Report #10959 check_circle

  • Creation Date: Sept. 3, 2020, 12:13 p.m.
  • Last Update: Sept. 3, 2020, 12:17 p.m.
  • File: Dropper_xor`locked.exe
  • Results:
Binary
DLL
False cancel
Size
181.50KB
trid
42.7% Win32 Executable
19.2% OS/2 Executable
18.9% Generic Win/DOS Executable
18.9% DOS Executable Generic
type
PE
wordsize
32
Subsystem
Windows CLI
Hashes
md5
f04341e395606ff4454d1d9f49dc756e
sha1
ef6903ee73401c661abfe3e1c6247019ecb83113
crc32
0x4eef4c74
sha224
bf4936466812cf5808d5118fda911edd98b2ff5a474e3ae945ef1790
sha256
b3de9a36a53e2cf25aa9643cb66aa6b3f9d6ad4b7786b7e82bb3463e38cb610f
sha384
47588799f241136e12fc709c374cf7aac1a0a2ff740318c0373878c03786121a036f4d9c1df8908c6a3b943c40d8eeb0
sha512
e14871023d9ab4956df4a25487de21533cb112b4bfa9630599a0cb17d37e2c4480793f790dba849b7b763326879d3fc55b3c51ae2c9c762dee0dc63246e34438
ssdeep
3072:aZbChf+8eT5AgmOAdR3f3zg2Pr4IHrUzKVmRnJdj4Cr2bc8+tFUejB:aZbChf3eT5AgmOAv7TvHQHd8CCb/+tFt
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
maldoc_getEIP_method_1, domain, tElock_098_tE, IsPacked, tElock_v098_additional, HasDebugData, tElock_10_private_tE_additional, HasRichSignature, tElock_v098_tHE_EGOiSTE_h, CodeCrypt_v016b_v0163b_additional, tElock_V099_10_Private_tE, tElock_098_Special_Build_forgot_heXer, tElock_098_tE_additional, tElock_v098_tHE_EGOiSTE_h_additional, IsPE32, tElockv098tE, tElock_V099_V10_Private_tE, tElock_098_tHE_EGOiSTE_h, contentis_base64, tElock_10_private_tE, tElock_v098, tElockv098, tElock_098_Special_Build_forgot_heXer_additional, tElock098tE, tElock_v098_tE, tElock_v096, tElock_v098b1_tHE_EGOiSTE, NeoLite_v200_additional, IsConsole, tElock_v098b1_additional, tElock_v098b1, tElock_099_10_private_tE, tElock_v098_tHE_EGOiSTE

Suspicious
True check_circle

Strings
List
Nt.bf
(B.tr
*.#4
NfTP
GetModuleHandleA
t3YG-VeI4
tr`u0Info
4nif~)tVn
veT%R(f$da%M
veirVyNe_
versionP=
cdP90v?l5g
-s1op.)
i_2edjL
a7#bGTE
+ 2 Y4EUm
t",#(FR5W]
d!s;"tr>2
6'%4;<=?{
5S~P |LEA
.ih4a9
@D+E5
,?/?.?)?(?+?*
l3Be&y
ToP4=
3aI.M
IFn{8
#w:o2S
ARY$W>
-D!NO
5ea d-
&(*oH
WENOH$
d[*HE
eL=g(
-F(CmT@
<>C<rVH
]ekaTm
ST@YAD
%12 .78
H,?A
RpEO:
ee}Eg
!aacR
c/voI
CI.ra
Sy:nU
c(LFE
nIF.C
"BySa
N*maC
WpE|M
bn&Ic
+AtSG
S&Dci
IdYs=
<!= >#?"?-
%'Ho
tNZS=i
UHds<D
{!ho
sH(R5
6rN?C
_6hRt
tTS_m
Ede =
e1H\
>=(73
[pi s
nc2ur
2Ogs
GnO0
i3aD
rF4A
HSeXO
OpFEG
ma4e
/OPR
`ORF
Rich YG
Isp[
ISWH
FDIN
MSKgd~
doI/
*dOn
,oRF
mCvoL
EpvFw
LHcev
Taw-
S]yE
E/Vh
Ho[L
peH:
%eVi
Oic,
ci\S
eH\l
=ICn

Foremost
Matches
0.exe, 181 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: user32.dll, kernel32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 235520
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 224054
Suspicous: False cancel

Sections
Allowed: .text, .rdata, .data, .rsrc,
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 6
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 6
Linker
Version: 11.0
Suspicious: False cancel
Subsystem
Version: 6.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 256982
Suspicious: False cancel

Anomalies
Anomalies: The Debug TimeDateStamp(s) and the file header TimeDateStamp do not match.
hasAnomalies: True check_circle

Libraries
Allowed: user32.dll, kernel32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-09-03 12:05:19
Future: False cancel

Compilation
Packed: True check_circle
Missing: False cancel
Packers: NeoLite v2.00, tElock 0.99 - 1.0 private -> tE!, tElock v0.98b1, CodeCrypt v0.16b - v0.163b, tElock v0.98, tElock 0.98 -> tE!
Compiled: False cancel
Compilers
MainPacker: tElock 0.98 -> tE!

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 81
.text: 3
.rdata: 1

pushpopmath
.rsrc: 38
.rdata: 1

ss register
.rsrc: 3

garbagebytes
.rsrc: 27
.text: 1

software breakpoint
.rsrc: 5

fakeconditionaljumps
.rsrc: 3

programcontrolflowchange
.rsrc: 24
.text: 1

cpuinstructionsresultscomparison
.rsrc: 6

AVclass
None
1
VirusTotal
md5
f04341e395606ff4454d1d9f49dc756e
sha1
ef6903ee73401c661abfe3e1c6247019ecb83113
SCANS (DETECTION RATE = 33.33%)
AVG
result: Win32:PWSX-gen [Trj]
update: 20200903
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20200903
version: 2.7.2019.1
detected: False cancel

MAX
update: 20200903
version: 2019.9.16.1
detected: False cancel

APEX
result: Malicious
update: 20200901
version: 6.66
detected: True check_circle

Bkav
result: W32.AIDetectVM.malware5
update: 20200903
version: 1.3.0.9899
detected: True check_circle

K7GW
update: 20200903
version: 11.133.35153
detected: False cancel

ALYac
update: 20200903
version: 1.1.1.5
detected: False cancel

Avast
result: Win32:PWSX-gen [Trj]
update: 20200903
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/Kryptik.hvdkh
update: 20200903
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
result: Malicious (score: 85)
update: 20200903
version: 4.0.0.24
detected: True check_circle

Cyren
result: W32/MSIL_Kryptik.AQG.gen!Eldorado
update: 20200903
version: 6.3.0.2
detected: True check_circle

DrWeb
result: Trojan.Siggen9.44167
update: 20200903
version: 7.0.48.8080
detected: True check_circle

GData
update: 20200903
version: A:25.26871B:27.20039
detected: False cancel

Panda
update: 20200903
version: 4.6.4.2
detected: False cancel

VBA32
result: BScope.Trojan.Vittalia
update: 20200903
version: 4.4.1
detected: True check_circle

VIPRE
update: 20200903
version: 86412
detected: False cancel

Zoner
update: 20200903
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20200903
version: 0.102.4.0
detected: False cancel

Comodo
result: TrojWare.Win32.TrojanDownloader.Dadobra.~AXN@498r4p
update: 20200728
version: 32668
detected: True check_circle

Ikarus
update: 20200903
version: 0.1.5.2
detected: False cancel

McAfee
update: 20200903
version: 6.0.6.653
detected: False cancel

Rising
result: Backdoor.Xtrat!1.6A25 (TFE:5:O0r80Ep3LQC)
update: 20200903
version: 25.0.0.26
detected: True check_circle

Sophos
update: 20200903
version: 4.98.0
detected: False cancel

Yandex
update: 20200901
version: 5.5.2.24
detected: False cancel

Zillya
update: 20200903
version: 2.0.0.4168
detected: False cancel

Acronis
update: 20200806
version: 1.1.1.77
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
update: 20200903
version: 1.0.0.881
detected: False cancel

Cylance
result: Unsafe
update: 20200903
version: 2.3.1.101
detected: True check_circle

Elastic
update: 20200831
version: 4.0.8
detected: False cancel

FireEye
result: Generic.mg.f04341e395606ff4
update: 20200903
version: 32.36.1.0
detected: True check_circle

Sangfor
update: 20200814
version: 1.0
detected: False cancel

TACHYON
update: 20200903
version: 2020-09-03.02
detected: False cancel

Tencent
update: 20200903
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20200903
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20200903
version: 1.0.0.403
detected: False cancel

eGambit
result: Unsafe.AI_Score_99%
update: 20200903
detected: True check_circle

Ad-Aware
update: 20200903
version: 3.0.16.117
detected: False cancel

AegisLab
update: 20200903
version: 4.2
detected: False cancel

F-Secure
result: Trojan.TR/Kryptik.hvdkh
update: 20200903
version: 12.0.86.52
detected: True check_circle

Fortinet
update: 20200903
version: 6.2.142.0
detected: False cancel

Invincea
result: Generic ML PUA (PUA)
update: 20200903
version: 1.0.1.0
detected: True check_circle

Jiangmin
update: 20200903
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200903
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20200903
version: 1.0
detected: False cancel

Symantec
result: ML.Attribute.HighConfidence
update: 20200903
version: 1.12.0.0
detected: True check_circle

AhnLab-V3
update: 20200903
version: 3.18.1.10026
detected: False cancel

Antiy-AVL
update: 20200903
version: 3.0.0.1
detected: False cancel

Kaspersky
update: 20200903
version: 15.0.1.13
detected: False cancel

MaxSecure
update: 20200902
version: 1.0.0.1
detected: False cancel

Microsoft
result: Trojan:Win32/Wacatac.C!ml
update: 20200903
version: 1.1.17400.5
detected: True check_circle

Qihoo-360
update: 20200903
version: 1.0.0.1120
detected: False cancel

ZoneAlarm
update: 20200903
version: 1.0
detected: False cancel

Cybereason
update: 20190616
version: 1.2.449
detected: False cancel

ESET-NOD32
result: a variant of MSIL/Kryptik.VSI
update: 20200903
version: 21929
detected: True check_circle

TrendMicro
result: TROJ_GEN.R002C0DG220
update: 20200903
version: 11.0.0.1006
detected: True check_circle

BitDefender
update: 20200903
version: 7.2
detected: False cancel

CrowdStrike
result: win/malicious_confidence_100% (D)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
update: 20200903
version: 11.133.35150
detected: False cancel

SentinelOne
update: 20200724
version: 4.4.0.0
detected: False cancel

Malwarebytes
update: 20200903
version: 3.6.4.335
detected: False cancel

TotalDefense
update: 20200902
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20200903
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20200903
version: 1.0.134.25140
detected: False cancel

BitDefenderTheta
result: Gen:NN.ZexaF.34216.luWcaWjETWhG
update: 20200902
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
update: 20200903
version: 14.0.409.0
detected: False cancel

SUPERAntiSpyware
update: 20200828
version: 5.6.0.1032
detected: False cancel

TrendMicro-HouseCall
result: TROJ_GEN.R002C0DG220
update: 20200903
version: 10.0.0.1040
detected: True check_circle

total
69
sha256
b3de9a36a53e2cf25aa9643cb66aa6b3f9d6ad4b7786b7e82bb3463e38cb610f
scan_id
b3de9a36a53e2cf25aa9643cb66aa6b3f9d6ad4b7786b7e82bb3463e38cb610f-1599146006
resource
f04341e395606ff4454d1d9f49dc756e
positives
23
scan_date
2020-09-03 15:13:26
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
3/9/2020 - 11:45:42.637Write4C:\Windows
3/9/2020 - 11:45:42.637Write4C:\System Volume Information\Syscache.hve.LOG1
3/9/2020 - 11:45:42.637Write4C:\System Volume Information\Syscache.hve.LOG1
3/9/2020 - 11:45:42.637Write4C:\System Volume Information\Syscache.hve.LOG1
3/9/2020 - 11:45:42.637Write4C:\System Volume Information\Syscache.hve.LOG1
3/9/2020 - 11:45:42.637Write4C:\System Volume Information\Syscache.hve.LOG1
3/9/2020 - 11:45:42.637Write4C:\System Volume Information\Syscache.hve.LOG1
3/9/2020 - 11:45:42.637Write4C:\System Volume Information\Syscache.hve
3/9/2020 - 11:45:42.653Write4C:\System Volume Information\Syscache.hve
3/9/2020 - 11:45:42.653Write4C:\System Volume Information\Syscache.hve
3/9/2020 - 11:45:42.653Write4C:\System Volume Information\Syscache.hve
3/9/2020 - 11:45:42.653Write4C:\System Volume Information\Syscache.hve
3/9/2020 - 11:45:42.653Write4C:\System Volume Information\Syscache.hve
3/9/2020 - 11:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
3/9/2020 - 11:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
3/9/2020 - 11:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
3/9/2020 - 11:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
3/9/2020 - 11:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
3/9/2020 - 11:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
3/9/2020 - 11:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
3/9/2020 - 11:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
3/9/2020 - 11:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
3/9/2020 - 11:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
3/9/2020 - 11:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2A359470CCE5204AE
3/9/2020 - 11:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2A359470CCE5204AETMP000000A2A359470CCE5204AE
3/9/2020 - 11:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
3/9/2020 - 11:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
3/9/2020 - 11:45:47.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
3/9/2020 - 11:45:47.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
3/9/2020 - 11:45:47.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
3/9/2020 - 11:45:47.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
3/9/2020 - 11:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A31CA33744560ABE7E
3/9/2020 - 11:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A31CA33744560ABE7ETMP000000A31CA33744560ABE7E
3/9/2020 - 11:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
3/9/2020 - 11:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
3/9/2020 - 11:45:47.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
3/9/2020 - 11:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A31CA33744560ABE7ETMP000000A31CA33744560ABE7E
3/9/2020 - 11:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
3/9/2020 - 11:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
3/9/2020 - 11:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
3/9/2020 - 11:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
3/9/2020 - 11:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
3/9/2020 - 11:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
3/9/2020 - 11:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
3/9/2020 - 11:45:47.872Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2A359470CCE5204AETMP000000A2A359470CCE5204AE
3/9/2020 - 11:45:47.872Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
3/9/2020 - 11:45:48.481Unknown4C:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
3/9/2020 - 11:45:48.481Write4C:\Monitor\Files\Logs\File.log
3/9/2020 - 11:45:48.481Unknown4C:\Monitor\Files\Logs\File.log
3/9/2020 - 11:45:52.450Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
3/9/2020 - 11:45:52.450Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
3/9/2020 - 11:45:52.450Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
3/9/2020 - 11:45:52.450Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
3/9/2020 - 11:45:52.465Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
3/9/2020 - 11:45:52.465Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
3/9/2020 - 11:45:52.465Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
3/9/2020 - 11:45:52.465Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
3/9/2020 - 11:45:52.465Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
3/9/2020 - 11:45:52.465Write4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
3/9/2020 - 11:45:52.465Write4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
3/9/2020 - 11:45:52.465Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
3/9/2020 - 11:45:52.465Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
3/9/2020 - 11:45:52.465Unknown4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
3/9/2020 - 11:45:52.465Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
3/9/2020 - 11:45:52.465Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
3/9/2020 - 11:45:52.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
3/9/2020 - 11:45:52.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
3/9/2020 - 11:45:52.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
3/9/2020 - 11:45:52.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
3/9/2020 - 11:45:54.481Write4C:\Windows
3/9/2020 - 11:45:54.481Write4C:\Monitor\Files\Logs\File.log
3/9/2020 - 11:45:54.497Unknown4C:\Monitor\Files\Logs\File.log
3/9/2020 - 11:45:58.965Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
3/9/2020 - 11:45:58.965Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
3/9/2020 - 11:45:58.965Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
3/9/2020 - 11:45:58.965Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
3/9/2020 - 11:45:58.965Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
3/9/2020 - 11:45:58.965Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
3/9/2020 - 11:45:58.965Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
3/9/2020 - 11:45:58.965Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
3/9/2020 - 11:45:58.965Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
3/9/2020 - 11:45:58.965Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
3/9/2020 - 11:46:0.465Write4C:\Monitor
3/9/2020 - 11:46:0.465Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
3/9/2020 - 11:46:2.481Write4C:\Monitor\Files\Logs\File.log
3/9/2020 - 11:46:2.481Unknown4C:\Monitor\Files\Logs\File.log
3/9/2020 - 11:46:6.653Unknown1752C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32
3/9/2020 - 11:46:7.731Write684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\Application.evtx
3/9/2020 - 11:46:7.731Write684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\Application.evtx
3/9/2020 - 11:46:8.559Write4C:\Windows\Temp
3/9/2020 - 11:46:10.481Write4C:\Windows\System32\winevt\Logs\Application.evtx
3/9/2020 - 11:46:10.481Write4C:\Windows\System32\winevt\Logs\Application.evtx
3/9/2020 - 11:46:10.497Unknown4C:\Windows\System32\winevt\Logs\Application.evtx
3/9/2020 - 11:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
3/9/2020 - 11:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
3/9/2020 - 11:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
3/9/2020 - 11:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
3/9/2020 - 11:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
3/9/2020 - 11:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
3/9/2020 - 11:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
3/9/2020 - 11:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
3/9/2020 - 11:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
3/9/2020 - 11:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
3/9/2020 - 11:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
3/9/2020 - 11:46:27.512Write4C:\System Volume Information\Syscache.hve
3/9/2020 - 11:46:27.512Write4C:\System Volume Information\Syscache.hve
3/9/2020 - 11:46:27.512Write4C:\System Volume Information\Syscache.hve
3/9/2020 - 11:46:27.512Write4C:\System Volume Information\Syscache.hve
3/9/2020 - 11:46:27.512Write4C:\System Volume Information\Syscache.hve
3/9/2020 - 11:46:27.512Write4C:\System Volume Information\Syscache.hve
3/9/2020 - 11:46:27.512Write4C:\System Volume Information\Syscache.hve
3/9/2020 - 11:46:27.512Write4C:\System Volume Information\Syscache.hve
3/9/2020 - 11:46:27.512Write4C:\System Volume Information\Syscache.hve
3/9/2020 - 11:46:27.512Write4C:\System Volume Information\Syscache.hve
3/9/2020 - 11:46:27.606Write4C:\System Volume Information\Syscache.hve
3/9/2020 - 11:46:29.12Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
3/9/2020 - 11:46:29.12Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
3/9/2020 - 11:46:29.12Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
3/9/2020 - 11:46:29.12Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
3/9/2020 - 11:46:29.12Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
3/9/2020 - 11:46:29.12Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
3/9/2020 - 11:46:29.12Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
3/9/2020 - 11:46:29.12Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
3/9/2020 - 11:46:29.12Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
3/9/2020 - 11:46:29.12Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
3/9/2020 - 11:46:29.12Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
3/9/2020 - 11:46:29.12Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
3/9/2020 - 11:46:30.465Write4C:\Monitor\Files\Logs\File.log
3/9/2020 - 11:46:30.465Unknown4C:\Monitor\Files\Logs\File.log
3/9/2020 - 11:46:32.481Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
3/9/2020 - 11:46:55.747Open528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
3/9/2020 - 11:46:55.747Unknown528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
3/9/2020 - 11:46:59.75Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
3/9/2020 - 11:46:59.75Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
3/9/2020 - 11:46:59.75Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
3/9/2020 - 11:46:59.75Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
3/9/2020 - 11:46:59.75Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
3/9/2020 - 11:46:59.75Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
3/9/2020 - 11:46:59.75Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
3/9/2020 - 11:46:59.75Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
3/9/2020 - 11:46:59.75Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
3/9/2020 - 11:46:59.75Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
3/9/2020 - 11:47:27.559Open1864C:\Windows\explorer.exeC:\
3/9/2020 - 11:47:27.559Unknown1864C:\Windows\explorer.exeC:\
3/9/2020 - 11:47:27.559Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
3/9/2020 - 11:47:29.137Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
3/9/2020 - 11:47:29.137Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
3/9/2020 - 11:47:29.137Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
3/9/2020 - 11:47:29.137Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
3/9/2020 - 11:47:29.137Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
3/9/2020 - 11:47:29.137Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
3/9/2020 - 11:47:29.137Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
3/9/2020 - 11:47:29.137Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
3/9/2020 - 11:47:29.137Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
3/9/2020 - 11:47:29.137Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
3/9/2020 - 11:47:29.465Write4C:\Monitor\Files\Logs\File.log
3/9/2020 - 11:47:29.465Unknown4C:\Monitor\Files\Logs\File.log
3/9/2020 - 11:47:32.465Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
3/9/2020 - 11:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot
3/9/2020 - 11:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot
3/9/2020 - 11:47:32.809Unknown1864C:\Windows\explorer.exeC:\Users\Behemot
3/9/2020 - 11:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 11:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 11:47:32.809Unknown1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 11:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes
3/9/2020 - 11:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
3/9/2020 - 11:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
3/9/2020 - 11:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
3/9/2020 - 11:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
3/9/2020 - 11:47:35.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
3/9/2020 - 11:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
3/9/2020 - 11:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
3/9/2020 - 11:47:35.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
3/9/2020 - 11:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
3/9/2020 - 11:47:35.856Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
3/9/2020 - 11:47:37.465Write4C:\Monitor\Files\Logs\File.log
3/9/2020 - 11:47:37.465Unknown4C:\Monitor\Files\Logs\File.log
3/9/2020 - 11:47:39.481Read1232C:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Windows Media Player\wmpnetwk.exe
3/9/2020 - 11:47:59.200Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
3/9/2020 - 11:47:59.200Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
3/9/2020 - 11:47:59.200Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
3/9/2020 - 11:47:59.200Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
3/9/2020 - 11:47:59.200Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
3/9/2020 - 11:47:59.200Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
3/9/2020 - 11:47:59.200Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
3/9/2020 - 11:47:59.200Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
3/9/2020 - 11:47:59.200Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
3/9/2020 - 11:47:59.200Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
3/9/2020 - 11:48:11.309Open4\Device\HarddiskVolume1\System Volume Information
3/9/2020 - 11:48:11.309Unknown4\Device\HarddiskVolume1\System Volume Information
3/9/2020 - 11:48:13.59Open4C:\System Volume Information
3/9/2020 - 11:48:13.59Open4C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
3/9/2020 - 11:48:13.59Open4C:\System Volume Information\{bcf7d7ec-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
3/9/2020 - 11:48:13.59Open4C:\System Volume Information\{bcf7d7f0-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
3/9/2020 - 11:48:13.59Unknown4C:\System Volume Information
3/9/2020 - 11:48:25.872Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
3/9/2020 - 11:48:25.872Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
3/9/2020 - 11:48:25.872Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
3/9/2020 - 11:48:25.872Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
3/9/2020 - 11:48:25.872Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
3/9/2020 - 11:48:25.872Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
3/9/2020 - 11:48:25.872Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
3/9/2020 - 11:48:25.872Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
3/9/2020 - 11:48:25.872Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
3/9/2020 - 11:48:25.872Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
3/9/2020 - 11:48:25.872Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
3/9/2020 - 11:48:25.872Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
3/9/2020 - 11:48:28.872Write4C:\Monitor\Files\Logs\File.log
3/9/2020 - 11:48:28.872Unknown4C:\Monitor\Files\Logs\File.log
3/9/2020 - 11:48:29.247Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
3/9/2020 - 11:48:29.247Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
3/9/2020 - 11:48:29.247Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
3/9/2020 - 11:48:29.247Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
3/9/2020 - 11:48:29.247Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
3/9/2020 - 11:48:29.247Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
3/9/2020 - 11:48:29.247Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
3/9/2020 - 11:48:29.247Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
3/9/2020 - 11:48:29.247Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
3/9/2020 - 11:48:29.247Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
3/9/2020 - 11:48:32.481Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
3/9/2020 - 11:48:59.293Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
3/9/2020 - 11:48:59.293Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
3/9/2020 - 11:48:59.293Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
3/9/2020 - 11:48:59.293Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
3/9/2020 - 11:48:59.293Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
3/9/2020 - 11:48:59.293Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
3/9/2020 - 11:48:59.293Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
3/9/2020 - 11:48:59.293Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
3/9/2020 - 11:48:59.293Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
3/9/2020 - 11:48:59.293Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
3/9/2020 - 11:48:59.293Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
3/9/2020 - 11:48:59.293Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
3/9/2020 - 11:49:2.293Write4C:\Monitor\Files\Logs\File.log
3/9/2020 - 11:49:2.293Unknown4C:\Monitor\Files\Logs\File.log
3/9/2020 - 11:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
3/9/2020 - 11:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
3/9/2020 - 11:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat
3/9/2020 - 11:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.datcontainer.dat
3/9/2020 - 11:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.dat
3/9/2020 - 11:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.datcontainer.dat
3/9/2020 - 11:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.dat
3/9/2020 - 11:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.datcontainer.dat
3/9/2020 - 11:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.dat
3/9/2020 - 11:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.datcontainer.dat
3/9/2020 - 11:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.dat
3/9/2020 - 11:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.datcontainer.dat
3/9/2020 - 11:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.dat
3/9/2020 - 11:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.datcontainer.dat
3/9/2020 - 11:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.dat
3/9/2020 - 11:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.datcontainer.dat
3/9/2020 - 11:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.dat
3/9/2020 - 11:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.datcontainer.dat
3/9/2020 - 11:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.dat
3/9/2020 - 11:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.datcontainer.dat
3/9/2020 - 11:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.dat
3/9/2020 - 11:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
3/9/2020 - 11:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.dat
3/9/2020 - 11:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.datcontainer.dat
3/9/2020 - 11:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.dat
3/9/2020 - 11:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.datcontainer.dat
3/9/2020 - 11:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
3/9/2020 - 11:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
3/9/2020 - 11:49:20.715Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
3/9/2020 - 11:49:20.762Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
3/9/2020 - 11:49:20.762Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
3/9/2020 - 11:49:20.856Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
3/9/2020 - 11:49:20.856Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
3/9/2020 - 11:49:20.950Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
3/9/2020 - 11:49:20.950Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
3/9/2020 - 11:49:20.950Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
3/9/2020 - 11:49:20.950Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
3/9/2020 - 11:49:20.950Read1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
3/9/2020 - 11:49:20.950Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
3/9/2020 - 11:49:20.997Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
3/9/2020 - 11:49:20.997Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
3/9/2020 - 11:49:20.997Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
3/9/2020 - 11:49:20.997Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
3/9/2020 - 11:49:21.43Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
3/9/2020 - 11:49:21.43Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
3/9/2020 - 11:49:21.90Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
3/9/2020 - 11:49:21.90Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
3/9/2020 - 11:49:21.90Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
3/9/2020 - 11:49:21.90Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
3/9/2020 - 11:49:21.90Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
3/9/2020 - 11:49:21.90Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
3/9/2020 - 11:49:23.715Write4C:\Monitor\Files\Logs\File.log
3/9/2020 - 11:49:23.715Unknown4C:\Monitor\Files\Logs\File.log
3/9/2020 - 11:49:25.872Unknown2360C:\Windows\System32\audiodg.exeC:\Windows
3/9/2020 - 11:49:27.512Read684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\System.evtx
3/9/2020 - 11:49:27.512Read684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\System.evtx
3/9/2020 - 11:49:29.340Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
3/9/2020 - 11:49:29.340Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
3/9/2020 - 11:49:29.340Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
3/9/2020 - 11:49:29.340Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
3/9/2020 - 11:49:29.340Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
3/9/2020 - 11:49:29.340Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
3/9/2020 - 11:49:29.340Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
3/9/2020 - 11:49:29.340Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
3/9/2020 - 11:49:29.340Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
3/9/2020 - 11:49:29.340Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
3/9/2020 - 11:49:29.340Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
3/9/2020 - 11:49:29.481Write4C:\Monitor\Files\Logs\File.log
3/9/2020 - 11:49:29.481Unknown4C:\Monitor\Files\Logs\File.log
3/9/2020 - 11:49:30.793Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
3/9/2020 - 11:49:30.793Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
3/9/2020 - 11:49:30.840Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
3/9/2020 - 11:49:30.840Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
3/9/2020 - 11:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
3/9/2020 - 11:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
3/9/2020 - 11:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
3/9/2020 - 11:49:30.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
3/9/2020 - 11:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
3/9/2020 - 11:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
3/9/2020 - 11:49:30.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
3/9/2020 - 11:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
3/9/2020 - 11:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
3/9/2020 - 11:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
3/9/2020 - 11:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
3/9/2020 - 11:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
3/9/2020 - 11:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
3/9/2020 - 11:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
3/9/2020 - 11:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
3/9/2020 - 11:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
3/9/2020 - 11:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
3/9/2020 - 11:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
3/9/2020 - 11:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
3/9/2020 - 11:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 11:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 11:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 11:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 11:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
3/9/2020 - 11:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
3/9/2020 - 11:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
3/9/2020 - 11:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
3/9/2020 - 11:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
3/9/2020 - 11:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
3/9/2020 - 11:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
3/9/2020 - 11:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
3/9/2020 - 11:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users
3/9/2020 - 11:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users
3/9/2020 - 11:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users
3/9/2020 - 11:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users
3/9/2020 - 11:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users
3/9/2020 - 11:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users
3/9/2020 - 11:49:30.887Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
3/9/2020 - 11:49:30.887Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
3/9/2020 - 11:49:30.887Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
3/9/2020 - 11:49:30.887Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
3/9/2020 - 11:49:30.887Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
3/9/2020 - 11:49:30.887Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
3/9/2020 - 11:49:30.887Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
3/9/2020 - 11:49:31.497Write4C:\Monitor\Files\Logs\File.log
3/9/2020 - 11:49:31.497Unknown4C:\Monitor\Files\Logs\File.log
3/9/2020 - 11:49:31.497Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
3/9/2020 - 11:49:31.497Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
3/9/2020 - 11:49:32.481Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

Process
Trace
3/9/2020 - 11:46:6.653Terminate564C:\Windows\System32\svchost.exe1752C:\Windows\System32\wbem\WmiPrvSE.exe
3/9/2020 - 11:49:25.872Terminate684C:\Windows\System32\svchost.exe2360C:\Windows\System32\audiodg.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
3/9/2020 - 11:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruListCurrentLru
3/9/2020 - 11:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectId
3/9/2020 - 11:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectLru
3/9/2020 - 11:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\1E_ObjectLru_
3/9/2020 - 11:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectId
3/9/2020 - 11:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectLru
3/9/2020 - 11:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3E_ObjectLru_
3/9/2020 - 11:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectId
3/9/2020 - 11:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectLru
3/9/2020 - 11:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3F_ObjectLru_
3/9/2020 - 11:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectId
3/9/2020 - 11:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectLru
3/9/2020 - 11:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\40_ObjectLru_
3/9/2020 - 11:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F3ObjectId
3/9/2020 - 11:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F3ObjectLru
3/9/2020 - 11:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\41_ObjectLru_

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 58.13%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 99.24%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 63.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 42.36%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.49%
suspicious: True check_circle

Add to Collection
Download