Report #12966 check_circle

Binary
DLL
False cancel
Size
85.50KB
trid
41.0% Win32 Executable MS Visual C++
36.3% Win64 Executable
8.6% Win32 Dynamic Link Library
5.9% Win32 Executable
2.6% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
e6e1ee30350a3bf80588835b3e4830b8
sha1
611d75eca9455ec19c8dc5076f20dfd81f4d5d53
crc32
0x542e4c17
sha224
de602b4dbf094099172c98e3b10b4a9cd8af2cbf6d2b7b0cfb16f815
sha256
85ad811cc7cc300f1f28bec99830f478df334d9ba1e5dd3f5cea107e4589154e
sha384
3e052ef94e664e403c134e98102f84ee0aa694d3b20943a17e59778508416c4542e8bd0ba71b6643d391f22e99ff9097
sha512
7b10ccd70db9ae3d1de0b9202df4fe49c98482bc725f4a27896cc4e521342d0ad88c498174034f173fb7f62b18004a66dfdb87c8d817862a1fa9a64272eb81aa
ssdeep
1536:sh+HbLmLW6WzkO28P95Qap9twJWWkA2saaO9WlLbTi+7UjWU+SK:6+2LW6up5PsowJSA20nTf70WU+SK
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
VC8_Microsoft_Corporation, domain, contentis_base64, HasRichSignature, win_mutex, Microsoft_Visual_Cpp_8, Visual_Cpp_2005_Release_Microsoft, HasDebugData, IsPE32, IsWindowsGUI

Suspicious
True check_circle

Imports
msvcrt.dll
memset, _callnewh, ??0exception@@QAE@ABQBDH@Z, __uncaught_exception, fseek, _wfsopen, abort, _wcsdup, __crtLCMapStringW, _wsetlocale, memmove, fflush, memcpy, _CxxThrowException, setlocale, _ismbblead, ungetc, fputwc, fgetwc, _errno, fgetc, __mb_cur_max, ___mb_cur_max_func, calloc, ___lc_codepage_func, ___lc_handle_func, free, ?what@exception@@UBEPBDXZ, ??1bad_cast@@UAE@XZ, ??0bad_cast@@QAE@ABV0@@Z, ??0bad_cast@@QAE@PBD@Z, fclose, _purecall, ??0exception@@QAE@ABQBD@Z, ??_V@YAXPAX@Z, __iob_func, _except_handler4_common, fwrite, _controlfp, ??1type_info@@UAE@XZ, ?terminate@@YAXXZ, _onexit, __dllonexit, _unlock, _lock, _initterm, fgetpos, _fseeki64, __setusermatherr, fsetpos, __p__fmode, _cexit, _exit, exit, __set_app_type, __wgetmainargs, _amsg_exit, __p__commode, _XcptFilter, _vsnprintf_s, ??0exception@@QAE@ABV0@@Z, ??0exception@@QAE@XZ, ??1exception@@UAE@XZ, ??3@YAXPAX@Z, ungetwc, malloc, __pctype_func, setvbuf, memcpy_s, freopen, _vsnwprintf, wprintf, __CxxFrameHandler3
api-ms-win-core-com-l1-1-0.dll
CoCreateFreeThreadedMarshaler, CoWaitForMultipleHandles, CoInitializeEx, CoUninitialize
api-ms-win-core-heap-l1-1-0.dll
HeapFree, GetProcessHeap, HeapAlloc
api-ms-win-core-util-l1-1-0.dll
EncodePointer, DecodePointer
api-ms-win-core-debug-l1-1-0.dll
DebugBreak, IsDebuggerPresent, OutputDebugStringW
api-ms-win-core-synch-l1-1-0.dll
SetEvent, WaitForSingleObjectEx, CreateMutexExW, ReleaseSemaphore, ReleaseSRWLockExclusive, CreateEventExW, InitializeCriticalSectionEx, AcquireSRWLockExclusive, CreateSemaphoreExW, LeaveCriticalSection, OpenSemaphoreW, WaitForSingleObject, ReleaseMutex, DeleteCriticalSection, EnterCriticalSection
api-ms-win-core-synch-l1-2-0.dll
Sleep, InitOnceBeginInitialize, InitOnceComplete
api-ms-win-core-winrt-l1-1-0.dll
RoGetActivationFactory, RoActivateInstance
api-ms-win-core-handle-l1-1-0.dll
CloseHandle
api-ms-win-core-string-l1-1-0.dll
GetStringTypeW, MultiByteToWideChar, CompareStringOrdinal, WideCharToMultiByte
api-ms-win-core-console-l1-2-0.dll
AttachConsole
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0.dll
GetSystemTimeAsFileTime, GetSystemTime, GetTickCount
api-ms-win-core-apiquery-l1-1-0.dll
ApiSetQueryApiSetPresence
api-ms-win-core-registry-l1-1-0.dll
RegCloseKey, RegSetValueExW, RegCreateKeyExW, RegQueryValueExW
api-ms-win-core-timezone-l1-1-0.dll
SystemTimeToFileTime
api-ms-win-appmodel-state-l1-2-0.dll
OpenStateExplicit, GetSystemAppDataKey, CloseState
api-ms-win-core-delayload-l1-1-0.dll
DelayLoadFailureHook
api-ms-win-core-delayload-l1-1-1.dll
ResolveDelayLoadedAPI
api-ms-win-core-localization-l1-2-0.dll
FormatMessageW
api-ms-win-core-winrt-string-l1-1-0.dll
WindowsCreateStringReference, WindowsGetStringRawBuffer, WindowsGetStringLen, WindowsCompareStringOrdinal, WindowsDuplicateString, WindowsSubstring, WindowsDeleteString
api-ms-win-eventing-provider-l1-1-0.dll
EventActivityIdControl, EventWriteTransfer, EventSetInformation, EventRegister, EventUnregister
api-ms-win-core-errorhandling-l1-1-0.dll
SetLastError, RaiseException, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetLastError
api-ms-win-core-libraryloader-l1-2-0.dll
GetModuleHandleW, GetModuleHandleExW, GetProcAddress, GetModuleFileNameA
api-ms-win-core-processthreads-l1-1-0.dll
GetCurrentThreadId, GetCurrentProcessId, TerminateProcess, GetCurrentProcess
Strings
List
AppHostRegistrationVerifier.pdb
Microsoft.Windows.AppModel.AppUriHandlerRegistrationVerifier
Windows.Foundation.Uri
api-ms-win-core-registry-l1-1-0.dll
onecoreuap\base\appmodel\apphostnameregistrationverifier\exe\main.cpp
onecoreuap\base\appmodel\apphostnameregistrationverifier\lib\hostnameverifier.cpp
api-ms-win-core-debug-l1-1-0.dll
AppHostNameRegistrationVerifier.exe [[hostname] [packageFamilyName] [filePath]]
AppHostNameRegistrationVerifier.exe -f
3ntdll.dll
kernelbase.dll
AppHostNameRegistrationVerifier.exe
Local\SM0:%d:%d:%hs
%hs(%u)\%hs!%p:
%hs!%p:
api-ms-win-core-localization-l1-2-0.dll
api-ms-win-core-winrt-l1-1-0.dll
api-ms-win-core-processthreads-l1-1-0.dll
(caller: %p)
no space on device
api-ms-win-core-console-l1-2-0.dll
no such process
resource deadlock would occur
no such device or address
operation in progress
api-ms-win-core-sysinfo-l1-1-0.dll
api-ms-win-core-apiquery-l1-1-0.dll
too many links
too many files open in system
no such device
device or resource busy
file too large
too many files open
value too large
operation canceled
api-ms-win-core-libraryloader-l1-2-0.dll
api-ms-win-core-errorhandling-l1-1-0.dll
api-ms-win-core-string-l1-1-0.dll
https://
api-ms-win-core-timezone-l1-1-0.dll
api-ms-win-core-profile-l1-1-0.dll
api-ms-win-core-delayload-l1-1-1.dll
api-ms-win-core-delayload-l1-1-0.dll
%hs(%d) tid(%x) %08X %ws
api-ms-win-appmodel-state-l1-2-0.dll
api-ms-win-core-util-l1-1-0.dll
api-ms-win-core-synch-l1-2-0.dll
api-ms-win-core-synch-l1-1-0.dll
api-ms-win-core-heap-l1-1-0.dll
api-ms-win-core-winrt-string-l1-1-0.dll
api-ms-win-core-com-l1-1-0.dll
api-ms-win-eventing-provider-l1-1-0.dll
operation not permitted
api-ms-win-core-handle-l1-1-0.dll
ext-ms-win-devmgmt-policy-l1-1-0.dll
network_down
network_reset
host_unreachable
Windows.Web.Http.HttpClient
permission_denied
not_a_socket
CallContext:[%hs]
GetSystemAppDataKey
GetProcAddress
operation_would_block
Web-to-App linking (AppUriHandlers) is disabled in Group Policy.
identifier removed
DisableFromBrowser
disableFromBrowser
operation would block
PSSh
PSSh
IsDebuggerPresent
executable format error
TerminateProcess
HostName
HostName
too many symbolic link levels
VerifyAllInstalled
VerifyAllInstalled
VerifyAllInstalled
VerifyAllInstalled
lstd::exception: %hs
permission denied
GetModuleFileNameA
QueryPerformanceCounter
RegQueryValueExW
GetModuleHandleW
RegSetValueExW
RegCreateKeyExW
host unreachable
Microsoft Corporation. All rights reserved.
network reset
GetTickCount
network down
broken pipe
not a socket
fwrite
Sleep
system

Foremost
Matches
0.exe, 85 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: True check_circle
Suspicious: https://
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: kernelbase.dll, 3ntdll.dll, api-ms-win-core-string-l1-1-0.dll, api-ms-win-core-synch-l1-2-0.dll, api-ms-win-core-localization-l1-2-0.dll, api-ms-win-core-synch-l1-1-0.dll, api-ms-win-core-debug-l1-1-0.dll, api-ms-win-core-handle-l1-1-0.dll, api-ms-win-core-apiquery-l1-1-0.dll, api-ms-win-core-registry-l1-1-0.dll, api-ms-win-core-delayload-l1-1-0.dll, api-ms-win-core-timezone-l1-1-0.dll, api-ms-win-core-processthreads-l1-1-0.dll, api-ms-win-core-winrt-string-l1-1-0.dll, api-ms-win-appmodel-state-l1-2-0.dll, api-ms-win-eventing-provider-l1-1-0.dll, api-ms-win-core-delayload-l1-1-1.dll, api-ms-win-core-console-l1-2-0.dll, msvcrt.dll, api-ms-win-core-winrt-l1-1-0.dll, api-ms-win-core-util-l1-1-0.dll, api-ms-win-core-libraryloader-l1-2-0.dll, api-ms-win-core-heap-l1-1-0.dll, ext-ms-win-devmgmt-policy-l1-1-0.dll, api-ms-win-core-com-l1-1-0.dll, api-ms-win-core-profile-l1-1-0.dll, api-ms-win-core-errorhandling-l1-1-0.dll, api-ms-win-core-sysinfo-l1-1-0.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 14336
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 8192
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 104324
Suspicous: False cancel

Sections
Allowed: .text, .data, .idata, .didat, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 10
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 10
Linker
Version: 14.20
Suspicious: False cancel
Subsystem
Version: 10.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 64896
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: kernelbase.dll, api-ms-win-core-string-l1-1-0.dll, api-ms-win-core-synch-l1-2-0.dll, api-ms-win-core-localization-l1-2-0.dll, api-ms-win-core-synch-l1-1-0.dll, api-ms-win-core-debug-l1-1-0.dll, api-ms-win-core-handle-l1-1-0.dll, api-ms-win-core-apiquery-l1-1-0.dll, api-ms-win-core-registry-l1-1-0.dll, api-ms-win-core-delayload-l1-1-0.dll, api-ms-win-core-timezone-l1-1-0.dll, api-ms-win-core-processthreads-l1-1-0.dll, api-ms-win-core-winrt-string-l1-1-0.dll, api-ms-win-eventing-provider-l1-1-0.dll, api-ms-win-core-delayload-l1-1-1.dll, msvcrt.dll, api-ms-win-core-winrt-l1-1-0.dll, api-ms-win-core-util-l1-1-0.dll, api-ms-win-core-heap-l1-1-0.dll, api-ms-win-core-com-l1-1-0.dll, api-ms-win-core-profile-l1-1-0.dll, api-ms-win-core-errorhandling-l1-1-0.dll, api-ms-win-core-sysinfo-l1-1-0.dll
hasLibs: True check_circle
Suspicious: 3ntdll.dll, api-ms-win-appmodel-state-l1-2-0.dll, api-ms-win-core-console-l1-2-0.dll, api-ms-win-core-libraryloader-l1-2-0.dll, ext-ms-win-devmgmt-policy-l1-1-0.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2037-08-05 08:02:48
Future: True check_circle

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 9

pushpopmath
.text: 7
.reloc: 3

garbagebytes
.text: 5

hookdetection
.reloc: 2

stealthimport
.text: 1
.idata: 1

programcontrolflowchange
.text: 5

cpuinstructionsresultscomparison
.idata: 1

AVclass
None
1
VirusTotal
md5
e6e1ee30350a3bf80588835b3e4830b8
sha1
611d75eca9455ec19c8dc5076f20dfd81f4d5d53
SCANS (DETECTION RATE = 0.00%)
CMC
update: 20210624
version: 2.10.2019.1
detected: False cancel

MAX
update: 20210727
version: 2019.9.16.1
detected: False cancel

APEX
update: 20210725
version: 6.190
detected: False cancel

Bkav
update: 20210726
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20210727
version: 11.198.37828
detected: False cancel

ALYac
update: 20210727
version: 1.1.3.1
detected: False cancel

Avast
update: 20210727
version: 21.1.5827.0
detected: False cancel

Avira
update: 20210727
version: 8.3.3.12
detected: False cancel

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
update: 20210727
version: 4.0.0.27
detected: False cancel

Cyren
update: 20210727
version: 6.3.0.2
detected: False cancel

DrWeb
update: 20210727
version: 7.0.49.9080
detected: False cancel

GData
update: 20210727
version: A:25.30405B:27.23870
detected: False cancel

Panda
update: 20210726
version: 4.6.4.2
detected: False cancel

VBA32
update: 20210726
version: 5.0.0
detected: False cancel

VIPRE
update: 20210727
version: 94300
detected: False cancel

Zoner
update: 20210726
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20210726
version: 0.103.3.0
detected: False cancel

Comodo
update: 20210727
version: 33748
detected: False cancel

Ikarus
update: 20210727
version: 0.1.5.2
detected: False cancel

Lionic
update: 20210727
version: 4.2
detected: False cancel

McAfee
update: 20210727
version: 6.0.6.653
detected: False cancel

Rising
update: 20210727
version: 25.0.0.26
detected: False cancel

Sophos
update: 20210727
version: 1.3.0.0
detected: False cancel

Yandex
update: 20210727
version: 5.5.2.24
detected: False cancel

Zillya
update: 20210724
version: 2.0.0.4415
detected: False cancel

Acronis
update: 20210512
version: 1.1.1.82
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
update: 20210727
version: 1.0.0.886
detected: False cancel

Cylance
update: 20210727
version: 2.3.1.101
detected: False cancel

Elastic
update: 20210710
version: 4.0.25
detected: False cancel

FireEye
update: 20210727
version: 32.44.1.0
detected: False cancel

Sangfor
update: 20210625
version: 2.9.0.0
detected: False cancel

TACHYON
update: 20210727
version: 2021-07-27.02
detected: False cancel

Tencent
update: 20210727
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20210727
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20210727
version: 1.0.0.403
detected: False cancel

eGambit
update: 20210727
detected: False cancel

Ad-Aware
update: 20210727
version: 3.0.21.179
detected: False cancel

Emsisoft
update: 20210727
version: 2018.12.0.1641
detected: False cancel

F-Secure
update: 20210727
version: 12.0.86.52
detected: False cancel

Fortinet
update: 20210727
version: 6.2.142.0
detected: False cancel

Jiangmin
update: 20210726
version: 16.0.100
detected: False cancel

Paloalto
update: 20210727
version: 1.0
detected: False cancel

Symantec
update: 20210727
version: 1.15.0.0
detected: False cancel

AhnLab-V3
update: 20210727
version: 3.20.4.10148
detected: False cancel

Antiy-AVL
update: 20210727
version: 3.0.0.1
detected: False cancel

Kaspersky
update: 20210727
version: 21.0.1.45
detected: False cancel

MaxSecure
update: 20210722
version: 1.0.0.1
detected: False cancel

Microsoft
update: 20210727
version: 1.1.18400.4
detected: False cancel

Qihoo-360
update: 20210727
version: 1.0.0.1300
detected: False cancel

ZoneAlarm
update: 20210727
version: 1.0
detected: False cancel

Cybereason
update: 20210330
version: 1.2.449
detected: False cancel

ESET-NOD32
update: 20210727
version: 23692
detected: False cancel

TrendMicro
update: 20210727
version: 11.0.0.1006
detected: False cancel

BitDefender
update: 20210727
version: 7.2
detected: False cancel

CrowdStrike
update: 20210203
version: 1.0
detected: False cancel

K7AntiVirus
update: 20210727
version: 11.198.37828
detected: False cancel

SentinelOne
update: 20210703
version: 5.2.0.9
detected: False cancel

Malwarebytes
update: 20210727
version: 4.2.2.27
detected: False cancel

CAT-QuickHeal
update: 20210727
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20210727
version: 1.0.146.25311
detected: False cancel

BitDefenderTheta
update: 20210721
version: 7.2.37796.0
detected: False cancel

MicroWorld-eScan
update: 20210727
version: 14.0.409.0
detected: False cancel

SUPERAntiSpyware
update: 20210724
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
update: 20210727
version: v2019.1.2+3728
detected: False cancel

TrendMicro-HouseCall
update: 20210727
version: 10.0.0.1040
detected: False cancel

total
67
sha256
85ad811cc7cc300f1f28bec99830f478df334d9ba1e5dd3f5cea107e4589154e
scan_id
85ad811cc7cc300f1f28bec99830f478df334d9ba1e5dd3f5cea107e4589154e-1627377007
resource
e6e1ee30350a3bf80588835b3e4830b8
positives
0
scan_date
2021-07-27 09:10:07
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
19/8/2021 - 23:45:43.481Unknown4C:\Users\Behemot\Desktop\desktop.ini
19/8/2021 - 23:45:43.481Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
19/8/2021 - 23:45:47.465Write4C:\Windows
19/8/2021 - 23:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26
19/8/2021 - 23:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26TMP000000A2F27954F4B4C5FD26
19/8/2021 - 23:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066
19/8/2021 - 23:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066TMP000000A30415A103D3F52066
19/8/2021 - 23:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
19/8/2021 - 23:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
19/8/2021 - 23:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
19/8/2021 - 23:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066TMP000000A30415A103D3F52066
19/8/2021 - 23:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
19/8/2021 - 23:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/8/2021 - 23:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26TMP000000A2F27954F4B4C5FD26
19/8/2021 - 23:45:48.872Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
19/8/2021 - 23:45:49.481Unknown4C:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/8/2021 - 23:45:49.481Write4C:\Monitor\Files\Logs\File.log
19/8/2021 - 23:45:49.481Unknown4C:\Monitor\Files\Logs\File.log
19/8/2021 - 23:45:53.309Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
19/8/2021 - 23:45:53.309Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
19/8/2021 - 23:45:53.309Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
19/8/2021 - 23:45:53.309Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
19/8/2021 - 23:45:53.325Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
19/8/2021 - 23:45:53.325Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
19/8/2021 - 23:45:53.325Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
19/8/2021 - 23:45:53.325Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
19/8/2021 - 23:45:53.325Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
19/8/2021 - 23:45:53.481Write4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
19/8/2021 - 23:45:53.481Write4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
19/8/2021 - 23:45:53.481Unknown4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
19/8/2021 - 23:45:53.481Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
19/8/2021 - 23:45:53.481Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
19/8/2021 - 23:45:53.481Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
19/8/2021 - 23:45:53.481Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
19/8/2021 - 23:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
19/8/2021 - 23:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
19/8/2021 - 23:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
19/8/2021 - 23:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
19/8/2021 - 23:45:55.497Write4C:\Monitor\Files\Logs\File.log
19/8/2021 - 23:45:55.497Unknown4C:\Monitor\Files\Logs\File.log
19/8/2021 - 23:45:59.481Write4C:\Monitor
19/8/2021 - 23:46:11.465Write4C:\Windows\Temp
19/8/2021 - 23:46:17.497Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
19/8/2021 - 23:46:18.465Write4C:\Windows
19/8/2021 - 23:46:19.465Write4C:\Windows
19/8/2021 - 23:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
19/8/2021 - 23:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
19/8/2021 - 23:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
19/8/2021 - 23:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
19/8/2021 - 23:46:27.418Write4C:\Windows\System32\config\SYSTEM
19/8/2021 - 23:46:27.418Write4C:\Windows\System32\config\SYSTEM
19/8/2021 - 23:46:27.418Write4C:\Windows\System32\config\SYSTEM
19/8/2021 - 23:46:27.418Write4C:\Windows\System32\config\SYSTEM
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve
19/8/2021 - 23:46:32.418Write4C:\System Volume Information\Syscache.hve
19/8/2021 - 23:46:32.418Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
19/8/2021 - 23:46:32.497Write4C:\System Volume Information\Syscache.hve
19/8/2021 - 23:46:35.450Write4C:\Monitor\Files\Logs\File.log
19/8/2021 - 23:46:35.450Unknown4C:\Monitor\Files\Logs\File.log
19/8/2021 - 23:46:55.731Open528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
19/8/2021 - 23:46:55.731Unknown528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
19/8/2021 - 23:47:17.481Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
19/8/2021 - 23:47:27.559Open1864C:\Windows\explorer.exeC:\
19/8/2021 - 23:47:27.559Unknown1864C:\Windows\explorer.exeC:\
19/8/2021 - 23:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot
19/8/2021 - 23:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot
19/8/2021 - 23:47:32.809Unknown1864C:\Windows\explorer.exeC:\Users\Behemot
19/8/2021 - 23:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
19/8/2021 - 23:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
19/8/2021 - 23:47:32.809Unknown1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
19/8/2021 - 23:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes
19/8/2021 - 23:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
19/8/2021 - 23:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:47:35.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
19/8/2021 - 23:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:47:35.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
19/8/2021 - 23:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:47:40.684Read1232C:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Windows Media Player\wmpnetwk.exe
19/8/2021 - 23:47:40.684Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
19/8/2021 - 23:47:40.684Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
19/8/2021 - 23:47:43.715Write4C:\Monitor\Files\Logs\File.log
19/8/2021 - 23:47:43.715Unknown4C:\Monitor\Files\Logs\File.log
19/8/2021 - 23:48:11.309Open4\Device\HarddiskVolume1\System Volume Information
19/8/2021 - 23:48:11.309Unknown4\Device\HarddiskVolume1\System Volume Information
19/8/2021 - 23:48:13.59Open4C:\System Volume Information
19/8/2021 - 23:48:13.59Open4C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
19/8/2021 - 23:48:13.59Open4C:\System Volume Information\{bcf7d7ec-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
19/8/2021 - 23:48:13.59Open4C:\System Volume Information\{bcf7d7f0-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
19/8/2021 - 23:48:13.59Unknown4C:\System Volume Information
19/8/2021 - 23:48:17.481Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
19/8/2021 - 23:48:25.903Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:48:25.903Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
19/8/2021 - 23:48:25.903Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:48:25.903Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:48:25.903Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
19/8/2021 - 23:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
19/8/2021 - 23:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
19/8/2021 - 23:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat
19/8/2021 - 23:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.datcontainer.dat
19/8/2021 - 23:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.dat
19/8/2021 - 23:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.datcontainer.dat
19/8/2021 - 23:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.dat
19/8/2021 - 23:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.datcontainer.dat
19/8/2021 - 23:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.dat
19/8/2021 - 23:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.datcontainer.dat
19/8/2021 - 23:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.dat
19/8/2021 - 23:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.datcontainer.dat
19/8/2021 - 23:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.dat
19/8/2021 - 23:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.datcontainer.dat
19/8/2021 - 23:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.dat
19/8/2021 - 23:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.datcontainer.dat
19/8/2021 - 23:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.dat
19/8/2021 - 23:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.datcontainer.dat
19/8/2021 - 23:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.dat
19/8/2021 - 23:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.datcontainer.dat
19/8/2021 - 23:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.dat
19/8/2021 - 23:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
19/8/2021 - 23:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.dat
19/8/2021 - 23:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.datcontainer.dat
19/8/2021 - 23:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.dat
19/8/2021 - 23:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.datcontainer.dat
19/8/2021 - 23:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
19/8/2021 - 23:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
19/8/2021 - 23:49:20.700Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
19/8/2021 - 23:49:20.700Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
19/8/2021 - 23:49:20.747Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
19/8/2021 - 23:49:20.747Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
19/8/2021 - 23:49:20.840Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
19/8/2021 - 23:49:20.840Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
19/8/2021 - 23:49:20.934Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
19/8/2021 - 23:49:20.934Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
19/8/2021 - 23:49:20.934Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
19/8/2021 - 23:49:20.934Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
19/8/2021 - 23:49:20.934Read1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
19/8/2021 - 23:49:20.981Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
19/8/2021 - 23:49:20.981Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
19/8/2021 - 23:49:20.981Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
19/8/2021 - 23:49:20.981Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
19/8/2021 - 23:49:21.28Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
19/8/2021 - 23:49:21.28Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
19/8/2021 - 23:49:21.75Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
19/8/2021 - 23:49:21.75Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
19/8/2021 - 23:49:21.75Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
19/8/2021 - 23:49:21.75Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
19/8/2021 - 23:49:21.75Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
19/8/2021 - 23:49:21.75Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
19/8/2021 - 23:49:21.75Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
19/8/2021 - 23:49:23.700Write4C:\Monitor\Files\Logs\File.log
19/8/2021 - 23:49:23.700Unknown4C:\Monitor\Files\Logs\File.log
19/8/2021 - 23:49:25.872Unknown2360C:\Windows\System32\audiodg.exeC:\Windows
19/8/2021 - 23:49:30.778Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
19/8/2021 - 23:49:30.778Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
19/8/2021 - 23:49:30.825Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
19/8/2021 - 23:49:30.825Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
19/8/2021 - 23:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:49:30.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
19/8/2021 - 23:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:49:30.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
19/8/2021 - 23:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
19/8/2021 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
19/8/2021 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
19/8/2021 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
19/8/2021 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
19/8/2021 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
19/8/2021 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
19/8/2021 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
19/8/2021 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
19/8/2021 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
19/8/2021 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
19/8/2021 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
19/8/2021 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
19/8/2021 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
19/8/2021 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
19/8/2021 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
19/8/2021 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
19/8/2021 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
19/8/2021 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
19/8/2021 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
19/8/2021 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
19/8/2021 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
19/8/2021 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
19/8/2021 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
19/8/2021 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users
19/8/2021 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users
19/8/2021 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users
19/8/2021 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users
19/8/2021 - 23:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users
19/8/2021 - 23:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users
19/8/2021 - 23:49:30.872Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
19/8/2021 - 23:49:30.872Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
19/8/2021 - 23:49:30.887Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
19/8/2021 - 23:49:30.887Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
19/8/2021 - 23:49:30.887Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
19/8/2021 - 23:49:30.887Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
19/8/2021 - 23:49:30.887Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
19/8/2021 - 23:49:30.887Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
19/8/2021 - 23:49:31.497Write4C:\Monitor\Files\Logs\File.log
19/8/2021 - 23:49:31.497Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
19/8/2021 - 23:49:31.497Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
19/8/2021 - 23:49:31.497Unknown4C:\Monitor\Files\Logs\File.log
19/8/2021 - 23:49:32.481Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

Process
Trace
19/8/2021 - 23:49:25.872Terminate684C:\Windows\System32\svchost.exe2360C:\Windows\System32\audiodg.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
19/8/2021 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruListCurrentLru
19/8/2021 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectId
19/8/2021 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectLru
19/8/2021 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\1E_ObjectLru_
19/8/2021 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectId
19/8/2021 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectLru
19/8/2021 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3E_ObjectLru_
19/8/2021 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectId
19/8/2021 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectLru
19/8/2021 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3F_ObjectLru_
19/8/2021 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectId
19/8/2021 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectLru
19/8/2021 - 23:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\40_ObjectLru_
19/8/2021 - 23:46:23.778Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\22
19/8/2021 - 23:46:23.778Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff00
19/8/2021 - 23:46:23.778Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff01
19/8/2021 - 23:46:23.778Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff02
19/8/2021 - 23:46:23.778Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff03

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 90.00%
suspicious: False cancel

NFS 3.0 (Threshold = 0.75)
confidence: 76.67%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 92.36%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 83.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 56.12%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: False cancel

Add to Collection
Download