Report #11047 check_circle

  • Creation Date: Sept. 5, 2020, 1:47 p.m.
  • Last Update: Sept. 5, 2020, 1:52 p.m.
  • File: 050_locked.exe
  • Results:
Binary
DLL
False cancel
Size
553.00KB
trid
68.4% tElock compressed/encrypted Win32 executable
12.1% Win32 Dynamic Link Library
8.3% Win32 Executable
3.7% OS/2 Executable
3.6% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
e8ac6ec1170fed14143e002b175596ca
sha1
8d6791bd3a4287814ebe901e90fed51a95f5d2f7
crc32
0xf7996ebd
sha224
008cf50dae60ef0b6dc559eb7dbcdb084865e4e93a728f1ebfe26db5
sha256
08eb1892de6bb91814edfafd5adda8045c3ccf148dfaa9b69b9e23a402e882be
sha384
bba2350d6c049d34064b272f28beadd0e138d29298cba946be1633d033fbd77ae0b63567a73934406b7b0bd89de4fcf0
sha512
227f3cffdb077cb2a37f7196e634b416a18ab22e982e443568e2f0bad5de1b26228182a519bd2475de0dc492d26da432c1f5877c87a1ec323405ce24d5e7ba6a
ssdeep
12288:PAp4QzZZKGR1qordCFBBxF7HI+wKNedBQtIinvFtZfNW0TqY52:PAzfKG2ooFB17o+GBQmcTpNWPN
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
maldoc_getEIP_method_1, domain, tElock_098_tE, IsPacked, tElock_v098_additional, tElock_10_private_tE_additional, tElock_v098_tHE_EGOiSTE_h, CodeCrypt_v016b_v0163b_additional, tElock_V099_10_Private_tE, tElock_098_Special_Build_forgot_heXer, IsWindowsGUI, tElock_098_tE_additional, tElock_v098_tHE_EGOiSTE_h_additional, IsPE32, tElockv098tE, tElock_V099_V10_Private_tE, tElock_098_tHE_EGOiSTE_h, contentis_base64, tElock_10_private_tE, tElock_v098, tElockv098, tElock_098_Special_Build_forgot_heXer_additional, tElock098tE, tElock_v098_tE, tElock_v096, tElock_v098b1_tHE_EGOiSTE, NeoLite_v200_additional, tElock_v098b1_additional, tElock_v098b1, tElock_099_10_private_tE, tElock_v098_tHE_EGOiSTE

Suspicious
True check_circle

Strings
List
APY.ee
f.fI
z.CH
z.mO
TYr_
i%sG%6a`
%o5n`T/"
#%3oA~
F%EC^W
a%dC&
e%nO@
Ahd%sn|y
aUYE
hd%lGa
L.orj
P.ffe
1>_D.Ms
GetModuleHandleA
E@hg|
wAmV@6i1
OVtQ&G6EN8
VCLoua8S&
6"Ga3`/s
mI}}OV]R]00
|Boai6-1N
Hl(l;"'1O
Wa}477N
!\i2);h"
1W\\HMu^
o9+Mn:B/
:ip'ry\1
utf-8;"s
2th,MDcfu~
bh:y3Bicw
\Td}Ew10
:o&utpH
F9IT[=<
=o!3@NFNK
Y%UP`uoR$H
LS7"pBgu
~HRUA9P
qId?3}EA
S(euGn:3
6T=fa-sA
,[dc2e6
iUef`#H.
y%Dba=/?
IH<XTsEiBn
0L}~Id-
tvZiID&r
6aI/(hO
MO"D}`\
"{5L"~FT
S&c}E{{MD
u=nut5B
U3s;kaI
LZ2[Seo
PtC+5uI
5OLzE+h
[ap0Cw!
!G.USn1
WI1&Hd[
'2[hWOl
?Cta#nZ{
0rO>tCr
JyKd\ldAp
o*@';Pt
FA\go:\
i:]?THa
[ 0Fn 8i
{f<'ODGHV
Gn1Tl|%\5
n;0W.N%T_
n"UP9VD
Ow+N6sd
=ol+P|s
n&,oPb\
m:wg3HDT
C97?@pd7r
Fm:sH(3!
i)Nb"hup
]PadGP^I
w'{AveRT
2eS32yM
0|IOC
^1IWNB
IhFof59
Y7HE/
{IA5F
VA7E!{
se{|MUg
-&(t;.<wS
~d Em@2
oFT{/y
Lu*ht
O_TW*
HA)0&
2?=DJnrH
adF8o\
ira3`M

Foremost
Matches
0.exe, 553 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: user32.dll, kernel32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 2560
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 592052
Suspicous: False cancel

Sections
Allowed: .text, .rsrc,
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 6.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 662486
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: user32.dll, kernel32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-07-29 07:50:59
Future: False cancel

Compilation
Packed: True check_circle
Missing: False cancel
Packers: NeoLite v2.00, tElock 0.99 - 1.0 private -> tE!, tElock v0.98b1, CodeCrypt v0.16b - v0.163b, tElock v0.98, tElock 0.98 -> tE!
Compiled: False cancel
Compilers
MainPacker: tElock 0.98 -> tE!

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 2
.text: 315

pushpopmath
.rsrc: 3
.text: 142

ss register
.text: 4

garbagebytes
.rsrc: 1
.text: 123

hookdetection
.text: 11

software breakpoint
.text: 9

fakeconditionaljumps
.text: 11

programcontrolflowchange
.rsrc: 1
.text: 112

cpuinstructionsresultscomparison
.text: 2

AVclass
msilperseus
1
VirusTotal
md5
e8ac6ec1170fed14143e002b175596ca
sha1
8d6791bd3a4287814ebe901e90fed51a95f5d2f7
SCANS (DETECTION RATE = 36.76%)
AVG
result: Win32:Evo-gen [Susp]
update: 20200905
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20200905
version: 2.7.2019.1
detected: False cancel

MAX
result: malware (ai score=80)
update: 20200905
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200904
version: 6.67
detected: True check_circle

Bkav
update: 20200905
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20200905
version: 11.134.35174
detected: False cancel

ALYac
result: Gen:Variant.MSILPerseus.226598
update: 20200905
version: 1.1.1.5
detected: True check_circle

Avira
update: 20200905
version: 8.3.3.8
detected: False cancel

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
result: Malicious (score: 100)
update: 20200905
version: 4.0.0.24
detected: True check_circle

Cyren
update: 20200905
version: 6.3.0.2
detected: False cancel

DrWeb
update: 20200905
version: 7.0.48.8080
detected: False cancel

GData
result: Gen:Variant.MSILPerseus.226598
update: 20200905
version: A:25.26892B:27.20062
detected: True check_circle

Panda
update: 20200905
version: 4.6.4.2
detected: False cancel

VBA32
update: 20200904
version: 4.4.1
detected: False cancel

VIPRE
update: 20200905
version: 86464
detected: False cancel

Zoner
update: 20200904
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20200905
version: 0.102.4.0
detected: False cancel

Comodo
update: 20200728
version: 32668
detected: False cancel

Ikarus
update: 20200905
version: 0.1.5.2
detected: False cancel

McAfee
result: Fareit-FXU!A88E456F93D2
update: 20200905
version: 6.0.6.653
detected: True check_circle

Rising
update: 20200905
version: 25.0.0.26
detected: False cancel

Sophos
update: 20200905
version: 4.98.0
detected: False cancel

Yandex
update: 20200904
version: 5.5.2.24
detected: False cancel

Zillya
update: 20200904
version: 2.0.0.4169
detected: False cancel

Acronis
result: suspicious
update: 20200806
version: 1.1.1.77
detected: True check_circle

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
result: Trojan.MSILPerseus.D37526
update: 20200905
version: 1.0.0.881
detected: True check_circle

Cylance
update: 20200905
version: 2.3.1.101
detected: False cancel

Elastic
result: malicious (high confidence)
update: 20200831
version: 4.0.8
detected: True check_circle

FireEye
result: Generic.mg.e8ac6ec1170fed14
update: 20200905
version: 32.36.1.0
detected: True check_circle

Sangfor
update: 20200814
version: 1.0
detected: False cancel

TACHYON
update: 20200905
version: 2020-09-05.02
detected: False cancel

Tencent
update: 20200905
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20200905
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20200905
version: 1.0.0.403
detected: False cancel

eGambit
result: Unsafe.AI_Score_100%
update: 20200905
detected: True check_circle

Ad-Aware
result: Gen:Variant.MSILPerseus.226598
update: 20200905
version: 3.0.16.117
detected: True check_circle

AegisLab
update: 20200905
version: 4.2
detected: False cancel

F-Secure
update: 20200905
version: 12.0.86.52
detected: False cancel

Fortinet
result: MSIL/Agent.BMW!tr
update: 20200905
version: 6.2.142.0
detected: True check_circle

Invincea
result: Generic ML PUA (PUA)
update: 20200905
version: 1.0.1.0
detected: True check_circle

Jiangmin
update: 20200905
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200905
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20200905
version: 1.0
detected: False cancel

Symantec
result: ML.Attribute.HighConfidence
update: 20200904
version: 1.12.0.0
detected: True check_circle

AhnLab-V3
update: 20200905
version: 3.18.1.10026
detected: False cancel

Antiy-AVL
update: 20200905
version: 3.0.0.1
detected: False cancel

Kaspersky
result: HEUR:Trojan.MSIL.Crypt.gen
update: 20200905
version: 15.0.1.13
detected: True check_circle

MaxSecure
update: 20200905
version: 1.0.0.1
detected: False cancel

Microsoft
result: Trojan:MSIL/AgentTesla.GK!MTB
update: 20200905
version: 1.1.17400.5
detected: True check_circle

Qihoo-360
result: HEUR/QVM18.1.BA5F.Malware.Gen
update: 20200905
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: HEUR:Trojan.MSIL.Crypt.gen
update: 20200905
version: 1.0
detected: True check_circle

Cybereason
update: 20190616
version: 1.2.449
detected: False cancel

ESET-NOD32
update: 20200905
version: 21941
detected: False cancel

TrendMicro
update: 20200905
version: 11.0.0.1006
detected: False cancel

BitDefender
result: Gen:Variant.MSILPerseus.226598
update: 20200905
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_100% (D)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
update: 20200905
version: 11.134.35174
detected: False cancel

SentinelOne
result: DFI - Malicious PE
update: 20200724
version: 4.4.0.0
detected: True check_circle

Malwarebytes
update: 20200905
version: 3.6.4.335
detected: False cancel

TotalDefense
update: 20200905
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20200905
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20200905
version: 1.0.134.25140
detected: False cancel

BitDefenderTheta
result: Gen:NN.ZemsilF.34216.ImWcaSzEKDi
update: 20200902
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.MSILPerseus.226598
update: 20200905
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200904
version: 5.6.0.1032
detected: False cancel

TrendMicro-HouseCall
update: 20200905
version: 10.0.0.1040
detected: False cancel

total
68
sha256
08eb1892de6bb91814edfafd5adda8045c3ccf148dfaa9b69b9e23a402e882be
scan_id
08eb1892de6bb91814edfafd5adda8045c3ccf148dfaa9b69b9e23a402e882be-1599324471
resource
e8ac6ec1170fed14143e002b175596ca
positives
25
scan_date
2020-09-05 16:47:51
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
5/9/2020 - 12:45:42.497Write4C:\Windows
5/9/2020 - 12:45:42.512Write4C:\System Volume Information\Syscache.hve.LOG1
5/9/2020 - 12:45:42.528Write4C:\System Volume Information\Syscache.hve.LOG1
5/9/2020 - 12:45:42.528Write4C:\System Volume Information\Syscache.hve.LOG1
5/9/2020 - 12:45:42.528Write4C:\System Volume Information\Syscache.hve.LOG1
5/9/2020 - 12:45:42.528Write4C:\System Volume Information\Syscache.hve.LOG1
5/9/2020 - 12:45:42.528Write4C:\System Volume Information\Syscache.hve.LOG1
5/9/2020 - 12:45:42.528Write4C:\System Volume Information\Syscache.hve
5/9/2020 - 12:45:42.543Write4C:\System Volume Information\Syscache.hve
5/9/2020 - 12:45:42.543Write4C:\System Volume Information\Syscache.hve
5/9/2020 - 12:45:42.543Write4C:\System Volume Information\Syscache.hve
5/9/2020 - 12:45:42.543Write4C:\System Volume Information\Syscache.hve
5/9/2020 - 12:45:42.543Write4C:\System Volume Information\Syscache.hve
5/9/2020 - 12:45:43.481Unknown4C:\Users\Behemot\Desktop\desktop.ini
5/9/2020 - 12:45:43.481Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
5/9/2020 - 12:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
5/9/2020 - 12:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
5/9/2020 - 12:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
5/9/2020 - 12:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
5/9/2020 - 12:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
5/9/2020 - 12:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
5/9/2020 - 12:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
5/9/2020 - 12:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
5/9/2020 - 12:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
5/9/2020 - 12:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
5/9/2020 - 12:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2A359470CCE5204AE
5/9/2020 - 12:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2A359470CCE5204AETMP000000A2A359470CCE5204AE
5/9/2020 - 12:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
5/9/2020 - 12:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
5/9/2020 - 12:45:47.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
5/9/2020 - 12:45:47.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
5/9/2020 - 12:45:47.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
5/9/2020 - 12:45:47.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
5/9/2020 - 12:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A31CA33744560ABE7E
5/9/2020 - 12:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A31CA33744560ABE7ETMP000000A31CA33744560ABE7E
5/9/2020 - 12:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
5/9/2020 - 12:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
5/9/2020 - 12:45:47.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
5/9/2020 - 12:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A31CA33744560ABE7ETMP000000A31CA33744560ABE7E
5/9/2020 - 12:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
5/9/2020 - 12:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
5/9/2020 - 12:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
5/9/2020 - 12:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
5/9/2020 - 12:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
5/9/2020 - 12:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
5/9/2020 - 12:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
5/9/2020 - 12:45:47.872Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
5/9/2020 - 12:45:47.918Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2A359470CCE5204AETMP000000A2A359470CCE5204AE
5/9/2020 - 12:45:49.465Unknown4C:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
5/9/2020 - 12:45:49.465Write4C:\Monitor\Files\Logs\File.log
5/9/2020 - 12:45:49.465Unknown4C:\Monitor\Files\Logs\File.log
5/9/2020 - 12:45:52.325Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
5/9/2020 - 12:45:52.325Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
5/9/2020 - 12:45:52.325Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
5/9/2020 - 12:45:52.325Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
5/9/2020 - 12:45:52.356Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
5/9/2020 - 12:45:52.356Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
5/9/2020 - 12:45:52.356Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
5/9/2020 - 12:45:52.356Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
5/9/2020 - 12:45:52.356Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
5/9/2020 - 12:45:52.356Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
5/9/2020 - 12:45:52.356Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
5/9/2020 - 12:45:52.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
5/9/2020 - 12:45:52.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
5/9/2020 - 12:45:52.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
5/9/2020 - 12:45:52.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
5/9/2020 - 12:45:53.481Write4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
5/9/2020 - 12:45:53.481Write4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
5/9/2020 - 12:45:53.481Write4C:\Monitor\Files\Logs\File.log
5/9/2020 - 12:45:53.481Unknown4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
5/9/2020 - 12:45:53.497Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
5/9/2020 - 12:45:53.497Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
5/9/2020 - 12:45:53.497Unknown4C:\Monitor\Files\Logs\File.log
5/9/2020 - 12:45:57.465Write4C:\Windows
5/9/2020 - 12:45:58.950Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
5/9/2020 - 12:45:58.950Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
5/9/2020 - 12:45:58.950Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
5/9/2020 - 12:45:58.950Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
5/9/2020 - 12:45:58.950Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
5/9/2020 - 12:45:58.950Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
5/9/2020 - 12:45:58.950Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
5/9/2020 - 12:45:58.950Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
5/9/2020 - 12:45:58.950Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
5/9/2020 - 12:45:58.950Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
5/9/2020 - 12:45:58.950Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
5/9/2020 - 12:45:59.465Write4C:\Monitor
5/9/2020 - 12:45:59.465Write4C:\Monitor\Files\Logs\File.log
5/9/2020 - 12:45:59.465Unknown4C:\Monitor\Files\Logs\File.log
5/9/2020 - 12:46:6.668Unknown1752C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32
5/9/2020 - 12:46:7.606Write684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\Application.evtx
5/9/2020 - 12:46:7.606Write684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\Application.evtx
5/9/2020 - 12:46:11.497Write4C:\Windows\Temp
5/9/2020 - 12:46:11.497Write4C:\Windows\System32\winevt\Logs\Application.evtx
5/9/2020 - 12:46:11.512Write4C:\Windows\System32\winevt\Logs\Application.evtx
5/9/2020 - 12:46:11.528Unknown4C:\Windows\System32\winevt\Logs\Application.evtx
5/9/2020 - 12:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
5/9/2020 - 12:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
5/9/2020 - 12:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
5/9/2020 - 12:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
5/9/2020 - 12:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
5/9/2020 - 12:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
5/9/2020 - 12:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
5/9/2020 - 12:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
5/9/2020 - 12:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
5/9/2020 - 12:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
5/9/2020 - 12:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
5/9/2020 - 12:46:27.512Write4C:\System Volume Information\Syscache.hve
5/9/2020 - 12:46:27.512Write4C:\System Volume Information\Syscache.hve
5/9/2020 - 12:46:27.512Write4C:\System Volume Information\Syscache.hve
5/9/2020 - 12:46:27.512Write4C:\System Volume Information\Syscache.hve
5/9/2020 - 12:46:27.512Write4C:\System Volume Information\Syscache.hve
5/9/2020 - 12:46:27.512Write4C:\System Volume Information\Syscache.hve
5/9/2020 - 12:46:27.512Write4C:\System Volume Information\Syscache.hve
5/9/2020 - 12:46:27.512Write4C:\System Volume Information\Syscache.hve
5/9/2020 - 12:46:27.512Write4C:\System Volume Information\Syscache.hve
5/9/2020 - 12:46:27.512Write4C:\System Volume Information\Syscache.hve
5/9/2020 - 12:46:27.606Write4C:\System Volume Information\Syscache.hve
5/9/2020 - 12:46:29.12Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
5/9/2020 - 12:46:29.12Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
5/9/2020 - 12:46:29.12Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
5/9/2020 - 12:46:29.12Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
5/9/2020 - 12:46:29.12Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
5/9/2020 - 12:46:29.12Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
5/9/2020 - 12:46:29.12Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
5/9/2020 - 12:46:29.12Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
5/9/2020 - 12:46:29.12Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
5/9/2020 - 12:46:29.12Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
5/9/2020 - 12:46:29.12Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
5/9/2020 - 12:46:29.12Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
5/9/2020 - 12:46:30.512Write4C:\Monitor\Files\Logs\File.log
5/9/2020 - 12:46:30.512Unknown4C:\Monitor\Files\Logs\File.log
5/9/2020 - 12:46:32.465Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
5/9/2020 - 12:46:55.731Open528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
5/9/2020 - 12:46:55.731Unknown528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
5/9/2020 - 12:46:59.59Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
5/9/2020 - 12:46:59.59Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
5/9/2020 - 12:46:59.59Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
5/9/2020 - 12:46:59.59Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
5/9/2020 - 12:46:59.59Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
5/9/2020 - 12:46:59.59Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
5/9/2020 - 12:46:59.59Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
5/9/2020 - 12:46:59.59Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
5/9/2020 - 12:46:59.59Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
5/9/2020 - 12:46:59.59Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
5/9/2020 - 12:46:59.59Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
5/9/2020 - 12:47:0.465Write4C:\Monitor\Files\Logs\File.log
5/9/2020 - 12:47:0.465Unknown4C:\Monitor\Files\Logs\File.log
5/9/2020 - 12:47:27.575Open1864C:\Windows\explorer.exeC:\
5/9/2020 - 12:47:27.575Unknown1864C:\Windows\explorer.exeC:\
5/9/2020 - 12:47:29.122Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
5/9/2020 - 12:47:29.122Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
5/9/2020 - 12:47:29.122Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
5/9/2020 - 12:47:29.122Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
5/9/2020 - 12:47:29.122Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
5/9/2020 - 12:47:29.122Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
5/9/2020 - 12:47:29.122Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
5/9/2020 - 12:47:29.122Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
5/9/2020 - 12:47:29.122Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
5/9/2020 - 12:47:29.122Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
5/9/2020 - 12:47:32.497Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
5/9/2020 - 12:47:32.825Open1864C:\Windows\explorer.exeC:\Users\Behemot
5/9/2020 - 12:47:32.825Open1864C:\Windows\explorer.exeC:\Users\Behemot
5/9/2020 - 12:47:32.825Unknown1864C:\Windows\explorer.exeC:\Users\Behemot
5/9/2020 - 12:47:32.825Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
5/9/2020 - 12:47:32.825Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
5/9/2020 - 12:47:32.825Unknown1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
5/9/2020 - 12:47:32.825Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes
5/9/2020 - 12:47:32.825Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
5/9/2020 - 12:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
5/9/2020 - 12:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
5/9/2020 - 12:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
5/9/2020 - 12:47:35.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
5/9/2020 - 12:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
5/9/2020 - 12:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
5/9/2020 - 12:47:35.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
5/9/2020 - 12:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
5/9/2020 - 12:47:35.856Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
5/9/2020 - 12:47:37.465Write4C:\Monitor\Files\Logs\File.log
5/9/2020 - 12:47:37.465Unknown4C:\Monitor\Files\Logs\File.log
5/9/2020 - 12:47:39.528Read1232C:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Windows Media Player\wmpnetwk.exe
5/9/2020 - 12:47:59.168Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
5/9/2020 - 12:47:59.168Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
5/9/2020 - 12:47:59.168Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
5/9/2020 - 12:47:59.168Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
5/9/2020 - 12:47:59.168Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
5/9/2020 - 12:47:59.168Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
5/9/2020 - 12:47:59.168Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
5/9/2020 - 12:47:59.168Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
5/9/2020 - 12:47:59.168Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
5/9/2020 - 12:47:59.168Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
5/9/2020 - 12:48:11.309Open4\Device\HarddiskVolume1\System Volume Information
5/9/2020 - 12:48:11.309Unknown4\Device\HarddiskVolume1\System Volume Information
5/9/2020 - 12:48:13.59Open4C:\System Volume Information
5/9/2020 - 12:48:13.59Open4C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
5/9/2020 - 12:48:13.59Open4C:\System Volume Information\{bcf7d7ec-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
5/9/2020 - 12:48:13.59Open4C:\System Volume Information\{bcf7d7f0-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
5/9/2020 - 12:48:13.59Unknown4C:\System Volume Information
5/9/2020 - 12:48:25.887Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
5/9/2020 - 12:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
5/9/2020 - 12:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
5/9/2020 - 12:48:25.887Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
5/9/2020 - 12:48:25.887Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
5/9/2020 - 12:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
5/9/2020 - 12:48:25.887Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
5/9/2020 - 12:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
5/9/2020 - 12:48:25.887Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
5/9/2020 - 12:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
5/9/2020 - 12:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
5/9/2020 - 12:48:25.887Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
5/9/2020 - 12:48:28.887Write4C:\Monitor\Files\Logs\File.log
5/9/2020 - 12:48:28.887Unknown4C:\Monitor\Files\Logs\File.log
5/9/2020 - 12:48:29.215Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
5/9/2020 - 12:48:29.215Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
5/9/2020 - 12:48:29.215Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
5/9/2020 - 12:48:29.215Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
5/9/2020 - 12:48:29.215Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
5/9/2020 - 12:48:29.215Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
5/9/2020 - 12:48:29.215Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
5/9/2020 - 12:48:29.215Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
5/9/2020 - 12:48:29.215Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
5/9/2020 - 12:48:29.215Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
5/9/2020 - 12:48:32.497Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
5/9/2020 - 12:48:59.262Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
5/9/2020 - 12:48:59.262Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
5/9/2020 - 12:48:59.262Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
5/9/2020 - 12:48:59.262Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
5/9/2020 - 12:48:59.262Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
5/9/2020 - 12:48:59.262Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
5/9/2020 - 12:48:59.262Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
5/9/2020 - 12:48:59.262Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
5/9/2020 - 12:48:59.262Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
5/9/2020 - 12:48:59.262Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
5/9/2020 - 12:48:59.262Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
5/9/2020 - 12:48:59.262Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
5/9/2020 - 12:49:2.262Write4C:\Monitor\Files\Logs\File.log
5/9/2020 - 12:49:2.278Unknown4C:\Monitor\Files\Logs\File.log
5/9/2020 - 12:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
5/9/2020 - 12:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
5/9/2020 - 12:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat
5/9/2020 - 12:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.datcontainer.dat
5/9/2020 - 12:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.dat
5/9/2020 - 12:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.datcontainer.dat
5/9/2020 - 12:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.dat
5/9/2020 - 12:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.datcontainer.dat
5/9/2020 - 12:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.dat
5/9/2020 - 12:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.datcontainer.dat
5/9/2020 - 12:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.dat
5/9/2020 - 12:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.datcontainer.dat
5/9/2020 - 12:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.dat
5/9/2020 - 12:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.datcontainer.dat
5/9/2020 - 12:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.dat
5/9/2020 - 12:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.datcontainer.dat
5/9/2020 - 12:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.dat
5/9/2020 - 12:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.datcontainer.dat
5/9/2020 - 12:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.dat
5/9/2020 - 12:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.datcontainer.dat
5/9/2020 - 12:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.dat
5/9/2020 - 12:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
5/9/2020 - 12:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.dat
5/9/2020 - 12:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.datcontainer.dat
5/9/2020 - 12:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.dat
5/9/2020 - 12:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.datcontainer.dat
5/9/2020 - 12:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
5/9/2020 - 12:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
5/9/2020 - 12:49:20.684Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
5/9/2020 - 12:49:20.731Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
5/9/2020 - 12:49:20.731Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
5/9/2020 - 12:49:20.825Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
5/9/2020 - 12:49:20.825Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
5/9/2020 - 12:49:20.825Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
5/9/2020 - 12:49:20.918Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
5/9/2020 - 12:49:20.918Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
5/9/2020 - 12:49:20.918Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
5/9/2020 - 12:49:20.918Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
5/9/2020 - 12:49:20.918Read1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
5/9/2020 - 12:49:20.965Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
5/9/2020 - 12:49:20.965Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
5/9/2020 - 12:49:20.965Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
5/9/2020 - 12:49:20.965Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
5/9/2020 - 12:49:21.12Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
5/9/2020 - 12:49:21.12Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
5/9/2020 - 12:49:21.59Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
5/9/2020 - 12:49:21.59Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
5/9/2020 - 12:49:21.59Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
5/9/2020 - 12:49:21.59Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
5/9/2020 - 12:49:21.59Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
5/9/2020 - 12:49:21.59Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
5/9/2020 - 12:49:23.684Write4C:\Monitor\Files\Logs\File.log
5/9/2020 - 12:49:23.684Unknown4C:\Monitor\Files\Logs\File.log
5/9/2020 - 12:49:25.887Unknown2360C:\Windows\System32\audiodg.exeC:\Windows
5/9/2020 - 12:49:27.497Read684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\System.evtx
5/9/2020 - 12:49:27.497Read684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\System.evtx
5/9/2020 - 12:49:29.325Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
5/9/2020 - 12:49:29.325Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
5/9/2020 - 12:49:29.325Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
5/9/2020 - 12:49:29.325Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
5/9/2020 - 12:49:29.325Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
5/9/2020 - 12:49:29.325Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
5/9/2020 - 12:49:29.325Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
5/9/2020 - 12:49:29.325Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
5/9/2020 - 12:49:29.325Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
5/9/2020 - 12:49:29.325Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
5/9/2020 - 12:49:29.325Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
5/9/2020 - 12:49:29.465Write4C:\Monitor\Files\Logs\File.log
5/9/2020 - 12:49:29.465Unknown4C:\Monitor\Files\Logs\File.log
5/9/2020 - 12:49:30.731Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
5/9/2020 - 12:49:30.731Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
5/9/2020 - 12:49:30.778Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
5/9/2020 - 12:49:30.778Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
5/9/2020 - 12:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
5/9/2020 - 12:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
5/9/2020 - 12:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
5/9/2020 - 12:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
5/9/2020 - 12:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
5/9/2020 - 12:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
5/9/2020 - 12:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
5/9/2020 - 12:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
5/9/2020 - 12:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
5/9/2020 - 12:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
5/9/2020 - 12:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
5/9/2020 - 12:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
5/9/2020 - 12:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
5/9/2020 - 12:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
5/9/2020 - 12:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
5/9/2020 - 12:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
5/9/2020 - 12:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
5/9/2020 - 12:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
5/9/2020 - 12:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
5/9/2020 - 12:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
5/9/2020 - 12:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
5/9/2020 - 12:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
5/9/2020 - 12:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
5/9/2020 - 12:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users
5/9/2020 - 12:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users
5/9/2020 - 12:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users
5/9/2020 - 12:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users
5/9/2020 - 12:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users
5/9/2020 - 12:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users
5/9/2020 - 12:49:30.825Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
5/9/2020 - 12:49:30.825Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
5/9/2020 - 12:49:30.825Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
5/9/2020 - 12:49:30.825Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
5/9/2020 - 12:49:30.825Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
5/9/2020 - 12:49:30.825Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
5/9/2020 - 12:49:30.825Write2004C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
5/9/2020 - 12:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
5/9/2020 - 12:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
5/9/2020 - 12:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
5/9/2020 - 12:49:30.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
5/9/2020 - 12:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
5/9/2020 - 12:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
5/9/2020 - 12:49:30.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
5/9/2020 - 12:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
5/9/2020 - 12:49:31.481Write4C:\Monitor\Files\Logs\File.log
5/9/2020 - 12:49:31.481Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
5/9/2020 - 12:49:31.481Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
5/9/2020 - 12:49:31.481Unknown4C:\Monitor\Files\Logs\File.log
5/9/2020 - 12:49:32.465Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

Process
Trace
5/9/2020 - 12:46:6.668Terminate564C:\Windows\System32\svchost.exe1752C:\Windows\System32\wbem\WmiPrvSE.exe
5/9/2020 - 12:49:25.887Terminate684C:\Windows\System32\svchost.exe2360C:\Windows\System32\audiodg.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
5/9/2020 - 12:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruListCurrentLru
5/9/2020 - 12:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectId
5/9/2020 - 12:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectLru
5/9/2020 - 12:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\1E_ObjectLru_
5/9/2020 - 12:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectId
5/9/2020 - 12:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectLru
5/9/2020 - 12:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3E_ObjectLru_
5/9/2020 - 12:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectId
5/9/2020 - 12:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectLru
5/9/2020 - 12:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3F_ObjectLru_
5/9/2020 - 12:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectId
5/9/2020 - 12:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectLru
5/9/2020 - 12:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\40_ObjectLru_
5/9/2020 - 12:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F3ObjectId
5/9/2020 - 12:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F3ObjectLru
5/9/2020 - 12:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\41_ObjectLru_

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 61.25%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 51.60%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 61.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 58.66%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 98.15%
suspicious: True check_circle

Add to Collection
Download