4 8 0

C:\mal ware.e xe

C:\rasadhlp.dll

14/2/2020 - 21:46:7.2 31

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\rasadhlp.dll

14/2/2020 - 21:46:7.2 31

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\rasadhlp.dll

14/2/2020 - 21:46:7.2 78

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\npmproxy.dll

14/2/2020 - 21:46:7.2 78

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\npmproxy.dll

14/2/2020 - 21:46:8.3 09

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\wininet.dll

14/2/2020 - 21:46:8.3 09

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\wininet.dll

14/2/2020 - 21:46:8.5 90

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:8.5 90

Un kno wn

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:13.

684

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 Un 1

C:\mal

(46)

- 21:46:13.

684

kno wn

4 8 0

ware.e xe

14/2/2020 - 21:46:15.

747

Op en

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:15.

747

Un kno wn

1 4 8 0

C:\mal ware.e xe

14/2/2020 - 21:46:17.

997

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\ole32.dll

14/2/2020 - 21:46:17.

997

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\SysWOW64\ole32.dll

Process

Trace

Analysis

Reason Timeout

Status Sucessfully Executed

Results 1

Registry

Trace

14/2/2020 - 21:46:6.918

Wr ite

1 4 8 0

C:\malw are.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\

ZoneMap

ProxyBypas s

(47)

14/2/2020 - 21:46:6.918

Wr ite

1 4 8 0

C:\malw are.exe

ZoneMap

IntranetNa me

14/2/2020 - 21:46:6.918

Wr ite

1 4 8 0

C:\malw are.exe

ZoneMap

UNCAsIntra net

14/2/2020 - 21:46:6.918

Wr ite

1 4 8 0

C:\malw are.exe

ZoneMap AutoDetect

14/2/2020 - 21:46:6.918

Wr ite

1 4 8 0

C:\malw are.exe

ZoneMap

ProxyBypas s

14/2/2020 - 21:46:6.918

Wr ite

1 4 8 0

C:\malw are.exe

ZoneMap

IntranetNa me

14/2/2020 - 21:46:6.918

Wr ite

1 4 8 0

C:\malw are.exe

ZoneMap

UNCAsIntra net

14/2/2020 - 21:46:6.918

Wr ite

1 4 8 0

C:\malw are.exe

ZoneMap AutoDetect

14/2/2020 - 21:46:6.918

Wr ite

1 4 8 0

C:\malw

are.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings ProxyEnabl e

14/2/2020 - 21:46:6.918

De let e

1 4 8 0

C:\malw

are.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings ProxyServe r

14/2/2020 - 21:46:6.918

De let e

1 4 8 0

C:\malw

are.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings ProxyOverri de

14/2/2020 - 21:46:6.918

De let e

1 4 8 0

C:\malw

are.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings AutoConfig URL

De 1