Report #13127 check_circle

  • Creation Date: Aug. 20, 2021, 1:24 a.m.
  • Last Update: Aug. 20, 2021, 3:22 a.m.
  • File: efsui.exe
  • Results:
Binary
DLL
False cancel
Size
12.00KB
trid
41.0% Win32 Executable MS Visual C++
36.3% Win64 Executable
8.6% Win32 Dynamic Link Library
5.9% Win32 Executable
2.6% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
8fe2a7847ab90e6e150b6b4e4c247927
sha1
8a417b125d22cd6e75edd8f16c82cb2adb4ede3b
crc32
0xa3ac51f6
sha224
f7491311fc01451b2c12b8dd9903ddffc81e467ca3bb8ff7c6c57e38
sha256
15d3d82211fe83fee501d2efacd0168301ce73dcb7cc08f1ca7bc2ee94a61fc7
sha384
ab31fd5e2472fac68316a6a94a2632a06087e46daa8e3c8e11a1fcabbd414141755053168994e4c29dfe7eb7bf6654e3
sha512
18faaa7eed78e6503f90041b65b8c7b9c57a2ca800a9ba4ae59a42b9d5c1f92c13246a34266d18a7fdcd1a646b921163e0e1354815f74455bcc210289e0fcad1
ssdeep
192:Qgeajd/FlC6t7V/TGjJKgDIjoBbqZ2kTBWSDRWqfd:tTZFlC6xp8JKjMgZxTBWSDRWqf
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, contentis_base64, IP, url, HasRichSignature, win_mutex, HasDebugData, maldoc_find_kernel32_base_method_1, win_token, IsPE32, IsWindowsGUI

Suspicious
True check_circle

Imports
ntdll.dll
RtlImageNtHeader
EFSADU.dll
EfsUIUtilEncryptMyDocuments, EfsUIUtilInstallDra, EfsUIUtilSelectCard, EfsUIUtilShowBalloonAndWait, EfsUIUtilPromptForPin, EfsUIUtilEnrollEfsCertificate, EfsUIUtilKeyBackup
msvcrt.dll
_amsg_exit, _XcptFilter, _vsnwprintf, _except_handler4_common, _controlfp, ?terminate@@YAXXZ, _acmdln, _initterm, __setusermatherr, _wcsicmp, _ismbblead, __p__fmode, __getmainargs, __set_app_type, exit, _exit, _cexit, __p__commode
CRYPT32.dll
CryptBinaryToStringW, CryptStringToBinaryW, CertFreeCertificateContext
EFSUTIL.dll
EfsUtilGetCurrentKey
SHELL32.dll
CommandLineToArgvW
ADVAPI32.dll
GetTokenInformation, ConvertSidToStringSidW, OpenProcessToken
KERNEL32.dll
LocalFree, CreateMutexW, CloseHandle, GetCurrentProcess, GetCommandLineW, GetLastError, LocalAlloc
api-ms-win-core-synch-l1-2-0.dll
Sleep
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0.dll
GetSystemTimeAsFileTime, GetTickCount
api-ms-win-core-errorhandling-l1-1-0.dll
UnhandledExceptionFilter, SetUnhandledExceptionFilter
api-ms-win-core-libraryloader-l1-2-0.dll
GetModuleHandleW
api-ms-win-core-processthreads-l1-1-0.dll
GetCurrentThreadId, GetCurrentProcessId, GetStartupInfoW, TerminateProcess
Strings
List
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
efsui.pdb
CRYPT32.dll
EFSUTIL.dll
EFSADU.dll
ntdll.dll
efsui.exe
name="Microsoft.Windows.EFS.EFSUI"
api-ms-win-core-processthreads-l1-1-0.dll
api-ms-win-core-sysinfo-l1-1-0.dll
api-ms-win-core-libraryloader-l1-2-0.dll
api-ms-win-core-errorhandling-l1-1-0.dll
api-ms-win-core-profile-l1-1-0.dll
api-ms-win-core-synch-l1-2-0.dll
_wcsicmp
<requestedPrivileges>
/keybackup
/installdra
_acmdln
OpenProcessToken
TerminateProcess
CreateMutexW
GetModuleHandleW
QueryPerformanceCounter
/certhash
Microsoft Corporation. All rights reserved.
/encryptmydocs
GetTickCount
Sleep
Local\{A55C3BEE-5BFF-4c61-8833-39CD46D49BC7}
<requestedExecutionLevel
10.0.19041.1 (WinBuild.160101.0800)
version="5.1.0.0"
__p__commode
type="win32"
_initterm
__p__fmode
10.0.19041.1
/selectcard
_ismbblead
.CRT$XIAA
.CRT$XCAA
<assemblyIdentity
__setusermatherr
/pinprompt
_controlfp
__set_app_type
_amsg_exit
<dpiAware>true</dpiAware>
__getmainargs
_XcptFilter
_vsnwprintf
.rdata$brc
uiAccess="false"
?terminate@@YAXXZ
level="asInvoker"
Microsoft
Microsoft Corporation
</assembly>
.CRT$XIY
CompanyName
ProductName
/setkey
FileVersion
StringFileInfo
InternalName
FileDescription
OriginalFilename
VarFileInfo
Translation
`.data
_cexit
_exit
.gfids
@.rsrc
efsui
/efs
<security>
Rich
540@
501@
%s-%u-%s
</security>
RSDS
GCTL
Windows
!This program cannot be run in DOS mode.
VS_VERSION_INFO
processorArchitecture="x86"
<!-- Copyright (c) Microsoft Corporation -->
</asmv3:windowsSettings>
_except_handler4_common
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<description>EFS UI Application</description>
<asmv3:application>
</asmv3:application>
</requestedPrivileges>
LegalCopyright
SHELL32.dll
Operating System

Foremost
Matches
0.exe, 12 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed: http://schemas.microsoft.com/smi/2005/windowssettings
hasURLs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Files
Allowed: SHELL32.dll, EFSUTIL.dll, ntdll.dll, api-ms-win-core-processthreads-l1-1-0.dll, EFSADU.dll, CRYPT32.dll, KERNEL32.dll, msvcrt.dll, api-ms-win-core-synch-l1-2-0.dll, api-ms-win-core-libraryloader-l1-2-0.dll, api-ms-win-core-profile-l1-1-0.dll, ADVAPI32.dll, api-ms-win-core-errorhandling-l1-1-0.dll, api-ms-win-core-sysinfo-l1-1-0.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 6144
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 32768
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 45386
Suspicous: False cancel

Sections
Allowed: .text, .data, .idata, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 10
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 10
Linker
Version: 14.20
Suspicious: False cancel
Subsystem
Version: 10.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 7616
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: shell32.dll, efsutil.dll, ntdll.dll, api-ms-win-core-processthreads-l1-1-0.dll, efsadu.dll, crypt32.dll, kernel32.dll, msvcrt.dll, api-ms-win-core-synch-l1-2-0.dll, api-ms-win-core-profile-l1-1-0.dll, advapi32.dll, api-ms-win-core-errorhandling-l1-1-0.dll, api-ms-win-core-sysinfo-l1-1-0.dll
hasLibs: True check_circle
Suspicious: api-ms-win-core-libraryloader-l1-2-0.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2032-02-12 02:54:32
Future: True check_circle

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
ldr
.text: 1

pushret
.text: 1

garbagebytes
.text: 1

programcontrolflowchange
.text: 1

AVclass
None
1
VirusTotal
md5
8fe2a7847ab90e6e150b6b4e4c247927
sha1
8a417b125d22cd6e75edd8f16c82cb2adb4ede3b
SCANS (DETECTION RATE = 0.00%)
CMC
update: 20210624
version: 2.10.2019.1
detected: False cancel

MAX
update: 20210711
version: 2019.9.16.1
detected: False cancel

APEX
update: 20210710
version: 6.185
detected: False cancel

Bkav
update: 20210710
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20210711
version: 11.192.37694
detected: False cancel

ALYac
update: 20210711
version: 1.1.3.1
detected: False cancel

Avast
update: 20210711
version: 21.1.5827.0
detected: False cancel

Avira
update: 20210711
version: 8.3.3.12
detected: False cancel

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
update: 20210711
version: 4.0.0.27
detected: False cancel

Cyren
update: 20210711
version: 6.3.0.2
detected: False cancel

DrWeb
update: 20210711
version: 7.0.49.9080
detected: False cancel

GData
update: 20210711
version: A:25.30240B:27.23675
detected: False cancel

Panda
update: 20210710
version: 4.6.4.2
detected: False cancel

VBA32
update: 20210709
version: 5.0.0
detected: False cancel

VIPRE
update: 20210711
version: 93916
detected: False cancel

Zoner
update: 20210710
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20210710
version: 0.103.3.0
detected: False cancel

Comodo
update: 20210710
version: 33699
detected: False cancel

Ikarus
update: 20210710
version: 0.1.5.2
detected: False cancel

Lionic
update: 20210711
version: 4.2
detected: False cancel

McAfee
update: 20210711
version: 6.0.6.653
detected: False cancel

Rising
update: 20210711
version: 25.0.0.26
detected: False cancel

Sophos
update: 20210710
version: 1.3.0.0
detected: False cancel

Yandex
update: 20210709
version: 5.5.2.24
detected: False cancel

Zillya
update: 20210709
version: 2.0.0.4405
detected: False cancel

Acronis
update: 20210512
version: 1.1.1.82
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
update: 20210711
version: 1.0.0.886
detected: False cancel

Cylance
update: 20210711
version: 2.3.1.101
detected: False cancel

Elastic
update: 20210710
version: 4.0.25
detected: False cancel

FireEye
update: 20210711
version: 32.44.1.0
detected: False cancel

Sangfor
update: 20210625
version: 2.9.0.0
detected: False cancel

TACHYON
update: 20210710
version: 2021-07-10.02
detected: False cancel

Tencent
update: 20210711
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20210710
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20210711
version: 1.0.0.403
detected: False cancel

Ad-Aware
update: 20210711
version: 3.0.21.179
detected: False cancel

Emsisoft
update: 20210711
version: 2018.12.0.1641
detected: False cancel

F-Secure
update: 20210711
version: 12.0.86.52
detected: False cancel

Fortinet
update: 20210711
version: 6.2.142.0
detected: False cancel

Jiangmin
update: 20210710
version: 16.0.100
detected: False cancel

Kingsoft
update: 20210711
version: 2017.9.26.565
detected: False cancel

Paloalto
update: 20210711
version: 1.0
detected: False cancel

Symantec
update: 20210710
version: 1.15.0.0
detected: False cancel

AhnLab-V3
update: 20210711
version: 3.20.3.10145
detected: False cancel

Antiy-AVL
update: 20210711
version: 3.0.0.1
detected: False cancel

Kaspersky
update: 20210711
version: 21.0.1.45
detected: False cancel

MaxSecure
update: 20210710
version: 1.0.0.1
detected: False cancel

Microsoft
update: 20210711
version: 1.1.18300.4
detected: False cancel

Qihoo-360
update: 20210711
version: 1.0.0.1300
detected: False cancel

ZoneAlarm
update: 20210711
version: 1.0
detected: False cancel

Cybereason
update: 20210330
version: 1.2.449
detected: False cancel

ESET-NOD32
update: 20210710
version: 23605
detected: False cancel

Gridinsoft
update: 20210711
version: 1.0.47.140
detected: False cancel

TrendMicro
update: 20210711
version: 11.0.0.1006
detected: False cancel

BitDefender
update: 20210711
version: 7.2
detected: False cancel

CrowdStrike
update: 20210203
version: 1.0
detected: False cancel

K7AntiVirus
update: 20210710
version: 11.192.37693
detected: False cancel

SentinelOne
update: 20210703
version: 5.2.0.9
detected: False cancel

Malwarebytes
update: 20210710
version: 4.2.2.27
detected: False cancel

CAT-QuickHeal
update: 20210710
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20210711
version: 1.0.146.25311
detected: False cancel

BitDefenderTheta
update: 20210702
version: 7.2.37796.0
detected: False cancel

MicroWorld-eScan
update: 20210711
version: 14.0.409.0
detected: False cancel

SUPERAntiSpyware
update: 20210710
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
update: 20210711
version: v2019.1.2+3728
detected: False cancel

TrendMicro-HouseCall
update: 20210711
version: 10.0.0.1040
detected: False cancel

total
68
sha256
15d3d82211fe83fee501d2efacd0168301ce73dcb7cc08f1ca7bc2ee94a61fc7
scan_id
15d3d82211fe83fee501d2efacd0168301ce73dcb7cc08f1ca7bc2ee94a61fc7-1625979606
resource
8fe2a7847ab90e6e150b6b4e4c247927
positives
0
scan_date
2021-07-11 05:00:06
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
20/8/2021 - 2:45:45.481Unknown4C:\Users\Behemot\Desktop\desktop.ini
20/8/2021 - 2:45:45.481Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 2:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 2:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 2:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 2:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 2:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 2:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 2:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 2:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 2:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 2:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 2:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26
20/8/2021 - 2:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26TMP000000A2F27954F4B4C5FD26
20/8/2021 - 2:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 2:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 2:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 2:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 2:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 2:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 2:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066
20/8/2021 - 2:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066TMP000000A30415A103D3F52066
20/8/2021 - 2:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
20/8/2021 - 2:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
20/8/2021 - 2:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
20/8/2021 - 2:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066TMP000000A30415A103D3F52066
20/8/2021 - 2:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 2:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 2:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 2:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 2:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 2:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 2:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 2:45:48.856Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 2:45:48.903Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26TMP000000A2F27954F4B4C5FD26
20/8/2021 - 2:45:49.465Unknown4C:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 2:45:49.465Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 2:45:49.465Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 2:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
20/8/2021 - 2:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
20/8/2021 - 2:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
20/8/2021 - 2:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
20/8/2021 - 2:45:54.137Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 2:45:54.137Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 2:45:54.137Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 2:45:54.137Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 2:45:54.153Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 2:45:54.153Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 2:45:54.153Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 2:45:54.153Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 2:45:54.153Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 2:45:55.481Write4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 2:45:55.481Write4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 2:45:55.481Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 2:45:55.481Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 2:45:55.481Unknown4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 2:45:55.481Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 2:45:55.481Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 2:45:57.497Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 2:45:57.497Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 2:45:59.497Write4C:\Monitor
20/8/2021 - 2:45:59.543Write684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\System.evtx
20/8/2021 - 2:45:59.543Write684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\System.evtx
20/8/2021 - 2:45:59.543Write684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\Security.evtx
20/8/2021 - 2:45:59.543Write684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\Security.evtx
20/8/2021 - 2:46:1.497Write4C:\Windows\System32\winevt\Logs\System.evtx
20/8/2021 - 2:46:1.497Write4C:\Windows\System32\winevt\Logs\Security.evtx
20/8/2021 - 2:46:3.497Write4C:\Windows\System32\winevt\Logs\System.evtx
20/8/2021 - 2:46:3.497Write4C:\Windows\System32\winevt\Logs\Security.evtx
20/8/2021 - 2:46:3.497Unknown4C:\Windows\System32\winevt\Logs\System.evtx
20/8/2021 - 2:46:3.497Unknown4C:\Windows\System32\winevt\Logs\Security.evtx
20/8/2021 - 2:46:11.481Write4C:\Windows\Temp
20/8/2021 - 2:46:11.481Write4C:\Windows
20/8/2021 - 2:46:17.465Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
20/8/2021 - 2:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 2:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 2:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 2:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 2:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 2:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 2:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 2:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 2:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 2:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 2:46:27.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 2:46:27.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 2:46:27.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 2:46:27.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 2:46:27.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 2:46:27.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 2:46:27.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 2:46:27.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 2:46:27.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 2:46:27.418Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 2:46:27.512Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 2:46:30.418Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 2:46:30.418Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 2:46:37.512Write4C:\Windows\System32\config\SYSTEM.LOG1
20/8/2021 - 2:46:37.512Write4C:\Windows\System32\config\SYSTEM.LOG1
20/8/2021 - 2:46:37.512Write4C:\Windows\System32\config\SYSTEM.LOG1
20/8/2021 - 2:46:37.512Write4C:\Windows\System32\config\SYSTEM.LOG1
20/8/2021 - 2:46:37.512Write4C:\Windows\System32\config\SYSTEM
20/8/2021 - 2:46:37.512Write4C:\Windows\System32\config\SYSTEM
20/8/2021 - 2:46:37.512Write4C:\Windows\System32\config\SYSTEM
20/8/2021 - 2:46:37.512Write4C:\Windows\System32\config\SYSTEM
20/8/2021 - 2:46:55.747Open528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
20/8/2021 - 2:46:55.747Unknown528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
20/8/2021 - 2:47:17.465Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
20/8/2021 - 2:47:27.559Open1864C:\Windows\explorer.exeC:\
20/8/2021 - 2:47:27.559Unknown1864C:\Windows\explorer.exeC:\
20/8/2021 - 2:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot
20/8/2021 - 2:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot
20/8/2021 - 2:47:32.809Unknown1864C:\Windows\explorer.exeC:\Users\Behemot
20/8/2021 - 2:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
20/8/2021 - 2:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
20/8/2021 - 2:47:32.809Unknown1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
20/8/2021 - 2:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes
20/8/2021 - 2:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
20/8/2021 - 2:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 2:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 2:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 2:47:35.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 2:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 2:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 2:47:35.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 2:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 2:47:35.856Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 2:47:35.856Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 2:47:38.887Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 2:47:38.887Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 2:47:41.403Read1232C:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Windows Media Player\wmpnetwk.exe
20/8/2021 - 2:48:11.309Open4\Device\HarddiskVolume1\System Volume Information
20/8/2021 - 2:48:11.309Unknown4\Device\HarddiskVolume1\System Volume Information
20/8/2021 - 2:48:13.59Open4C:\System Volume Information
20/8/2021 - 2:48:13.59Open4C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
20/8/2021 - 2:48:13.59Open4C:\System Volume Information\{bcf7d7ec-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
20/8/2021 - 2:48:13.59Open4C:\System Volume Information\{bcf7d7f0-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
20/8/2021 - 2:48:13.59Unknown4C:\System Volume Information
20/8/2021 - 2:48:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 2:48:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 2:48:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 2:48:30.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 2:48:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 2:48:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 2:48:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 2:48:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 2:48:30.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 2:48:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 2:48:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 2:48:47.465Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
20/8/2021 - 2:48:47.465Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 2:48:50.497Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 2:48:50.497Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 2:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
20/8/2021 - 2:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
20/8/2021 - 2:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat
20/8/2021 - 2:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.datcontainer.dat
20/8/2021 - 2:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.dat
20/8/2021 - 2:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.datcontainer.dat
20/8/2021 - 2:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.dat
20/8/2021 - 2:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.datcontainer.dat
20/8/2021 - 2:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.dat
20/8/2021 - 2:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.datcontainer.dat
20/8/2021 - 2:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.dat
20/8/2021 - 2:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.datcontainer.dat
20/8/2021 - 2:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.dat
20/8/2021 - 2:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.datcontainer.dat
20/8/2021 - 2:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.dat
20/8/2021 - 2:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.datcontainer.dat
20/8/2021 - 2:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.dat
20/8/2021 - 2:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.datcontainer.dat
20/8/2021 - 2:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.dat
20/8/2021 - 2:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.datcontainer.dat
20/8/2021 - 2:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.dat
20/8/2021 - 2:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
20/8/2021 - 2:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.dat
20/8/2021 - 2:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.datcontainer.dat
20/8/2021 - 2:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.dat
20/8/2021 - 2:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.datcontainer.dat
20/8/2021 - 2:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 2:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 2:49:20.700Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 2:49:20.747Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 2:49:20.747Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 2:49:20.840Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 2:49:20.840Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 2:49:20.934Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 2:49:20.934Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 2:49:20.934Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 2:49:20.934Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 2:49:20.934Read1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 2:49:20.981Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 2:49:20.981Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 2:49:20.981Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 2:49:20.981Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 2:49:20.981Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 2:49:21.28Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 2:49:21.28Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 2:49:21.75Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
20/8/2021 - 2:49:21.75Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
20/8/2021 - 2:49:21.75Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 2:49:21.75Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 2:49:21.75Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
20/8/2021 - 2:49:21.75Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
20/8/2021 - 2:49:23.700Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 2:49:23.700Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 2:49:25.872Unknown2360C:\Windows\System32\audiodg.exeC:\Windows
20/8/2021 - 2:49:30.778Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 2:49:30.778Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 2:49:30.825Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 2:49:30.825Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 2:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 2:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 2:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 2:49:30.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 2:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 2:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 2:49:30.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 2:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 2:49:30.856Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 2:49:30.856Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 2:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 2:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 2:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 2:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 2:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 2:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 2:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 2:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 2:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 2:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 2:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 2:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 2:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 2:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 2:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 2:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 2:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 2:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 2:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 2:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 2:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 2:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 2:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 2:49:30.872Open1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 2:49:30.872Unknown1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 2:49:30.872Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 2:49:30.872Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 2:49:30.872Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 2:49:30.872Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 2:49:30.872Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 2:49:30.872Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 2:49:33.793Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 2:49:33.793Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 2:49:33.793Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 2:49:33.793Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 2:49:33.793Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 2:49:35.481Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 2:49:35.481Unknown4C:\Monitor\Files\Logs\File.log

Process
Trace
20/8/2021 - 2:49:25.872Terminate684C:\Windows\System32\svchost.exe2360C:\Windows\System32\audiodg.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
20/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruListCurrentLru
20/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectId
20/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectLru
20/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\1E_ObjectLru_
20/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectId
20/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectLru
20/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3E_ObjectLru_
20/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectId
20/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectLru
20/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3F_ObjectLru_
20/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectId
20/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectLru
20/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\40_ObjectLru_
20/8/2021 - 2:46:29.387Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\22
20/8/2021 - 2:46:29.387Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff00
20/8/2021 - 2:46:29.387Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff01
20/8/2021 - 2:46:29.387Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff02
20/8/2021 - 2:46:29.387Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff03

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 80.00%
suspicious: False cancel

NFS 3.0 (Threshold = 0.75)
confidence: 74.00%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 94.04%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 81.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 35.69%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: False cancel

Add to Collection
Download