Report #13161 check_circle

  • Creation Date: Aug. 20, 2021, 1:38 a.m.
  • Last Update: Aug. 20, 2021, 5:54 a.m.
  • File: getmac.exe
  • Results:
Binary
DLL
False cancel
Size
63.50KB
trid
41.0% Win32 Executable MS Visual C++
36.3% Win64 Executable
8.6% Win32 Dynamic Link Library
5.9% Win32 Executable
2.6% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows CLI
Hashes
md5
31874c37626d02373768f72a64e76214
sha1
cb788c30ffa61e17327d411b55ce6ee7491062d5
crc32
0xaeb0151c
sha224
a56e6f698bffb82ff45d427050535ead4573fd38fd22955c33dc5c6f
sha256
af862b278038dc2a84dee82932cfdcffc837a747c7852dc905de72300c6fd937
sha384
26ef1c4da9b8cdb8b565e5a8463d8e6f9a0fa6dbe164c13912d132f4661d7e15896024c6ffc3fe1c7902781368aaf7a3
sha512
c47e0f5e440c6f00054067510610c5483dd7a5060d1fcec736231eea88414d42139f86cacec56a1ea6cc4288a367d28f1cfbc84471d687562465fe494ede5264
ssdeep
1536:oL4azlGfoseDXCPwF3kFCtk1FYTlgkt4cIqi2pBKMAlUasSGm1a:o6foseTCPc4C2/YTWs4ctiSKXlUaPGm0
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
VC8_Microsoft_Corporation, domain, Dropper_Strings, IP, contentis_base64, Microsoft_Visual_Cpp_8, Visual_Cpp_2005_Release_Microsoft, HasDebugData, IsConsole, IsPE32, HasRichSignature, WMI_strings

Suspicious
True check_circle

Imports
MPR.dll
WNetGetLastErrorW, WNetCancelConnection2W, WNetAddConnection2W
ntdll.dll
RtlVerifyVersionInfo, VerSetConditionMask
USER32.dll
wsprintfW
WS2_32.dll
WSAStartup, GetAddrInfoW, GetNameInfoW, FreeAddrInfoW, WSAGetLastError, WSACleanup
msvcrt.dll
fflush, fprintf, _get_osfhandle, _fileno, wcstoul, wcstol, wcstod, _errno, _vsnwprintf, _memicmp, __iob_func, wcstok, _except_handler4_common, _wcsicmp, wcsstr, free, malloc, __CxxFrameHandler3, _callnewh, _XcptFilter, __p__commode, _amsg_exit, __wgetmainargs, __set_app_type, exit, _controlfp, ?terminate@@YAXXZ, _exit, ??1type_info@@UAE@XZ, _cexit, _CxxThrowException, memcpy, _initterm, __p__fmode, __setusermatherr, memset
srvcli.dll
NetServerGetInfo
wkscli.dll
NetWkstaTransportEnum
SspiCli.dll
GetUserNameExW
OLEAUT32.dll
VariantClear, SysFreeString, SysAllocStringByteLen, VariantInit, SysStringLen, VariantChangeType, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, SafeArrayGetElement, SysAllocString
netutils.dll
NetApiBufferFree
framedynos.dll
?SetAt@CHString@@QAEXHG@Z, ?Empty@CHString@@QAEXXZ, ??0CHString@@QAE@PBG@Z, ?FindOneOf@CHString@@QBEHPBG@Z, ??1CHString@@QAE@XZ, ?GetData@CHString@@IBEPAUCHStringData@@XZ, ?Mid@CHString@@QBE?AV1@H@Z, ?Find@CHString@@QBEHG@Z, ??0CHString@@QAE@XZ, ?Left@CHString@@QBE?AV1@H@Z, ?Format@CHString@@QAAXPBGZZ, ?ReleaseBuffer@CHString@@QAEXH@Z, ?GetBufferSetLength@CHString@@QAEPAGH@Z, ??4CHString@@QAEABV0@PBG@Z, ?Compare@CHString@@QBEHPBG@Z, ??4CHString@@QAEABV0@ABV0@@Z, ??YCHString@@QAEABV0@PBG@Z, ?Mid@CHString@@QBE?AV1@HH@Z
api-ms-win-core-com-l1-1-0.dll
CoUninitialize, CoInitializeEx, CoCreateInstance, CoInitializeSecurity, CoTaskMemAlloc, CoTaskMemFree
api-ms-win-core-file-l1-1-0.dll
ReadFile, GetFileType
api-ms-win-core-heap-l1-1-0.dll
HeapValidate, HeapSize, HeapReAlloc, HeapAlloc, HeapFree, GetProcessHeap
api-ms-win-core-heap-l2-1-0.dll
LocalAlloc, LocalFree
api-ms-win-core-synch-l1-2-0.dll
Sleep
api-ms-win-core-string-l1-1-0.dll
CompareStringW, WideCharToMultiByte, MultiByteToWideChar
api-ms-win-core-string-l2-1-0.dll
CharUpperW
api-ms-win-core-console-l1-1-0.dll
GetConsoleOutputCP, GetConsoleMode, ReadConsoleW, SetConsoleMode, WriteConsoleW
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0.dll
GetComputerNameExW, GetTickCount, GetSystemTimeAsFileTime
api-ms-win-core-version-l1-1-0.dll
VerQueryValueW, GetFileVersionInfoExW, GetFileVersionInfoSizeExW
api-ms-win-core-datetime-l1-1-0.dll
GetTimeFormatW
api-ms-win-core-timezone-l1-1-0.dll
FileTimeToSystemTime
api-ms-win-core-localization-l1-2-0.dll
FormatMessageW, SetThreadUILanguage, GetThreadLocale
api-ms-win-core-errorhandling-l1-1-0.dll
SetUnhandledExceptionFilter, GetLastError, SetLastError, UnhandledExceptionFilter
api-ms-win-core-libraryloader-l1-2-0.dll
LoadStringW, GetModuleFileNameW, GetModuleHandleW
api-ms-win-core-processthreads-l1-1-0.dll
GetCurrentProcessId, ExitProcess, GetCurrentProcess, TerminateProcess, GetCurrentThreadId
api-ms-win-core-string-obsolete-l1-1-0.dll
lstrlenW, lstrlenA
api-ms-win-core-shlwapi-obsolete-l1-1-0.dll
StrChrIW, StrChrW, StrStrW, StrStrIW
api-ms-win-core-processenvironment-l1-1-0.dll
GetStdHandle
api-ms-win-core-localization-obsolete-l1-2-0.dll
CompareStringA
Strings
List
getmac.pdb
name="Microsoft.Windows.CmdLine.GetMAC"
SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\
WS2_32.dll
netutils.dll
SspiCli.dll
wkscli.dll
ntdll.dll
srvcli.dll
framedynos.dll
GetMac.exe
GetMac.exe
MPR.dll
api-ms-win-core-localization-obsolete-l1-2-0.dll
api-ms-win-core-localization-l1-2-0.dll
api-ms-win-core-processthreads-l1-1-0.dll
api-ms-win-core-string-obsolete-l1-1-0.dll
api-ms-win-core-shlwapi-obsolete-l1-1-0.dll
api-ms-win-core-processenvironment-l1-1-0.dll
api-ms-win-core-console-l1-1-0.dll
api-ms-win-core-version-l1-1-0.dll
api-ms-win-core-sysinfo-l1-1-0.dll
api-ms-win-core-libraryloader-l1-2-0.dll
api-ms-win-core-errorhandling-l1-1-0.dll
api-ms-win-core-string-l2-1-0.dll
api-ms-win-core-string-l1-1-0.dll
api-ms-win-core-timezone-l1-1-0.dll
api-ms-win-core-profile-l1-1-0.dll
api-ms-win-core-datetime-l1-1-0.dll
api-ms-win-core-file-l1-1-0.dll
api-ms-win-core-synch-l1-2-0.dll
api-ms-win-core-heap-l1-1-0.dll
api-ms-win-core-heap-l2-1-0.dll
api-ms-win-core-com-l1-1-0.dll
Unknown error 0x%0lX
SYSTEM\CurrentControlSet\Services\
root\cimv2
_memicmp
_wcsicmp
<requestedPrivileges>
root\default
\StringFileInfo\%04x%04x\InternalName
ExitProcess
IDispatch error #%d
TerminateProcess
CoCreateInstance
GetAddrInfoW
localhost
GetModuleHandleW
QueryPerformanceCounter
GetModuleFileNameW
ReadFile
Microsoft Corporation. All rights reserved.
NetBIOS
?GetData@CHString@@IBEPAUCHStringData@@XZ
GetTickCount
fprintf
Sleep
Win32_NetworkProtocol
"} WHERE ResultClass=Win32_NetworkAdapterConfiguration
ASSOCIATORS OF {Win32_NetworkAdapter.DeviceID="
Win32_NetworkAdapter
<requestedExecutionLevel
GetConsoleOutputCP
Win32_NetworkAdapterConfiguration
GetProcessHeap
10.0.19041.1 (WinBuild.160101.0800)
version="5.1.0.0"
0A2`2.363B3M3Y3g3
3'3,313S3Y3`3e3r3
.?AV_com_error@@
__p__commode
_callnewh
type="win32"
484T4\4d4p4
__CxxFrameHandler3
80888@8H8d8l8t8|8
_initterm
__iob_func
__p__fmode
10.0.19041.1
\Linkage
\Connection
.CRT$XIAA
.CRT$XCAA
<assemblyIdentity
__setusermatherr
_controlfp
__set_app_type
_amsg_exit
__wgetmainargs
_get_osfhandle
_XcptFilter
_vsnwprintf
.rdata$brc
uiAccess="false"
?terminate@@YAXXZ
level="asInvoker"
Microsoft
Microsoft Corporation

Foremost
Matches
0.exe, 63 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: api-ms-win-core-string-l1-1-0.dll, framedynos.dll, api-ms-win-core-heap-l1-1-0.dll, api-ms-win-core-version-l1-1-0.dll, ntdll.dll, api-ms-win-core-console-l1-1-0.dll, api-ms-win-core-synch-l1-2-0.dll, api-ms-win-core-localization-l1-2-0.dll, api-ms-win-core-file-l1-1-0.dll, api-ms-win-core-localization-obsolete-l1-2-0.dll, api-ms-win-core-string-l2-1-0.dll, SspiCli.dll, USER32.dll, MPR.dll, api-ms-win-core-processthreads-l1-1-0.dll, api-ms-win-core-shlwapi-obsolete-l1-1-0.dll, api-ms-win-core-string-obsolete-l1-1-0.dll, api-ms-win-core-profile-l1-1-0.dll, api-ms-win-core-sysinfo-l1-1-0.dll, api-ms-win-core-processenvironment-l1-1-0.dll, msvcrt.dll, api-ms-win-core-libraryloader-l1-2-0.dll, api-ms-win-core-com-l1-1-0.dll, api-ms-win-core-datetime-l1-1-0.dll, OLEAUT32.dll, wkscli.dll, api-ms-win-core-heap-l2-1-0.dll, netutils.dll, WS2_32.dll, srvcli.dll, api-ms-win-core-errorhandling-l1-1-0.dll, api-ms-win-core-timezone-l1-1-0.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 13312
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 8192
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 125013
Suspicous: False cancel

Sections
Allowed: .text, .data, .idata, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 10
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 10
Linker
Version: 14.20
Suspicious: False cancel
Subsystem
Version: 10.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 50400
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: api-ms-win-core-string-l1-1-0.dll, framedynos.dll, api-ms-win-core-heap-l1-1-0.dll, api-ms-win-core-version-l1-1-0.dll, ntdll.dll, api-ms-win-core-console-l1-1-0.dll, api-ms-win-core-synch-l1-2-0.dll, api-ms-win-core-localization-l1-2-0.dll, api-ms-win-core-file-l1-1-0.dll, api-ms-win-core-string-l2-1-0.dll, sspicli.dll, user32.dll, mpr.dll, api-ms-win-core-processthreads-l1-1-0.dll, api-ms-win-core-shlwapi-obsolete-l1-1-0.dll, api-ms-win-core-string-obsolete-l1-1-0.dll, api-ms-win-core-profile-l1-1-0.dll, api-ms-win-core-sysinfo-l1-1-0.dll, api-ms-win-core-processenvironment-l1-1-0.dll, msvcrt.dll, api-ms-win-core-com-l1-1-0.dll, api-ms-win-core-datetime-l1-1-0.dll, oleaut32.dll, wkscli.dll, netutils.dll, ws2_32.dll, srvcli.dll, api-ms-win-core-errorhandling-l1-1-0.dll, api-ms-win-core-timezone-l1-1-0.dll
hasLibs: True check_circle
Suspicious: api-ms-win-core-localization-obsolete-l1-2-0.dll, api-ms-win-core-libraryloader-l1-2-0.dll, api-ms-win-core-heap-l2-1-0.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2075-01-01 16:29:01
Future: True check_circle

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 3

pushpopmath
.reloc: 3

garbagebytes
.text: 2

software breakpoint
.reloc: 1

programcontrolflowchange
.text: 2

cpuinstructionsresultscomparison
.text: 2

AVclass
None
1
VirusTotal
md5
31874c37626d02373768f72a64e76214
sha1
cb788c30ffa61e17327d411b55ce6ee7491062d5
SCANS (DETECTION RATE = 0.00%)
CMC
update: 20210624
version: 2.10.2019.1
detected: False cancel

MAX
update: 20210811
version: 2019.9.16.1
detected: False cancel

APEX
update: 20210810
version: 6.196
detected: False cancel

Bkav
update: 20210811
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20210811
version: 11.203.37960
detected: False cancel

ALYac
update: 20210811
version: 1.1.3.1
detected: False cancel

Avast
update: 20210811
version: 21.1.5827.0
detected: False cancel

Avira
update: 20210811
version: 8.3.3.12
detected: False cancel

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
update: 20210811
version: 4.0.0.27
detected: False cancel

Cyren
update: 20210811
version: 6.3.0.2
detected: False cancel

DrWeb
update: 20210811
version: 7.0.49.9080
detected: False cancel

GData
update: 20210811
version: A:25.30548B:27.24050
detected: False cancel

Panda
update: 20210810
version: 4.6.4.2
detected: False cancel

VBA32
update: 20210811
version: 5.0.0
detected: False cancel

VIPRE
update: 20210811
version: 94666
detected: False cancel

Zoner
update: 20210810
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20210811
version: 0.103.3.0
detected: False cancel

Comodo
update: 20210811
version: 33793
detected: False cancel

Ikarus
update: 20210811
version: 0.1.5.2
detected: False cancel

Lionic
update: 20210811
version: 4.2
detected: False cancel

McAfee
update: 20210811
version: 6.0.6.653
detected: False cancel

Rising
update: 20210811
version: 25.0.0.26
detected: False cancel

Sophos
update: 20210811
version: 1.3.0.0
detected: False cancel

Yandex
update: 20210811
version: 5.5.2.24
detected: False cancel

Zillya
update: 20210811
version: 2.0.0.4427
detected: False cancel

Acronis
update: 20210512
version: 1.1.1.82
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
update: 20210811
version: 1.0.0.886
detected: False cancel

Cylance
update: 20210811
version: 2.3.1.101
detected: False cancel

Elastic
update: 20210805
version: 4.0.27
detected: False cancel

FireEye
update: 20210811
version: 32.44.1.0
detected: False cancel

Sangfor
update: 20210625
version: 2.9.0.0
detected: False cancel

TACHYON
update: 20210811
version: 2021-08-11.02
detected: False cancel

Tencent
update: 20210811
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20210811
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20210811
version: 1.0.0.403
detected: False cancel

eGambit
update: 20210811
detected: False cancel

Ad-Aware
update: 20210811
version: 3.0.21.179
detected: False cancel

Emsisoft
update: 20210811
version: 2021.4.0.5819
detected: False cancel

F-Secure
update: 20210811
version: 12.0.86.52
detected: False cancel

Fortinet
update: 20210811
version: 6.2.142.0
detected: False cancel

Jiangmin
update: 20210810
version: 16.0.100
detected: False cancel

Kingsoft
update: 20210811
version: 2017.9.26.565
detected: False cancel

Paloalto
update: 20210811
version: 1.0
detected: False cancel

Symantec
update: 20210811
version: 1.15.0.0
detected: False cancel

AhnLab-V3
update: 20210811
version: 3.20.4.10148
detected: False cancel

Antiy-AVL
update: 20210811
version: 3.0.0.1
detected: False cancel

Kaspersky
update: 20210811
version: 21.0.1.45
detected: False cancel

MaxSecure
update: 20210807
version: 1.0.0.1
detected: False cancel

Microsoft
update: 20210811
version: 1.1.18400.5
detected: False cancel

Qihoo-360
update: 20210811
version: 1.0.0.1300
detected: False cancel

ZoneAlarm
update: 20210811
version: 1.0
detected: False cancel

Cybereason
update: 20210330
version: 1.2.449
detected: False cancel

ESET-NOD32
update: 20210811
version: 23775
detected: False cancel

Gridinsoft
update: 20210811
version: 1.0.51.144
detected: False cancel

TrendMicro
update: 20210811
version: 11.0.0.1006
detected: False cancel

BitDefender
update: 20210811
version: 7.2
detected: False cancel

CrowdStrike
update: 20210203
version: 1.0
detected: False cancel

K7AntiVirus
update: 20210811
version: 11.203.37959
detected: False cancel

SentinelOne
update: 20210805
version: 6.1.0.4
detected: False cancel

Malwarebytes
update: 20210811
version: 4.2.2.27
detected: False cancel

CAT-QuickHeal
update: 20210811
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20210811
version: 1.0.146.25311
detected: False cancel

BitDefenderTheta
update: 20210803
version: 7.2.37796.0
detected: False cancel

MicroWorld-eScan
update: 20210811
version: 14.0.409.0
detected: False cancel

SUPERAntiSpyware
update: 20210807
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
update: 20210811
version: v2019.1.2+3728
detected: False cancel

TrendMicro-HouseCall
update: 20210811
version: 10.0.0.1040
detected: False cancel

total
69
sha256
af862b278038dc2a84dee82932cfdcffc837a747c7852dc905de72300c6fd937
scan_id
af862b278038dc2a84dee82932cfdcffc837a747c7852dc905de72300c6fd937-1628685147
resource
31874c37626d02373768f72a64e76214
positives
0
scan_date
2021-08-11 12:32:27
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
20/8/2021 - 4:45:43.481Unknown4C:\Users\Behemot\Desktop\desktop.ini
20/8/2021 - 4:45:43.481Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 4:45:45.497Write4C:\Windows
20/8/2021 - 4:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 4:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 4:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 4:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 4:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 4:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 4:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 4:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 4:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 4:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 4:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26
20/8/2021 - 4:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26TMP000000A2F27954F4B4C5FD26
20/8/2021 - 4:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 4:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 4:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 4:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 4:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 4:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 4:45:48.872Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066
20/8/2021 - 4:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066TMP000000A30415A103D3F52066
20/8/2021 - 4:45:48.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
20/8/2021 - 4:45:48.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
20/8/2021 - 4:45:48.872Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
20/8/2021 - 4:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066TMP000000A30415A103D3F52066
20/8/2021 - 4:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 4:45:48.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 4:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 4:45:48.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 4:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 4:45:48.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 4:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 4:45:48.887Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 4:45:48.918Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26TMP000000A2F27954F4B4C5FD26
20/8/2021 - 4:45:49.481Unknown4C:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 4:45:49.481Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 4:45:49.481Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 4:45:52.715Write4C:\Monitor
20/8/2021 - 4:45:53.403Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 4:45:53.403Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 4:45:53.403Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 4:45:53.403Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 4:45:53.418Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 4:45:53.418Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 4:45:53.418Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 4:45:53.418Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 4:45:53.418Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 4:45:53.497Write4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 4:45:53.497Write4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 4:45:53.497Unknown4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 4:45:53.497Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 4:45:53.497Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 4:45:53.497Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 4:45:53.497Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 4:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
20/8/2021 - 4:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
20/8/2021 - 4:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
20/8/2021 - 4:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
20/8/2021 - 4:45:55.497Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 4:45:55.497Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 4:46:11.497Write4C:\Windows\Temp
20/8/2021 - 4:46:17.465Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
20/8/2021 - 4:46:18.262Write4C:\Windows
20/8/2021 - 4:46:19.481Write4C:\Windows
20/8/2021 - 4:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
20/8/2021 - 4:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
20/8/2021 - 4:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
20/8/2021 - 4:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
20/8/2021 - 4:46:27.418Write4C:\Windows\System32\config\SYSTEM
20/8/2021 - 4:46:27.418Write4C:\Windows\System32\config\SYSTEM
20/8/2021 - 4:46:27.418Write4C:\Windows\System32\config\SYSTEM
20/8/2021 - 4:46:27.418Write4C:\Windows\System32\config\SYSTEM
20/8/2021 - 4:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 4:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 4:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 4:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 4:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 4:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 4:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 4:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 4:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 4:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 4:46:32.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 4:46:32.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 4:46:32.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 4:46:32.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 4:46:32.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 4:46:32.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 4:46:32.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 4:46:32.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 4:46:32.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 4:46:32.418Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 4:46:32.512Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 4:46:35.450Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 4:46:35.450Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 4:46:55.965Open528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
20/8/2021 - 4:46:55.965Unknown528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
20/8/2021 - 4:47:17.465Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
20/8/2021 - 4:47:27.559Open1864C:\Windows\explorer.exeC:\
20/8/2021 - 4:47:27.559Unknown1864C:\Windows\explorer.exeC:\
20/8/2021 - 4:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot
20/8/2021 - 4:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot
20/8/2021 - 4:47:32.809Unknown1864C:\Windows\explorer.exeC:\Users\Behemot
20/8/2021 - 4:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
20/8/2021 - 4:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
20/8/2021 - 4:47:32.809Unknown1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
20/8/2021 - 4:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes
20/8/2021 - 4:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
20/8/2021 - 4:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:47:35.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 4:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:47:35.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 4:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:47:41.778Read1232C:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Windows Media Player\wmpnetwk.exe
20/8/2021 - 4:47:41.778Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 4:47:41.778Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 4:47:44.778Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 4:47:44.778Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 4:48:11.309Open4\Device\HarddiskVolume1\System Volume Information
20/8/2021 - 4:48:11.309Unknown4\Device\HarddiskVolume1\System Volume Information
20/8/2021 - 4:48:13.59Open4C:\System Volume Information
20/8/2021 - 4:48:13.59Open4C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
20/8/2021 - 4:48:13.59Open4C:\System Volume Information\{bcf7d7ec-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
20/8/2021 - 4:48:13.59Open4C:\System Volume Information\{bcf7d7f0-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
20/8/2021 - 4:48:13.59Unknown4C:\System Volume Information
20/8/2021 - 4:48:17.481Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
20/8/2021 - 4:48:25.903Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:48:25.903Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 4:48:25.903Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:48:25.903Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:48:25.903Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 4:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
20/8/2021 - 4:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
20/8/2021 - 4:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat
20/8/2021 - 4:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.datcontainer.dat
20/8/2021 - 4:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.dat
20/8/2021 - 4:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.datcontainer.dat
20/8/2021 - 4:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.dat
20/8/2021 - 4:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.datcontainer.dat
20/8/2021 - 4:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.dat
20/8/2021 - 4:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.datcontainer.dat
20/8/2021 - 4:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.dat
20/8/2021 - 4:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.datcontainer.dat
20/8/2021 - 4:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.dat
20/8/2021 - 4:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.datcontainer.dat
20/8/2021 - 4:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.dat
20/8/2021 - 4:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.datcontainer.dat
20/8/2021 - 4:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.dat
20/8/2021 - 4:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.datcontainer.dat
20/8/2021 - 4:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.dat
20/8/2021 - 4:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.datcontainer.dat
20/8/2021 - 4:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.dat
20/8/2021 - 4:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
20/8/2021 - 4:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.dat
20/8/2021 - 4:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.datcontainer.dat
20/8/2021 - 4:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.dat
20/8/2021 - 4:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.datcontainer.dat
20/8/2021 - 4:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 4:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 4:49:20.715Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 4:49:20.731Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 4:49:20.778Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 4:49:20.778Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 4:49:20.872Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 4:49:20.872Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 4:49:20.965Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 4:49:20.965Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 4:49:20.965Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 4:49:20.965Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 4:49:20.965Read1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 4:49:21.12Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 4:49:21.12Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 4:49:21.12Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 4:49:21.12Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 4:49:21.59Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 4:49:21.59Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 4:49:21.106Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
20/8/2021 - 4:49:21.106Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
20/8/2021 - 4:49:21.106Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 4:49:21.106Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 4:49:21.106Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
20/8/2021 - 4:49:21.106Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
20/8/2021 - 4:49:21.106Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 4:49:23.715Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 4:49:23.715Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 4:49:25.887Unknown2360C:\Windows\System32\audiodg.exeC:\Windows
20/8/2021 - 4:49:30.762Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 4:49:30.762Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 4:49:30.809Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 4:49:30.809Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 4:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:49:30.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 4:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:49:30.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 4:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 4:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 4:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 4:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 4:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 4:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 4:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 4:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 4:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 4:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 4:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 4:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 4:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 4:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 4:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 4:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 4:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 4:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 4:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 4:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 4:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 4:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 4:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 4:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 4:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 4:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 4:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 4:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 4:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 4:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 4:49:30.856Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 4:49:30.856Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 4:49:30.856Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 4:49:30.856Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 4:49:30.856Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 4:49:30.856Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 4:49:30.872Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 4:49:30.872Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 4:49:31.481Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 4:49:31.481Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 4:49:31.481Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 4:49:31.575Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 4:49:32.465Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

Process
Trace
20/8/2021 - 4:49:25.887Terminate684C:\Windows\System32\svchost.exe2360C:\Windows\System32\audiodg.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
20/8/2021 - 4:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruListCurrentLru
20/8/2021 - 4:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectId
20/8/2021 - 4:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectLru
20/8/2021 - 4:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\1E_ObjectLru_
20/8/2021 - 4:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectId
20/8/2021 - 4:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectLru
20/8/2021 - 4:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3E_ObjectLru_
20/8/2021 - 4:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectId
20/8/2021 - 4:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectLru
20/8/2021 - 4:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3F_ObjectLru_
20/8/2021 - 4:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectId
20/8/2021 - 4:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectLru
20/8/2021 - 4:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\40_ObjectLru_
20/8/2021 - 4:46:23.934Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\22
20/8/2021 - 4:46:23.934Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff00
20/8/2021 - 4:46:23.934Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff01
20/8/2021 - 4:46:23.934Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff02
20/8/2021 - 4:46:23.934Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff03

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 90.00%
suspicious: False cancel

NFS 3.0 (Threshold = 0.75)
confidence: 76.67%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 75.12%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 73.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 79.57%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: False cancel

Add to Collection
Download