Traces of win32 API calls performed by all processes spawned by the malware.
Files being created, deleted and downloaded by the malware during its execution.
Memory dumps of the malware processes.
Network traffic trace in PCAP format.
Screenshots of Windows desktop taken during the execution of the malware.
Full memory dumps of the machines.