Report #11130 check_circle

  • Creation Date: Sept. 8, 2020, 12:53 a.m.
  • Last Update: Sept. 8, 2020, 12:58 a.m.
  • File: 7z1900-x64.exe
  • Results:
Binary
DLL
False cancel
Size
1.38MB
trid
41.0% Win32 Executable MS Visual C++
36.3% Win64 Executable
8.6% Win32 Dynamic Link Library
5.9% Win32 Executable
2.6% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
d7b20f933be6cdae41efbe75548eba5f
sha1
9fa11a63b43f83980e0b48dc9ba2cb59d545a4e8
crc32
0xb235448d
sha224
536471d07eccc034c0ca86951e892b03b5d2e35a80d066532e7ecb8e
sha256
0f5d4dbbe5e55b7aa31b91e5925ed901fdf46a367491d81381846f05ad54c45e
sha384
7be088b9087018b08de51d4718f32eb6103a14601262e481a0db8669f1ab5323f6e90814551f485a9838f4d99ba6791f
sha512
af8f38679e16c996ffac152cac49369cf4b609abbd2cad07f49a114a82c6b5e564be29630c0fd2418110cf1a3d0ef3c9cc12f9164a69a575c91d9b98ce0df1a9
ssdeep
24576:D4EspaiGhP1x+96UBz1V/7hw5CILSbvCDpmdLq9zyMfNyAGW6xRZzXeyNbgQF1:D4CiI1k9/HYCtMpK2zyM45fzuYbgQF1
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, Armadillo_v171_additional, Microsoft_Visual_Cpp_v60, CRC32_poly_Constant, escalate_priv, HasRichSignature, possible_includes_base64_packed_functions, Microsoft_Visual_Cpp_v50v60_MFC_additional, Microsoft_Visual_Cpp_v50v60_MFC, win_files_operation, IsPE32, IP, contentis_base64, Armadillo_v171, win_token, Microsoft_Visual_Cpp_50, IsWindowsGUI, IsPacked, Microsoft_Visual_Cpp, url, win_registry, HasOverlay

Suspicious
True check_circle

Strings
List
<asmv3:application><asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
M.sr
t.NG
E.Im
D.gE
o2.Ph
L.ai
Software\Microsoft\Windows\CurrentVersion\App Paths\7zFM.exe
a.uS
-.Se
k.MT
m.VG
W.Md
0.bB
S.SX
5.gm
Ht.Hu>
<dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"/></dependentAssembly></dependency>
Uninstall.exe
7zipInstall.exe
l.UZ
9.pK
2.aX
C$rDP(%e
(mAc.Sn
7-Zip File Manager.lnk
Software\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
7-Zip Help.lnk
Axr.nck
!2.afh
%E#o}%
Wversion.dll
*."3
[(weL
WhI:&
vI:<!E
<Rdn
td&ovL
hrmd&PKE
s|%4o}@
%uxoS/5i
/%E2{
2tO%E|
|OI%E_'`
6R3%a
H%Gr{R}
%e-&@
/T}%ol
da2l%A
Apartment
S%gcR(n
fDEc
tryMk
N%psy
wO%et
p%ehS
Software\Microsoft\Windows\CurrentVersion
foMk%i
mNe%oQ
]R%gE zM@ap
Software\7-Zip
R $%a
Decoder doesn't support this archive
SeShutdownPrivilege
<!-- Win 8.1 --> <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<!-- Win 8 --> <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<!-- Win 7 --> <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<!-- Win 10 --> <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
&Install
Install 7-Zip
7-zip.chm
7-zip.dll
7-zip.dll
7-zip32.dll
7-zip32.dll
F&u.Cc{l
p.hbx]
_acmdln
GetProcAddress
IsWow64Process
7zipInstall
v.ST}.
sRdp
OpenProcessToken
CoCreateInstance
UninstallString
InstallLocation
CreateFileW
RegSetValueExW
GetModuleHandleA
LoadLibraryExW
SetFilePointer
WriteFile
DeleteFileW
CreateDirectoryW
LoadLibraryW
GetModuleFileNameW
SetFileTime
MoveFileExW

Foremost
Matches
0.exe, 36 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed: http://schemas.microsoft.com/smi/2005/windowssettings
hasURLs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Files
Allowed: Wversion.dll, kernel32.dll, 7-zip.dll, 7-zip32.dll, ADVAPI32.dll, MSVCRT.dll, SHELL32.dll, ole32.dll, USER32.dll
hasFiles: True check_circle
Suspicious: 7-Zip Help.lnk, 7-Zip File Manager.lnk
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 19456
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rdata, .data, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 6.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 29524
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: kernel32.dll, advapi32.dll, msvcrt.dll, shell32.dll, ole32.dll, user32.dll
hasLibs: True check_circle
Suspicious: wversion.dll, 7-zip.dll, 7-zip32.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2019-02-21 14:00:00
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ v6.0, Microsoft Visual C++ 5.0, Microsoft Visual C++
MainPacker: Armadillo v1.71

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 1

pushpopmath
.rsrc: 1
.text: 1
.rdata: 1

garbagebytes
.text: 1

hookdetection
.text: 1

programcontrolflowchange
.text: 1

cpuinstructionsresultscomparison
.rsrc: 4

AVclass
None
1
VirusTotal
md5
d7b20f933be6cdae41efbe75548eba5f
sha1
9fa11a63b43f83980e0b48dc9ba2cb59d545a4e8
SCANS (DETECTION RATE = 0.00%)
AVG
update: 20200908
version: 18.4.3895.0
detected: False cancel

CMC
update: 20200907
version: 2.7.2019.1
detected: False cancel

MAX
update: 20200908
version: 2019.9.16.1
detected: False cancel

APEX
update: 20200907
version: 6.68
detected: False cancel

Bkav
update: 20200907
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20200908
version: 11.135.35190
detected: False cancel

ALYac
update: 20200908
version: 1.1.1.5
detected: False cancel

Avast
update: 20200908
version: 18.4.3895.0
detected: False cancel

Avira
update: 20200908
version: 8.3.3.8
detected: False cancel

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
update: 20200905
version: 4.0.0.24
detected: False cancel

Cyren
update: 20200908
version: 6.3.0.2
detected: False cancel

DrWeb
update: 20200908
version: 7.0.48.8080
detected: False cancel

GData
update: 20200908
version: A:25.26925B:27.20092
detected: False cancel

Panda
update: 20200907
version: 4.6.4.2
detected: False cancel

VBA32
update: 20200907
version: 4.4.1
detected: False cancel

VIPRE
update: 20200908
version: 86524
detected: False cancel

Zoner
update: 20200907
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20200907
version: 0.102.4.0
detected: False cancel

Comodo
update: 20200728
version: 32668
detected: False cancel

Ikarus
update: 20200907
version: 0.1.5.2
detected: False cancel

McAfee
update: 20200908
version: 6.0.6.653
detected: False cancel

Rising
update: 20200907
version: 25.0.0.26
detected: False cancel

Sophos
update: 20200908
version: 4.98.0
detected: False cancel

Yandex
update: 20200907
version: 5.5.2.24
detected: False cancel

Zillya
update: 20200907
version: 2.0.0.4170
detected: False cancel

Acronis
update: 20200806
version: 1.1.1.77
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
update: 20200908
version: 1.0.0.881
detected: False cancel

Cylance
update: 20200908
version: 2.3.1.101
detected: False cancel

Elastic
update: 20200831
version: 4.0.8
detected: False cancel

FireEye
update: 20200908
version: 32.36.1.0
detected: False cancel

Sangfor
update: 20200814
version: 1.0
detected: False cancel

TACHYON
update: 20200908
version: 2020-09-08.01
detected: False cancel

Tencent
update: 20200908
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20200907
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20200908
version: 1.0.0.403
detected: False cancel

eGambit
update: 20200908
detected: False cancel

Ad-Aware
update: 20200908
version: 3.0.16.117
detected: False cancel

AegisLab
update: 20200908
version: 4.2
detected: False cancel

Emsisoft
update: 20200908
version: 2018.12.0.1641
detected: False cancel

F-Secure
update: 20200908
version: 12.0.86.52
detected: False cancel

Fortinet
update: 20200908
version: 6.2.142.0
detected: False cancel

Invincea
update: 20200908
version: 1.0.1.0
detected: False cancel

Jiangmin
update: 20200907
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200908
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20200908
version: 1.0
detected: False cancel

Symantec
update: 20200907
version: 1.12.0.0
detected: False cancel

AhnLab-V3
update: 20200907
version: 3.18.1.10026
detected: False cancel

Antiy-AVL
update: 20200908
version: 3.0.0.1
detected: False cancel

Kaspersky
update: 20200907
version: 15.0.1.13
detected: False cancel

MaxSecure
update: 20200907
version: 1.0.0.1
detected: False cancel

Microsoft
update: 20200908
version: 1.1.17400.5
detected: False cancel

Qihoo-360
update: 20200908
version: 1.0.0.1120
detected: False cancel

ZoneAlarm
update: 20200908
version: 1.0
detected: False cancel

Cybereason
update: 20190616
version: 1.2.449
detected: False cancel

ESET-NOD32
update: 20200908
version: 21952
detected: False cancel

TrendMicro
update: 20200908
version: 11.0.0.1006
detected: False cancel

BitDefender
update: 20200908
version: 7.2
detected: False cancel

CrowdStrike
update: 20190702
version: 1.0
detected: False cancel

K7AntiVirus
update: 20200907
version: 11.135.35188
detected: False cancel

SentinelOne
update: 20200724
version: 4.4.0.0
detected: False cancel

Malwarebytes
update: 20200908
version: 3.6.4.335
detected: False cancel

TotalDefense
update: 20200907
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20200907
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20200908
version: 1.0.134.25140
detected: False cancel

BitDefenderTheta
update: 20200902
version: 7.2.37796.0
detected: False cancel

MicroWorld-eScan
update: 20200908
version: 14.0.409.0
detected: False cancel

SUPERAntiSpyware
update: 20200904
version: 5.6.0.1032
detected: False cancel

TrendMicro-HouseCall
update: 20200908
version: 10.0.0.1040
detected: False cancel

total
70
sha256
0f5d4dbbe5e55b7aa31b91e5925ed901fdf46a367491d81381846f05ad54c45e
scan_id
0f5d4dbbe5e55b7aa31b91e5925ed901fdf46a367491d81381846f05ad54c45e-1599534619
resource
d7b20f933be6cdae41efbe75548eba5f
positives
0
scan_date
2020-09-08 03:10:19
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
7/9/2020 - 23:45:35.481Unknown4C:\Users\Behemot\Desktop\desktop.ini
7/9/2020 - 23:45:35.481Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
7/9/2020 - 23:45:35.747Unknown1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.dbthumbcache_idx.db
7/9/2020 - 23:45:37.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
7/9/2020 - 23:45:37.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
7/9/2020 - 23:45:37.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
7/9/2020 - 23:45:37.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
7/9/2020 - 23:45:37.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
7/9/2020 - 23:45:37.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
7/9/2020 - 23:45:37.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
7/9/2020 - 23:45:37.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
7/9/2020 - 23:45:37.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
7/9/2020 - 23:45:37.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
7/9/2020 - 23:45:37.856Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A13589B7957053C575
7/9/2020 - 23:45:37.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A13589B7957053C575TMP000000A13589B7957053C575
7/9/2020 - 23:45:37.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
7/9/2020 - 23:45:37.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
7/9/2020 - 23:45:37.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
7/9/2020 - 23:45:37.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
7/9/2020 - 23:45:37.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
7/9/2020 - 23:45:37.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
7/9/2020 - 23:45:37.856Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2AF46498673C01EB8
7/9/2020 - 23:45:37.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2AF46498673C01EB8TMP000000A2AF46498673C01EB8
7/9/2020 - 23:45:37.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
7/9/2020 - 23:45:37.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
7/9/2020 - 23:45:37.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
7/9/2020 - 23:45:37.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2AF46498673C01EB8TMP000000A2AF46498673C01EB8
7/9/2020 - 23:45:37.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
7/9/2020 - 23:45:37.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
7/9/2020 - 23:45:37.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
7/9/2020 - 23:45:37.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
7/9/2020 - 23:45:37.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
7/9/2020 - 23:45:37.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
7/9/2020 - 23:45:37.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
7/9/2020 - 23:45:37.872Write2416C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
7/9/2020 - 23:45:37.918Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A13589B7957053C575TMP000000A13589B7957053C575
7/9/2020 - 23:45:39.465Unknown4C:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
7/9/2020 - 23:45:39.465Write4C:\Monitor\Files\Logs\File.log
7/9/2020 - 23:45:39.465Unknown4C:\Monitor\Files\Logs\File.log
7/9/2020 - 23:45:40.731Open528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
7/9/2020 - 23:45:40.731Unknown528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
7/9/2020 - 23:45:42.497Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
7/9/2020 - 23:45:42.497Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
7/9/2020 - 23:45:42.497Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
7/9/2020 - 23:45:42.497Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
7/9/2020 - 23:45:42.512Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
7/9/2020 - 23:45:42.512Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
7/9/2020 - 23:45:42.512Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
7/9/2020 - 23:45:42.512Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
7/9/2020 - 23:45:42.512Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
7/9/2020 - 23:45:42.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
7/9/2020 - 23:45:42.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
7/9/2020 - 23:45:42.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
7/9/2020 - 23:45:42.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
7/9/2020 - 23:45:42.856Write2416C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
7/9/2020 - 23:45:42.856Write2416C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
7/9/2020 - 23:45:43.497Write4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
7/9/2020 - 23:45:43.497Write4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
7/9/2020 - 23:45:43.497Write4C:\Monitor\Files\Logs\File.log
7/9/2020 - 23:45:43.497Unknown4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
7/9/2020 - 23:45:43.497Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
7/9/2020 - 23:45:43.497Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
7/9/2020 - 23:45:43.497Unknown4C:\Monitor\Files\Logs\File.log
7/9/2020 - 23:45:47.465Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
7/9/2020 - 23:45:49.481Write4C:\Windows
7/9/2020 - 23:45:58.950Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
7/9/2020 - 23:45:58.950Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
7/9/2020 - 23:45:58.950Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
7/9/2020 - 23:45:58.950Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
7/9/2020 - 23:45:58.950Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
7/9/2020 - 23:45:58.950Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
7/9/2020 - 23:45:58.950Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
7/9/2020 - 23:45:58.950Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
7/9/2020 - 23:45:58.950Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
7/9/2020 - 23:45:58.950Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
7/9/2020 - 23:46:6.637Unknown1752C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32
7/9/2020 - 23:46:9.497Write4C:\Windows\Temp
7/9/2020 - 23:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
7/9/2020 - 23:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
7/9/2020 - 23:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
7/9/2020 - 23:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
7/9/2020 - 23:46:27.418Write2416C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
7/9/2020 - 23:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
7/9/2020 - 23:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
7/9/2020 - 23:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
7/9/2020 - 23:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
7/9/2020 - 23:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
7/9/2020 - 23:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
7/9/2020 - 23:46:27.418Write4C:\System Volume Information\Syscache.hve
7/9/2020 - 23:46:27.418Write4C:\System Volume Information\Syscache.hve
7/9/2020 - 23:46:27.418Write4C:\System Volume Information\Syscache.hve
7/9/2020 - 23:46:27.434Write4C:\System Volume Information\Syscache.hve
7/9/2020 - 23:46:27.434Write4C:\System Volume Information\Syscache.hve
7/9/2020 - 23:46:27.434Write4C:\System Volume Information\Syscache.hve
7/9/2020 - 23:46:27.434Write4C:\System Volume Information\Syscache.hve
7/9/2020 - 23:46:27.434Write4C:\System Volume Information\Syscache.hve
7/9/2020 - 23:46:27.434Write4C:\System Volume Information\Syscache.hve
7/9/2020 - 23:46:27.528Write4C:\System Volume Information\Syscache.hve
7/9/2020 - 23:46:29.28Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
7/9/2020 - 23:46:29.28Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
7/9/2020 - 23:46:29.28Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
7/9/2020 - 23:46:29.28Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
7/9/2020 - 23:46:29.28Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
7/9/2020 - 23:46:29.28Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
7/9/2020 - 23:46:29.28Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
7/9/2020 - 23:46:29.28Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
7/9/2020 - 23:46:29.28Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
7/9/2020 - 23:46:29.28Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
7/9/2020 - 23:46:30.434Write4C:\Monitor\Files\Logs\File.log
7/9/2020 - 23:46:30.434Unknown4C:\Monitor\Files\Logs\File.log
7/9/2020 - 23:46:47.481Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
7/9/2020 - 23:46:47.481Write2416C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
7/9/2020 - 23:46:47.481Write2416C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
7/9/2020 - 23:46:49.497Write4C:\Monitor\Files\Logs\File.log
7/9/2020 - 23:46:49.497Unknown4C:\Monitor\Files\Logs\File.log
7/9/2020 - 23:46:55.731Open528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
7/9/2020 - 23:46:55.731Unknown528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
7/9/2020 - 23:46:59.106Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
7/9/2020 - 23:46:59.106Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
7/9/2020 - 23:46:59.106Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
7/9/2020 - 23:46:59.106Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
7/9/2020 - 23:46:59.106Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
7/9/2020 - 23:46:59.106Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
7/9/2020 - 23:46:59.106Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
7/9/2020 - 23:46:59.106Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
7/9/2020 - 23:46:59.106Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
7/9/2020 - 23:46:59.106Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
7/9/2020 - 23:47:27.559Open1864C:\Windows\explorer.exeC:\
7/9/2020 - 23:47:27.559Unknown1864C:\Windows\explorer.exeC:\
7/9/2020 - 23:47:29.153Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
7/9/2020 - 23:47:29.153Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
7/9/2020 - 23:47:29.153Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
7/9/2020 - 23:47:29.153Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
7/9/2020 - 23:47:29.153Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
7/9/2020 - 23:47:29.153Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
7/9/2020 - 23:47:29.153Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
7/9/2020 - 23:47:29.153Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
7/9/2020 - 23:47:29.153Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
7/9/2020 - 23:47:29.153Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
7/9/2020 - 23:47:29.153Write2416C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
7/9/2020 - 23:47:29.481Write4C:\Monitor\Files\Logs\File.log
7/9/2020 - 23:47:29.481Unknown4C:\Monitor\Files\Logs\File.log
7/9/2020 - 23:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot
7/9/2020 - 23:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot
7/9/2020 - 23:47:32.809Unknown1864C:\Windows\explorer.exeC:\Users\Behemot
7/9/2020 - 23:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
7/9/2020 - 23:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
7/9/2020 - 23:47:32.809Unknown1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
7/9/2020 - 23:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes
7/9/2020 - 23:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
7/9/2020 - 23:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
7/9/2020 - 23:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
7/9/2020 - 23:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
7/9/2020 - 23:47:35.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
7/9/2020 - 23:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
7/9/2020 - 23:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
7/9/2020 - 23:47:35.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
7/9/2020 - 23:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
7/9/2020 - 23:47:39.653Read1232C:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Windows Media Player\wmpnetwk.exe
7/9/2020 - 23:47:47.481Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
7/9/2020 - 23:47:59.215Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
7/9/2020 - 23:47:59.215Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
7/9/2020 - 23:47:59.215Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
7/9/2020 - 23:47:59.215Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
7/9/2020 - 23:47:59.215Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
7/9/2020 - 23:47:59.215Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
7/9/2020 - 23:47:59.215Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
7/9/2020 - 23:47:59.215Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
7/9/2020 - 23:47:59.215Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
7/9/2020 - 23:47:59.215Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
7/9/2020 - 23:47:59.215Write2416C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
7/9/2020 - 23:48:2.215Write4C:\Monitor\Files\Logs\File.log
7/9/2020 - 23:48:2.215Unknown4C:\Monitor\Files\Logs\File.log
7/9/2020 - 23:48:11.309Open4\Device\HarddiskVolume1\System Volume Information
7/9/2020 - 23:48:11.309Unknown4\Device\HarddiskVolume1\System Volume Information
7/9/2020 - 23:48:13.59Open4C:\System Volume Information
7/9/2020 - 23:48:13.59Open4C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
7/9/2020 - 23:48:13.59Open4C:\System Volume Information\{bcf7d7ec-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
7/9/2020 - 23:48:13.59Open4C:\System Volume Information\{bcf7d7f0-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
7/9/2020 - 23:48:13.59Unknown4C:\System Volume Information
7/9/2020 - 23:48:25.887Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
7/9/2020 - 23:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
7/9/2020 - 23:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
7/9/2020 - 23:48:25.887Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
7/9/2020 - 23:48:25.887Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
7/9/2020 - 23:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
7/9/2020 - 23:48:25.887Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
7/9/2020 - 23:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
7/9/2020 - 23:48:25.887Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
7/9/2020 - 23:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
7/9/2020 - 23:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
7/9/2020 - 23:48:29.262Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
7/9/2020 - 23:48:29.262Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
7/9/2020 - 23:48:29.262Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
7/9/2020 - 23:48:29.262Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
7/9/2020 - 23:48:29.262Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
7/9/2020 - 23:48:29.262Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
7/9/2020 - 23:48:29.262Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
7/9/2020 - 23:48:29.262Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
7/9/2020 - 23:48:29.262Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
7/9/2020 - 23:48:29.262Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
7/9/2020 - 23:48:29.262Write2416C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
7/9/2020 - 23:48:32.262Write4C:\Monitor\Files\Logs\File.log
7/9/2020 - 23:48:32.262Unknown4C:\Monitor\Files\Logs\File.log
7/9/2020 - 23:48:47.481Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
7/9/2020 - 23:48:59.309Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
7/9/2020 - 23:48:59.309Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
7/9/2020 - 23:48:59.309Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
7/9/2020 - 23:48:59.309Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
7/9/2020 - 23:48:59.309Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
7/9/2020 - 23:48:59.309Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
7/9/2020 - 23:48:59.309Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
7/9/2020 - 23:48:59.309Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
7/9/2020 - 23:48:59.309Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
7/9/2020 - 23:48:59.309Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
7/9/2020 - 23:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
7/9/2020 - 23:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
7/9/2020 - 23:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat
7/9/2020 - 23:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.datcontainer.dat
7/9/2020 - 23:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.dat
7/9/2020 - 23:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.datcontainer.dat
7/9/2020 - 23:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.dat
7/9/2020 - 23:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.datcontainer.dat
7/9/2020 - 23:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.dat
7/9/2020 - 23:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.datcontainer.dat
7/9/2020 - 23:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.dat
7/9/2020 - 23:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.datcontainer.dat
7/9/2020 - 23:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.dat
7/9/2020 - 23:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.datcontainer.dat
7/9/2020 - 23:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.dat
7/9/2020 - 23:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.datcontainer.dat
7/9/2020 - 23:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.dat
7/9/2020 - 23:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.datcontainer.dat
7/9/2020 - 23:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.dat
7/9/2020 - 23:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.datcontainer.dat
7/9/2020 - 23:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.dat
7/9/2020 - 23:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
7/9/2020 - 23:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.dat
7/9/2020 - 23:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.datcontainer.dat
7/9/2020 - 23:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.dat
7/9/2020 - 23:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.datcontainer.dat
7/9/2020 - 23:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
7/9/2020 - 23:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
7/9/2020 - 23:49:20.715Write2416C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
7/9/2020 - 23:49:20.715Write2416C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
7/9/2020 - 23:49:20.715Write2416C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
7/9/2020 - 23:49:20.762Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
7/9/2020 - 23:49:20.762Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
7/9/2020 - 23:49:20.856Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
7/9/2020 - 23:49:20.856Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
7/9/2020 - 23:49:20.950Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
7/9/2020 - 23:49:20.950Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
7/9/2020 - 23:49:20.950Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
7/9/2020 - 23:49:20.950Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
7/9/2020 - 23:49:20.950Read1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
7/9/2020 - 23:49:20.997Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
7/9/2020 - 23:49:20.997Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
7/9/2020 - 23:49:20.997Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
7/9/2020 - 23:49:20.997Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
7/9/2020 - 23:49:21.43Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
7/9/2020 - 23:49:21.43Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
7/9/2020 - 23:49:21.43Write2416C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
7/9/2020 - 23:49:21.90Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
7/9/2020 - 23:49:21.90Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
7/9/2020 - 23:49:21.90Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
7/9/2020 - 23:49:21.90Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
7/9/2020 - 23:49:21.90Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
7/9/2020 - 23:49:21.90Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
7/9/2020 - 23:49:23.715Write4C:\Monitor\Files\Logs\File.log
7/9/2020 - 23:49:23.809Unknown4C:\Monitor\Files\Logs\File.log
7/9/2020 - 23:49:25.903Unknown2360C:\Windows\System32\audiodg.exeC:\Windows
7/9/2020 - 23:49:27.497Read684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\System.evtx
7/9/2020 - 23:49:27.497Read684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\System.evtx
7/9/2020 - 23:49:29.372Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
7/9/2020 - 23:49:29.372Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
7/9/2020 - 23:49:29.372Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
7/9/2020 - 23:49:29.372Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
7/9/2020 - 23:49:29.372Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
7/9/2020 - 23:49:29.372Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
7/9/2020 - 23:49:29.372Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
7/9/2020 - 23:49:29.372Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
7/9/2020 - 23:49:29.372Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
7/9/2020 - 23:49:29.372Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
7/9/2020 - 23:49:30.778Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
7/9/2020 - 23:49:30.778Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
7/9/2020 - 23:49:30.778Write2416C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
7/9/2020 - 23:49:30.825Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
7/9/2020 - 23:49:30.825Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
7/9/2020 - 23:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
7/9/2020 - 23:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
7/9/2020 - 23:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
7/9/2020 - 23:49:30.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
7/9/2020 - 23:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
7/9/2020 - 23:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
7/9/2020 - 23:49:30.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
7/9/2020 - 23:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
7/9/2020 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
7/9/2020 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
7/9/2020 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
7/9/2020 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
7/9/2020 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
7/9/2020 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
7/9/2020 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
7/9/2020 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
7/9/2020 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
7/9/2020 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
7/9/2020 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
7/9/2020 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
7/9/2020 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
7/9/2020 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
7/9/2020 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
7/9/2020 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
7/9/2020 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
7/9/2020 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
7/9/2020 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
7/9/2020 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
7/9/2020 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
7/9/2020 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
7/9/2020 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
7/9/2020 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users
7/9/2020 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users
7/9/2020 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users
7/9/2020 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users
7/9/2020 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users
7/9/2020 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users
7/9/2020 - 23:49:30.872Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
7/9/2020 - 23:49:30.872Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
7/9/2020 - 23:49:30.872Write2416C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
7/9/2020 - 23:49:30.872Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
7/9/2020 - 23:49:30.872Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
7/9/2020 - 23:49:30.872Write2416C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
7/9/2020 - 23:49:30.887Write2416C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
7/9/2020 - 23:49:31.481Write4C:\Monitor\Files\Logs\File.log
7/9/2020 - 23:49:31.481Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
7/9/2020 - 23:49:31.481Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
7/9/2020 - 23:49:31.575Unknown4C:\Monitor\Files\Logs\File.log

Process
Trace
7/9/2020 - 23:46:6.637Terminate564C:\Windows\System32\svchost.exe1752C:\Windows\System32\wbem\WmiPrvSE.exe
7/9/2020 - 23:49:25.903Terminate684C:\Windows\System32\svchost.exe2360C:\Windows\System32\audiodg.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
7/9/2020 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruListCurrentLru
7/9/2020 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectId
7/9/2020 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectLru
7/9/2020 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\1E_ObjectLru_
7/9/2020 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectId
7/9/2020 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectLru
7/9/2020 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3E_ObjectLru_
7/9/2020 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectId
7/9/2020 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectLru
7/9/2020 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3F_ObjectLru_
7/9/2020 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectId
7/9/2020 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectLru
7/9/2020 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\40_ObjectLru_

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 63.75%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 61.12%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 64.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 54.73%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.92%
suspicious: False cancel

Add to Collection
Download