Report #11628 check_circle

  • Creation Date: Sept. 21, 2020, 5:48 p.m.
  • Last Update: Sept. 21, 2020, 5:53 p.m.
  • File: Cs44XY.exe
  • Results:
Binary
DLL
False cancel
Size
16.00KB
trid
82.0% Win64 Executable
6.0% OS/2 Executable
5.9% Generic Win/DOS Executable
5.9% DOS Executable Generic
type
PE
wordsize
64
Subsystem
Windows CLI
Hashes
md5
9dec12cc55b6d52362f3c9ea8caf45a8
sha1
c8c9f4ac2b0868b1bda6e9f3d4f696cecdf632b3
crc32
0xa5b8909d
sha224
40b48f25587ebd8be8b9ef3526e4deaf706c75b68d13cc96dfdf605c
sha256
da64e159ec27514c83de836fae6de6e8098a24d5e62e73616891e16b85677d23
sha384
17e403d9f094862b063f50d2b4b8233fb1baefb4debe3b9bb6a2ecaee7eb9a411f95d0e2f9a2a670f978aacb3e18167a
sha512
1436be92941fbef4c2e691e9f5ed3dbfaceebea8aaa09ec390343e349939b0d8d356049a296abdcdf6bd932fa1b01f6b5829b65e8906d86469cadc4ec9433ff4
ssdeep
192:X1x6FCpayfsml5mSOOjPHr/YdT32zlzBVxbeMZjuVHg/deMgyGtUkZKLYLmBWaH5:X6Y0mPgEA121BVfZm6gyTknaBWQGWR
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, IsPE64, IP, contentis_base64, IsConsole, Microsoft_Visual_Cpp_80, HasDebugData, HasOverlay, Microsoft_Visual_Cpp_80_DLL, HasRichSignature

Suspicious
True check_circle

Strings
List
subst.pdb
ntdll.dll
ulib.dll
name="Microsoft.Windows.Filesystem.Subst"
<requestedPrivileges>
TerminateProcess
QueryPerformanceCounter
GetModuleHandleW
Microsoft Corporation. All rights reserved.
GetTickCount
Sleep
<requestedExecutionLevel
version="5.1.0.0"
Subst.Exe
??1ARRAY@@UEAA@XZ
??1PATH@@UEAA@XZ
10.0.10240.16384
??1OBJECT@@UEAA@XZ
??0STREAM_MESSAGE@@QEAA@XZ
??1STREAM_MESSAGE@@UEAA@XZ
_commode
type="win32"
_initterm
10.0.10240.16384 (th1.150709-1700)
.CRT$XCAA
.CRT$XIAA
<assemblyIdentity
__setusermatherr
.text$mn$00
__C_specific_handler
__set_app_type
_amsg_exit
__getmainargs
_XcptFilter
uiAccess="false"
?terminate@@YAXXZ
level="asInvoker"
Microsoft
Microsoft Corporation
</assembly>
.CRT$XIY
CompanyName
`.rdata
ProductName
UVWAVAWH
LcA<E3
H3E H3E
StringFileInfo
FileVersion
FileDescription
OriginalFilename
InternalName
VarFileInfo
Translation
@.data
_cexit
_fmode
_exit
Rich\
HcA<H
Subst Utility
UAVAWH
@.rsrc
Subst
<security>
</security>
GCTL
RSDS
Windows
?GetPattern@ARGUMENT@@QEAAPEAVWSTRING@@XZ
?Get_Standard_Output_Stream@@YAPEAVSTREAM@@XZ
!This program cannot be run in DOS mode.
VS_VERSION_INFO
processorArchitecture="amd64"
<!-- Copyright (c) Microsoft Corporation -->
?Initialize@STREAM_MESSAGE@@QEAAEPEAVSTREAM@@00@Z
?PrepareToParse@ARGUMENT_LEXEMIZER@@QEAAEPEAVWSTRING@@@Z
?GetLexemeAt@ARGUMENT_LEXEMIZER@@QEAAPEAVWSTRING@@K@Z
??0ARGUMENT_LEXEMIZER@@QEAA@XZ
??1ARGUMENT_LEXEMIZER@@UEAA@XZ
?QueryInvalidArgument@ARGUMENT_LEXEMIZER@@QEAAPEAVWSTRING@@XZ
?QueryWSTR@WSTRING@@QEBAPEAGKKPEAGKE@Z
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
?PutSeparators@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?Display@MESSAGE@@QEAAEPEBDZZ
?DoParsing@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QEAAXE@Z
?PutSwitches@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?Get_Standard_Error_Stream@@YAPEAVSTREAM@@XZ
?QueryDirectory@SYSTEM@@SAPEAVFSN_DIRECTORY@@PEBVPATH@@E@Z
??1STRING_ARGUMENT@@UEAA@XZ
??0STRING_ARGUMENT@@QEAA@XZ
?IsValueSet@ARGUMENT@@QEAAEXZ
?Strupr@WSTRING@@QEAAPEAV1@XZ
?Set@STREAM_MESSAGE@@UEAAEKW4MESSAGE_TYPE@@K@Z
?Initialize@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
??0FLAG_ARGUMENT@@QEAA@XZ
??1PATH_ARGUMENT@@UEAA@XZ
??0PATH_ARGUMENT@@QEAA@XZ
?Get_Standard_Input_Stream@@YAPEAVSTREAM@@XZ

Foremost
Matches
None
Suspicious
False cancel
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: KERNEL32.dll, msvcrt.dll, ntdll.dll, ulib.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 10240
Suspicious: False cancel
Image
Address: 5368709120
Suspicious: False cancel
Stack
Stack: 8192
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 36280
Suspicous: False cancel

Sections
Allowed: .text, .rdata, .data, .pdata, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 10
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 10
Linker
Version: 12.10
Suspicious: False cancel
Subsystem
Version: 10.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 8624
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: kernel32.dll, msvcrt.dll, ntdll.dll, ulib.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2015-07-10 00:15:10
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8.0 (DLL), Microsoft Visual C++ 8.0

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
False cancel
Tricks
AVclass
None
1
VirusTotal
md5
9dec12cc55b6d52362f3c9ea8caf45a8
sha1
c8c9f4ac2b0868b1bda6e9f3d4f696cecdf632b3
SCANS (DETECTION RATE = 0.00%)
AVG
update: 20181001
version: 18.4.3895.0
detected: False cancel

CMC
update: 20181001
version: 1.1.0.977
detected: False cancel

MAX
update: 20181001
version: 2018.9.12.1
detected: False cancel

Bkav
update: 20181001
version: 1.3.0.9898
detected: False cancel

K7GW
update: 20181001
version: 11.5.28556
detected: False cancel

ALYac
update: 20181001
version: 1.1.1.5
detected: False cancel

Avast
update: 20181001
version: 18.4.3895.0
detected: False cancel

Avira
update: 20181001
version: 8.3.3.6
detected: False cancel

Baidu
update: 20180930
version: 1.0.0.2
detected: False cancel

Cyren
update: 20181001
version: 6.0.0.4
detected: False cancel

DrWeb
update: 20181001
version: 7.0.33.6080
detected: False cancel

GData
update: 20181001
version: A:25.18729B:25.13346
detected: False cancel

Panda
update: 20181001
version: 4.6.4.2
detected: False cancel

VBA32
update: 20181001
version: 3.33.0
detected: False cancel

VIPRE
update: 20181001
version: 69976
detected: False cancel

Zoner
update: 20180927
version: 1.0
detected: False cancel

AVware
update: 20180925
version: 1.6.0.52
detected: False cancel

ClamAV
update: 20181001
version: 0.100.1.0
detected: False cancel

Comodo
update: 20181001
detected: False cancel

F-Prot
update: 20181001
version: 4.7.1.166
detected: False cancel

Ikarus
update: 20181001
version: 0.1.5.2
detected: False cancel

McAfee
update: 20181001
version: 6.0.6.653
detected: False cancel

Rising
update: 20181001
version: 25.0.0.24
detected: False cancel

Sophos
update: 20181001
version: 4.98.0
detected: False cancel

Yandex
update: 20180927
version: 5.5.1.3
detected: False cancel

Zillya
update: 20180928
version: 2.0.0.3658
detected: False cancel

Alibaba
update: 20180921
version: 0.1.0.2
detected: False cancel

Arcabit
update: 20181001
version: 1.0.0.833
detected: False cancel

Babable
update: 20180918
version: 9107201
detected: False cancel

Cylance
update: 20181001
version: 2.3.1.101
detected: False cancel

Endgame
update: 20180730
version: 3.0.1
detected: False cancel

TACHYON
update: 20181001
version: 2018-10-01.02
detected: False cancel

Tencent
update: 20181001
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20181001
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20181001
version: 1.0.0.403
detected: False cancel

eGambit
update: 20181001
detected: False cancel

Ad-Aware
update: 20181001
version: 3.0.5.370
detected: False cancel

AegisLab
update: 20181001
version: 4.2
detected: False cancel

Emsisoft
update: 20181001
version: 2018.4.0.1029
detected: False cancel

F-Secure
update: 20181001
version: 11.0.19100.45
detected: False cancel

Fortinet
update: 20181001
version: 5.4.247.0
detected: False cancel

Invincea
update: 20180717
version: 6.3.5.26121
detected: False cancel

Jiangmin
update: 20181001
version: 16.0.100
detected: False cancel

Kingsoft
update: 20181001
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20181001
version: 1.0
detected: False cancel

Symantec
update: 20181001
version: 1.7.0.0
detected: False cancel

AhnLab-V3
update: 20181001
version: 3.13.1.21616
detected: False cancel

Antiy-AVL
update: 20181001
version: 3.0.0.1
detected: False cancel

Kaspersky
update: 20181001
version: 15.0.1.13
detected: False cancel

Microsoft
update: 20181001
version: 1.1.15300.6
detected: False cancel

Qihoo-360
update: 20181001
version: 1.0.0.1120
detected: False cancel

TheHacker
update: 20181001
version: 6.8.0.5.3723
detected: False cancel

ZoneAlarm
update: 20180925
version: 1.0
detected: False cancel

Cybereason
update: 20180225
version: 1.2.27
detected: False cancel

ESET-NOD32
update: 20181001
version: 18141
detected: False cancel

TrendMicro
update: 20181001
version: 10.0.0.1040
detected: False cancel

BitDefender
update: 20181001
version: 7.2
detected: False cancel

CrowdStrike
update: 20180723
version: 1.0
detected: False cancel

K7AntiVirus
update: 20181001
version: 11.5.28557
detected: False cancel

SentinelOne
update: 20180926
version: 1.0.19.242
detected: False cancel

Avast-Mobile
update: 20181001
version: 181001-00
detected: False cancel

Malwarebytes
update: 20181001
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20181001
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20181001
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20181001
version: 1.0.134.24036
detected: False cancel

MicroWorld-eScan
update: 20181001
version: 14.0.297.0
detected: False cancel

SUPERAntiSpyware
update: 20180907
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
update: 20181001
version: v2017.3010
detected: False cancel

TrendMicro-HouseCall
update: 20181001
version: 10.0.0.1040
detected: False cancel

total
69
sha256
da64e159ec27514c83de836fae6de6e8098a24d5e62e73616891e16b85677d23
scan_id
da64e159ec27514c83de836fae6de6e8098a24d5e62e73616891e16b85677d23-1538398340
resource
9dec12cc55b6d52362f3c9ea8caf45a8
positives
0
scan_date
2018-10-01 12:52:20
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
21/9/2020 - 16:45:43.481Unknown4C:\Users\Behemot\Desktop\desktop.ini
21/9/2020 - 16:45:43.481Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/9/2020 - 16:45:47.497Write4C:\Windows
21/9/2020 - 16:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/9/2020 - 16:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/9/2020 - 16:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/9/2020 - 16:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/9/2020 - 16:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/9/2020 - 16:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/9/2020 - 16:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/9/2020 - 16:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/9/2020 - 16:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/9/2020 - 16:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/9/2020 - 16:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26
21/9/2020 - 16:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26TMP000000A2F27954F4B4C5FD26
21/9/2020 - 16:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/9/2020 - 16:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/9/2020 - 16:45:47.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/9/2020 - 16:45:47.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/9/2020 - 16:45:47.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/9/2020 - 16:45:47.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/9/2020 - 16:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066
21/9/2020 - 16:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066TMP000000A30415A103D3F52066
21/9/2020 - 16:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
21/9/2020 - 16:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
21/9/2020 - 16:45:47.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
21/9/2020 - 16:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066TMP000000A30415A103D3F52066
21/9/2020 - 16:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/9/2020 - 16:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/9/2020 - 16:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/9/2020 - 16:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/9/2020 - 16:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/9/2020 - 16:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/9/2020 - 16:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/9/2020 - 16:45:47.872Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26TMP000000A2F27954F4B4C5FD26
21/9/2020 - 16:45:47.872Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/9/2020 - 16:45:49.465Unknown4C:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/9/2020 - 16:45:49.465Write4C:\Monitor\Files\Logs\File.log
21/9/2020 - 16:45:49.465Unknown4C:\Monitor\Files\Logs\File.log
21/9/2020 - 16:45:52.403Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
21/9/2020 - 16:45:52.403Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
21/9/2020 - 16:45:52.403Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
21/9/2020 - 16:45:52.403Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
21/9/2020 - 16:45:52.418Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
21/9/2020 - 16:45:52.418Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/9/2020 - 16:45:52.418Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
21/9/2020 - 16:45:52.418Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/9/2020 - 16:45:52.418Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/9/2020 - 16:45:52.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
21/9/2020 - 16:45:52.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
21/9/2020 - 16:45:52.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
21/9/2020 - 16:45:52.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
21/9/2020 - 16:45:53.465Write4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
21/9/2020 - 16:45:53.465Write4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/9/2020 - 16:45:53.465Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/9/2020 - 16:45:53.465Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/9/2020 - 16:45:53.465Unknown4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
21/9/2020 - 16:45:53.559Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/9/2020 - 16:45:53.559Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/9/2020 - 16:45:55.481Write4C:\Monitor\Files\Logs\File.log
21/9/2020 - 16:45:55.481Unknown4C:\Monitor\Files\Logs\File.log
21/9/2020 - 16:45:57.497Write4C:\Monitor
21/9/2020 - 16:46:11.481Write4C:\Windows\Temp
21/9/2020 - 16:46:17.497Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
21/9/2020 - 16:46:18.215Write4C:\Windows
21/9/2020 - 16:46:19.465Write4C:\Windows
21/9/2020 - 16:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
21/9/2020 - 16:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
21/9/2020 - 16:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
21/9/2020 - 16:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
21/9/2020 - 16:46:27.418Write4C:\Windows\System32\config\SYSTEM
21/9/2020 - 16:46:27.418Write4C:\Windows\System32\config\SYSTEM
21/9/2020 - 16:46:27.418Write4C:\Windows\System32\config\SYSTEM
21/9/2020 - 16:46:27.418Write4C:\Windows\System32\config\SYSTEM
21/9/2020 - 16:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/9/2020 - 16:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/9/2020 - 16:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/9/2020 - 16:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/9/2020 - 16:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/9/2020 - 16:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/9/2020 - 16:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/9/2020 - 16:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/9/2020 - 16:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/9/2020 - 16:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/9/2020 - 16:46:32.418Write4C:\System Volume Information\Syscache.hve
21/9/2020 - 16:46:32.418Write4C:\System Volume Information\Syscache.hve
21/9/2020 - 16:46:32.418Write4C:\System Volume Information\Syscache.hve
21/9/2020 - 16:46:32.418Write4C:\System Volume Information\Syscache.hve
21/9/2020 - 16:46:32.418Write4C:\System Volume Information\Syscache.hve
21/9/2020 - 16:46:32.418Write4C:\System Volume Information\Syscache.hve
21/9/2020 - 16:46:32.418Write4C:\System Volume Information\Syscache.hve
21/9/2020 - 16:46:32.418Write4C:\System Volume Information\Syscache.hve
21/9/2020 - 16:46:32.418Write4C:\System Volume Information\Syscache.hve
21/9/2020 - 16:46:32.434Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/9/2020 - 16:46:32.528Write4C:\System Volume Information\Syscache.hve
21/9/2020 - 16:46:35.434Write4C:\Monitor\Files\Logs\File.log
21/9/2020 - 16:46:35.434Unknown4C:\Monitor\Files\Logs\File.log
21/9/2020 - 16:46:55.997Open528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
21/9/2020 - 16:46:55.997Unknown528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
21/9/2020 - 16:47:17.481Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
21/9/2020 - 16:47:27.559Open1864C:\Windows\explorer.exeC:\
21/9/2020 - 16:47:27.559Unknown1864C:\Windows\explorer.exeC:\
21/9/2020 - 16:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot
21/9/2020 - 16:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot
21/9/2020 - 16:47:32.809Unknown1864C:\Windows\explorer.exeC:\Users\Behemot
21/9/2020 - 16:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 16:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 16:47:32.809Unknown1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 16:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes
21/9/2020 - 16:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
21/9/2020 - 16:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/9/2020 - 16:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/9/2020 - 16:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/9/2020 - 16:47:35.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
21/9/2020 - 16:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/9/2020 - 16:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/9/2020 - 16:47:35.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
21/9/2020 - 16:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/9/2020 - 16:47:41.168Read1232C:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Windows Media Player\wmpnetwk.exe
21/9/2020 - 16:47:41.168Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/9/2020 - 16:47:41.168Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/9/2020 - 16:47:44.168Write4C:\Monitor\Files\Logs\File.log
21/9/2020 - 16:47:44.168Unknown4C:\Monitor\Files\Logs\File.log
21/9/2020 - 16:48:11.309Open4\Device\HarddiskVolume1\System Volume Information
21/9/2020 - 16:48:11.309Unknown4\Device\HarddiskVolume1\System Volume Information
21/9/2020 - 16:48:13.59Open4C:\System Volume Information
21/9/2020 - 16:48:13.59Open4C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
21/9/2020 - 16:48:13.59Open4C:\System Volume Information\{bcf7d7ec-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
21/9/2020 - 16:48:13.59Open4C:\System Volume Information\{bcf7d7f0-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
21/9/2020 - 16:48:13.59Unknown4C:\System Volume Information
21/9/2020 - 16:48:17.497Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
21/9/2020 - 16:48:25.872Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/9/2020 - 16:48:25.872Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/9/2020 - 16:48:25.872Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/9/2020 - 16:48:25.872Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
21/9/2020 - 16:48:25.872Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/9/2020 - 16:48:25.872Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/9/2020 - 16:48:25.872Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/9/2020 - 16:48:25.872Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/9/2020 - 16:48:25.872Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
21/9/2020 - 16:48:25.872Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/9/2020 - 16:48:25.872Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/9/2020 - 16:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
21/9/2020 - 16:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
21/9/2020 - 16:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat
21/9/2020 - 16:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.datcontainer.dat
21/9/2020 - 16:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.dat
21/9/2020 - 16:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.datcontainer.dat
21/9/2020 - 16:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.dat
21/9/2020 - 16:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.datcontainer.dat
21/9/2020 - 16:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.dat
21/9/2020 - 16:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.datcontainer.dat
21/9/2020 - 16:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.dat
21/9/2020 - 16:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.datcontainer.dat
21/9/2020 - 16:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.dat
21/9/2020 - 16:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.datcontainer.dat
21/9/2020 - 16:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.dat
21/9/2020 - 16:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.datcontainer.dat
21/9/2020 - 16:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.dat
21/9/2020 - 16:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.datcontainer.dat
21/9/2020 - 16:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.dat
21/9/2020 - 16:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.datcontainer.dat
21/9/2020 - 16:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.dat
21/9/2020 - 16:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
21/9/2020 - 16:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.dat
21/9/2020 - 16:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.datcontainer.dat
21/9/2020 - 16:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.dat
21/9/2020 - 16:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.datcontainer.dat
21/9/2020 - 16:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/9/2020 - 16:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/9/2020 - 16:49:20.700Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/9/2020 - 16:49:20.700Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/9/2020 - 16:49:20.747Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/9/2020 - 16:49:20.747Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/9/2020 - 16:49:20.840Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/9/2020 - 16:49:20.840Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/9/2020 - 16:49:20.934Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/9/2020 - 16:49:20.934Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/9/2020 - 16:49:20.934Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
21/9/2020 - 16:49:20.934Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
21/9/2020 - 16:49:20.934Read1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/9/2020 - 16:49:20.981Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
21/9/2020 - 16:49:20.981Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
21/9/2020 - 16:49:20.981Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
21/9/2020 - 16:49:20.981Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
21/9/2020 - 16:49:21.28Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/9/2020 - 16:49:21.28Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/9/2020 - 16:49:21.75Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
21/9/2020 - 16:49:21.75Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
21/9/2020 - 16:49:21.75Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/9/2020 - 16:49:21.75Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/9/2020 - 16:49:21.75Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
21/9/2020 - 16:49:21.75Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
21/9/2020 - 16:49:21.75Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/9/2020 - 16:49:23.700Write4C:\Monitor\Files\Logs\File.log
21/9/2020 - 16:49:23.793Unknown4C:\Monitor\Files\Logs\File.log
21/9/2020 - 16:49:25.856Unknown2360C:\Windows\System32\audiodg.exeC:\Windows
21/9/2020 - 16:49:30.778Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/9/2020 - 16:49:30.778Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/9/2020 - 16:49:30.825Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/9/2020 - 16:49:30.825Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/9/2020 - 16:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/9/2020 - 16:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/9/2020 - 16:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/9/2020 - 16:49:30.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
21/9/2020 - 16:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/9/2020 - 16:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/9/2020 - 16:49:30.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
21/9/2020 - 16:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/9/2020 - 16:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/9/2020 - 16:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/9/2020 - 16:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/9/2020 - 16:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/9/2020 - 16:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/9/2020 - 16:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/9/2020 - 16:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/9/2020 - 16:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/9/2020 - 16:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/9/2020 - 16:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/9/2020 - 16:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/9/2020 - 16:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 16:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 16:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 16:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 16:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/9/2020 - 16:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/9/2020 - 16:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/9/2020 - 16:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/9/2020 - 16:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/9/2020 - 16:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/9/2020 - 16:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/9/2020 - 16:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/9/2020 - 16:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users
21/9/2020 - 16:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users
21/9/2020 - 16:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users
21/9/2020 - 16:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users
21/9/2020 - 16:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users
21/9/2020 - 16:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users
21/9/2020 - 16:49:30.872Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/9/2020 - 16:49:30.872Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/9/2020 - 16:49:30.872Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/9/2020 - 16:49:30.872Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/9/2020 - 16:49:30.872Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/9/2020 - 16:49:30.872Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/9/2020 - 16:49:30.872Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/9/2020 - 16:49:30.887Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/9/2020 - 16:49:31.481Write4C:\Monitor\Files\Logs\File.log
21/9/2020 - 16:49:31.481Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/9/2020 - 16:49:31.481Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/9/2020 - 16:49:31.575Unknown4C:\Monitor\Files\Logs\File.log
21/9/2020 - 16:49:32.450Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

Process
Trace
21/9/2020 - 16:49:25.856Terminate684C:\Windows\System32\svchost.exe2360C:\Windows\System32\audiodg.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
21/9/2020 - 16:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruListCurrentLru
21/9/2020 - 16:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectId
21/9/2020 - 16:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectLru
21/9/2020 - 16:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\1E_ObjectLru_
21/9/2020 - 16:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectId
21/9/2020 - 16:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectLru
21/9/2020 - 16:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3E_ObjectLru_
21/9/2020 - 16:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectId
21/9/2020 - 16:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectLru
21/9/2020 - 16:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3F_ObjectLru_
21/9/2020 - 16:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectId
21/9/2020 - 16:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectLru
21/9/2020 - 16:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\40_ObjectLru_
21/9/2020 - 16:46:23.903Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\22
21/9/2020 - 16:46:23.903Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff00
21/9/2020 - 16:46:23.903Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff01
21/9/2020 - 16:46:23.903Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff02
21/9/2020 - 16:46:23.903Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff03

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 92.50%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 88.82%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 88.40%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 80.59%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: False cancel

Add to Collection
Download