Report #12835 check_circle

  • Creation Date: Aug. 12, 2021, 1:19 a.m.
  • Last Update: Aug. 12, 2021, 2:44 a.m.
  • File: codeblocks.exe
  • Results:
Binary
DLL
False cancel
Size
32.92MB
trid
80.3% InstallShield setup
8.4% Win32 Executable
3.7% OS/2 Executable
3.7% Generic Win/DOS Executable
3.7% DOS Executable Generic
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
ff466d104b153ae9c5ab550632e48143
sha1
7242ae29d2b5678c1429f57176ddeba2679ef6eb
crc32
0x85c2366e
sha224
5f38c26b9ce10dcbea429972e4f6a799ec820b4eaa290ef4c43c563a
sha256
5995acb9a01eecacbf85a7dd622d7dd4690a4f713e9f6e0c9119d7a9aa273b45
sha384
2669ca9eaa813d64a05124aa331e2a203356547a226d5ad368a8c5d364b37408b7c2e116d5dbb6392c6893c9dac2946c
sha512
293cf30ba382e3b49103e655fcd5885efda36fdb4f38f7b9bcd7e47faa86875851e41f236582af201dd311505492a96d9e90a4b99d27a34ab19cf501ba3e36e3
ssdeep
786432:31ZorU5VS1qOJ4qTQ1AajThIyceoOH+q93jTu3Tkx+:Fl5V0fE11IheNHw
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
IP, win_private_profile, Dropper_Strings, HasDebugData, CRC32_poly_Constant, escalate_priv, Microsoft_Visual_C_v70_Basic_NET, Microsoft_Visual_Studio_NET_additional, Microsoft_Visual_Studio_NET, NET_executable_, win_files_operation, IsPacked, Qemu_Detection, Microsoft_Visual_C_v70_Basic_NET_additional, NET_executable, screenshot, win_token, contentis_base64, NETexecutableMicrosoft, IsPE32, IsWindowsGUI, url, android_meterpreter, IsNET_EXE, Microsoft_Visual_C_Basic_NET, win_registry, Misc_Suspicious_Strings

Suspicious
True check_circle

Imports
mscoree.dll
_CorExeMain
Strings
List
http://nsis.sf.net/NSIS_Error
www.inkscape.org
www.inkscape.org
www.inkscape.org
http://www.codeblocks.org
C:\Users\Ngcuka\Documents\V\SF to CNET\Apps\CodeBlocks\WindowsFormsApplication1\obj\x86\Release\WindowsFormsApplication1.pdb
C:\Users\Ngcuka\Documents\V\SF to CNET\Btc Clipboard Rig\WindowsFormsApplication2\obj\x86\Release\WindowsFormsApplication1.pdb
OexCVR.mY
SCx7M.in
T.ca
Ps.nU
aD.fm
pH.Ad
T.td
bRN.dK
S.Tg
H.LT
_.tH
C.hR
rY.nc
y.RS
S.cH
M.Td
D.HN
Cf.Hr
E.GA
E.sb
P6.si
I.mT
T.ag
D.eg
r0E.Cy
T.ye
G.Et
KlO.TV
re.sY
Ru.sh
f.tO
FA.sO
NG.ID
8A.mH
6iE.cO
k.oNl
90D.to
B.Ar
System.IO
System.IO
L.Do
Eh.pk
e.gl
e.sg
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
hn.ni
6.Ai
I.ai
_.SN
n.eU
O.AO
A.Su
O.aS
r.tO
Io.Sr
l4u.nA
9.sO
7R.Tr
n.ro
8E.Se
%s%s.dll
4.pT
D6.lY
-.Sc
a-.aD
T.mU
5.cU
mB.Hm
X.aU
a.Va
U.Ug
A.ax
ikh.cC
oRZG.Bi
C.Om
p.fI
DW.Kn
5.Cv
M.bo
gV.ph
b.KI
f.bR
dAK.ke
2.CI
r.DK
mR.kR
b.CD
Y.nu
f1.mD
K.sT
1.pY
K.vU

Foremost
Matches
4.exe, 10 KB, 25.exe, 51 KB, 33610.png, 1 KB, 33615.png, 2 KB, 33619.png, 352 B, 33627.png, 2 KB, 33633.png, 446 B, 33644.png, 1 KB, 33648.png, 1 KB, 33658.png, 2 KB, 33668.png, 1 KB, 33675.png, 1 KB, 33682.png, 2 KB, 33704.png, 1 KB, 33738.png, 1 KB, 33761.png, 538 B, 33762.png, 491 B, 33764.png, 1 KB, 33766.png, 1 KB, 33769.png, 953 B, 33771.png, 881 B, 33772.png, 741 B, 33774.png, 713 B, 33776.png, 532 B, 33777.png, 804 B, 33778.png, 644 B, 33780.png, 751 B, 33781.png, 633 B, 33782.png, 685 B, 33784.png, 1 KB, 33786.png, 714 B, 33787.png, 732 B, 33789.png, 1020 B, 33791.png, 908 B, 33794.png, 1 KB, 33796.png, 740 B, 33798.png, 823 B, 33800.png, 900 B, 33801.png, 859 B, 33803.png, 801 B, 33805.png, 1 KB, 33808.png, 764 B, 33809.png, 1 KB, 33812.png, 649 B, 33813.png, 453 B, 33814.png, 948 B, 33816.png, 498 B, 33817.png, 1 KB, 33826.png, 904 B, 33828.png, 637 B, 33829.png, 811 B, 33831.png, 1 KB, 33833.png, 767 B, 33989.png, 79 KB, 34422.png, 974 B, 34424.png, 631 B, 34425.png, 550 B, 34426.png, 770 B, 34428.png, 771 B, 34429.png, 978 B, 34431.png, 653 B, 34432.png, 509 B, 34433.png, 504 B, 34435.png, 460 B, 34436.png, 574 B, 34438.png, 450 B, 34439.png, 457 B, 34440.png, 526 B, 34441.png, 708 B, 34442.png, 677 B, 34443.png, 700 B, 34445.png, 630 B, 34446.png, 810 B, 34448.png, 623 B, 34449.png, 782 B, 34450.png, 771 B, 34452.png, 784 B, 34453.png, 535 B, 34455.png, 624 B, 34456.png, 554 B, 34457.png, 723 B, 34458.png, 649 B, 34460.png, 666 B, 34461.png, 843 B, 34462.png, 791 B, 34464.png, 382 B, 34465.png, 539 B, 34466.png, 471 B, 34467.png, 376 B, 34468.png, 460 B, 34468.png, 629 B, 34470.png, 1 KB, 34472.png, 723 B, 34473.png, 952 B, 34475.png, 496 B, 34476.png, 589 B, 34477.png, 597 B, 34478.png, 609 B, 34483.png, 439 B, 34484.png, 732 B, 34485.png, 654 B, 34487.png, 741 B, 34488.png, 521 B, 34489.png, 1 KB, 34491.png, 769 B, 34493.png, 825 B, 34495.png, 511 B, 34496.png, 900 B, 34497.png, 894 B, 34499.png, 960 B, 34501.png, 745 B, 34502.png, 672 B, 34504.png, 2 KB, 34509.png, 5 KB, 34520.png, 5 KB, 34531.png, 9 KB, 34550.png, 2 KB, 34555.png, 3 KB, 34564.png, 3 KB, 34602.png, 4 KB, 34764.png, 5 KB, 34815.png, 6 KB, 34901.png, 9 KB, 35029.png, 5 KB, 35090.png, 12 KB, 35157.png, 7 KB, 35172.png, 2 KB, 35177.png, 2 KB, 35216.png, 5 KB, 35258.png, 4 KB, 35308.png, 6 KB, 35351.png, 4 KB, 35403.png, 8 KB, 35461.png, 6 KB, 35474.png, 2 KB, 35479.png, 5 KB, 35548.png, 10 KB, 35602.png, 5 KB, 35664.png, 8 KB, 35714.png, 5 KB, 35824.png, 9 KB, 35921.png, 7 KB, 38360.png, 518 B, 38361.png, 617 B, 38362.png, 539 B, 38363.png, 544 B, 38364.png, 551 B, 38365.png, 438 B, 38366.png, 464 B, 38367.png, 442 B, 38368.png, 383 B, 38369.png, 393 B, 38370.png, 544 B, 38371.png, 492 B, 38372.png, 536 B, 38373.png, 547 B, 38375.png, 398 B, 38376.png, 376 B, 38376.png, 473 B, 38377.png, 378 B, 38378.png, 481 B, 38379.png, 582 B, 38380.png, 354 B, 38381.png, 556 B, 38382.png, 502 B, 38383.png, 575 B, 38384.png, 522 B, 38385.png, 546 B, 38386.png, 547 B, 38387.png, 547 B, 38388.png, 546 B, 38389.png, 519 B, 38391.png, 470 B, 38391.png, 559 B, 38393.png, 625 B, 38394.png, 480 B, 38395.png, 501 B, 38396.png, 516 B, 38397.png, 526 B, 38398.png, 578 B, 38401.png, 545 B, 41048.png, 2 KB, 41356.png, 1 KB, 41400.png, 1 KB, 41553.png, 2 KB, 41642.png, 1 KB, 41659.png, 2 KB, 41705.png, 2 KB, 41754.png, 49 KB, 41996.png, 2 KB, 42036.png, 1 KB, 42184.png, 1 KB, 42266.png, 1 KB, 42323.png, 1 KB, 42342.png, 1 KB, 42401.png, 904 B, 42604.png, 36 KB, 42688.png, 1 KB, 42936.png, 880 B, 42965.png, 2 KB, 43125.png, 943 B, 43190.png, 2 KB, 43400.png, 1 KB, 46485.png, 322 B, 46486.png, 849 B, 46488.png, 469 B, 46489.png, 328 B, 46490.png, 828 B, 46492.png, 517 B, 48096.png, 1 KB, 48098.png, 488 B, 48099.png, 380 B, 48100.png, 1 KB, 48103.png, 1 KB, 48107.png, 1 KB, 48110.png, 892 B, 48111.png, 459 B, 48112.png, 395 B, 48113.png, 980 B, 48115.png, 798 B, 48118.png, 951 B, 50739.png, 522 B, 50740.png, 469 B, 50741.png, 577 B, 50743.png, 590 B, 50744.png, 426 B, 50745.png, 477 B, 50746.png, 623 B, 50747.png, 505 B, 50748.png, 595 B, 50749.png, 458 B, 50750.png, 509 B, 50751.png, 624 B, 50752.png, 568 B, 50753.png, 564 B, 50754.png, 565 B, 50755.png, 568 B, 50756.png, 565 B, 50758.png, 584 B, 50759.png, 445 B, 50760.png, 560 B, 50761.png, 378 B, 58333.png, 403 B, 58334.png, 367 B, 58334.png, 545 B, 58336.png, 437 B, 58336.png, 673 B, 58338.png, 628 B, 58339.png, 599 B, 58340.png, 639 B, 58341.png, 609 B, 58343.png, 545 B, 58344.png, 420 B, 59787.png, 424 B, 59788.png, 347 B, 59788.png, 434 B, 59790.png, 428 B, 59791.png, 343 B, 59792.png, 425 B, 59792.png, 376 B, 59793.png, 363 B, 59794.png, 375 B, 59795.png, 775 B, 59797.png, 764 B, 59802.png, 732 B, 59803.png, 762 B, 59805.png, 803 B, 59806.png, 443 B, 59808.png, 438 B, 59809.png, 333 B, 59810.png, 436 B, 59811.png, 780 B, 59812.png, 777 B, 59814.png, 663 B, 59815.png, 352 B, 59816.png, 275 B, 59816.png, 720 B, 59818.png, 466 B, 59819.png, 882 B, 59820.png, 761 B, 59822.png, 710 B, 59823.png, 582 B, 59825.png, 722 B, 59826.png, 730 B, 59829.png, 578 B, 59831.png, 577 B, 59832.png, 1 KB, 59834.png, 1 KB, 59836.png, 932 B, 59838.png, 549 B, 59839.png, 397 B, 59840.png, 607 B, 59844.png, 301 B, 59845.png, 1 KB, 59847.png, 885 B, 59848.png, 785 B, 59850.png, 875 B, 59854.png, 295 B, 59855.png, 916 B, 59856.png, 831 B, 59858.png, 852 B, 65582.png, 314 B, 65583.png, 439 B, 65583.png, 422 B, 65584.png, 742 B, 65586.png, 696 B, 65587.png, 1 KB, 65590.png, 590 B, 65592.png, 1 KB, 65594.png, 742 B, 65596.png, 1 KB, 65599.png, 591 B, 65600.png, 1 KB, 65602.png, 801 B, 65604.png, 2 KB, 65608.png, 501 B, 65609.png, 1 KB, 65611.png, 501 B, 65612.png, 1 KB, 65615.png, 259 B, 65615.png, 519 B, 65616.png, 493 B, 65617.png, 775 B, 65623.png, 526 B, 65624.png, 1 KB, 65631.png, 671 B, 65632.png, 1 KB, 65635.png, 438 B, 65636.png, 991 B, 65641.png, 830 B, 65642.png, 1 KB, 65645.png, 530 B, 65646.png, 1 KB, 65651.png, 337 B, 65652.png, 414 B, 65653.png, 530 B, 65654.png, 1 KB, 65656.png, 491 B, 65657.png, 829 B, 65659.png, 672 B, 65660.png, 1 KB, 65664.png, 1 KB, 65668.png, 695 B, 65670.png, 446 B, 65674.png, 454 B, 65675.png, 609 B, 65678.png, 389 B, 65680.png, 416 B, 65681.png, 945 B, 65683.png, 731 B, 65684.png, 1 KB, 65688.png, 688 B, 65690.png, 877 B, 65693.png, 546 B, 65694.png, 639 B, 65695.png, 1 KB, 65698.png, 710 B, 65699.png, 2 KB, 65704.png, 483 B, 65705.png, 433 B, 65711.png, 1015 B, 65713.png, 480 B, 65714.png, 321 B, 65715.png, 396 B, 65716.png, 532 B, 65717.png, 544 B, 65718.png, 917 B, 65720.png, 318 B, 65720.png, 487 B, 65723.png, 473 B, 65724.png, 691 B, 65727.png, 588 B, 65728.png, 935 B, 65730.png, 454 B, 65731.png, 540 B, 65745.png, 699 B, 65746.png, 1 KB, 65749.png, 280 B, 65753.png, 1 KB, 65755.png, 409 B, 65762.png, 1 KB, 65766.png, 612 B, 65767.png, 734 B, 65770.png, 489 B, 65771.png, 658 B, 65772.png, 402 B, 65777.png, 580 B, 65779.png, 944 B, 65781.png, 307 B, 65782.png, 239 B, 65782.png, 854 B, 65784.png, 2 KB, 65790.png, 390 B, 65791.png, 496 B, 65792.png, 737 B, 65794.png, 1 KB, 65797.png, 217 B, 65799.png, 539 B, 65802.png, 286 B, 65802.png, 326 B, 65810.png, 800 B, 65811.png, 1 KB, 65815.png, 342 B, 65815.png, 450 B, 65816.png, 862 B, 65818.png, 462 B, 65819.png, 1003 B, 65821.png, 349 B, 65821.png, 1 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed: 3.0.2.1, 1, ec2-3-0-2-1.ap-southeast-1.compute.amazonaws.com.
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

URLs
Allowed
hasURLs: True check_circle
Suspicious: http://nsis.sf.net/nsis_error, http://www.codeblocks.org
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: mscoree.dll, %s%s.dll, ADVAPI32.dll, SHELL32.dll, ole32.dll, KERNEL32.dll, GDI32.dll, COMCTL32.dll, USER32.dll
hasFiles: True check_circle
Suspicious: FA.sO, zG.So
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 16384
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 11.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 34514030
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: mscoree.dll, advapi32.dll, shell32.dll, ole32.dll, kernel32.dll, gdi32.dll, comctl32.dll, user32.dll
hasLibs: True check_circle
Suspicious: %s%s.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2016-06-11 11:10:59
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: True check_circle
Fuzzing: False cancel

PEDetector
Matches
2443, 13200
Suspicious
True check_circle
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 6583

pushpopmath
.text: 3508

ss register
.text: 108

garbagebytes
.text: 2407

hookdetection
.text: 230

software breakpoint
.text: 230

fakeconditionaljumps
.text: 213

programcontrolflowchange
.text: 2200

cpuinstructionsresultscomparison
.text: 25

AVclass
clipbanker
1
VirusTotal
md5
ff466d104b153ae9c5ab550632e48143
sha1
7242ae29d2b5678c1429f57176ddeba2679ef6eb
SCANS (DETECTION RATE = 56.72%)
AVG
result: Win32:Malware-gen
update: 20210709
version: 21.1.5827.0
detected: True check_circle

CMC
update: 20210624
version: 2.10.2019.1
detected: False cancel

MAX
result: malware (ai score=85)
update: 20210709
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20210709
version: 6.184
detected: True check_circle

Bkav
update: 20210709
version: 1.3.0.9899
detected: False cancel

K7GW
result: Trojan ( 0052a9f01 )
update: 20210709
version: 11.192.37687
detected: True check_circle

ALYac
result: Trojan.Clipbanker.A
update: 20210709
version: 1.1.3.1
detected: True check_circle

Avast
result: Win32:Malware-gen
update: 20210709
version: 21.1.5827.0
detected: True check_circle

Avira
result: TR/Agent.eozkv
update: 20210709
version: 8.3.3.12
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
update: 20210709
version: 4.0.0.27
detected: False cancel

Cyren
result: W32/ClipBanker.FQTM-7881
update: 20210709
version: 6.3.0.2
detected: True check_circle

DrWeb
result: Trojan.MulDrop6.51033
update: 20210709
version: 7.0.49.9080
detected: True check_circle

GData
result: Trojan.Agent.CWGZ
update: 20210709
version: A:25.30227B:27.23658
detected: True check_circle

Panda
update: 20210709
version: 4.6.4.2
detected: False cancel

VBA32
result: TScope.Trojan.MSIL
update: 20210709
version: 5.0.0
detected: True check_circle

VIPRE
update: 20210709
version: 93884
detected: False cancel

Zoner
update: 20210708
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20210709
version: 0.103.3.0
detected: False cancel

Comodo
result: Malware@#2y7mgyyuaky1h
update: 20210709
version: 33696
detected: True check_circle

Ikarus
update: 20210709
version: 0.1.5.2
detected: False cancel

Lionic
result: Trojan.MSIL.Agent.4!c
update: 20210709
version: 4.2
detected: True check_circle

McAfee
update: 20210709
version: 6.0.6.653
detected: False cancel

Rising
update: 20210709
version: 25.0.0.26
detected: False cancel

Yandex
update: 20210709
version: 5.5.2.24
detected: False cancel

Zillya
result: Trojan.Agent.Win32.855839
update: 20210709
version: 2.0.0.4405
detected: True check_circle

Acronis
update: 20210512
version: 1.1.1.82
detected: False cancel

Alibaba
result: Trojan:MSIL/ClipBanker.a7f46000
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
update: 20210709
version: 1.0.0.886
detected: False cancel

Cylance
result: Unsafe
update: 20210709
version: 2.3.1.101
detected: True check_circle

Elastic
update: 20210706
version: 4.0.25
detected: False cancel

FireEye
result: Generic.mg.ff466d104b153ae9
update: 20210709
version: 32.44.1.0
detected: True check_circle

Sangfor
update: 20210625
version: 2.9.0.0
detected: False cancel

TACHYON
update: 20210709
version: 2021-07-09.02
detected: False cancel

Tencent
result: Msil.Trojan.Agent.Efko
update: 20210709
version: 1.0.0.1
detected: True check_circle

ViRobot
result: Trojan.Win32.S.Agnet.34523136
update: 20210709
version: 2014.3.20.0
detected: True check_circle

Webroot
result: W32.Trojan.Agent.Gen
update: 20210709
version: 1.0.0.403
detected: True check_circle

Ad-Aware
result: Trojan.Agent.CWGZ
update: 20210709
version: 3.0.21.179
detected: True check_circle

Emsisoft
result: Trojan.Agent.CWGZ (B)
update: 20210709
version: 2018.12.0.1641
detected: True check_circle

F-Secure
update: 20210709
version: 12.0.86.52
detected: False cancel

Fortinet
result: W32/Agent.ACDCM!tr
update: 20210709
version: 6.2.142.0
detected: True check_circle

Jiangmin
update: 20210708
version: 16.0.100
detected: False cancel

Kingsoft
update: 20210709
version: 2017.9.26.565
detected: False cancel

Paloalto
update: 20210709
version: 1.0
detected: False cancel

Symantec
result: Trojan.Dropper
update: 20210709
version: 1.15.0.0
detected: True check_circle

AhnLab-V3
result: Trojan/Win32.Agent.C2431235
update: 20210709
version: 3.20.3.10145
detected: True check_circle

Antiy-AVL
update: 20210709
version: 3.0.0.1
detected: False cancel

Kaspersky
result: Trojan.MSIL.Agent.acdcm
update: 20210709
version: 21.0.1.45
detected: True check_circle

MaxSecure
update: 20210709
version: 1.0.0.1
detected: False cancel

Microsoft
result: Trojan:Win32/Dynamer!ac
update: 20210709
version: 1.1.18300.4
detected: True check_circle

Qihoo-360
result: Win32/Trojan.Generic.HgIASOkA
update: 20210709
version: 1.0.0.1300
detected: True check_circle

ZoneAlarm
result: HEUR:Trojan.Win32.Generic
update: 20210709
version: 1.0
detected: True check_circle

Cybereason
result: malicious.04b153
update: 20210330
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: MSIL/ClipBanker.EY
update: 20210709
version: 23599
detected: True check_circle

Gridinsoft
update: 20210709
version: 1.0.47.140
detected: False cancel

TrendMicro
result: TROJ_BTCCLIP.A
update: 20210709
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.Agent.CWGZ
update: 20210709
version: 7.2
detected: True check_circle

CrowdStrike
update: 20210203
version: 1.0
detected: False cancel

K7AntiVirus
result: Trojan ( 0052a9f01 )
update: 20210709
version: 11.192.37686
detected: True check_circle

SentinelOne
result: Static AI - Malicious PE
update: 20210703
version: 5.2.0.9
detected: True check_circle

Malwarebytes
update: 20210709
version: 4.2.2.27
detected: False cancel

CAT-QuickHeal
update: 20210709
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Win32.Agent.ejtdor
update: 20210709
version: 1.0.146.25311
detected: True check_circle

BitDefenderTheta
update: 20210702
version: 7.2.37796.0
detected: False cancel

MicroWorld-eScan
result: Trojan.Agent.CWGZ
update: 20210709
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20210703
version: 5.6.0.1032
detected: False cancel

TrendMicro-HouseCall
result: TROJ_BTCCLIP.A
update: 20210709
version: 10.0.0.1040
detected: True check_circle

total
67
sha256
5995acb9a01eecacbf85a7dd622d7dd4690a4f713e9f6e0c9119d7a9aa273b45
scan_id
5995acb9a01eecacbf85a7dd622d7dd4690a4f713e9f6e0c9119d7a9aa273b45-1625866495
resource
ff466d104b153ae9c5ab550632e48143
positives
38
scan_date
2021-07-09 21:34:55
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
12/8/2021 - 0:45:45.481Unknown4C:\Users\Behemot\Desktop\desktop.ini
12/8/2021 - 0:45:45.481Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
12/8/2021 - 0:45:49.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
12/8/2021 - 0:45:49.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
12/8/2021 - 0:45:49.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
12/8/2021 - 0:45:49.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
12/8/2021 - 0:45:49.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
12/8/2021 - 0:45:49.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
12/8/2021 - 0:45:49.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
12/8/2021 - 0:45:49.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
12/8/2021 - 0:45:49.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
12/8/2021 - 0:45:49.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
12/8/2021 - 0:45:49.856Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A13589B7957053C575
12/8/2021 - 0:45:49.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A13589B7957053C575TMP000000A13589B7957053C575
12/8/2021 - 0:45:49.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
12/8/2021 - 0:45:49.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
12/8/2021 - 0:45:49.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
12/8/2021 - 0:45:49.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
12/8/2021 - 0:45:49.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
12/8/2021 - 0:45:49.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
12/8/2021 - 0:45:49.856Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2AF46498673C01EB8
12/8/2021 - 0:45:49.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2AF46498673C01EB8TMP000000A2AF46498673C01EB8
12/8/2021 - 0:45:49.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
12/8/2021 - 0:45:49.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
12/8/2021 - 0:45:49.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
12/8/2021 - 0:45:49.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2AF46498673C01EB8TMP000000A2AF46498673C01EB8
12/8/2021 - 0:45:49.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
12/8/2021 - 0:45:49.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
12/8/2021 - 0:45:49.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
12/8/2021 - 0:45:49.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
12/8/2021 - 0:45:49.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
12/8/2021 - 0:45:49.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
12/8/2021 - 0:45:49.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
12/8/2021 - 0:45:49.856Write2828C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
12/8/2021 - 0:45:49.903Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A13589B7957053C575TMP000000A13589B7957053C575
12/8/2021 - 0:45:51.497Unknown4C:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
12/8/2021 - 0:45:51.497Write4C:\Monitor\Files\Logs\File.log
12/8/2021 - 0:45:51.497Unknown4C:\Monitor\Files\Logs\File.log
12/8/2021 - 0:45:54.653Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
12/8/2021 - 0:45:54.653Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
12/8/2021 - 0:45:54.653Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
12/8/2021 - 0:45:54.653Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
12/8/2021 - 0:45:54.668Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
12/8/2021 - 0:45:54.668Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
12/8/2021 - 0:45:54.668Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
12/8/2021 - 0:45:54.668Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
12/8/2021 - 0:45:54.668Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
12/8/2021 - 0:45:54.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
12/8/2021 - 0:45:54.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
12/8/2021 - 0:45:54.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
12/8/2021 - 0:45:54.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
12/8/2021 - 0:45:55.465Write4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
12/8/2021 - 0:45:55.465Write4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
12/8/2021 - 0:45:55.465Write2828C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
12/8/2021 - 0:45:55.465Unknown4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
12/8/2021 - 0:45:55.465Write2828C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
12/8/2021 - 0:45:55.465Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
12/8/2021 - 0:45:55.465Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
12/8/2021 - 0:45:57.481Write4C:\Windows
12/8/2021 - 0:45:57.481Write4C:\Monitor\Files\Logs\File.log
12/8/2021 - 0:45:57.481Unknown4C:\Monitor\Files\Logs\File.log
12/8/2021 - 0:46:3.497Write4C:\Monitor
12/8/2021 - 0:46:17.481Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
12/8/2021 - 0:46:18.215Write4C:\Windows\Temp
12/8/2021 - 0:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
12/8/2021 - 0:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
12/8/2021 - 0:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
12/8/2021 - 0:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
12/8/2021 - 0:46:27.418Write4C:\Windows\System32\config\SYSTEM
12/8/2021 - 0:46:27.418Write4C:\Windows\System32\config\SYSTEM
12/8/2021 - 0:46:27.418Write4C:\Windows\System32\config\SYSTEM
12/8/2021 - 0:46:27.418Write4C:\Windows\System32\config\SYSTEM
12/8/2021 - 0:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
12/8/2021 - 0:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
12/8/2021 - 0:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
12/8/2021 - 0:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
12/8/2021 - 0:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
12/8/2021 - 0:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
12/8/2021 - 0:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
12/8/2021 - 0:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
12/8/2021 - 0:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
12/8/2021 - 0:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
12/8/2021 - 0:46:32.418Write4C:\System Volume Information\Syscache.hve
12/8/2021 - 0:46:32.418Write4C:\System Volume Information\Syscache.hve
12/8/2021 - 0:46:32.418Write4C:\System Volume Information\Syscache.hve
12/8/2021 - 0:46:32.418Write4C:\System Volume Information\Syscache.hve
12/8/2021 - 0:46:32.418Write4C:\System Volume Information\Syscache.hve
12/8/2021 - 0:46:32.418Write4C:\System Volume Information\Syscache.hve
12/8/2021 - 0:46:32.418Write4C:\System Volume Information\Syscache.hve
12/8/2021 - 0:46:32.418Write4C:\System Volume Information\Syscache.hve
12/8/2021 - 0:46:32.418Write4C:\System Volume Information\Syscache.hve
12/8/2021 - 0:46:32.418Write2828C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
12/8/2021 - 0:46:32.512Write4C:\System Volume Information\Syscache.hve
12/8/2021 - 0:46:35.450Write4C:\Monitor\Files\Logs\File.log
12/8/2021 - 0:46:35.450Unknown4C:\Monitor\Files\Logs\File.log
12/8/2021 - 0:46:55.747Open528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
12/8/2021 - 0:46:55.747Unknown528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
12/8/2021 - 0:47:17.465Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
12/8/2021 - 0:47:27.559Open1864C:\Windows\explorer.exeC:\
12/8/2021 - 0:47:27.559Unknown1864C:\Windows\explorer.exeC:\
12/8/2021 - 0:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot
12/8/2021 - 0:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot
12/8/2021 - 0:47:32.809Unknown1864C:\Windows\explorer.exeC:\Users\Behemot
12/8/2021 - 0:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
12/8/2021 - 0:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
12/8/2021 - 0:47:32.809Unknown1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
12/8/2021 - 0:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes
12/8/2021 - 0:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
12/8/2021 - 0:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
12/8/2021 - 0:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
12/8/2021 - 0:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
12/8/2021 - 0:47:35.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
12/8/2021 - 0:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
12/8/2021 - 0:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
12/8/2021 - 0:47:35.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
12/8/2021 - 0:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
12/8/2021 - 0:47:40.747Read1232C:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Windows Media Player\wmpnetwk.exe
12/8/2021 - 0:47:58.122Open1864C:\Windows\explorer.exeC:\Windows\System32\netprofm.dll
12/8/2021 - 0:47:58.122Open1864C:\Windows\explorer.exeC:\Windows\System32\netprofm.dll
12/8/2021 - 0:47:58.122Write2828C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
12/8/2021 - 0:47:58.122Write2828C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
12/8/2021 - 0:47:58.403Write2828C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\Registry.log
12/8/2021 - 0:47:59.512Read684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
12/8/2021 - 0:48:1.153Write4C:\Monitor\Files\Logs\File.log
12/8/2021 - 0:48:1.153Write4C:\Monitor\Files\Logs\Registry.log
12/8/2021 - 0:48:1.153Unknown4C:\Monitor\Files\Logs\File.log
12/8/2021 - 0:48:1.153Unknown4C:\Monitor\Files\Logs\Registry.log
12/8/2021 - 0:48:3.309Write4C:\Users\Behemot\ntuser.dat.LOG1
12/8/2021 - 0:48:3.309Write4C:\Users\Behemot\ntuser.dat.LOG1
12/8/2021 - 0:48:3.309Write4C:\Users\Behemot\ntuser.dat.LOG1
12/8/2021 - 0:48:3.309Write4C:\Users\Behemot\ntuser.dat.LOG1
12/8/2021 - 0:48:3.309Write4C:\Users\Behemot\NTUSER.DAT
12/8/2021 - 0:48:3.309Write4C:\Users\Behemot\NTUSER.DAT
12/8/2021 - 0:48:3.309Write4C:\Users\Behemot\NTUSER.DAT
12/8/2021 - 0:48:3.309Write4C:\Users\Behemot\NTUSER.DAT
12/8/2021 - 0:48:11.309Open4\Device\HarddiskVolume1\System Volume Information
12/8/2021 - 0:48:11.309Unknown4\Device\HarddiskVolume1\System Volume Information
12/8/2021 - 0:48:13.59Open4C:\System Volume Information
12/8/2021 - 0:48:13.59Open4C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
12/8/2021 - 0:48:13.59Open4C:\System Volume Information\{bcf7d7ec-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
12/8/2021 - 0:48:13.59Open4C:\System Volume Information\{bcf7d7f0-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
12/8/2021 - 0:48:13.59Unknown4C:\System Volume Information
12/8/2021 - 0:48:17.465Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
12/8/2021 - 0:48:25.887Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
12/8/2021 - 0:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
12/8/2021 - 0:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
12/8/2021 - 0:48:25.887Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
12/8/2021 - 0:48:25.887Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
12/8/2021 - 0:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
12/8/2021 - 0:48:25.887Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
12/8/2021 - 0:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
12/8/2021 - 0:48:25.887Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
12/8/2021 - 0:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
12/8/2021 - 0:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
12/8/2021 - 0:48:25.887Write2828C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
12/8/2021 - 0:48:26.497Write4C:\Monitor\Files\Logs\File.log
12/8/2021 - 0:48:26.497Unknown4C:\Monitor\Files\Logs\File.log
12/8/2021 - 0:48:29.590Write684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
12/8/2021 - 0:48:29.590Write684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
12/8/2021 - 0:48:29.590Write684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
12/8/2021 - 0:48:32.497Write4C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
12/8/2021 - 0:48:32.590Write4C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
12/8/2021 - 0:48:32.590Unknown4C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
12/8/2021 - 0:48:34.465Write4C:\Users\Behemot
12/8/2021 - 0:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
12/8/2021 - 0:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
12/8/2021 - 0:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat
12/8/2021 - 0:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.datcontainer.dat
12/8/2021 - 0:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.dat
12/8/2021 - 0:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.datcontainer.dat
12/8/2021 - 0:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.dat
12/8/2021 - 0:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.datcontainer.dat
12/8/2021 - 0:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.dat
12/8/2021 - 0:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.datcontainer.dat
12/8/2021 - 0:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.dat
12/8/2021 - 0:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.datcontainer.dat
12/8/2021 - 0:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.dat
12/8/2021 - 0:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.datcontainer.dat
12/8/2021 - 0:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.dat
12/8/2021 - 0:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.datcontainer.dat
12/8/2021 - 0:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.dat
12/8/2021 - 0:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.datcontainer.dat
12/8/2021 - 0:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.dat
12/8/2021 - 0:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.datcontainer.dat
12/8/2021 - 0:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.dat
12/8/2021 - 0:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
12/8/2021 - 0:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.dat
12/8/2021 - 0:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.datcontainer.dat
12/8/2021 - 0:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.dat
12/8/2021 - 0:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.datcontainer.dat
12/8/2021 - 0:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
12/8/2021 - 0:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
12/8/2021 - 0:49:20.700Write2828C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
12/8/2021 - 0:49:20.747Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
12/8/2021 - 0:49:20.747Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
12/8/2021 - 0:49:20.747Write2828C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
12/8/2021 - 0:49:20.840Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
12/8/2021 - 0:49:20.840Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
12/8/2021 - 0:49:20.934Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
12/8/2021 - 0:49:20.934Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
12/8/2021 - 0:49:20.934Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
12/8/2021 - 0:49:20.934Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
12/8/2021 - 0:49:20.934Read1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
12/8/2021 - 0:49:20.981Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
12/8/2021 - 0:49:20.981Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
12/8/2021 - 0:49:20.981Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
12/8/2021 - 0:49:20.981Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
12/8/2021 - 0:49:21.28Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
12/8/2021 - 0:49:21.28Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
12/8/2021 - 0:49:21.75Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
12/8/2021 - 0:49:21.75Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
12/8/2021 - 0:49:21.75Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
12/8/2021 - 0:49:21.75Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
12/8/2021 - 0:49:21.75Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
12/8/2021 - 0:49:21.75Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
12/8/2021 - 0:49:23.731Write4C:\Monitor\Files\Logs\File.log
12/8/2021 - 0:49:23.731Unknown4C:\Monitor\Files\Logs\File.log
12/8/2021 - 0:49:25.872Unknown2360C:\Windows\System32\audiodg.exeC:\Windows
12/8/2021 - 0:49:30.747Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
12/8/2021 - 0:49:30.747Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
12/8/2021 - 0:49:30.747Write2828C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
12/8/2021 - 0:49:30.747Write2828C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
12/8/2021 - 0:49:30.793Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
12/8/2021 - 0:49:30.793Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
12/8/2021 - 0:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
12/8/2021 - 0:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
12/8/2021 - 0:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
12/8/2021 - 0:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
12/8/2021 - 0:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
12/8/2021 - 0:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
12/8/2021 - 0:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
12/8/2021 - 0:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
12/8/2021 - 0:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
12/8/2021 - 0:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
12/8/2021 - 0:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
12/8/2021 - 0:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
12/8/2021 - 0:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
12/8/2021 - 0:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
12/8/2021 - 0:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
12/8/2021 - 0:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
12/8/2021 - 0:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
12/8/2021 - 0:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
12/8/2021 - 0:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
12/8/2021 - 0:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
12/8/2021 - 0:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
12/8/2021 - 0:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
12/8/2021 - 0:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
12/8/2021 - 0:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users
12/8/2021 - 0:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users
12/8/2021 - 0:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users
12/8/2021 - 0:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users
12/8/2021 - 0:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users
12/8/2021 - 0:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users
12/8/2021 - 0:49:30.840Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
12/8/2021 - 0:49:30.840Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
12/8/2021 - 0:49:30.840Write2828C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
12/8/2021 - 0:49:30.840Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
12/8/2021 - 0:49:30.840Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
12/8/2021 - 0:49:30.840Write2828C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
12/8/2021 - 0:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
12/8/2021 - 0:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
12/8/2021 - 0:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
12/8/2021 - 0:49:30.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
12/8/2021 - 0:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
12/8/2021 - 0:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
12/8/2021 - 0:49:30.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
12/8/2021 - 0:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
12/8/2021 - 0:49:30.856Write2828C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
12/8/2021 - 0:49:31.497Write4C:\Monitor\Files\Logs\File.log
12/8/2021 - 0:49:31.497Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
12/8/2021 - 0:49:31.497Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
12/8/2021 - 0:49:31.497Unknown4C:\Monitor\Files\Logs\File.log
12/8/2021 - 0:49:32.465Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

Process
Trace
12/8/2021 - 0:49:25.872Terminate684C:\Windows\System32\svchost.exe2360C:\Windows\System32\audiodg.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
12/8/2021 - 0:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruListCurrentLru
12/8/2021 - 0:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectId
12/8/2021 - 0:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectLru
12/8/2021 - 0:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\1E_ObjectLru_
12/8/2021 - 0:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectId
12/8/2021 - 0:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectLru
12/8/2021 - 0:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3E_ObjectLru_
12/8/2021 - 0:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectId
12/8/2021 - 0:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectLru
12/8/2021 - 0:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3F_ObjectLru_
12/8/2021 - 0:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectId
12/8/2021 - 0:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectLru
12/8/2021 - 0:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\40_ObjectLru_
12/8/2021 - 0:46:23.747Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\22
12/8/2021 - 0:46:23.747Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff00
12/8/2021 - 0:46:23.747Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff01
12/8/2021 - 0:46:23.747Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff02
12/8/2021 - 0:46:23.747Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff03
12/8/2021 - 0:47:58.403Write1864C:\Windows\explorer.exeHKCU\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCacheUIStatus
12/8/2021 - 0:47:58.403Write1864C:\Windows\explorer.exeHKCU\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCacheOnlyMember
12/8/2021 - 0:47:58.403Write1864C:\Windows\explorer.exeHKCU\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCacheModifier
12/8/2021 - 0:47:58.403Write1864C:\Windows\explorer.exeHKCU\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCacheModifierSystem

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 62.50%
suspicious: False cancel

NFS 3.0 (Threshold = 0.75)
confidence: 52.00%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 82.85%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 54.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 36.88%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.79%
suspicious: False cancel

Add to Collection
Download