Report #13162 check_circle

  • Creation Date: Aug. 20, 2021, 1:38 a.m.
  • Last Update: Aug. 20, 2021, 5:58 a.m.
  • File: gpresult.exe
  • Results:
Binary
DLL
False cancel
Size
186.00KB
trid
41.0% Win32 Executable MS Visual C++
36.3% Win64 Executable
8.6% Win32 Dynamic Link Library
5.9% Win32 Executable
2.6% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows CLI
Hashes
md5
8201d5447d15345b8b1a7b9b1493ec85
sha1
5177a04abd7166d41fb8865a5d9e503d98d8192c
crc32
0xf5f9e89f
sha224
d3be4161c35feab903a7ceb6434273954ee688c9551bac235dfba943
sha256
d4c00fbee122390a208c732f0b0eeb93a02f1c4f44d8300638dd329c79a78758
sha384
5408f3d124dd4ba4bf059da752c942ac8f24045c38d53e44a4f1083ccdb0254dddb9e98a870e09c9dd234bba06102647
sha512
63303c8f0aa2f377a5168d560f23b79e7545b4e9c9599869bc0afafe75758855c9b4a748a44e98455e61bf3675ef78dfa698793f136f5e6cf2cc2c202e80d857
ssdeep
3072:6a+sOKvkn3L78RtU5eITpgwRO42wtzi8TKnpft9PtgXtmpZmnIMqiNPr5W3qi1XO:bBcL78R+5ef4O6nv36ayucrq//ME
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
VC8_Microsoft_Corporation, win_registry, domain, contentis_base64, network_tcp_socket, IP, win_mutex, Microsoft_Visual_Cpp_8, Armadillo_v4x, Visual_Cpp_2005_Release_Microsoft, HasDebugData, IsConsole, maldoc_find_kernel32_base_method_1, IsPE32, HasRichSignature, WMI_strings

Suspicious
True check_circle

Imports
MPR.dll
WNetGetLastErrorW, WNetAddConnection2W, WNetCancelConnection2W
USER32.dll
wsprintfW
WS2_32.dll
GetNameInfoW, inet_addr, WSAStartup, WSAGetLastError, WSACleanup
msvcrt.dll
??0exception@@QAE@ABV0@@Z, ??1exception@@UAE@XZ, ?what@exception@@UBEPBDXZ, _CxxThrowException, memcpy, memmove, _XcptFilter, __p__commode, _amsg_exit, memset, __set_app_type, exit, _exit, _cexit, __p__fmode, __setusermatherr, _initterm, ??1type_info@@UAE@XZ, __wgetmainargs, _lock, _unlock, __dllonexit, _onexit, ?terminate@@YAXXZ, _controlfp, _except_handler4_common, ??0exception@@QAE@ABQBDH@Z, ??0exception@@QAE@ABQBD@Z, _purecall, _callnewh, malloc, _vsnwprintf, _wcsicmp, wcstok, ??3@YAXPAX@Z, ??_V@YAXPAX@Z, __CxxFrameHandler3, __iob_func, _errno, wcstod, wcstol, wcstoul, wcschr, wcsstr, _fileno, _get_osfhandle, fprintf, fflush, wcstok_s
srvcli.dll
NetServerGetInfo
NTDSAPI.dll
DsCrackNamesW, DsFreeNameResultW, DsUnBindW, DsBindWithCredW
Secur32.dll
GetComputerObjectNameW, TranslateNameW
SspiCli.dll
GetUserNameExW
ADVAPI32.dll
ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertStringSidToSidW, LookupAccountSidW, RegOpenKeyExW, RegCloseKey, RegGetValueW, LsaOpenPolicy, LsaNtStatusToWinError, LsaClose, LsaEnumerateAccountRights, LookupPrivilegeDisplayNameW, LsaFreeMemory
KERNEL32.dll
SetThreadPreferredUILanguages, SetLastError, GetFileAttributesExW, GetLastError, CloseHandle, GetStdHandle, GetConsoleScreenBufferInfo, SetConsoleCursorPosition, WriteConsoleW, OpenMutexW, CreateMutexW, LocalFree, WaitForSingleObject, ReleaseMutex, GetComputerNameExW, GetComputerNameW, GetLocalTime, GetDateFormatW, GetTimeFormatW, SystemTimeToFileTime, FileTimeToLocalFileTime, FileTimeToSystemTime, LocalAlloc, FormatMessageW, VerifyVersionInfoW, CompareStringA
OLEAUT32.dll
SysStringLen, VariantClear, VariantCopy, VariantInit, VariantChangeType, SysFreeString, SysAllocStringByteLen, SafeArrayGetLBound, SafeArrayGetUBound, SafeArrayGetElement, SysAllocString
logoncli.dll
DsGetDcNameW
netutils.dll
NetApiBufferFree
framedynos.dll
??0CHString@@QAE@PBG@Z, ??1CHString@@QAE@XZ, ??4CHString@@QAEABV0@ABV0@@Z, ??H@YG?AVCHString@@ABV0@PBG@Z, ?Empty@CHString@@QAEXXZ, ?Compare@CHString@@QBEHPBG@Z, ?AllocSysString@CHString@@QBEPAGXZ, ?GetData@CHString@@IBEPAUCHStringData@@XZ, ?ReleaseBuffer@CHString@@QAEXH@Z, ??0CHString@@QAE@XZ, ??0CHString@@QAE@ABV0@@Z, ?Mid@CHString@@QBE?AV1@H@Z, ??H@YG?AVCHString@@PBGABV0@@Z, ?MakeLower@CHString@@QAEXXZ, ??YCHString@@QAEABV0@PBG@Z, ?Format@CHString@@QAAXPBGZZ, ?SetAt@CHString@@QAEXHG@Z, ??YCHString@@QAEABV0@ABV0@@Z, ?Find@CHString@@QBEHPBG@Z, ?GetBufferSetLength@CHString@@QAEPAGH@Z, ?GetBuffer@CHString@@QAEPAGH@Z, ?Mid@CHString@@QBE?AV1@HH@Z, ??0CHString@@QAE@PBD@Z, ?FindOneOf@CHString@@QBEHPBG@Z, ??H@YG?AVCHString@@ABV0@0@Z, ??4CHString@@QAEABV0@PBG@Z, ?Find@CHString@@QBEHG@Z, ?Left@CHString@@QBE?AV1@H@Z
api-ms-win-core-com-l1-1-0.dll
CoTaskMemFree, CoInitializeSecurity, CoInitializeEx, CoUninitialize, CoCreateInstance, CoTaskMemAlloc
api-ms-win-core-file-l1-1-0.dll
GetFileType, ReadFile
api-ms-win-core-heap-l1-1-0.dll
HeapFree, HeapReAlloc, HeapValidate, HeapSize, HeapAlloc, GetProcessHeap
api-ms-win-core-synch-l1-2-0.dll
Sleep
api-ms-win-core-string-l1-1-0.dll
MultiByteToWideChar, WideCharToMultiByte, CompareStringW
api-ms-win-core-string-l2-1-0.dll
CharUpperW
api-ms-win-core-console-l1-1-0.dll
ReadConsoleW, GetConsoleOutputCP, SetConsoleMode, GetConsoleMode
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0.dll
GetTickCount, GetSystemDirectoryW, GetSystemTimeAsFileTime
api-ms-win-core-sysinfo-l1-2-0.dll
VerSetConditionMask
api-ms-win-core-version-l1-1-0.dll
VerQueryValueW
api-ms-win-core-version-l1-1-1.dll
GetFileVersionInfoW, GetFileVersionInfoSizeW
api-ms-win-core-localization-l1-2-0.dll
FindNLSString, GetUserDefaultLCID, GetThreadLocale
api-ms-win-core-errorhandling-l1-1-0.dll
SetUnhandledExceptionFilter, UnhandledExceptionFilter
api-ms-win-core-libraryloader-l1-2-0.dll
GetProcAddress, LoadLibraryExW, GetModuleHandleW, FreeLibrary, GetModuleFileNameW, GetModuleHandleExW, LoadStringW
api-ms-win-core-processthreads-l1-1-0.dll
GetCurrentProcess, ExitProcess, GetCurrentProcessId, TerminateProcess, GetCurrentThreadId
api-ms-win-core-processthreads-l1-1-1.dll
GetProcessMitigationPolicy
Strings
List
gprslt.pdb
RSOP_GPO.id=
WS2_32.dll
NTDSAPI.dll
Secur32.dll
ekernel32.dll
netutils.dll
logoncli.dll
SspiCli.dll
ntdll.dll
srvcli.dll
gpresult.exe
framedynos.dll
MPR.dll
SOFTWARE\MicroSoft\Windows NT\CurrentVersion\ProfileList\
gprslt.exe
Software\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values
SELECT * from %s
name="Microsoft.Windows.MSOS.GPResult"
api-ms-win-core-localization-l1-2-0.dll
api-ms-win-core-processthreads-l1-1-1.dll
api-ms-win-core-processthreads-l1-1-0.dll
no space on device
api-ms-win-core-console-l1-1-0.dll
no such process
resource deadlock would occur
Software\Microsoft\Windows\CurrentVersion\Group Policy\History
no such device or address
api-ms-win-core-version-l1-1-0.dll
api-ms-win-core-version-l1-1-1.dll
operation in progress
api-ms-win-core-sysinfo-l1-1-0.dll
api-ms-win-core-sysinfo-l1-2-0.dll
Members
no such device
device or resource busy
file too large
value too large
too many links
too many files open
too many files open in system
operation canceled
deleted
api-ms-win-core-libraryloader-l1-2-0.dll
SELECT * from %s WHERE precedence=1
api-ms-win-core-errorhandling-l1-1-0.dll
api-ms-win-core-string-l2-1-0.dll
api-ms-win-core-string-l1-1-0.dll
api-ms-win-core-profile-l1-1-0.dll
api-ms-win-core-file-l1-1-0.dll
DeploymentType
api-ms-win-core-synch-l1-2-0.dll
api-ms-win-core-heap-l1-1-0.dll
api-ms-win-core-com-l1-1-0.dll
Software\policies\microsoft\windows\system
operation not permitted
ftpProxyServer
Unknown error 0x%0lX
httpProxyServer
enableTrustedPublisherLockdown
root\cimv2
_wcsicmp
\root\rsop
network_down
network_reset
root\rsop
root\policy
RSOP_RegistryKey
host_unreachable
<requestedPrivileges>
permission_denied
root\default
BUILTIN\
not_a_socket
\StringFileInfo\%04x%04x\InternalName
Win32_SID.SID="%s"
__SERVER
RSOP_SecuritySettingString
Select * from %s WHERE ScriptType=3
Select * from %s WHERE ScriptType=4
socksProxyServer
executionTime
GetProcAddress
Select * from %s WHERE (valueType = 1 OR valueType = 4 OR Deleted = TRUE)
userAgentText
ExitProcess
operation_would_block
Select * from %s WHERE ScriptOrder=1
secureProxyServer
SecurityGroups
useSameProxy
Authenticated Users
Select name from Rsop_Gpo WHERE id = "%s"
IDispatch error #%d
enableProxy
gopherProxyServer
redirectingGroup
identifier removed
redirectedPaths
operation would block

Foremost
Matches
0.exe, 186 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: ntdll.dll, ekernel32.dll, api-ms-win-core-string-l1-1-0.dll, framedynos.dll, api-ms-win-core-version-l1-1-0.dll, api-ms-win-core-console-l1-1-0.dll, api-ms-win-core-synch-l1-2-0.dll, api-ms-win-core-localization-l1-2-0.dll, api-ms-win-core-file-l1-1-0.dll, ADVAPI32.dll, NTDSAPI.dll, SspiCli.dll, Secur32.dll, USER32.dll, MPR.dll, api-ms-win-core-sysinfo-l1-2-0.dll, api-ms-win-core-sysinfo-l1-1-0.dll, api-ms-win-core-heap-l1-1-0.dll, api-ms-win-core-processthreads-l1-1-0.dll, OLEAUT32.dll, api-ms-win-core-version-l1-1-1.dll, logoncli.dll, api-ms-win-core-string-l2-1-0.dll, msvcrt.dll, api-ms-win-core-com-l1-1-0.dll, KERNEL32.dll, api-ms-win-core-processthreads-l1-1-1.dll, netutils.dll, WS2_32.dll, api-ms-win-core-profile-l1-1-0.dll, srvcli.dll, api-ms-win-core-errorhandling-l1-1-0.dll, api-ms-win-core-libraryloader-l1-2-0.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 20992
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 8192
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 245607
Suspicous: False cancel

Sections
Allowed: .text, .data, .idata, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 10
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 10
Linker
Version: 14.20
Suspicious: False cancel
Subsystem
Version: 10.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 158944
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: ntdll.dll, api-ms-win-core-string-l1-1-0.dll, framedynos.dll, api-ms-win-core-version-l1-1-0.dll, api-ms-win-core-console-l1-1-0.dll, api-ms-win-core-synch-l1-2-0.dll, api-ms-win-core-localization-l1-2-0.dll, api-ms-win-core-file-l1-1-0.dll, advapi32.dll, ntdsapi.dll, sspicli.dll, secur32.dll, user32.dll, mpr.dll, api-ms-win-core-sysinfo-l1-2-0.dll, api-ms-win-core-sysinfo-l1-1-0.dll, api-ms-win-core-heap-l1-1-0.dll, api-ms-win-core-processthreads-l1-1-0.dll, oleaut32.dll, logoncli.dll, api-ms-win-core-string-l2-1-0.dll, msvcrt.dll, api-ms-win-core-com-l1-1-0.dll, kernel32.dll, api-ms-win-core-processthreads-l1-1-1.dll, netutils.dll, ws2_32.dll, api-ms-win-core-profile-l1-1-0.dll, srvcli.dll, api-ms-win-core-errorhandling-l1-1-0.dll
hasLibs: True check_circle
Suspicious: ekernel32.dll, api-ms-win-core-version-l1-1-1.dll, api-ms-win-core-libraryloader-l1-2-0.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2064-03-20 01:27:43
Future: True check_circle

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
ldr
.text: 1

pushret
.text: 6
.idata: 4

pushpopmath
.text: 9
.reloc: 12

sizeofimage
.text: 1

ss register
.text: 1

garbagebytes
.text: 4

stealthimport
.text: 1

isdebbugerpresent
.text: 1

software breakpoint
.text: 2
.reloc: 3

programcontrolflowchange
.text: 4

AVclass
None
1
VirusTotal
md5
8201d5447d15345b8b1a7b9b1493ec85
sha1
5177a04abd7166d41fb8865a5d9e503d98d8192c
SCANS (DETECTION RATE = 0.00%)
CMC
update: 20210816
version: 2.10.2019.1
detected: False cancel

MAX
update: 20210819
version: 2019.9.16.1
detected: False cancel

APEX
update: 20210816
version: 6.198
detected: False cancel

Bkav
update: 20210819
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20210818
version: 11.206.38032
detected: False cancel

ALYac
update: 20210819
version: 1.1.3.1
detected: False cancel

Avast
update: 20210819
version: 21.1.5827.0
detected: False cancel

Avira
update: 20210819
version: 8.3.3.12
detected: False cancel

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
update: 20210819
version: 4.0.0.27
detected: False cancel

Cyren
update: 20210819
version: 6.3.0.2
detected: False cancel

DrWeb
update: 20210819
version: 7.0.49.9080
detected: False cancel

GData
update: 20210819
version: A:25.30614B:27.24145
detected: False cancel

Panda
update: 20210818
version: 4.6.4.2
detected: False cancel

VBA32
update: 20210818
version: 5.0.0
detected: False cancel

VIPRE
update: 20210819
version: 94854
detected: False cancel

Zoner
update: 20210818
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20210818
version: 0.103.3.0
detected: False cancel

Comodo
update: 20210818
version: 33816
detected: False cancel

Ikarus
update: 20210819
version: 0.1.5.2
detected: False cancel

Lionic
update: 20210819
version: 4.2
detected: False cancel

McAfee
update: 20210819
version: 6.0.6.653
detected: False cancel

Rising
update: 20210819
version: 25.0.0.26
detected: False cancel

Sophos
update: 20210819
version: 1.3.0.0
detected: False cancel

Yandex
update: 20210819
version: 5.5.2.24
detected: False cancel

Zillya
update: 20210819
version: 2.0.0.4433
detected: False cancel

Acronis
update: 20210512
version: 1.1.1.82
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
update: 20210819
version: 1.0.0.886
detected: False cancel

Cylance
update: 20210819
version: 2.3.1.101
detected: False cancel

Elastic
update: 20210805
version: 4.0.27
detected: False cancel

FireEye
update: 20210819
version: 32.44.1.0
detected: False cancel

Sangfor
update: 20210625
version: 2.9.0.0
detected: False cancel

TACHYON
update: 20210819
version: 2021-08-19.02
detected: False cancel

Tencent
update: 20210819
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20210819
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20210819
version: 1.0.0.403
detected: False cancel

Ad-Aware
update: 20210819
version: 3.0.21.179
detected: False cancel

Emsisoft
update: 20210819
version: 2021.4.0.5819
detected: False cancel

F-Secure
update: 20210819
version: 12.0.86.52
detected: False cancel

Fortinet
update: 20210819
version: 6.2.142.0
detected: False cancel

Jiangmin
update: 20210818
version: 16.0.100
detected: False cancel

Kingsoft
update: 20210819
version: 2017.9.26.565
detected: False cancel

Paloalto
update: 20210819
version: 1.0
detected: False cancel

Symantec
update: 20210819
version: 1.15.0.0
detected: False cancel

AhnLab-V3
update: 20210819
version: 3.20.4.10148
detected: False cancel

Antiy-AVL
update: 20210819
version: 3.0.0.1
detected: False cancel

Kaspersky
update: 20210819
version: 21.0.1.45
detected: False cancel

MaxSecure
update: 20210818
version: 1.0.0.1
detected: False cancel

Microsoft
update: 20210819
version: 1.1.18500.5
detected: False cancel

Qihoo-360
update: 20210819
version: 1.0.0.1300
detected: False cancel

ZoneAlarm
update: 20210819
version: 1.0
detected: False cancel

Cybereason
update: 20210330
version: 1.2.449
detected: False cancel

ESET-NOD32
update: 20210819
version: 23818
detected: False cancel

Gridinsoft
update: 20210819
version: 1.0.52.145
detected: False cancel

TrendMicro
update: 20210819
version: 11.0.0.1006
detected: False cancel

BitDefender
update: 20210819
version: 7.2
detected: False cancel

CrowdStrike
update: 20210203
version: 1.0
detected: False cancel

K7AntiVirus
update: 20210819
version: 11.206.38040
detected: False cancel

SentinelOne
update: 20210805
version: 6.1.0.4
detected: False cancel

Malwarebytes
update: 20210819
version: 4.2.2.27
detected: False cancel

CAT-QuickHeal
update: 20210819
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20210819
version: 1.0.146.25311
detected: False cancel

BitDefenderTheta
update: 20210816
version: 7.2.37796.0
detected: False cancel

MicroWorld-eScan
update: 20210819
version: 14.0.409.0
detected: False cancel

SUPERAntiSpyware
update: 20210814
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
update: 20210819
version: v2019.1.2+3728
detected: False cancel

TrendMicro-HouseCall
update: 20210819
version: 10.0.0.1040
detected: False cancel

total
68
sha256
d4c00fbee122390a208c732f0b0eeb93a02f1c4f44d8300638dd329c79a78758
scan_id
d4c00fbee122390a208c732f0b0eeb93a02f1c4f44d8300638dd329c79a78758-1629365545
resource
8201d5447d15345b8b1a7b9b1493ec85
positives
0
scan_date
2021-08-19 09:32:25
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
20/8/2021 - 4:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 4:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 4:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 4:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 4:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 4:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 4:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 4:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 4:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 4:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 4:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26
20/8/2021 - 4:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26TMP000000A2F27954F4B4C5FD26
20/8/2021 - 4:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 4:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 4:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 4:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 4:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 4:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 4:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066
20/8/2021 - 4:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066TMP000000A30415A103D3F52066
20/8/2021 - 4:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
20/8/2021 - 4:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
20/8/2021 - 4:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
20/8/2021 - 4:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066TMP000000A30415A103D3F52066
20/8/2021 - 4:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 4:45:48.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 4:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 4:45:48.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 4:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 4:45:48.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 4:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 4:45:48.872Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 4:45:48.918Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26TMP000000A2F27954F4B4C5FD26
20/8/2021 - 4:45:49.481Unknown4C:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 4:45:49.481Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 4:45:49.481Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 4:45:53.418Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 4:45:53.418Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 4:45:53.418Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 4:45:53.418Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 4:45:53.450Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 4:45:53.450Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 4:45:53.450Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 4:45:53.450Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 4:45:53.450Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 4:45:53.465Write4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 4:45:53.465Write4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 4:45:53.465Unknown4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 4:45:53.465Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 4:45:53.465Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 4:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
20/8/2021 - 4:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
20/8/2021 - 4:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
20/8/2021 - 4:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
20/8/2021 - 4:45:53.856Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 4:45:53.856Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 4:45:55.465Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 4:45:55.465Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 4:45:59.497Write4C:\Monitor
20/8/2021 - 4:45:59.543Write684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\System.evtx
20/8/2021 - 4:45:59.543Write684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\System.evtx
20/8/2021 - 4:45:59.543Write684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\Security.evtx
20/8/2021 - 4:45:59.543Write684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\Security.evtx
20/8/2021 - 4:46:1.465Write4C:\Windows\System32\winevt\Logs\System.evtx
20/8/2021 - 4:46:1.465Write4C:\Windows\System32\winevt\Logs\Security.evtx
20/8/2021 - 4:46:3.465Write4C:\Windows\System32\winevt\Logs\System.evtx
20/8/2021 - 4:46:3.465Write4C:\Windows\System32\winevt\Logs\Security.evtx
20/8/2021 - 4:46:3.465Unknown4C:\Windows\System32\winevt\Logs\System.evtx
20/8/2021 - 4:46:3.465Unknown4C:\Windows\System32\winevt\Logs\Security.evtx
20/8/2021 - 4:46:11.497Write4C:\Windows\Temp
20/8/2021 - 4:46:11.497Write4C:\Windows
20/8/2021 - 4:46:17.497Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
20/8/2021 - 4:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 4:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 4:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 4:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 4:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 4:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 4:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 4:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 4:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 4:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 4:46:27.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 4:46:27.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 4:46:27.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 4:46:27.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 4:46:27.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 4:46:27.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 4:46:27.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 4:46:27.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 4:46:27.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 4:46:27.434Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 4:46:27.481Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 4:46:27.481Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 4:46:27.528Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 4:46:37.528Write4C:\Windows\System32\config\SYSTEM.LOG1
20/8/2021 - 4:46:37.528Write4C:\Windows\System32\config\SYSTEM.LOG1
20/8/2021 - 4:46:37.528Write4C:\Windows\System32\config\SYSTEM.LOG1
20/8/2021 - 4:46:37.528Write4C:\Windows\System32\config\SYSTEM.LOG1
20/8/2021 - 4:46:37.528Write4C:\Windows\System32\config\SYSTEM
20/8/2021 - 4:46:37.528Write4C:\Windows\System32\config\SYSTEM
20/8/2021 - 4:46:37.528Write4C:\Windows\System32\config\SYSTEM
20/8/2021 - 4:46:37.528Write4C:\Windows\System32\config\SYSTEM
20/8/2021 - 4:46:55.747Open528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
20/8/2021 - 4:46:55.747Unknown528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
20/8/2021 - 4:47:17.481Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
20/8/2021 - 4:47:27.575Open1864C:\Windows\explorer.exeC:\
20/8/2021 - 4:47:27.575Unknown1864C:\Windows\explorer.exeC:\
20/8/2021 - 4:47:32.825Open1864C:\Windows\explorer.exeC:\Users\Behemot
20/8/2021 - 4:47:32.825Open1864C:\Windows\explorer.exeC:\Users\Behemot
20/8/2021 - 4:47:32.825Unknown1864C:\Windows\explorer.exeC:\Users\Behemot
20/8/2021 - 4:47:32.825Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
20/8/2021 - 4:47:32.825Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
20/8/2021 - 4:47:32.825Unknown1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
20/8/2021 - 4:47:32.825Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes
20/8/2021 - 4:47:32.825Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
20/8/2021 - 4:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:47:35.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 4:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:47:35.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 4:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:47:35.856Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 4:47:35.856Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 4:47:37.481Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 4:47:37.481Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 4:47:41.75Read1232C:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Windows Media Player\wmpnetwk.exe
20/8/2021 - 4:47:58.137Open1864C:\Windows\explorer.exeC:\Windows\System32\netprofm.dll
20/8/2021 - 4:47:58.137Open1864C:\Windows\explorer.exeC:\Windows\System32\netprofm.dll
20/8/2021 - 4:47:58.418Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\Registry.log
20/8/2021 - 4:47:59.497Read684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
20/8/2021 - 4:48:1.450Write4C:\Monitor\Files\Logs\Registry.log
20/8/2021 - 4:48:1.450Unknown4C:\Monitor\Files\Logs\Registry.log
20/8/2021 - 4:48:3.325Write4C:\Users\Behemot\ntuser.dat.LOG1
20/8/2021 - 4:48:3.325Write4C:\Users\Behemot\ntuser.dat.LOG1
20/8/2021 - 4:48:3.325Write4C:\Users\Behemot\ntuser.dat.LOG1
20/8/2021 - 4:48:3.325Write4C:\Users\Behemot\ntuser.dat.LOG1
20/8/2021 - 4:48:3.325Write4C:\Users\Behemot\NTUSER.DAT
20/8/2021 - 4:48:3.325Write4C:\Users\Behemot\NTUSER.DAT
20/8/2021 - 4:48:3.325Write4C:\Users\Behemot\NTUSER.DAT
20/8/2021 - 4:48:3.325Write4C:\Users\Behemot\NTUSER.DAT
20/8/2021 - 4:48:11.309Open4\Device\HarddiskVolume1\System Volume Information
20/8/2021 - 4:48:11.309Unknown4\Device\HarddiskVolume1\System Volume Information
20/8/2021 - 4:48:13.59Open4C:\System Volume Information
20/8/2021 - 4:48:13.59Open4C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
20/8/2021 - 4:48:13.59Open4C:\System Volume Information\{bcf7d7ec-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
20/8/2021 - 4:48:13.59Open4C:\System Volume Information\{bcf7d7f0-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
20/8/2021 - 4:48:13.59Unknown4C:\System Volume Information
20/8/2021 - 4:48:17.497Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
20/8/2021 - 4:48:25.887Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:48:25.887Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 4:48:25.887Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:48:25.887Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:48:25.887Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 4:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:48:25.887Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 4:48:26.497Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 4:48:26.497Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 4:48:29.575Write684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
20/8/2021 - 4:48:29.575Write684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
20/8/2021 - 4:48:29.575Write684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
20/8/2021 - 4:48:32.465Write4C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
20/8/2021 - 4:48:32.559Write4C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
20/8/2021 - 4:48:32.559Unknown4C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
20/8/2021 - 4:48:34.481Write4C:\Users\Behemot
20/8/2021 - 4:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
20/8/2021 - 4:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
20/8/2021 - 4:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat
20/8/2021 - 4:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.datcontainer.dat
20/8/2021 - 4:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.dat
20/8/2021 - 4:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.datcontainer.dat
20/8/2021 - 4:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.dat
20/8/2021 - 4:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.datcontainer.dat
20/8/2021 - 4:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.dat
20/8/2021 - 4:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.datcontainer.dat
20/8/2021 - 4:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.dat
20/8/2021 - 4:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.datcontainer.dat
20/8/2021 - 4:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.dat
20/8/2021 - 4:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.datcontainer.dat
20/8/2021 - 4:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.dat
20/8/2021 - 4:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.datcontainer.dat
20/8/2021 - 4:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.dat
20/8/2021 - 4:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.datcontainer.dat
20/8/2021 - 4:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.dat
20/8/2021 - 4:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.datcontainer.dat
20/8/2021 - 4:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.dat
20/8/2021 - 4:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
20/8/2021 - 4:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.dat
20/8/2021 - 4:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.datcontainer.dat
20/8/2021 - 4:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.dat
20/8/2021 - 4:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.datcontainer.dat
20/8/2021 - 4:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 4:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 4:49:20.700Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 4:49:20.700Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 4:49:20.747Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 4:49:20.747Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 4:49:20.840Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 4:49:20.840Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 4:49:20.934Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 4:49:20.934Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 4:49:20.934Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 4:49:20.934Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 4:49:20.934Read1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 4:49:20.981Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 4:49:20.981Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 4:49:20.981Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 4:49:20.981Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 4:49:21.28Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 4:49:21.28Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 4:49:21.75Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
20/8/2021 - 4:49:21.75Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
20/8/2021 - 4:49:21.75Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 4:49:21.75Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 4:49:21.75Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
20/8/2021 - 4:49:21.75Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
20/8/2021 - 4:49:21.75Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 4:49:21.75Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 4:49:23.731Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 4:49:23.731Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 4:49:25.887Unknown2360C:\Windows\System32\audiodg.exeC:\Windows
20/8/2021 - 4:49:30.747Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 4:49:30.747Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 4:49:30.793Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 4:49:30.793Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 4:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 4:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 4:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 4:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 4:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 4:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 4:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 4:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 4:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 4:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 4:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 4:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 4:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 4:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 4:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 4:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 4:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 4:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 4:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 4:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 4:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 4:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 4:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 4:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 4:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 4:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 4:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 4:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 4:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 4:49:30.840Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 4:49:30.840Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 4:49:30.840Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 4:49:30.840Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 4:49:30.840Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 4:49:30.840Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 4:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:49:30.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 4:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:49:30.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 4:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 4:49:30.856Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 4:49:31.465Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 4:49:31.465Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 4:49:31.465Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 4:49:31.465Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 4:49:32.481Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

Process
Trace
20/8/2021 - 4:49:25.887Terminate684C:\Windows\System32\svchost.exe2360C:\Windows\System32\audiodg.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
20/8/2021 - 4:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruListCurrentLru
20/8/2021 - 4:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectId
20/8/2021 - 4:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectLru
20/8/2021 - 4:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\1E_ObjectLru_
20/8/2021 - 4:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectId
20/8/2021 - 4:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectLru
20/8/2021 - 4:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3E_ObjectLru_
20/8/2021 - 4:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectId
20/8/2021 - 4:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectLru
20/8/2021 - 4:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3F_ObjectLru_
20/8/2021 - 4:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectId
20/8/2021 - 4:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectLru
20/8/2021 - 4:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\40_ObjectLru_
20/8/2021 - 4:46:29.372Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\22
20/8/2021 - 4:46:29.372Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff00
20/8/2021 - 4:46:29.372Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff01
20/8/2021 - 4:46:29.372Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff02
20/8/2021 - 4:46:29.372Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff03
20/8/2021 - 4:47:58.418Write1864C:\Windows\explorer.exeHKCU\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCacheUIStatus
20/8/2021 - 4:47:58.418Write1864C:\Windows\explorer.exeHKCU\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCacheOnlyMember
20/8/2021 - 4:47:58.418Write1864C:\Windows\explorer.exeHKCU\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCacheModifier
20/8/2021 - 4:47:58.418Write1864C:\Windows\explorer.exeHKCU\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCacheModifierSystem

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 85.00%
suspicious: False cancel

NFS 3.0 (Threshold = 0.75)
confidence: 75.33%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 82.97%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 85.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 75.43%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: False cancel

Add to Collection
Download