Report #12963 check_circle

  • Creation Date: Aug. 20, 2021, 12:05 a.m.
  • Last Update: Aug. 20, 2021, 12:14 a.m.
  • File: AgentService.exe
  • Results:
Binary
DLL
False cancel
Size
821.00KB
trid
61.7% Win64 Executable
14.7% Win32 Dynamic Link Library
10.0% Win32 Executable
4.5% OS/2 Executable
4.4% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
7976b11b42c33051a896cf094e66a62c
sha1
31a8bf29cb576b472256226b809c2fafc234f87c
crc32
0x732096f5
sha224
f5a4c30ac55d217589de1700bb53e5ae0c1f68bcc5b1c46a0c7dce70
sha256
7762ef9487aae77feccb3cec3b84d2ef3208e2105663219391dfa3090888f3f4
sha384
60c23d8f7830ada81675e7e388288e241efd16a668c1afe9884787679a8214b18eb4d60086b12f97b2954d0efef08f03
sha512
730e70f08a90ae1a3d52565d6bd9264768c768cedbf1935557ae6291d337cbb2a2507b2e47d9787b677100a90c223d5a4bbaf4cab8ff7c4a36ee505a5f8392c6
ssdeep
24576:TKYhZ8ReSPxDw4DmjSInTbBGGwEShEW64MqIMKy95MFO:OYh6JwSDkBF3Rqbz95MFO
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
VC8_Microsoft_Corporation, win_registry, domain, contentis_base64, anti_dbg, url, HasRichSignature, win_mutex, Microsoft_Visual_Cpp_8, Visual_Cpp_2005_Release_Microsoft, HasDebugData, maldoc_find_kernel32_base_method_1, win_token, IsPE32, escalate_priv, IsWindowsGUI, Big_Numbers1, win_files_operation

Suspicious
True check_circle

Imports
FLTLIB.DLL
FilterGetMessage, FilterReplyMessage, FilterConnectCommunicationPort
msvcrt.dll
isdigit, isalnum, memcmp, ___lc_collate_cp_func, memchr, tolower, isspace, _Strftime, _Gettnames, __mb_cur_max, _Wcsftime, _W_Gettnames, _W_Getmonths, _W_Getdays, _Getmonths, _Getdays, memcpy_s, ldexp, realloc, abort, _wsetlocale, __crtLCMapStringA, __crtLCMapStringW, __crtCompareStringA, __crtCompareStringW, ??8type_info@@QBEHABV0@@Z, _wcsdup, __uncaught_exception, islower, memset, _ismbblead, ___mb_cur_max_func, calloc, ___lc_codepage_func, ___lc_handle_func, isupper, __pctype_func, setlocale, _unlock, _lock, _errno, memmove, memcpy, _CxxThrowException, ??0exception@@QAE@ABQBDH@Z, _callnewh, malloc, sprintf_s, localeconv, ?name@type_info@@QBEPBDXZ, _XcptFilter, strcspn, free, ??0exception@@QAE@ABV0@@Z, ??0exception@@QAE@ABQBD@Z, _vsnwprintf, _vsnprintf_s, fputc, fflush, fclose, fgetc, fwrite, fgetpos, setvbuf, ungetc, fsetpos, _fseeki64, _wcsicmp, _wtoi, strchr, ldiv, time, _wcsnicmp, _stricmp, strerror, fseek, _wfsopen, __p__commode, _amsg_exit, __getmainargs, __set_app_type, exit, _exit, _cexit, __p__fmode, __setusermatherr, _initterm, ?terminate@@YAXXZ, __dllonexit, _onexit, ??1type_info@@UAE@XZ, _controlfp, _except_handler4_common, mbstowcs_s, ??3@YAXPAX@Z, ??1exception@@UAE@XZ, ?what@exception@@UBEPBDXZ, ??0bad_cast@@QAE@ABV0@@Z, ??0bad_cast@@QAE@PBD@Z, ??1bad_cast@@UAE@XZ, swprintf_s, _purecall, ??_V@YAXPAX@Z, __CxxFrameHandler3, ??0exception@@QAE@XZ
VERSION.dll
GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
ADVAPI32.dll
EventSetInformation, RegisterServiceCtrlHandlerW, SetServiceStatus, EventRegister, EventWriteTransfer, RegGetValueW, RegOpenKeyExW, RegSetValueExW, RegCloseKey, EventUnregister, CreateProcessAsUserW, OpenProcessToken, SetTokenInformation, GetTokenInformation, RegQueryValueExW, ConvertSidToStringSidW, GetSidSubAuthority, GetSidSubAuthorityCount, AdjustTokenPrivileges, LookupPrivilegeValueW, DuplicateTokenEx, EqualSid, CreateWellKnownSid, GetNamedSecurityInfoW, StartServiceCtrlDispatcherW, RegSetKeyValueW, RegDeleteKeyExW, RegDeleteValueW, RegEnumValueW, RegQueryInfoKeyW, RegCreateKeyExW, RegEnumKeyExW, RegDeleteTreeW
KERNEL32.dll
GetShortPathNameW, QueryFullProcessImageNameW, lstrcmpiW, GetCurrentProcess, SleepConditionVariableSRW, WakeAllConditionVariable, AcquireSRWLockExclusive, ReleaseSRWLockExclusive, GetLastError, OutputDebugStringW, LocalLock, TlsGetValue, TlsAlloc, TlsSetValue, ResetEvent, OpenEventA, FormatMessageA, AreFileApisANSI, GetCurrentDirectoryW, DeviceIoControl, CreateDirectoryW, FreeLibrary, CreateIoCompletionPort, GetProcessMitigationPolicy, GetModuleFileNameW, lstrlenA, SystemTimeToFileTime, FindClose, FindNextFileW, FindFirstFileW, GetFileTime, GetFileSize, DeleteFileW, SetEvent, SetFileAttributesW, GetComputerNameExW, GetFileAttributesW, CreateFileW, ExpandEnvironmentStringsW, WriteFile, CreateEventA, ReadFile, GetLocalTime, IsDebuggerPresent, DebugBreak, GetProcessHeap, CreateMutexExW, GetProcAddress, HeapAlloc, OpenSemaphoreW, WaitForSingleObjectEx, ReleaseMutex, GetModuleHandleExW, ReleaseSemaphore, SetLastError, HeapFree, CreateSemaphoreExW, GetModuleFileNameA, TerminateProcess, UnhandledExceptionFilter, GetTickCount, GetSystemTimeAsFileTime, GetCurrentThreadId, QueryPerformanceCounter, GetModuleHandleW, SetUnhandledExceptionFilter, DecodePointer, CreateThread, GetSystemInfo, GetQueuedCompletionStatus, LocalAlloc, GetSystemWindowsDirectoryW, GetCurrentProcessId, CloseHandle, Sleep, ProcessIdToSessionId, OpenProcess, WaitForSingleObject, LocalUnlock, LocalFree, MultiByteToWideChar, GetStringTypeW, WideCharToMultiByte, InitializeCriticalSectionEx, GetLocaleInfoW, FormatMessageW, LeaveCriticalSection, DeleteCriticalSection, EncodePointer, EnterCriticalSection
OLEAUT32.dll
SysFreeString, SysStringLen, VariantChangeType, SysAllocString, SysAllocStringByteLen, VariantInit, VariantClear
WINTRUST.dll
WinVerifyTrust
Strings
List
http://schemas.microsoft.com/opc/2011/relationships/pkgx/settingFile
http://schemas.microsoft.com/opc/2011/relationships/pkgx/settings
xmlns:r1='http://schemas.microsoft.com/UserExperienceVirtualization/2012/SettingsLocationTemplate' xmlns:r2='http://schemas.microsoft.com/UserExperienceVirtualization/2013/SettingsLocationTemplate' xmlns:r3='http://schemas.microsoft.com/UserExperienceVirtualization/2013A/SettingsLocationTemplate'
http://schemas.microsoft.com/UserExperienceVirtualization/2012/SettingsLocationTemplate
http://schemas.microsoft.com/UserExperienceVirtualization/2013/SettingsLocationTemplate
http://schemas.microsoft.com/UserExperienceVirtualization/2013A/SettingsLocationTemplate
AgentService.pdb
\system32\Microsoft.Uev.AppAgent.dll
\system32\mavinject.exe
AgentService.exe
Admin\AppMan\shared\boost_1_59\boost\property_tree\detail\json_parser_write.hpp
BackupProfile::AreWin8AppsAssociated() - Failed getting Win8 App association for the backup profile. Error = %1%.
admin\appman\shared\boost_1_59\boost\exception\detail\exception_ptr.hpp
settings.bin
Software\Microsoft\AppV\Subsystem\VirtualRegistry
VERSION.dll
WINTRUST.dll
ACTIVEDS.dll
kernelbase.dll
ntdll.dll
SOFTWARE\Microsoft\UEV\Agent\ShellProcesses\
SOFTWARE\Microsoft\UEV\Agent\Processes
SOFTWARE\Microsoft\UEV\Agent\Configuration
%LOCALAPPDATA%\Microsoft\UEV\%COMPUTERNAME%
Microsoft.Windows.AppMan.UEV
AgentService.CreateProcNotificationListener::ValidateDigitalSignature: The hash in file '%s' representing the subject or the publisher wasn't explicitly trusted by the admin and admin policy has disabled user trust. No signature, publisher or timestamp errors.
AgentService.Util::GetProcessIntegrityLevel: Error detected, msg = %s, status = 0x%X
AgentService.Util::EnablePrivilege: AdjustTokenPrivileges failed, error = 0x%X
AgentService.Util::IsProcessTheShell: [%s]
BackupProfile::GetSettingsStoragePathForMachine() - Path = %1%.
BackupProfile::GetSettingsStoragePathForMachine() - Error %1% occurred while getting the settings storage path from the repository.
1-191F1a1l1
AgentService.Util::GetProcessIntegrityLevel: Error detected, msg = %s
h(_A
AgentService.ServiceMain: Initialization failed: Returning service-specific error code = 0x%X
AgentService.CreateProcNotificationListener::InjectIntoProcess: System exception caught, msg = %s
AgentService.Util::EnablePrivilege: LookupPrivilegeValue failed, error = 0x%X
AgentService.Util::GetNameOfMockShellProgram: Exit ['%s']
AgentService.Util::IsProcessTheShell: An error occurred while testing whether the current process is the Shell: %s
AgentService.Util::IsProcessTheShell: Exit [%s]
Unable to add an entry for the UE-V agent service to the App-V 4.x ServiceInclusions registry key (error code 0x%X)
AgentService.CreateProcNotificationListener::InjectIntoProcess: Failed to get primary token for MavInject, error = 0x%X
AgentService.Util::IsLowIntegrityProcess: Exit, retVal = 0x%X
AgentService.Util::GetUserSid: Exit ['%s']
AgentService.CreateProcNotificationListener::Constructor: Error creating short-form file name for injected DLL (64-bit): %s
AgentService.CreateProcNotificationListener::Constructor: Error creating short-form file name for injected DLL (32-bit): %s
AgentService.CreateProcNotificationListener::ValidateDigitalSignature: The signature present in file '%s' is specifically disallowed.
AgentService.Util::GetNameOfMockShellProgram: ::RegGetValueW() [2] returned system error code 0x%lX
AgentService.Util::GetNameOfMockShellProgram: ::RegGetValueW() [1] returned system error code 0x%lX
AgentService.Util::IsProcessTheShell: RegOpenKey failed: [%ul]
AgentService.Main: Failed to start service ctrl dispatcher, error = 0x%X
BackupProfile::GetSettingsStoragePath() - Failed to get the device folder name. Error = %1%.
Unable to add an entry for the UE-V agent service to the App-V 4.x override registry key (error code 0x%X)
AgentService.CreateProcNotificationListener::ValidateDigitalSignature: Error 0x%X validating signature for file '%s'.
AgentService.Util::IsProcessTheShell: This process is recognized as the mock shell
AgentService.CreateProcNotificationListener::LaunchAndWaitForInjectionProcess: Error waiting for MavInject to exit, 0x%X
%hs(%u)\%hs!%p:
Path is empty.
%hs!%p:
AgentService.CreateProcNotificationListener::InjectIntoProcess: Failed to set session id in token, error = 0x%X
AgentService.CreateProcNotificationListener::InjectIntoProcessNeeded: UevException occurred: %1%
AgentService.CreateProcNotificationListener::InjectIntoProcessNeeded: std::exception occurred: %1%
AgentService.CreateProcNotificationListener::LaunchAndWaitForInjectionProcess: Injecting the AppAgent into process %lu
AgentService.CreateProcNotificationListener::ValidateDigitalSignature: The signature present in file '%s' is not trusted.
SOFTWARE\Microsoft\SoftGrid\4.5\SystemGuard\Overrides
AgentService.CreateProcNotificationListener::InjectIntoProcessNeeded: Process has been identified as a monitored program.
AgentService.CreateProcNotificationListener::ProcessNotification: Failed to open process handle, error = 0x%X
AgentService.ServiceMain: Service control handler registration failed, error = 0x%X
AgentService.Util::GetNameOfMockShellProgram: Mock shell program is '%s'
AgentService.CreateProcNotificationListener::ProcessNotification: Delaying %lu milliseconds before injecting AppAgent
AgentService.NotificationListener::Listen: Error encountered sending reply, status = 0x%X
AgentService.CreateProcNotificationListener::ProcessNotification: ProcessId = 0x%X
(caller: %p)
no space on device
AgentService.Util::EnablePrivilege: Failed to open process token, error = 0x%X
AgentService.Util::CheckForMatchingApplicationTemplate: Product name: '%s'
AgentService.Util::CheckForMatchingApplicationTemplate: Product version: '%s'
AgentService.CreateProcNotificationListener::LaunchAndWaitForInjectionProcess: AppAgent succeessfully injected into process %lu
AgentService.NotificationListener::Listen: Un-expected error obtaining queued completion status, status = 0x%X
AgentService.CreateProcNotificationListener::InjectIntoProcessNeeded: Exit, retVal = 0x%X
RoamingProfile::AreWin8AppsAssociated() - Failed getting Win8 App association for the roaming profile. Error = %1%.
AgentService.CreateProcNotificationListener::LaunchAndWaitForInjectionProcess: CreateProcess command line = %s
BackupProfile::GetSettingsStoragePath() - The settings storage path has not been configured.
no such process
AgentService.CreateProcNotificationListener::ProcessNotification: Failed to get session ID from ProcessId, error = 0x%X
AgentService.CreateProcNotificationListener::ValidateDigitalSignature: The file '%s' is signed and the signature was verified.
AgentService.Util::OpenUserHive: %s
Required node is missing.
VdiProfile::AreWin8AppsAssociated() - Failed getting Win8 App association for the VdiState profile. Error = %1%.
resource deadlock would occur
AgentService.Util::CheckForMatchingApplicationTemplate: Exit( '%s' )
AgentService.NotificationListener:: Failed to post receive message, status = 0x%X
AgentService.Util::GetDwordConfigValue: Unexpected value type, type = 0x%X
AgentService.Util::EnablePrivilege: Exit, retStatus = 0x%X
AgentService.Util::CheckForMatchingApplicationTemplate: Entry( '%s' )
AgentService.CreateProcNotificationListener::ProcessNotification: Injecting AppAgent into process (PID %lu)
AgentService.NotificationListener::Start: Exit, retStatus = 0x%X
AgentService.Util::CheckForMatchingApplicationTemplate: UevException: %s
AgentService.CreateProcNotificationListener::ValidateDigitalSignature: The file '%s' is not signed.
AgentService.CreateProcNotificationListener::LaunchAndWaitForInjectionProcess: CreateProcess failed, error = 0x%X

Foremost
Matches
0.exe, 821 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed: http://schemas.microsoft.com/opc/2011/relationships/pkgx/settingfile, http://schemas.microsoft.com/userexperiencevirtualization/2013/settingslocationtemplate, http://schemas.microsoft.com/userexperiencevirtualization/2012/settingslocationtemplate, http://schemas.microsoft.com/userexperiencevirtualization/2013a/settingslocationtemplate, http://schemas.microsoft.com/opc/2011/relationships/pkgx/settings
hasURLs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Files
Allowed: kernelbase.dll, ntdll.dll, kernel32.dll, \system32\Microsoft.Uev.AppAgent.dll, VERSION.dll, SHELL32.dll, OLEAUT32.dll, ADVAPI32.dll, msvcrt.dll, FLTLIB.DLL, ole32.dll, ACTIVEDS.dll, WINTRUST.dll
hasFiles: True check_circle
Suspicious: settings.bin
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 79360
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 8192
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 886769
Suspicous: False cancel

Sections
Allowed: .text, .data, .idata, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 10
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 10
Linker
Version: 14.20
Suspicious: False cancel
Subsystem
Version: 10.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 638224
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: kernelbase.dll, ntdll.dll, kernel32.dll, version.dll, shell32.dll, oleaut32.dll, advapi32.dll, msvcrt.dll, fltlib.dll, ole32.dll, activeds.dll, wintrust.dll
hasLibs: True check_circle
Suspicious: \system32\microsoft.uev.appagent.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: True check_circle
Valid: True check_circle
Value: 1973-10-20 03:13:52
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
ldr
.text: 1

pushret
.text: 20
.reloc: 1

pushpopmath
.data: 17
.text: 25
.idata: 2
.reloc: 30

sizeofimage
.text: 1

ss register
.text: 1

garbagebytes
.text: 7
.reloc: 1

hookdetection
.reloc: 3

stealthimport
.text: 2

isdebbugerpresent
.text: 1

software breakpoint
.text: 1
.reloc: 18

programcontrolflowchange
.text: 7
.reloc: 1

cpuinstructionsresultscomparison
.text: 6

AVclass
None
1
VirusTotal
md5
7976b11b42c33051a896cf094e66a62c
sha1
31a8bf29cb576b472256226b809c2fafc234f87c
SCANS (DETECTION RATE = 0.00%)
AVG
update: 20201223
version: 21.1.5827.0
detected: False cancel

CMC
update: 20201223
version: 2.10.2019.1
detected: False cancel

MAX
update: 20201223
version: 2019.9.16.1
detected: False cancel

APEX
update: 20201222
version: 6.112
detected: False cancel

Bkav
update: 20201223
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20201223
version: 11.157.36042
detected: False cancel

ALYac
update: 20201223
version: 1.1.1.5
detected: False cancel

Avast
update: 20201223
version: 21.1.5827.0
detected: False cancel

Avira
update: 20201223
version: 8.3.3.10
detected: False cancel

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
update: 20201223
version: 4.0.0.25
detected: False cancel

Cyren
update: 20201223
version: 6.3.0.2
detected: False cancel

DrWeb
update: 20201223
version: 7.0.49.9080
detected: False cancel

GData
update: 20201223
version: A:25.28110B:27.21332
detected: False cancel

Panda
update: 20201223
version: 4.6.4.2
detected: False cancel

VBA32
update: 20201223
version: 4.4.1
detected: False cancel

VIPRE
update: 20201223
version: 89138
detected: False cancel

Zoner
update: 20201222
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20201223
version: 0.102.3.0
detected: False cancel

Comodo
update: 20201223
version: 33105
detected: False cancel

Ikarus
update: 20201223
version: 0.1.5.2
detected: False cancel

Lionic
update: 20201223
version: 4.2
detected: False cancel

McAfee
update: 20201223
version: 6.0.6.653
detected: False cancel

Rising
update: 20201223
version: 25.0.0.26
detected: False cancel

Sophos
update: 20201223
version: 1.0.2.0
detected: False cancel

Yandex
update: 20201221
version: 5.5.2.24
detected: False cancel

Zillya
update: 20201223
version: 2.0.0.4253
detected: False cancel

Acronis
update: 20201023
version: 1.1.1.80
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
update: 20201223
version: 1.0.0.881
detected: False cancel

Cylance
update: 20201223
version: 2.3.1.101
detected: False cancel

Elastic
update: 20201214
version: 4.0.14
detected: False cancel

FireEye
update: 20201223
version: 32.36.1.0
detected: False cancel

Sangfor
update: 20201218
version: 1.0
detected: False cancel

TACHYON
update: 20201218
version: 2020-12-18.01
detected: False cancel

Tencent
update: 20201223
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20201223
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20201223
version: 1.0.0.403
detected: False cancel

eGambit
update: 20201223
detected: False cancel

Ad-Aware
update: 20201223
version: 3.0.16.117
detected: False cancel

Emsisoft
update: 20201223
version: 2018.12.0.1641
detected: False cancel

F-Secure
update: 20201223
version: 12.0.86.52
detected: False cancel

Fortinet
update: 20201223
version: 6.2.142.0
detected: False cancel

Jiangmin
update: 20201223
version: 16.0.100
detected: False cancel

Kingsoft
update: 20201223
version: 2017.9.26.565
detected: False cancel

Paloalto
update: 20201223
version: 1.0
detected: False cancel

Symantec
update: 20201223
version: 1.13.0.0
detected: False cancel

AhnLab-V3
update: 20201223
version: 3.19.3.10105
detected: False cancel

Antiy-AVL
update: 20201223
version: 3.0.0.1
detected: False cancel

Kaspersky
update: 20201223
version: 15.0.1.13
detected: False cancel

MaxSecure
update: 20201212
version: 1.0.0.1
detected: False cancel

Microsoft
update: 20201223
version: 1.1.17700.4
detected: False cancel

Qihoo-360
update: 20201223
version: 1.0.0.1120
detected: False cancel

ZoneAlarm
update: 20201223
version: 1.0
detected: False cancel

Cybereason
update: 20201222
version: 1.2.449
detected: False cancel

ESET-NOD32
update: 20201223
version: 22529
detected: False cancel

Gridinsoft
update: 20201223
version: 1.0.21.111
detected: False cancel

TrendMicro
update: 20201223
version: 11.0.0.1006
detected: False cancel

BitDefender
update: 20201223
version: 7.2
detected: False cancel

CrowdStrike
update: 20190702
version: 1.0
detected: False cancel

K7AntiVirus
update: 20201223
version: 11.157.36042
detected: False cancel

SentinelOne
update: 20201222
version: 4.7.0.66
detected: False cancel

Malwarebytes
update: 20201223
version: 3.6.4.335
detected: False cancel

TotalDefense
update: 20201217
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20201223
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20201223
version: 1.0.146.25255
detected: False cancel

BitDefenderTheta
update: 20201215
version: 7.2.37796.0
detected: False cancel

MicroWorld-eScan
update: 20201223
version: 14.0.409.0
detected: False cancel

SUPERAntiSpyware
update: 20201218
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
update: 20201223
version: v2019.1.2+3728
detected: False cancel

TrendMicro-HouseCall
update: 20201223
version: 10.0.0.1040
detected: False cancel

total
71
sha256
7762ef9487aae77feccb3cec3b84d2ef3208e2105663219391dfa3090888f3f4
scan_id
7762ef9487aae77feccb3cec3b84d2ef3208e2105663219391dfa3090888f3f4-1608745817
resource
7976b11b42c33051a896cf094e66a62c
positives
0
scan_date
2020-12-23 17:50:17
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
19/8/2021 - 23:45:45.465Write4C:\Windows
19/8/2021 - 23:45:45.465Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
19/8/2021 - 23:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26
19/8/2021 - 23:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26TMP000000A2F27954F4B4C5FD26
19/8/2021 - 23:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/8/2021 - 23:45:48.872Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066
19/8/2021 - 23:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066TMP000000A30415A103D3F52066
19/8/2021 - 23:45:48.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
19/8/2021 - 23:45:48.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
19/8/2021 - 23:45:48.872Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
19/8/2021 - 23:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066TMP000000A30415A103D3F52066
19/8/2021 - 23:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/8/2021 - 23:45:48.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
19/8/2021 - 23:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/8/2021 - 23:45:48.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
19/8/2021 - 23:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/8/2021 - 23:45:48.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
19/8/2021 - 23:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/8/2021 - 23:45:48.887Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
19/8/2021 - 23:45:48.918Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26TMP000000A2F27954F4B4C5FD26
19/8/2021 - 23:45:49.481Unknown4C:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/8/2021 - 23:45:49.481Write4C:\Monitor\Files\Logs\File.log
19/8/2021 - 23:45:49.481Unknown4C:\Monitor\Files\Logs\File.log
19/8/2021 - 23:45:52.715Write4C:\Monitor
19/8/2021 - 23:45:53.465Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
19/8/2021 - 23:45:53.465Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
19/8/2021 - 23:45:53.465Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
19/8/2021 - 23:45:53.465Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
19/8/2021 - 23:45:53.481Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
19/8/2021 - 23:45:53.481Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
19/8/2021 - 23:45:53.481Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
19/8/2021 - 23:45:53.481Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
19/8/2021 - 23:45:53.481Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
19/8/2021 - 23:45:53.497Write4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
19/8/2021 - 23:45:53.497Write4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
19/8/2021 - 23:45:53.497Unknown4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
19/8/2021 - 23:45:53.497Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
19/8/2021 - 23:45:53.497Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
19/8/2021 - 23:45:53.497Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
19/8/2021 - 23:45:53.497Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
19/8/2021 - 23:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
19/8/2021 - 23:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
19/8/2021 - 23:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
19/8/2021 - 23:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
19/8/2021 - 23:45:55.497Write4C:\Monitor\Files\Logs\File.log
19/8/2021 - 23:45:55.497Unknown4C:\Monitor\Files\Logs\File.log
19/8/2021 - 23:46:11.481Write4C:\Windows\Temp
19/8/2021 - 23:46:17.450Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
19/8/2021 - 23:46:19.465Write4C:\Windows
19/8/2021 - 23:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
19/8/2021 - 23:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
19/8/2021 - 23:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
19/8/2021 - 23:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
19/8/2021 - 23:46:27.418Write4C:\Windows\System32\config\SYSTEM
19/8/2021 - 23:46:27.418Write4C:\Windows\System32\config\SYSTEM
19/8/2021 - 23:46:27.418Write4C:\Windows\System32\config\SYSTEM
19/8/2021 - 23:46:27.418Write4C:\Windows\System32\config\SYSTEM
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve
19/8/2021 - 23:46:32.418Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
19/8/2021 - 23:46:32.512Write4C:\System Volume Information\Syscache.hve
19/8/2021 - 23:46:35.450Write4C:\Monitor\Files\Logs\File.log
19/8/2021 - 23:46:35.450Unknown4C:\Monitor\Files\Logs\File.log
19/8/2021 - 23:46:55.731Open528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
19/8/2021 - 23:46:55.731Unknown528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
19/8/2021 - 23:47:17.497Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
19/8/2021 - 23:47:27.559Open1864C:\Windows\explorer.exeC:\
19/8/2021 - 23:47:27.559Unknown1864C:\Windows\explorer.exeC:\
19/8/2021 - 23:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot
19/8/2021 - 23:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot
19/8/2021 - 23:47:32.809Unknown1864C:\Windows\explorer.exeC:\Users\Behemot
19/8/2021 - 23:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
19/8/2021 - 23:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
19/8/2021 - 23:47:32.809Unknown1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
19/8/2021 - 23:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes
19/8/2021 - 23:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
19/8/2021 - 23:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:47:35.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
19/8/2021 - 23:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:47:35.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
19/8/2021 - 23:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:47:40.590Read1232C:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Windows Media Player\wmpnetwk.exe
19/8/2021 - 23:47:58.153Open1864C:\Windows\explorer.exeC:\Windows\System32\netprofm.dll
19/8/2021 - 23:47:58.153Open1864C:\Windows\explorer.exeC:\Windows\System32\netprofm.dll
19/8/2021 - 23:47:58.168Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
19/8/2021 - 23:47:58.168Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
19/8/2021 - 23:47:58.450Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\Registry.log
19/8/2021 - 23:47:59.481Read684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
19/8/2021 - 23:48:1.168Write4C:\Monitor\Files\Logs\File.log
19/8/2021 - 23:48:1.168Write4C:\Monitor\Files\Logs\Registry.log
19/8/2021 - 23:48:1.168Unknown4C:\Monitor\Files\Logs\Registry.log
19/8/2021 - 23:48:1.168Unknown4C:\Monitor\Files\Logs\File.log
19/8/2021 - 23:48:3.356Write4C:\Users\Behemot\ntuser.dat.LOG1
19/8/2021 - 23:48:3.356Write4C:\Users\Behemot\ntuser.dat.LOG1
19/8/2021 - 23:48:3.356Write4C:\Users\Behemot\ntuser.dat.LOG1
19/8/2021 - 23:48:3.356Write4C:\Users\Behemot\ntuser.dat.LOG1
19/8/2021 - 23:48:3.356Write4C:\Users\Behemot\NTUSER.DAT
19/8/2021 - 23:48:3.356Write4C:\Users\Behemot\NTUSER.DAT
19/8/2021 - 23:48:3.356Write4C:\Users\Behemot\NTUSER.DAT
19/8/2021 - 23:48:3.356Write4C:\Users\Behemot\NTUSER.DAT
19/8/2021 - 23:48:8.497Write4C:\Users\Behemot
19/8/2021 - 23:48:11.309Open4\Device\HarddiskVolume1\System Volume Information
19/8/2021 - 23:48:11.309Unknown4\Device\HarddiskVolume1\System Volume Information
19/8/2021 - 23:48:13.59Open4C:\System Volume Information
19/8/2021 - 23:48:13.59Open4C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
19/8/2021 - 23:48:13.59Open4C:\System Volume Information\{bcf7d7ec-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
19/8/2021 - 23:48:13.59Open4C:\System Volume Information\{bcf7d7f0-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
19/8/2021 - 23:48:13.59Unknown4C:\System Volume Information
19/8/2021 - 23:48:17.481Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
19/8/2021 - 23:48:25.903Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:48:25.903Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
19/8/2021 - 23:48:25.903Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:48:25.903Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:48:25.903Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
19/8/2021 - 23:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:48:25.903Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
19/8/2021 - 23:48:26.465Write4C:\Monitor\Files\Logs\File.log
19/8/2021 - 23:48:26.465Unknown4C:\Monitor\Files\Logs\File.log
19/8/2021 - 23:48:29.543Write684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
19/8/2021 - 23:48:29.543Write684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
19/8/2021 - 23:48:29.543Write684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
19/8/2021 - 23:48:32.497Write4C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
19/8/2021 - 23:48:32.590Write4C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
19/8/2021 - 23:48:32.590Unknown4C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
19/8/2021 - 23:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
19/8/2021 - 23:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
19/8/2021 - 23:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat
19/8/2021 - 23:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.datcontainer.dat
19/8/2021 - 23:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.dat
19/8/2021 - 23:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.datcontainer.dat
19/8/2021 - 23:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.dat
19/8/2021 - 23:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.datcontainer.dat
19/8/2021 - 23:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.dat
19/8/2021 - 23:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.datcontainer.dat
19/8/2021 - 23:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.dat
19/8/2021 - 23:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.datcontainer.dat
19/8/2021 - 23:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.dat
19/8/2021 - 23:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.datcontainer.dat
19/8/2021 - 23:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.dat
19/8/2021 - 23:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.datcontainer.dat
19/8/2021 - 23:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.dat
19/8/2021 - 23:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.datcontainer.dat
19/8/2021 - 23:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.dat
19/8/2021 - 23:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.datcontainer.dat
19/8/2021 - 23:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.dat
19/8/2021 - 23:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
19/8/2021 - 23:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.dat
19/8/2021 - 23:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.datcontainer.dat
19/8/2021 - 23:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.dat
19/8/2021 - 23:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.datcontainer.dat
19/8/2021 - 23:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
19/8/2021 - 23:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
19/8/2021 - 23:49:20.684Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
19/8/2021 - 23:49:20.731Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
19/8/2021 - 23:49:20.731Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
19/8/2021 - 23:49:20.731Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
19/8/2021 - 23:49:20.825Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
19/8/2021 - 23:49:20.825Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
19/8/2021 - 23:49:20.918Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
19/8/2021 - 23:49:20.918Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
19/8/2021 - 23:49:20.918Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
19/8/2021 - 23:49:20.918Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
19/8/2021 - 23:49:20.918Read1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
19/8/2021 - 23:49:20.965Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
19/8/2021 - 23:49:20.965Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
19/8/2021 - 23:49:20.965Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
19/8/2021 - 23:49:20.965Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
19/8/2021 - 23:49:21.12Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
19/8/2021 - 23:49:21.12Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
19/8/2021 - 23:49:21.59Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
19/8/2021 - 23:49:21.59Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
19/8/2021 - 23:49:21.59Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
19/8/2021 - 23:49:21.59Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
19/8/2021 - 23:49:21.59Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
19/8/2021 - 23:49:21.59Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
19/8/2021 - 23:49:23.684Write4C:\Monitor\Files\Logs\File.log
19/8/2021 - 23:49:23.684Unknown4C:\Monitor\Files\Logs\File.log
19/8/2021 - 23:49:25.872Unknown2360C:\Windows\System32\audiodg.exeC:\Windows
19/8/2021 - 23:49:30.731Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
19/8/2021 - 23:49:30.731Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
19/8/2021 - 23:49:30.731Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
19/8/2021 - 23:49:30.731Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
19/8/2021 - 23:49:30.778Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
19/8/2021 - 23:49:30.778Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
19/8/2021 - 23:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
19/8/2021 - 23:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
19/8/2021 - 23:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
19/8/2021 - 23:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
19/8/2021 - 23:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
19/8/2021 - 23:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
19/8/2021 - 23:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
19/8/2021 - 23:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
19/8/2021 - 23:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
19/8/2021 - 23:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
19/8/2021 - 23:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
19/8/2021 - 23:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
19/8/2021 - 23:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
19/8/2021 - 23:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
19/8/2021 - 23:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
19/8/2021 - 23:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
19/8/2021 - 23:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
19/8/2021 - 23:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
19/8/2021 - 23:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
19/8/2021 - 23:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
19/8/2021 - 23:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
19/8/2021 - 23:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
19/8/2021 - 23:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
19/8/2021 - 23:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users
19/8/2021 - 23:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users
19/8/2021 - 23:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users
19/8/2021 - 23:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users
19/8/2021 - 23:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users
19/8/2021 - 23:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users
19/8/2021 - 23:49:30.825Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
19/8/2021 - 23:49:30.825Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
19/8/2021 - 23:49:30.825Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
19/8/2021 - 23:49:30.825Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
19/8/2021 - 23:49:30.825Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
19/8/2021 - 23:49:30.825Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
19/8/2021 - 23:49:30.825Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
19/8/2021 - 23:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:49:30.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
19/8/2021 - 23:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:49:30.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
19/8/2021 - 23:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:49:31.481Write4C:\Monitor\Files\Logs\File.log
19/8/2021 - 23:49:31.481Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
19/8/2021 - 23:49:31.481Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
19/8/2021 - 23:49:31.481Unknown4C:\Monitor\Files\Logs\File.log
19/8/2021 - 23:49:32.465Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

Process
Trace
19/8/2021 - 23:49:25.872Terminate684C:\Windows\System32\svchost.exe2360C:\Windows\System32\audiodg.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
19/8/2021 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruListCurrentLru
19/8/2021 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectId
19/8/2021 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectLru
19/8/2021 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\1E_ObjectLru_
19/8/2021 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectId
19/8/2021 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectLru
19/8/2021 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3E_ObjectLru_
19/8/2021 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectId
19/8/2021 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectLru
19/8/2021 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3F_ObjectLru_
19/8/2021 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectId
19/8/2021 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectLru
19/8/2021 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\40_ObjectLru_
19/8/2021 - 23:46:23.965Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\22
19/8/2021 - 23:46:23.965Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff00
19/8/2021 - 23:46:23.965Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff01
19/8/2021 - 23:46:23.965Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff02
19/8/2021 - 23:46:23.965Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff03
19/8/2021 - 23:47:58.450Write1864C:\Windows\explorer.exeHKCU\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCacheUIStatus
19/8/2021 - 23:47:58.450Write1864C:\Windows\explorer.exeHKCU\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCacheOnlyMember
19/8/2021 - 23:47:58.450Write1864C:\Windows\explorer.exeHKCU\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCacheModifier
19/8/2021 - 23:47:58.450Write1864C:\Windows\explorer.exeHKCU\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCacheModifierSystem

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 67.50%
suspicious: False cancel

NFS 3.0 (Threshold = 0.75)
confidence: 76.67%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 91.18%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 78.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 69.56%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: False cancel

Add to Collection
Download