Report #7031 check_circle

  • Creation Date: Feb. 20, 2020, 4:29 p.m.
  • Last Update: Feb. 20, 2020, 5:57 p.m.
  • File: index.html.exe
  • Results:
Binary
DLL
False cancel
Size
235.50KB
trid
41.0% Win32 Executable MS Visual C++
36.3% Win64 Executable
8.6% Win32 Dynamic Link Library
5.9% Win32 Executable
2.6% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
19729fc0b31215863770f5f2df66b9ea
sha1
3bf115ea263753b37bc39e04f2aedeb2e20ee6e6
crc32
0xf36f0618
sha224
4303327733121ca30ec9af5358b0ad24342551cde8c7f09043971b13
sha256
e8d2f149de58eb45b398a84d6d27d568ab1d239584edcb55531fe11da2f9c51b
sha384
789628400d2c537a306684ca948185889c4da22db6d9d21eeb82eeff1190146d26bca9fb58fd5f371103c9e6f8ba668c
sha512
b71534b3b8ded7cb6b79b66fc2176acb9685d9285a9f24196ac59f7a7092a13c0723ae77fc4b7df1c083a91f5707ec2b6036665d8c7262e7ad14c6619b6f87ef
ssdeep
3072:gmvs0qRWJbfxo9lfKka9dZRBD+upPFQ2wbXLtze4AkxrgLOE7qSvi27Ufkf9an:1vOgtIlf5aBvDHFgj04AkxsRvY
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
VC8_Microsoft_Corporation, domain, anti_dbg, HasRichSignature, contentis_base64, Microsoft_Visual_Cpp_8, IsPacked, TEAN, win_files_operation, IsPE32, IsWindowsGUI

Suspicious
True check_circle

Strings
List
dssdfosdfposdf.png
dfgdfgdfg.exe
h(_A
No such process
No such device or address
No such device
Too many open files in system
Too many open files
Too many links
Result too large
Resource device
Operation not permitted
mscoree.dll
- abort() has been called
IsProcessorFeaturePresent
GetProcAddress
ExitProcess
IsDebuggerPresent
TerminateProcess
Permission denied
VirtualProtect
HeapCreate
WriteFile
LoadLibraryA
GetModuleFileNameW
GetModuleFileNameA
QueryPerformanceCounter
GetModuleHandleW
LoadLibraryW
CreateFileW
SetFilePointer
LC_CTYPE
Exec format error
LC_COLLATE
LC_MONETARY
LC_NUMERIC
GetTickCount
Broken pipe
LC_TIME
MS Shell Dlg
MS Shell Dlg
Sleep
system
Input/output error
GetCPInfo
WUSER32.DLL
.?AVbad_cast@std@@
FtPj;S
-1W7dlo
wE&V><a><a
IWv1,cKT
.?AV?$_Iosb@H@std@@
><a><aUF
[Efao;|~
]|oIOqiuE+
;.:l.:leP
msctls_progress32
msctls_progress32
msctls_progress32
msctls_progress32
NDa=74}
.?AVios_base@std@@
pr-china
.?AVfacet@locale@std@@
-p6a#eY
english-usa
german-swiss
united-states
italian-swiss
OKa4"RH
american-english
english-american
french-canadian
.?AV?$ctype@D@std@@
Hl_avNRP
norwegian-nynorsk
french-swiss
CONOUT$
,RrD<tLJ4
.?AVsystem_error@std@@
t@@emd`
%D:pEpoM
Inappropriate I/O control operation
delete[]
df;mgsdfongsodfngolsnfdkgolsdnfgosbfdogjsn
2N'FE"
A(null)
?If90t
Tezadofudoyitado foca
aKCI~fw
`.rdata
InterlockedIncrement
InterlockedDecrement
Xico fozidine kigohekexeyo
`string'
2caqrLpY
,DM8e
Cuzilumi
{V\kdAs
.Jtin(n

Foremost
Matches
0.exe, 235 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: WUSER32.DLL, KERNEL32.DLL, mscoree.dll, SHELL32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 182784
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 263957
Suspicous: False cancel

Sections
Allowed: .text, .rdata, .data, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 10.0
Suspicious: False cancel
Subsystem
Version: 5.1
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 17779
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: kernel32.dll, mscoree.dll, shell32.dll
hasLibs: True check_circle
Suspicious: wuser32.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2017-04-11 04:51:18
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 34
.text: 2

pushpopmath
.rsrc: 33
.rdata: 4

garbagebytes
.rsrc: 11
.text: 2

hookdetection
.rsrc: 2

stealthimport
.rdata: 1

programcontrolflowchange
.rsrc: 11
.text: 2

AVclass
emotet
1
VirusTotal
md5
19729fc0b31215863770f5f2df66b9ea
sha1
3bf115ea263753b37bc39e04f2aedeb2e20ee6e6
SCANS (DETECTION RATE = 87.67%)
AVG
result: Win32:Rootkit-gen [Rtk]
update: 20200101
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=100)
update: 20200101
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200101
version: 5.101
detected: True check_circle

Bkav
update: 20191231
version: 1.3.0.9899
detected: False cancel

K7GW
result: Trojan ( 0050b26b1 )
update: 20200101
version: 11.85.32920
detected: True check_circle

ALYac
result: Trojan.GenericKD.4823102
update: 20200101
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Rootkit-gen [Rtk]
update: 20200101
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/Crypt.XPACK.mshfr
update: 20200101
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/Emotet.XNDA-5811
update: 20200101
version: 6.2.2.2
detected: True check_circle

DrWeb
result: BackDoor.Siggen2.2041
update: 20200101
version: 7.0.42.9300
detected: True check_circle

GData
result: Win32.Trojan.Agent.698K0X
update: 20200101
version: A:25.24441B:26.17204
detected: True check_circle

Panda
result: Trj/WLT.C
update: 20200101
version: 4.6.4.2
detected: True check_circle

VBA32
result: BScope.Trojan.Scarsi
update: 20191231
version: 4.3.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20200101
version: 80468
detected: True check_circle

Zoner
result: Trojan.Win32.56491
update: 20191231
version: 1.0.0.1
detected: True check_circle

ClamAV
result: Win.Trojan.Agent-6260496-0
update: 20200101
version: 0.102.1.0
detected: True check_circle

Comodo
result: Malware@#29oynlc56frcz
update: 20200101
version: 31910
detected: True check_circle

F-Prot
result: W32/Emotet.BE
update: 20200101
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Trojan-Banker.Emotet
update: 20200101
version: 0.1.5.2
detected: True check_circle

McAfee
result: Generic.abl
update: 20200101
version: 6.0.6.653
detected: True check_circle

Rising
result: Trojan.Emotet!8.B95 (KTSE)
update: 20200101
version: 25.0.0.24
detected: True check_circle

Sophos
result: Troj/Agent-AVJE
update: 20200101
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.PWS.Emotet!
update: 20191230
version: 5.5.2.24
detected: True check_circle

Zillya
result: Trojan.Emotet.Win32.673
update: 20191231
version: 2.0.0.3988
detected: True check_circle

Acronis
result: suspicious
update: 20191224
version: 1.1.1.58
detected: True check_circle

Alibaba
result: TrojanSpy:Win32/Emotet.a0119235
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Generic.D49983E
update: 20200101
version: 1.0.0.865
detected: True check_circle

Cylance
result: Unsafe
update: 20200101
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20190918
version: 3.0.15
detected: True check_circle

FireEye
result: Generic.mg.19729fc0b3121586
update: 20200101
version: 29.7.0.0
detected: True check_circle

Sangfor
result: Malware
update: 20191224
version: 1.0
detected: True check_circle

TACHYON
update: 20200101
version: 2020-01-01.02
detected: False cancel

Tencent
update: 20200101
version: 1.0.0.1
detected: False cancel

ViRobot
result: Trojan.Win32.Z.Emotet.241152
update: 20191231
version: 2014.3.20.0
detected: True check_circle

Webroot
result: W32.Trojan.Gen
update: 20200101
version: 1.0.0.403
detected: True check_circle

eGambit
result: Unsafe.AI_Score_99%
update: 20200101
detected: True check_circle

Ad-Aware
result: Trojan.GenericKD.4823102
update: 20200101
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Win32.Emotet.7!c
update: 20191220
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.4823102 (B)
update: 20200101
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Trojan.TR/Crypt.XPACK.mshfr
update: 20200101
version: 12.0.86.52
detected: True check_circle

Fortinet
result: W32/Kryptik.FRBI!tr
update: 20191231
version: 6.2.137.0
detected: True check_circle

Invincea
result: heuristic
update: 20191211
version: 6.3.6.26157
detected: True check_circle

Jiangmin
result: Trojan.Scarsi.aks
update: 20200101
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20200101
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20200101
version: 1.0
detected: True check_circle

Symantec
result: Ransom.Kovter
update: 20191220
version: 1.11.0.0
detected: True check_circle

Trapmine
result: malicious.high.ml.score
update: 20191216
version: 3.2.16.890
detected: True check_circle

AhnLab-V3
result: HEUR/Ranpix.Gen
update: 20200101
version: 3.17.0.26111
detected: True check_circle

Antiy-AVL
result: Trojan[Banker]/Win32.Emotet
update: 20200101
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Trojan-Banker.Win32.Emotet.vjp
update: 20200101
version: 15.0.1.13
detected: True check_circle

MaxSecure
result: Trojan.Malware.10864724.susgen
update: 20191231
version: 1.0.0.1
detected: True check_circle

Microsoft
result: TrojanSpy:Win32/Banker.RB
update: 20200101
version: 1.1.16600.7
detected: True check_circle

Qihoo-360
result: Win32/Trojan.4bf
update: 20200101
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: Trojan-Banker.Win32.Emotet.vjp
update: 20200101
version: 1.0
detected: True check_circle

Cybereason
result: malicious.0b3121
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: Win32/Emotet.AO
update: 20200101
version: 20602
detected: True check_circle

TrendMicro
result: TROJ_EMOTET.XXSX
update: 20200101
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.GenericKD.4823102
update: 20200101
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_100% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 0050b26b1 )
update: 20200101
version: 11.85.32919
detected: True check_circle

SentinelOne
result: DFI - Malicious PE
update: 20191218
version: 1.12.1.57
detected: True check_circle

Avast-Mobile
update: 20191219
version: 191219-00
detected: False cancel

Malwarebytes
result: Trojan.SpamBot
update: 20200101
version: 2.1.1.1115
detected: True check_circle

TotalDefense
update: 20200101
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Ransom.Gen.A4
update: 20200101
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Emotet.exkcgd
update: 20200101
version: 1.0.134.25031
detected: True check_circle

BitDefenderTheta
result: Gen:NN.ZexaF.33558.oqW@ay8Vm6c
update: 20191223
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.4823102
update: 20200101
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20191227
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Generic.dc
update: 20200101
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_EMOTET.XXSX
update: 20200101
version: 10.0.0.1040
detected: True check_circle

total
73
sha256
e8d2f149de58eb45b398a84d6d27d568ab1d239584edcb55531fe11da2f9c51b
scan_id
e8d2f149de58eb45b398a84d6d27d568ab1d239584edcb55531fe11da2f9c51b-1577898083
resource
19729fc0b31215863770f5f2df66b9ea
positives
64
scan_date
2020-01-01 17:01:23
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
20/2/2020 - 16:46:15.606Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
20/2/2020 - 16:46:15.606Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
20/2/2020 - 16:46:15.715Open1480C:\malware.exeC:\dwmapi.dll
20/2/2020 - 16:46:15.715Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
20/2/2020 - 16:46:15.715Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
20/2/2020 - 16:46:15.715Open1480C:\malware.exeC:\malware.exe
20/2/2020 - 16:46:15.715Open1480C:\malware.exeC:\malware.exe
20/2/2020 - 16:46:15.715Open1480C:\malware.exeC:\malware.exe
20/2/2020 - 16:46:15.715Unknown1480C:\malware.exeC:\malware.exe
20/2/2020 - 16:46:15.715Unknown1480C:\malware.exeC:\malware.exe
20/2/2020 - 16:46:15.715Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
20/2/2020 - 16:46:15.715Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
20/2/2020 - 16:46:15.715Unknown1480C:\malware.exeC:\malware.exe
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pf
20/2/2020 - 16:46:15.778Read1344C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pfMALWARE.EXE-20920919.pf
20/2/2020 - 16:46:15.778Open1344C:\malware.exe\Device\HarddiskVolume2
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Monitor
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Monitor
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Monitor
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Monitor\Malware
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Monitor\Malware
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Monitor\Malware
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\System32
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\System32
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\System32
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\SysWOW64
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\System32\ntdll.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\System32\ntdll.dll
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\System32\wow64.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\System32\wow64.dll
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\System32\wow64win.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\System32\wow64win.dll
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\System32\wow64cpu.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\System32\wow64cpu.dll
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\System32\kernel32.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\System32\kernel32.dll
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\System32\user32.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\System32\user32.dll
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\System32\apisetschema.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\SysWOW64\KernelBase.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\System32\locale.nls
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\System32\locale.nls
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\malware.exe
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\malware.exe
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\SysWOW64\shell32.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\shell32.dll
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\SysWOW64\user32.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\user32.dll
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\SysWOW64\sechost.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\sechost.dll
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\SysWOW64\cryptbase.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\SysWOW64\lpk.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\lpk.dll
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\SysWOW64\usp10.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\usp10.dll
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\SysWOW64\imm32.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\imm32.dll
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\SysWOW64\msctf.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\msctf.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\System32\locale.nls
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\System32\ntdll.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\System32\wow64.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\System32\wow64win.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\System32\wow64cpu.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\System32\kernel32.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\System32\user32.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\malware.exe
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\shell32.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\user32.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\sechost.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\lpk.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\usp10.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\imm32.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows\SysWOW64\msctf.dll
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exe\Device\HarddiskVolume2
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\System32\wow64.dll
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\System32\wow64.dll
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\System32\wow64win.dll
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\System32\wow64win.dll
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\System32\wow64cpu.dll
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\System32\wow64cpu.dll
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows\System32\wow64log.dll
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Windows
20/2/2020 - 16:46:15.778Unknown1344C:\malware.exeC:\Windows
20/2/2020 - 16:46:15.778Open1344C:\malware.exeC:\Monitor
20/2/2020 - 16:46:15.793Open1344C:\malware.exeC:\Windows\SysWOW64\sechost.dll
20/2/2020 - 16:46:15.793Open1344C:\malware.exeC:\Windows\SysWOW64\sechost.dll
20/2/2020 - 16:46:15.793Unknown1480C:\malware.exeC:\Windows
20/2/2020 - 16:46:15.793Unknown1480C:\malware.exeC:\Monitor
20/2/2020 - 16:46:15.793Open1344C:\malware.exeC:\Windows\SysWOW64\imm32.dll
20/2/2020 - 16:46:15.793Open1344C:\malware.exeC:\Windows\SysWOW64\imm32.dll
20/2/2020 - 16:46:15.793Open1344C:\malware.exeC:\Windows\SysWOW64\imm32.dll
20/2/2020 - 16:46:15.793Open1344C:\malware.exeC:\Windows\SysWOW64\imm32.dll
20/2/2020 - 16:46:15.793Open1344C:\malware.exeC:\Windows\SysWOW64\imm32.dll
20/2/2020 - 16:46:15.793Open1344C:\malware.exeC:\Windows\SysWOW64\imm32.dll
20/2/2020 - 16:46:15.793Open1344C:\malware.exeC:\
20/2/2020 - 16:46:15.793Unknown1344C:\malware.exeC:\
20/2/2020 - 16:46:15.793Open1344C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
20/2/2020 - 16:46:15.793Unknown1344C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
20/2/2020 - 16:46:15.793Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming
20/2/2020 - 16:46:15.793Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Roaming
20/2/2020 - 16:46:15.793Open1344C:\malware.exeC:\
20/2/2020 - 16:46:15.793Unknown1344C:\malware.exeC:\
20/2/2020 - 16:46:15.793Open1344C:\malware.exeC:\Users
20/2/2020 - 16:46:15.793Unknown1344C:\malware.exeC:\Users
20/2/2020 - 16:46:15.793Open1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:15.793Unknown1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:15.793Open1344C:\malware.exeC:\Users\Behemot\AppData
20/2/2020 - 16:46:15.793Unknown1344C:\malware.exeC:\Users\Behemot\AppData
20/2/2020 - 16:46:15.793Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming
20/2/2020 - 16:46:15.793Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Roaming
20/2/2020 - 16:46:15.793Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont
20/2/2020 - 16:46:15.793Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont
20/2/2020 - 16:46:15.793Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont
20/2/2020 - 16:46:15.793Open1344C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
20/2/2020 - 16:46:15.793Open1344C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
20/2/2020 - 16:46:15.793Open1344C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
20/2/2020 - 16:46:15.793Open1344C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
20/2/2020 - 16:46:15.872Open1344C:\malware.exeC:\Windows\SysWOW64\shell32.dll
20/2/2020 - 16:46:15.872Open1344C:\malware.exeC:\malware.exe.Local
20/2/2020 - 16:46:15.872Open1344C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
20/2/2020 - 16:46:15.872Unknown1344C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
20/2/2020 - 16:46:15.872Open1344C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
20/2/2020 - 16:46:15.872Open1344C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
20/2/2020 - 16:46:15.872Open1344C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
20/2/2020 - 16:46:15.872Open1344C:\malware.exeC:\Windows\WindowsShell.Manifest
20/2/2020 - 16:46:15.872Unknown1344C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
20/2/2020 - 16:46:15.872Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exe
20/2/2020 - 16:46:15.872Open1344C:\malware.exeC:\
20/2/2020 - 16:46:15.872Unknown1344C:\malware.exeC:\
20/2/2020 - 16:46:15.872Open1344C:\malware.exeC:\Monitor
20/2/2020 - 16:46:15.872Unknown1344C:\malware.exeC:\Monitor
20/2/2020 - 16:46:15.872Open1344C:\malware.exeC:\
20/2/2020 - 16:46:15.872Unknown1344C:\malware.exeC:\
20/2/2020 - 16:46:15.872Open1344C:\malware.exeC:\
20/2/2020 - 16:46:15.872Unknown1344C:\malware.exeC:\
20/2/2020 - 16:46:15.872Open1344C:\malware.exeC:\Windows\SysWOW64\propsys.dll
20/2/2020 - 16:46:15.872Open1344C:\malware.exeC:\Windows\SysWOW64\propsys.dll
20/2/2020 - 16:46:15.872Open1344C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
20/2/2020 - 16:46:15.872Open1344C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
20/2/2020 - 16:46:15.872Open1344C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
20/2/2020 - 16:46:15.872Open1344C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
20/2/2020 - 16:46:15.872Open1344C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
20/2/2020 - 16:46:15.872Open1344C:\malware.exeC:\Users\desktop.ini
20/2/2020 - 16:46:15.872Read1344C:\malware.exeC:\Users\desktop.ini
20/2/2020 - 16:46:15.872Open1344C:\malware.exeC:\Users
20/2/2020 - 16:46:15.872Unknown1344C:\malware.exeC:\Users
20/2/2020 - 16:46:15.872Open1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:15.872Unknown1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:15.872Open1344C:\malware.exeC:\Users\Behemot\AppData
20/2/2020 - 16:46:15.872Unknown1344C:\malware.exeC:\Users\Behemot\AppData
20/2/2020 - 16:46:15.872Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming
20/2/2020 - 16:46:15.872Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Roaming
20/2/2020 - 16:46:15.872Open1344C:\malware.exeC:\
20/2/2020 - 16:46:15.872Unknown1344C:\malware.exeC:\
20/2/2020 - 16:46:15.872Open1344C:\malware.exeC:\Monitor
20/2/2020 - 16:46:15.872Unknown1344C:\malware.exeC:\Monitor
20/2/2020 - 16:46:15.872Open1344C:\malware.exeC:\Monitor\Malware
20/2/2020 - 16:46:15.872Unknown1344C:\malware.exeC:\Monitor\Malware
20/2/2020 - 16:46:15.872Open1344C:\malware.exeC:\Windows\SysWOW64\propsys.dll
20/2/2020 - 16:46:15.872Open1344C:\malware.exeC:\Windows\SysWOW64\propsys.dll
20/2/2020 - 16:46:15.872Open1344C:\malware.exeC:\Windows\System32\propsys.dll
20/2/2020 - 16:46:15.872Open1344C:\malware.exeC:\Windows\SysWOW64\propsys.dll
20/2/2020 - 16:46:15.872Open1344C:\malware.exeC:\Windows\SysWOW64\propsys.dll
20/2/2020 - 16:46:15.872Open1344C:\malware.exeC:\Windows\System32\propsys.dll
20/2/2020 - 16:46:15.887Open1344C:\malware.exeC:\
20/2/2020 - 16:46:15.887Unknown1344C:\malware.exeC:\
20/2/2020 - 16:46:15.887Open1344C:\malware.exeC:\malware.exe
20/2/2020 - 16:46:15.887Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont
20/2/2020 - 16:46:15.887Unknown1344C:\malware.exeC:\malware.exe
20/2/2020 - 16:46:15.887Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont
20/2/2020 - 16:46:15.887Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont
20/2/2020 - 16:46:15.887Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont
20/2/2020 - 16:46:15.887Open1344C:\malware.exeC:\ntmarta.dll
20/2/2020 - 16:46:15.887Open1344C:\malware.exeC:\Windows\SysWOW64\ntmarta.dll
20/2/2020 - 16:46:15.887Open1344C:\malware.exeC:\Windows\SysWOW64\ntmarta.dll
20/2/2020 - 16:46:15.887Open1344C:\malware.exeC:\Monitor\Malware
20/2/2020 - 16:46:15.887Unknown1344C:\malware.exeC:\Monitor\Malware
20/2/2020 - 16:46:15.887Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont
20/2/2020 - 16:46:15.887Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming
20/2/2020 - 16:46:15.887Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Roaming
20/2/2020 - 16:46:15.887Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont
20/2/2020 - 16:46:15.887Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exe
20/2/2020 - 16:46:15.887Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont
20/2/2020 - 16:46:15.887Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont
20/2/2020 - 16:46:15.887Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exe:Zone.Identifier
20/2/2020 - 16:46:15.887Open1344C:\malware.exeC:\Monitor
20/2/2020 - 16:46:15.887Unknown1344C:\malware.exeC:\Monitor
20/2/2020 - 16:46:15.887Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exe
20/2/2020 - 16:46:15.887Open1344C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
20/2/2020 - 16:46:15.887Read1344C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\
20/2/2020 - 16:46:15.950Unknown1344C:\malware.exeC:\
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\Users
20/2/2020 - 16:46:15.950Unknown1344C:\malware.exeC:\Users
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:15.950Unknown1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\Users\Behemot\Searches\desktop.ini
20/2/2020 - 16:46:15.950Read1344C:\malware.exeC:\Users\Behemot\Searches\desktop.ini
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\
20/2/2020 - 16:46:15.950Unknown1344C:\malware.exeC:\
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\Users
20/2/2020 - 16:46:15.950Unknown1344C:\malware.exeC:\Users
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:15.950Unknown1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\Users\Behemot\Videos\desktop.ini
20/2/2020 - 16:46:15.950Read1344C:\malware.exeC:\Users\Behemot\Videos\desktop.ini
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\
20/2/2020 - 16:46:15.950Unknown1344C:\malware.exeC:\
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\Users
20/2/2020 - 16:46:15.950Unknown1344C:\malware.exeC:\Users
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:15.950Unknown1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\Users\Behemot\Pictures\desktop.ini
20/2/2020 - 16:46:15.950Read1344C:\malware.exeC:\Users\Behemot\Pictures\desktop.ini
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\
20/2/2020 - 16:46:15.950Unknown1344C:\malware.exeC:\
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\Users
20/2/2020 - 16:46:15.950Unknown1344C:\malware.exeC:\Users
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:15.950Unknown1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\
20/2/2020 - 16:46:15.950Unknown1344C:\malware.exeC:\
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\Users
20/2/2020 - 16:46:15.950Unknown1344C:\malware.exeC:\Users
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:15.950Unknown1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\Users\Behemot\Contacts\desktop.ini
20/2/2020 - 16:46:15.950Read1344C:\malware.exeC:\Users\Behemot\Contacts\desktop.ini
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\
20/2/2020 - 16:46:15.950Unknown1344C:\malware.exeC:\
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\Users
20/2/2020 - 16:46:15.950Unknown1344C:\malware.exeC:\Users
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:15.950Unknown1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\Users\Behemot\Favorites\desktop.ini
20/2/2020 - 16:46:15.950Read1344C:\malware.exeC:\Users\Behemot\Favorites\desktop.ini
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\
20/2/2020 - 16:46:15.950Unknown1344C:\malware.exeC:\
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\Users
20/2/2020 - 16:46:15.950Unknown1344C:\malware.exeC:\Users
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:15.950Unknown1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\Users\Behemot\Music\desktop.ini
20/2/2020 - 16:46:15.950Read1344C:\malware.exeC:\Users\Behemot\Music\desktop.ini
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\
20/2/2020 - 16:46:15.950Unknown1344C:\malware.exeC:\
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\Users
20/2/2020 - 16:46:15.950Unknown1344C:\malware.exeC:\Users
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:15.950Unknown1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\Users\Behemot\Downloads\desktop.ini
20/2/2020 - 16:46:15.950Read1344C:\malware.exeC:\Users\Behemot\Downloads\desktop.ini
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\
20/2/2020 - 16:46:15.950Unknown1344C:\malware.exeC:\
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\Users
20/2/2020 - 16:46:15.950Unknown1344C:\malware.exeC:\Users
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:15.950Unknown1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\Users\Behemot\Documents\desktop.ini
20/2/2020 - 16:46:15.950Read1344C:\malware.exeC:\Users\Behemot\Documents\desktop.ini
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\
20/2/2020 - 16:46:15.950Unknown1344C:\malware.exeC:\
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\Users
20/2/2020 - 16:46:15.950Unknown1344C:\malware.exeC:\Users
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:15.950Unknown1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\Users\Behemot\Links\desktop.ini
20/2/2020 - 16:46:15.950Read1344C:\malware.exeC:\Users\Behemot\Links\desktop.ini
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\
20/2/2020 - 16:46:15.950Unknown1344C:\malware.exeC:\
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\Users
20/2/2020 - 16:46:15.950Unknown1344C:\malware.exeC:\Users
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:15.950Unknown1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:15.950Open1344C:\malware.exeC:\Users\Behemot\Saved Games\desktop.ini
20/2/2020 - 16:46:15.965Read1344C:\malware.exeC:\Users\Behemot\Saved Games\desktop.ini
20/2/2020 - 16:46:15.965Open1344C:\malware.exeC:\apphelp.dll
20/2/2020 - 16:46:15.965Open1344C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
20/2/2020 - 16:46:15.965Open1344C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
20/2/2020 - 16:46:15.965Open1344C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
20/2/2020 - 16:46:15.965Open1344C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
20/2/2020 - 16:46:15.965Open1344C:\malware.exeC:\Windows\SysWOW64
20/2/2020 - 16:46:15.965Unknown1344C:\malware.exeC:\Windows\SysWOW64
20/2/2020 - 16:46:15.965Open1344C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
20/2/2020 - 16:46:15.965Open1344C:\malware.exeC:\
20/2/2020 - 16:46:15.965Unknown1344C:\malware.exeC:\
20/2/2020 - 16:46:15.965Open1344C:\malware.exeC:\Windows
20/2/2020 - 16:46:15.965Unknown1344C:\malware.exeC:\Windows
20/2/2020 - 16:46:15.965Open1344C:\malware.exeC:\Windows\SysWOW64
20/2/2020 - 16:46:15.965Unknown1344C:\malware.exeC:\Windows\SysWOW64
20/2/2020 - 16:46:15.965Open1344C:\malware.exeC:\Windows\SysWOW64
20/2/2020 - 16:46:15.965Unknown1344C:\malware.exeC:\Windows\SysWOW64
20/2/2020 - 16:46:15.965Open1344C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
20/2/2020 - 16:46:15.965Open1344C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
20/2/2020 - 16:46:16.153Open1344C:\malware.exeC:\CRYPTSP.dll
20/2/2020 - 16:46:16.153Open1344C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
20/2/2020 - 16:46:16.153Open1344C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
20/2/2020 - 16:46:16.153Open1344C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 16:46:16.153Open1344C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 16:46:16.153Open1344C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 16:46:16.153Open1344C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 16:46:16.153Open1344C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 16:46:16.153Open1344C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 16:46:16.153Open1344C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 16:46:16.153Open1344C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 16:46:16.153Open1344C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 16:46:16.153Open1344C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 16:46:16.153Open1344C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 16:46:16.153Open1344C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 16:46:16.153Open1344C:\malware.exeC:\RpcRtRemote.dll
20/2/2020 - 16:46:16.153Open1344C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
20/2/2020 - 16:46:16.153Unknown1344C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
20/2/2020 - 16:46:16.153Open1344C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
20/2/2020 - 16:46:16.153Unknown1344C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
20/2/2020 - 16:46:16.153Open1344C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
20/2/2020 - 16:46:16.153Open1344C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
20/2/2020 - 16:46:16.153Open1344C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
20/2/2020 - 16:46:16.153Open1344C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
20/2/2020 - 16:46:16.153Read1344C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
20/2/2020 - 16:46:16.153Read1344C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
20/2/2020 - 16:46:16.168Open1344C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
20/2/2020 - 16:46:16.168Open1344C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
20/2/2020 - 16:46:16.168Open1344C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
20/2/2020 - 16:46:16.168Open1344C:\malware.exeC:\Windows\SysWOW64\shell32.dll
20/2/2020 - 16:46:16.168Open1344C:\malware.exeC:\Windows\SysWOW64\shell32.dll
20/2/2020 - 16:46:16.168Open1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:16.168Unknown1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:16.168Open1344C:\malware.exeC:\
20/2/2020 - 16:46:16.168Unknown1344C:\malware.exeC:\
20/2/2020 - 16:46:16.168Open1344C:\malware.exeC:\Users
20/2/2020 - 16:46:16.168Unknown1344C:\malware.exeC:\Users
20/2/2020 - 16:46:16.231Open1344C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
20/2/2020 - 16:46:16.231Open1344C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
20/2/2020 - 16:46:16.231Open1344C:\malware.exeC:\version.DLL
20/2/2020 - 16:46:16.231Open1344C:\malware.exeC:\Windows\SysWOW64\version.dll
20/2/2020 - 16:46:16.231Open1344C:\malware.exeC:\Windows\SysWOW64\version.dll
20/2/2020 - 16:46:16.231Open1344C:\malware.exeC:\Secur32.dll
20/2/2020 - 16:46:16.231Open1344C:\malware.exeC:\Windows\SysWOW64\secur32.dll
20/2/2020 - 16:46:16.231Open1344C:\malware.exeC:\Windows\SysWOW64\secur32.dll
20/2/2020 - 16:46:16.231Open1344C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
20/2/2020 - 16:46:16.231Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
20/2/2020 - 16:46:16.231Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
20/2/2020 - 16:46:16.231Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
20/2/2020 - 16:46:16.231Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exe
20/2/2020 - 16:46:16.231Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeStringVermont.exe
20/2/2020 - 16:46:16.231Open1344C:\malware.exeC:\
20/2/2020 - 16:46:16.231Unknown1344C:\malware.exeC:\
20/2/2020 - 16:46:16.231Open1344C:\malware.exeC:\Users
20/2/2020 - 16:46:16.231Unknown1344C:\malware.exeC:\Users
20/2/2020 - 16:46:16.231Open1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:16.231Unknown1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:16.231Open1344C:\malware.exeC:\Users\Behemot\AppData
20/2/2020 - 16:46:16.231Unknown1344C:\malware.exeC:\Users\Behemot\AppData
20/2/2020 - 16:46:16.231Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exe
20/2/2020 - 16:46:16.231Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeStringVermont.exe
20/2/2020 - 16:46:16.231Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont
20/2/2020 - 16:46:16.231Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont
20/2/2020 - 16:46:16.231Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming
20/2/2020 - 16:46:16.231Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Roaming
20/2/2020 - 16:46:16.231Open1344C:\malware.exeC:\Users\Behemot\AppData
20/2/2020 - 16:46:16.231Unknown1344C:\malware.exeC:\Users\Behemot\AppData
20/2/2020 - 16:46:16.231Open1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:16.231Unknown1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:16.231Open1344C:\malware.exeC:\Users
20/2/2020 - 16:46:16.231Unknown1344C:\malware.exeC:\Users
20/2/2020 - 16:46:16.231Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exe
20/2/2020 - 16:46:16.231Open1344C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
20/2/2020 - 16:46:16.231Open1344C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
20/2/2020 - 16:46:16.231Unknown1344C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
20/2/2020 - 16:46:16.231Open1344C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
20/2/2020 - 16:46:16.231Unknown1344C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
20/2/2020 - 16:46:16.231Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeStringVermont.exe
20/2/2020 - 16:46:16.231Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exe
20/2/2020 - 16:46:16.231Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeStringVermont.exe
20/2/2020 - 16:46:16.231Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exe
20/2/2020 - 16:46:16.231Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeStringVermont.exe
20/2/2020 - 16:46:16.231Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exe:Zone.Identifier
20/2/2020 - 16:46:16.231Open1344C:\malware.exeC:\Monitor
20/2/2020 - 16:46:16.231Unknown1344C:\malware.exeC:\Monitor
20/2/2020 - 16:46:16.231Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exe
20/2/2020 - 16:46:16.247Open1344C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
20/2/2020 - 16:46:16.247Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont
20/2/2020 - 16:46:16.247Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont
20/2/2020 - 16:46:16.247Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exe
20/2/2020 - 16:46:16.247Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeStringVermont.exe
20/2/2020 - 16:46:16.247Open1344C:\malware.exeC:\
20/2/2020 - 16:46:16.247Unknown1344C:\malware.exeC:\
20/2/2020 - 16:46:16.247Open1344C:\malware.exeC:\Users
20/2/2020 - 16:46:16.247Unknown1344C:\malware.exeC:\Users
20/2/2020 - 16:46:16.247Open1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:16.247Unknown1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:16.247Open1344C:\malware.exeC:\Users\Behemot\AppData
20/2/2020 - 16:46:16.247Unknown1344C:\malware.exeC:\Users\Behemot\AppData
20/2/2020 - 16:46:16.247Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont
20/2/2020 - 16:46:16.247Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont
20/2/2020 - 16:46:16.247Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exe
20/2/2020 - 16:46:16.247Read1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeStringVermont.exe
20/2/2020 - 16:46:16.247Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont\ui\SwDRM.dll
20/2/2020 - 16:46:16.247Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exe
20/2/2020 - 16:46:16.247Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exe
20/2/2020 - 16:46:16.247Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeStringVermont.exe
20/2/2020 - 16:46:16.247Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exe
20/2/2020 - 16:46:16.247Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeStringVermont.exe
20/2/2020 - 16:46:16.247Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeStringVermont.exe
20/2/2020 - 16:46:16.247Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeStringVermont.exe
20/2/2020 - 16:46:16.247Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
20/2/2020 - 16:46:16.247Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
20/2/2020 - 16:46:16.247Open1344C:\malware.exeC:\
20/2/2020 - 16:46:16.247Unknown1344C:\malware.exeC:\
20/2/2020 - 16:46:16.247Open1344C:\malware.exeC:\Users
20/2/2020 - 16:46:16.247Unknown1344C:\malware.exeC:\Users
20/2/2020 - 16:46:16.247Open1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:16.247Unknown1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:16.247Open1344C:\malware.exeC:\Users\Behemot\AppData
20/2/2020 - 16:46:16.247Unknown1344C:\malware.exeC:\Users\Behemot\AppData
20/2/2020 - 16:46:16.247Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming
20/2/2020 - 16:46:16.247Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Roaming
20/2/2020 - 16:46:16.247Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont
20/2/2020 - 16:46:16.247Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont
20/2/2020 - 16:46:16.247Open1344C:\malware.exeC:\LINKINFO.dll
20/2/2020 - 16:46:16.247Open1344C:\malware.exeC:\Windows\SysWOW64\linkinfo.dll
20/2/2020 - 16:46:16.247Open1344C:\malware.exeC:\Windows\SysWOW64\linkinfo.dll
20/2/2020 - 16:46:16.247Open1344C:\malware.exeC:\
20/2/2020 - 16:46:16.247Unknown1344C:\malware.exeC:\
20/2/2020 - 16:46:16.247Open1344C:\malware.exeC:\ntshrui.dll
20/2/2020 - 16:46:16.262Open1344C:\malware.exeC:\Windows\SysWOW64\ntshrui.dll
20/2/2020 - 16:46:16.262Open1344C:\malware.exeC:\Windows\SysWOW64\ntshrui.dll
20/2/2020 - 16:46:16.262Open1344C:\malware.exeC:\srvcli.dll
20/2/2020 - 16:46:16.262Open1344C:\malware.exeC:\Windows\SysWOW64\srvcli.dll
20/2/2020 - 16:46:16.262Open1344C:\malware.exeC:\Windows\SysWOW64\srvcli.dll
20/2/2020 - 16:46:16.262Open1344C:\malware.exeC:\cscapi.dll
20/2/2020 - 16:46:16.262Open1344C:\malware.exeC:\Windows\SysWOW64\cscapi.dll
20/2/2020 - 16:46:16.262Open1344C:\malware.exeC:\Windows\SysWOW64\cscapi.dll
20/2/2020 - 16:46:16.325Open2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\Prefetch\STRINGVERMONT.EXE-FA068B0D.pf
20/2/2020 - 16:46:16.325Open2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows
20/2/2020 - 16:46:16.325Open2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\wow64.dll
20/2/2020 - 16:46:16.325Open2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\wow64.dll
20/2/2020 - 16:46:16.325Open2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\wow64win.dll
20/2/2020 - 16:46:16.325Open2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\wow64win.dll
20/2/2020 - 16:46:16.325Open2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\wow64cpu.dll
20/2/2020 - 16:46:16.325Open2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\wow64cpu.dll
20/2/2020 - 16:46:16.325Open2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\wow64log.dll
20/2/2020 - 16:46:16.325Open2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows
20/2/2020 - 16:46:16.325Unknown2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows
20/2/2020 - 16:46:16.325Open2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Monitor
20/2/2020 - 16:46:16.325Open2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\sechost.dll
20/2/2020 - 16:46:16.325Open2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\sechost.dll
20/2/2020 - 16:46:16.325Open2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\imm32.dll
20/2/2020 - 16:46:16.325Open2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\imm32.dll
20/2/2020 - 16:46:16.325Open2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\imm32.dll
20/2/2020 - 16:46:16.325Open2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\imm32.dll
20/2/2020 - 16:46:16.325Open2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\imm32.dll
20/2/2020 - 16:46:16.325Open2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\imm32.dll
20/2/2020 - 16:46:16.465Open1344C:\malware.exeC:\Windows\SysWOW64\mssprxy.dll
20/2/2020 - 16:46:16.465Open1344C:\malware.exeC:\Windows\SysWOW64\mssprxy.dll
20/2/2020 - 16:46:16.934Open1344C:\malware.exeC:\slc.dll
20/2/2020 - 16:46:16.934Open1344C:\malware.exeC:\Windows\SysWOW64\slc.dll
20/2/2020 - 16:46:16.934Open1344C:\malware.exeC:\Windows\SysWOW64\slc.dll
20/2/2020 - 16:46:16.934Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exe
20/2/2020 - 16:46:16.934Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont
20/2/2020 - 16:46:16.934Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont
20/2/2020 - 16:46:16.934Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont
20/2/2020 - 16:46:16.934Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont
20/2/2020 - 16:46:16.934Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont
20/2/2020 - 16:46:16.934Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeStringVermont.exe
20/2/2020 - 16:46:16.934Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StringVermont.lnk
20/2/2020 - 16:46:16.934Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exe
20/2/2020 - 16:46:16.934Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeStringVermont.exe
20/2/2020 - 16:46:16.934Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeStringVermont.exe
20/2/2020 - 16:46:16.934Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StringVermont.lnk
20/2/2020 - 16:46:16.934Open1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StringVermont.lnk
20/2/2020 - 16:46:16.934Open1344C:\malware.exeC:\
20/2/2020 - 16:46:16.934Unknown1344C:\malware.exeC:\
20/2/2020 - 16:46:16.934Open1344C:\malware.exeC:\Users
20/2/2020 - 16:46:16.934Unknown1344C:\malware.exeC:\Users
20/2/2020 - 16:46:16.934Open1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:16.934Unknown1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:16.934Open1344C:\malware.exeC:\Users\Behemot\AppData
20/2/2020 - 16:46:16.934Unknown1344C:\malware.exeC:\Users\Behemot\AppData
20/2/2020 - 16:46:16.934Open1344C:\malware.exeC:\
20/2/2020 - 16:46:16.934Unknown1344C:\malware.exeC:\
20/2/2020 - 16:46:16.934Open1344C:\malware.exeC:\Users
20/2/2020 - 16:46:16.934Unknown1344C:\malware.exeC:\Users
20/2/2020 - 16:46:16.934Open1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:16.934Unknown1344C:\malware.exeC:\Users\Behemot
20/2/2020 - 16:46:16.934Open1344C:\malware.exeC:\Users\Behemot\AppData
20/2/2020 - 16:46:16.934Unknown1344C:\malware.exeC:\Users\Behemot\AppData
20/2/2020 - 16:46:16.934Write1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StringVermont.lnkStringVermont.lnk
20/2/2020 - 16:46:16.934Unknown1344C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StringVermont.lnkStringVermont.lnk
20/2/2020 - 16:46:16.934Open1344C:\malware.exeC:\dwmapi.dll
20/2/2020 - 16:46:16.934Open1344C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
20/2/2020 - 16:46:16.934Open1344C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
20/2/2020 - 16:46:18.934Open1344C:\malware.exeC:\netutils.dll
20/2/2020 - 16:46:18.934Open1344C:\malware.exeC:\Windows\SysWOW64\netutils.dll
20/2/2020 - 16:46:18.934Open1344C:\malware.exeC:\Windows\SysWOW64\netutils.dll
20/2/2020 - 16:46:19.122Unknown1344C:\malware.exeC:\Windows
20/2/2020 - 16:46:19.122Unknown1344C:\malware.exeC:\Monitor
20/2/2020 - 16:46:19.122Unknown1344C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
20/2/2020 - 16:46:48.262Open2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\uxtheme.dll
20/2/2020 - 16:46:48.262Open2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\uxtheme.dll
20/2/2020 - 16:46:48.309Open2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Roaming\StringVermont\dwmapi.dll
20/2/2020 - 16:46:48.309Open2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\dwmapi.dll
20/2/2020 - 16:46:48.309Open2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\dwmapi.dll
20/2/2020 - 16:46:48.309Open2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exe
20/2/2020 - 16:46:48.309Open2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exe
20/2/2020 - 16:46:48.309Open2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exe
20/2/2020 - 16:46:48.309Unknown2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeStringVermont.exe
20/2/2020 - 16:46:48.309Unknown2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeStringVermont.exe
20/2/2020 - 16:46:48.309Open2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\apphelp.dll
20/2/2020 - 16:46:48.309Open2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\apphelp.dll
20/2/2020 - 16:46:48.309Unknown2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeStringVermont.exe
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\Prefetch\STRINGVERMONT.EXE-FA068B0D.pf
20/2/2020 - 16:46:48.356Read1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\Prefetch\STRINGVERMONT.EXE-FA068B0D.pfSTRINGVERMONT.EXE-FA068B0D.pf
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exe\Device\HarddiskVolume2
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Roaming
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Roaming
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Roaming
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Roaming\StringVermont
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Roaming\StringVermont
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Roaming\StringVermont
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\ntdll.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\ntdll.dll
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\wow64.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\wow64.dll
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\wow64win.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\wow64win.dll
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\wow64cpu.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\wow64cpu.dll
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\kernel32.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\kernel32.dll
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\kernel32.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\kernel32.dll
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\user32.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\user32.dll
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\ntdll.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\ntdll.dll
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\apisetschema.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\KernelBase.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\locale.nls
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\locale.nls
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exe
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeStringVermont.exe
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\shell32.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\shell32.dll
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\msvcrt.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\msvcrt.dll
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\shlwapi.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\shlwapi.dll
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\gdi32.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\gdi32.dll
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\user32.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\user32.dll
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\advapi32.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\advapi32.dll
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\sechost.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\sechost.dll
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\rpcrt4.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\rpcrt4.dll
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\sspicli.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\sspicli.dll
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\cryptbase.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\lpk.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\lpk.dll
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\usp10.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\usp10.dll
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\imm32.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\imm32.dll
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\msctf.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\msctf.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\locale.nls
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\ntdll.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\wow64.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\wow64win.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\wow64cpu.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\kernel32.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\kernel32.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\user32.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\ntdll.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeStringVermont.exe
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\shell32.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\msvcrt.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\shlwapi.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\gdi32.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\user32.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\advapi32.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\sechost.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\rpcrt4.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\sspicli.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\lpk.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\usp10.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\imm32.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\msctf.dll
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exe\Device\HarddiskVolume2
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\wow64.dll
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\wow64.dll
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\wow64win.dll
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\wow64win.dll
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\wow64cpu.dll
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\wow64cpu.dll
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\System32\wow64log.dll
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows
20/2/2020 - 16:46:48.356Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows
20/2/2020 - 16:46:48.356Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Monitor
20/2/2020 - 16:46:48.372Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\sechost.dll
20/2/2020 - 16:46:48.372Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\sechost.dll
20/2/2020 - 16:46:48.372Unknown2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows
20/2/2020 - 16:46:48.372Unknown2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Monitor
20/2/2020 - 16:46:48.372Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\imm32.dll
20/2/2020 - 16:46:48.372Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\imm32.dll
20/2/2020 - 16:46:48.372Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\imm32.dll
20/2/2020 - 16:46:48.372Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\imm32.dll
20/2/2020 - 16:46:48.372Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\imm32.dll
20/2/2020 - 16:46:48.372Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\imm32.dll
20/2/2020 - 16:46:48.372Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\
20/2/2020 - 16:46:48.372Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\
20/2/2020 - 16:46:48.372Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\Globalization\Sorting\SortDefault.nls
20/2/2020 - 16:46:48.372Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
20/2/2020 - 16:46:48.372Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Roaming
20/2/2020 - 16:46:48.372Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Roaming
20/2/2020 - 16:46:48.372Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Roaming\StringVermont\version.DLL
20/2/2020 - 16:46:48.372Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\version.dll
20/2/2020 - 16:46:48.372Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\version.dll
20/2/2020 - 16:46:48.372Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\
20/2/2020 - 16:46:48.372Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\
20/2/2020 - 16:46:48.372Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Roaming\StringVermont\CRYPTSP.dll
20/2/2020 - 16:46:48.372Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\cryptsp.dll
20/2/2020 - 16:46:48.372Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\cryptsp.dll
20/2/2020 - 16:46:48.372Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 16:46:48.372Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 16:46:48.372Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 16:46:48.372Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 16:46:48.372Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 16:46:48.372Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 16:46:48.372Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 16:46:48.372Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 16:46:48.372Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 16:46:48.372Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 16:46:48.387Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 16:46:48.387Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 16:46:48.387Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Roaming\StringVermont\Secur32.dll
20/2/2020 - 16:46:48.387Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\secur32.dll
20/2/2020 - 16:46:48.387Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\secur32.dll
20/2/2020 - 16:46:48.387Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
20/2/2020 - 16:46:48.387Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
20/2/2020 - 16:46:48.387Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Roaming\StringVermont\api-ms-win-downlevel-advapi32-l2-1-0.dll
20/2/2020 - 16:46:48.387Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
20/2/2020 - 16:46:48.387Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
20/2/2020 - 16:46:48.387Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
20/2/2020 - 16:46:48.387Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
20/2/2020 - 16:46:48.450Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
20/2/2020 - 16:46:48.450Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\winhttp.dll
20/2/2020 - 16:46:48.450Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\winhttp.dll
20/2/2020 - 16:46:48.450Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\webio.dll
20/2/2020 - 16:46:48.450Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\webio.dll
20/2/2020 - 16:46:48.450Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Roaming\StringVermont\IPHLPAPI.DLL
20/2/2020 - 16:46:48.450Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
20/2/2020 - 16:46:48.450Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
20/2/2020 - 16:46:48.450Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Roaming\StringVermont\WINNSI.DLL
20/2/2020 - 16:46:48.450Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\winnsi.dll
20/2/2020 - 16:46:48.450Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\winnsi.dll
20/2/2020 - 16:46:48.450Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Roaming\StringVermont\api-ms-win-downlevel-shlwapi-l2-1-0.dll
20/2/2020 - 16:46:48.450Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
20/2/2020 - 16:46:48.450Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
20/2/2020 - 16:46:48.450Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
20/2/2020 - 16:46:48.450Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
20/2/2020 - 16:46:48.450Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Roaming\StringVermont\DNSAPI.dll
20/2/2020 - 16:46:48.450Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\dnsapi.dll
20/2/2020 - 16:46:48.450Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\dnsapi.dll
20/2/2020 - 16:46:48.497Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\mswsock.dll
20/2/2020 - 16:46:48.497Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\mswsock.dll
20/2/2020 - 16:46:48.497Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\wship6.dll
20/2/2020 - 16:46:48.497Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\wship6.dll
20/2/2020 - 16:46:48.543Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\rpcss.dll
20/2/2020 - 16:46:48.543Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\rpcss.dll
20/2/2020 - 16:46:48.590Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\netprofm.dll
20/2/2020 - 16:46:48.590Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\netprofm.dll
20/2/2020 - 16:46:48.590Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\nlaapi.dll
20/2/2020 - 16:46:48.590Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\nlaapi.dll
20/2/2020 - 16:46:48.637Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Roaming\StringVermont\dhcpcsvc6.DLL
20/2/2020 - 16:46:48.637Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
20/2/2020 - 16:46:48.637Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
20/2/2020 - 16:46:48.637Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
20/2/2020 - 16:46:48.637Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
20/2/2020 - 16:46:48.684Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
20/2/2020 - 16:46:48.684Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
20/2/2020 - 16:46:48.684Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
20/2/2020 - 16:46:48.684Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
20/2/2020 - 16:46:48.684Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Roaming\StringVermont\dhcpcsvc.DLL
20/2/2020 - 16:46:48.684Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\dhcpcsvc.dll
20/2/2020 - 16:46:48.684Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\dhcpcsvc.dll
20/2/2020 - 16:46:48.684Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Roaming\StringVermont\RpcRtRemote.dll
20/2/2020 - 16:46:48.684Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\RpcRtRemote.dll
20/2/2020 - 16:46:48.684Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
20/2/2020 - 16:46:48.684Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\RpcRtRemote.dll
20/2/2020 - 16:46:48.684Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
20/2/2020 - 16:46:48.731Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Roaming\StringVermont\rasadhlp.dll
20/2/2020 - 16:46:48.731Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\rasadhlp.dll
20/2/2020 - 16:46:48.731Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\rasadhlp.dll
20/2/2020 - 16:46:48.793Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\wininet.dll
20/2/2020 - 16:46:48.793Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exe.Local
20/2/2020 - 16:46:48.793Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
20/2/2020 - 16:46:48.793Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
20/2/2020 - 16:46:48.793Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
20/2/2020 - 16:46:48.793Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
20/2/2020 - 16:46:48.793Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
20/2/2020 - 16:46:48.793Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\WindowsShell.Manifest
20/2/2020 - 16:46:48.793Unknown1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
20/2/2020 - 16:46:48.793Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\ws2_32.dll
20/2/2020 - 16:46:48.793Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\ws2_32.dll
20/2/2020 - 16:46:48.793Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
20/2/2020 - 16:46:48.793Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
20/2/2020 - 16:46:48.793Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
20/2/2020 - 16:46:48.793Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\wship6.dll
20/2/2020 - 16:46:48.793Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\wship6.dll
20/2/2020 - 16:46:48.793Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\wship6.dll
20/2/2020 - 16:46:48.793Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\wshqos.dll
20/2/2020 - 16:46:48.793Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\wshqos.dll
20/2/2020 - 16:46:48.793Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\wshqos.dll
20/2/2020 - 16:46:48.793Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\wshqos.dll
20/2/2020 - 16:46:48.793Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\wshqos.dll
20/2/2020 - 16:46:48.793Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\wshqos.dll
20/2/2020 - 16:46:48.793Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\wshqos.dll
20/2/2020 - 16:46:48.793Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\wshqos.dll
20/2/2020 - 16:46:48.825Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\npmproxy.dll
20/2/2020 - 16:46:48.825Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\npmproxy.dll
20/2/2020 - 16:46:49.887Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\wininet.dll
20/2/2020 - 16:46:49.887Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\wininet.dll
20/2/2020 - 16:49:16.653Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\netprofm.dll
20/2/2020 - 16:49:16.653Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\netprofm.dll
20/2/2020 - 16:49:16.653Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\nlaapi.dll
20/2/2020 - 16:49:16.653Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\nlaapi.dll
20/2/2020 - 16:49:16.840Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\npmproxy.dll
20/2/2020 - 16:49:16.840Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\npmproxy.dll
20/2/2020 - 16:49:17.981Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\wininet.dll
20/2/2020 - 16:49:17.981Open1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeC:\Windows\SysWOW64\wininet.dll

Process
Trace
20/2/2020 - 16:46:15.715Create1480C:\malware.exe1344C:\malware.exe
20/2/2020 - 16:46:16.231Create1344C:\malware.exe2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exe
20/2/2020 - 16:46:19.122Terminate1480C:\malware.exe1344C:\malware.exe
20/2/2020 - 16:46:48.309Create2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exe1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exe
20/2/2020 - 16:46:48.372Terminate1344C:\malware.exe2424C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
20/2/2020 - 16:46:16.231Write1344C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
20/2/2020 - 16:46:16.231Write1344C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
20/2/2020 - 16:46:16.231Write1344C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
20/2/2020 - 16:46:16.231Write1344C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
20/2/2020 - 16:46:16.231Write1344C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
20/2/2020 - 16:46:16.231Write1344C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
20/2/2020 - 16:46:16.231Write1344C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
20/2/2020 - 16:46:16.231Write1344C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
20/2/2020 - 16:46:48.450Write1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnable
20/2/2020 - 16:46:48.450Delete1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyServer
20/2/2020 - 16:46:48.450Delete1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyOverride
20/2/2020 - 16:46:48.450Delete1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigURL
20/2/2020 - 16:46:48.450Delete1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoDetect
20/2/2020 - 16:46:48.450Write1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsSavedLegacySettings
20/2/2020 - 16:46:48.825Write1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
20/2/2020 - 16:46:48.825Write1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
20/2/2020 - 16:46:48.825Write1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
20/2/2020 - 16:46:48.825Write1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
20/2/2020 - 16:46:50.75Write1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
20/2/2020 - 16:46:50.75Write1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
20/2/2020 - 16:46:50.75Write1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
20/2/2020 - 16:46:50.75Write1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
20/2/2020 - 16:46:50.75Delete1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
20/2/2020 - 16:46:50.75Write1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
20/2/2020 - 16:46:50.75Write1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
20/2/2020 - 16:46:50.75Write1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
20/2/2020 - 16:46:50.75Delete1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
20/2/2020 - 16:46:50.75Write1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
20/2/2020 - 16:46:50.75Write1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
20/2/2020 - 16:46:50.75Write1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
20/2/2020 - 16:46:50.75Delete1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
20/2/2020 - 16:49:16.840Write1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
20/2/2020 - 16:49:16.840Write1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
20/2/2020 - 16:49:16.840Write1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
20/2/2020 - 16:49:16.840Write1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
20/2/2020 - 16:49:18.122Write1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
20/2/2020 - 16:49:18.122Write1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
20/2/2020 - 16:49:18.122Write1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
20/2/2020 - 16:49:18.122Write1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
20/2/2020 - 16:49:18.122Delete1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
20/2/2020 - 16:49:18.122Write1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
20/2/2020 - 16:49:18.122Write1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
20/2/2020 - 16:49:18.122Write1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
20/2/2020 - 16:49:18.122Delete1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
20/2/2020 - 16:49:18.122Write1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
20/2/2020 - 16:49:18.122Write1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
20/2/2020 - 16:49:18.122Write1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
20/2/2020 - 16:49:18.122Delete1692C:\Users\Behemot\AppData\Roaming\StringVermont\StringVermont.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query

Response

TCP
Info
31.220.44.11:8080 arrow_forward computer localhost:65196
computer localhost:65195 arrow_forward 31.220.44.11:8080
computer localhost:65193 arrow_forward 119.82.27.246:8080
31.220.44.11:8080 arrow_forward computer localhost:65195
computer localhost:65194 arrow_forward 119.82.27.246:8080
computer localhost:65191 arrow_forward 206.214.220.79:8080
computer localhost:65192 arrow_forward 206.214.220.79:8080
computer localhost:65196 arrow_forward 31.220.44.11:8080

UDP
Info
computer localhost:68 arrow_forward help_outline 255.255.255.255:67
computer localhost:67 arrow_forward computer localhost:68

HTTP
Info

Summary
DNS
False cancel

TCP
True check_circle

UDP
True check_circle

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 97.86%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 91.96%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 65.50%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 36.11%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: True check_circle

Add to Collection
Download