Report #13167 check_circle

  • Creation Date: Aug. 20, 2021, 1:38 a.m.
  • Last Update: Aug. 20, 2021, 6:20 a.m.
  • File: help.exe
  • Results:
Binary
DLL
False cancel
Size
10.00KB
trid
61.7% Win64 Executable
14.7% Win32 Dynamic Link Library
10.0% Win32 Executable
4.5% OS/2 Executable
4.4% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows CLI
Hashes
md5
dd40774e56d4c44b81f2dfa059285e75
sha1
0461d593e5d7e38319db5b57ef50eb773baf8ee2
crc32
0x7d76b47f
sha224
26f8b74dc5e4ad6a7f88821b5c8d005169a2367cc7137ebcce02bb03
sha256
53827a12373901fca002c3fc012d0bce0c4af422a7cf12cad19c655c903314e3
sha384
5708bb7372d36795a99c3896fd2addb8887e9b63b223bbc3ed35b604a81552c734a512289c701e3926b16505e74d8e2f
sha512
7d10d778f785b12f62449e2b0d7aff9a417b00074969ae85b7346196fce67aad989a6f81d08462eaa01e06551833de90241a274a317b6b0745e347b96a1875d2
ssdeep
96:xc7G/+oRECOajYzsp20jvfnDGjshvQluDbX1QJMfgzGDJvkMhd0cSEWMcWw:xc4nECOajY62ypDblQJMfgzKkgWMcW
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
VC8_Microsoft_Corporation, domain, IP, contentis_base64, Microsoft_Visual_Cpp_8, Visual_Cpp_2005_Release_Microsoft, HasDebugData, IsConsole, IsPE32, HasRichSignature

Suspicious
True check_circle

Imports
msvcrt.dll
__wgetmainargs, __set_app_type, __p__commode, _exit, _cexit, __p__fmode, __setusermatherr, _initterm, ?terminate@@YAXXZ, _controlfp, _except_handler4_common, _amsg_exit, _XcptFilter, malloc, _wcsnicmp, free, _wsystem, wcscat_s, wcscpy_s, _ultow, setlocale, exit
KERNEL32.dll
GetConsoleOutputCP, GetStdHandle, WriteFile, SetThreadUILanguage, GetConsoleMode, FormatMessageW, HeapSetInformation, WriteConsoleW, LocalFree, WideCharToMultiByte, GetFileType, GetCurrentProcess, UnhandledExceptionFilter, GetTickCount, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, GetModuleHandleW, SetUnhandledExceptionFilter, Sleep, TerminateProcess
Strings
List
help.pdb
name="Microsoft.Windows.Filesystem.Help"
_wcsnicmp
<requestedPrivileges>
TerminateProcess
WriteFile
GetModuleHandleW
QueryPerformanceCounter
Microsoft Corporation. All rights reserved.
GetTickCount
Sleep
<requestedExecutionLevel
GetConsoleOutputCP
<description>Command Line Help Utility</description>
10.0.19041.1 (WinBuild.160101.0800)
version="5.1.0.0"
Help.Exe
__p__commode
Command Line Help Utility
type="win32"
_initterm
__p__fmode
10.0.19041.1
.CRT$XCAA
.CRT$XIAA
<assemblyIdentity
__setusermatherr
_controlfp
__set_app_type
_amsg_exit
__wgetmainargs
_XcptFilter
.rdata$brc
uiAccess="false"
?terminate@@YAXXZ
_wsystem
level="asInvoker"
Microsoft
Microsoft Corporation
</assembly>
.CRT$XIY
CompanyName
ProductName
OriginalFilename
InternalName
FileVersion
FileDescription
VarFileInfo
StringFileInfo
Translation
Application
`.data
WideCharToMultiByte
_ultow
_cexit
_exit
.gfids
@.rsrc
cRich
<security>
Help
540@
501@
</security>
RSDS
HPSW
GCTL
Windows
!This program cannot be run in DOS mode.
VS_VERSION_INFO
processorArchitecture="x86"
<!-- Copyright (c) Microsoft Corporation -->
_except_handler4_common
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
</requestedPrivileges>
LegalCopyright
Unable to get Message-Not-Found message
Operating System
Unable to display usage message
0,000
wcscat_s
</trustInfo>
GetCurrentProcess
setlocale
GetCurrentProcessId
LocalFree
GetCurrentThreadId
wcscpy_s
SetThreadUILanguage
@.reloc
8 8(8.8;8C8I8a8f8l8q8v8{8
GetFileType
WriteConsoleW
HeapSetInformation
FormatMessageW
GetConsoleMode
GetSystemTimeAsFileTime
ProductVersion
GetStdHandle
msvcrt.dll

Foremost
Matches
0.exe, 10 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: KERNEL32.dll, msvcrt.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 5120
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 8192
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 48715
Suspicous: False cancel

Sections
Allowed: .text, .data, .idata, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 10
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 10
Linker
Version: 14.20
Suspicious: False cancel
Subsystem
Version: 10.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 6832
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: kernel32.dll, msvcrt.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: True check_circle
Valid: True check_circle
Value: 1999-08-14 13:03:28
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 1

garbagebytes
.text: 1

programcontrolflowchange
.text: 1

AVclass
None
1
VirusTotal
md5
dd40774e56d4c44b81f2dfa059285e75
sha1
0461d593e5d7e38319db5b57ef50eb773baf8ee2
SCANS (DETECTION RATE = 0.00%)
CMC
update: 20210506
version: 2.10.2019.1
detected: False cancel

MAX
update: 20210612
version: 2019.9.16.1
detected: False cancel

APEX
update: 20210610
version: 6.173
detected: False cancel

Bkav
update: 20210611
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20210612
version: 11.187.37439
detected: False cancel

ALYac
update: 20210612
version: 1.1.3.1
detected: False cancel

Avast
update: 20210612
version: 21.1.5827.0
detected: False cancel

Avira
update: 20210612
version: 8.3.3.12
detected: False cancel

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
update: 20210612
version: 4.0.0.27
detected: False cancel

Cyren
update: 20210612
version: 6.3.0.2
detected: False cancel

DrWeb
update: 20210611
version: 7.0.49.9080
detected: False cancel

GData
update: 20210612
version: A:25.29932B:27.23328
detected: False cancel

Panda
update: 20210611
version: 4.6.4.2
detected: False cancel

VBA32
update: 20210611
version: 5.0.0
detected: False cancel

VIPRE
update: 20210612
version: 93230
detected: False cancel

Zoner
update: 20210611
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20210611
version: 0.103.2.0
detected: False cancel

Comodo
update: 20210611
version: 33613
detected: False cancel

Ikarus
update: 20210611
version: 0.1.5.2
detected: False cancel

Lionic
update: 20210612
version: 4.2
detected: False cancel

McAfee
update: 20210612
version: 6.0.6.653
detected: False cancel

Rising
update: 20210611
version: 25.0.0.26
detected: False cancel

Sophos
update: 20210612
version: 1.0.2.0
detected: False cancel

Yandex
update: 20210610
version: 5.5.2.24
detected: False cancel

Zillya
update: 20210611
version: 2.0.0.4385
detected: False cancel

Acronis
update: 20210512
version: 1.1.1.82
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
update: 20210612
version: 1.0.0.886
detected: False cancel

Cylance
update: 20210612
version: 2.3.1.101
detected: False cancel

Elastic
update: 20210524
version: 4.0.22
detected: False cancel

FireEye
update: 20210612
version: 32.44.1.0
detected: False cancel

Sangfor
update: 20210607
version: 2.9.0.0
detected: False cancel

TACHYON
update: 20210612
version: 2021-06-12.01
detected: False cancel

Tencent
update: 20210612
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20210611
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20210612
version: 1.0.0.403
detected: False cancel

eGambit
update: 20210612
detected: False cancel

Ad-Aware
update: 20210611
version: 3.0.21.179
detected: False cancel

Emsisoft
update: 20210612
version: 2018.12.0.1641
detected: False cancel

F-Secure
update: 20210611
version: 12.0.86.52
detected: False cancel

Fortinet
update: 20210612
version: 6.2.142.0
detected: False cancel

Jiangmin
update: 20210611
version: 16.0.100
detected: False cancel

Kingsoft
update: 20210612
version: 2017.9.26.565
detected: False cancel

Paloalto
update: 20210612
version: 1.0
detected: False cancel

Symantec
update: 20210611
version: 1.14.0.0
detected: False cancel

AhnLab-V3
update: 20210612
version: 3.20.2.10137
detected: False cancel

Antiy-AVL
update: 20210612
version: 3.0.0.1
detected: False cancel

Kaspersky
update: 20210611
version: 21.0.1.45
detected: False cancel

MaxSecure
update: 20210611
version: 1.0.0.1
detected: False cancel

Microsoft
update: 20210612
version: 1.1.18200.4
detected: False cancel

Qihoo-360
update: 20210612
version: 1.0.0.1120
detected: False cancel

ZoneAlarm
update: 20210612
version: 1.0
detected: False cancel

Cybereason
update: 20210330
version: 1.2.449
detected: False cancel

ESET-NOD32
update: 20210611
version: 23449
detected: False cancel

Gridinsoft
update: 20210612
version: 1.0.44.137
detected: False cancel

TrendMicro
update: 20210612
version: 11.0.0.1006
detected: False cancel

BitDefender
update: 20210612
version: 7.2
detected: False cancel

CrowdStrike
update: 20210203
version: 1.0
detected: False cancel

K7AntiVirus
update: 20210611
version: 11.187.37437
detected: False cancel

SentinelOne
update: 20210518
version: 5.1.0.5
detected: False cancel

Malwarebytes
update: 20210612
version: 4.2.2.27
detected: False cancel

CAT-QuickHeal
update: 20210611
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20210612
version: 1.0.146.25311
detected: False cancel

BitDefenderTheta
update: 20210610
version: 7.2.37796.0
detected: False cancel

MicroWorld-eScan
update: 20210612
version: 14.0.409.0
detected: False cancel

SUPERAntiSpyware
update: 20210605
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
update: 20210611
version: v2019.1.2+3728
detected: False cancel

TrendMicro-HouseCall
update: 20210612
version: 10.0.0.1040
detected: False cancel

total
69
sha256
53827a12373901fca002c3fc012d0bce0c4af422a7cf12cad19c655c903314e3
scan_id
53827a12373901fca002c3fc012d0bce0c4af422a7cf12cad19c655c903314e3-1623471207
resource
dd40774e56d4c44b81f2dfa059285e75
positives
0
scan_date
2021-06-12 04:13:27
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
20/8/2021 - 5:45:45.465Write4C:\Windows
20/8/2021 - 5:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 5:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 5:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 5:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 5:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 5:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 5:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 5:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 5:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 5:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 5:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26
20/8/2021 - 5:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26TMP000000A2F27954F4B4C5FD26
20/8/2021 - 5:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 5:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 5:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 5:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 5:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 5:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 5:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066
20/8/2021 - 5:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066TMP000000A30415A103D3F52066
20/8/2021 - 5:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
20/8/2021 - 5:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
20/8/2021 - 5:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
20/8/2021 - 5:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066TMP000000A30415A103D3F52066
20/8/2021 - 5:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 5:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 5:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 5:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 5:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 5:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 5:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 5:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26TMP000000A2F27954F4B4C5FD26
20/8/2021 - 5:45:48.872Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 5:45:49.481Unknown4C:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 5:45:49.481Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 5:45:49.481Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 5:45:52.715Write4C:\Monitor
20/8/2021 - 5:45:53.418Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 5:45:53.434Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 5:45:53.434Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 5:45:53.434Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 5:45:53.434Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 5:45:53.434Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 5:45:53.434Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 5:45:53.434Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 5:45:53.434Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 5:45:53.465Write4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 5:45:53.465Write4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 5:45:53.465Unknown4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 5:45:53.465Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 5:45:53.465Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 5:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
20/8/2021 - 5:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
20/8/2021 - 5:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
20/8/2021 - 5:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
20/8/2021 - 5:45:53.856Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 5:45:53.856Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 5:45:55.481Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 5:45:55.481Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 5:46:11.465Write4C:\Windows\Temp
20/8/2021 - 5:46:17.465Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
20/8/2021 - 5:46:18.262Write4C:\Windows
20/8/2021 - 5:46:19.481Write4C:\Windows
20/8/2021 - 5:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
20/8/2021 - 5:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
20/8/2021 - 5:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
20/8/2021 - 5:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
20/8/2021 - 5:46:27.418Write4C:\Windows\System32\config\SYSTEM
20/8/2021 - 5:46:27.418Write4C:\Windows\System32\config\SYSTEM
20/8/2021 - 5:46:27.418Write4C:\Windows\System32\config\SYSTEM
20/8/2021 - 5:46:27.418Write4C:\Windows\System32\config\SYSTEM
20/8/2021 - 5:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 5:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 5:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 5:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 5:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 5:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 5:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 5:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 5:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 5:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 5:46:32.434Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 5:46:32.434Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 5:46:32.434Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 5:46:32.434Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 5:46:32.434Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 5:46:32.434Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 5:46:32.434Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 5:46:32.434Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 5:46:32.434Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 5:46:32.434Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 5:46:32.528Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 5:46:35.418Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 5:46:35.418Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 5:46:55.731Open528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
20/8/2021 - 5:46:55.731Unknown528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
20/8/2021 - 5:47:17.497Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
20/8/2021 - 5:47:27.575Open1864C:\Windows\explorer.exeC:\
20/8/2021 - 5:47:27.575Unknown1864C:\Windows\explorer.exeC:\
20/8/2021 - 5:47:32.825Open1864C:\Windows\explorer.exeC:\Users\Behemot
20/8/2021 - 5:47:32.825Open1864C:\Windows\explorer.exeC:\Users\Behemot
20/8/2021 - 5:47:32.825Unknown1864C:\Windows\explorer.exeC:\Users\Behemot
20/8/2021 - 5:47:32.825Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
20/8/2021 - 5:47:32.825Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
20/8/2021 - 5:47:32.825Unknown1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
20/8/2021 - 5:47:32.825Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes
20/8/2021 - 5:47:32.825Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
20/8/2021 - 5:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 5:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 5:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 5:47:35.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 5:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 5:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 5:47:35.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 5:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 5:47:41.465Read1232C:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Windows Media Player\wmpnetwk.exe
20/8/2021 - 5:48:11.309Open4\Device\HarddiskVolume1\System Volume Information
20/8/2021 - 5:48:11.309Unknown4\Device\HarddiskVolume1\System Volume Information
20/8/2021 - 5:48:13.59Open4C:\System Volume Information
20/8/2021 - 5:48:13.59Open4C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
20/8/2021 - 5:48:13.59Open4C:\System Volume Information\{bcf7d7ec-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
20/8/2021 - 5:48:13.59Open4C:\System Volume Information\{bcf7d7f0-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
20/8/2021 - 5:48:13.59Unknown4C:\System Volume Information
20/8/2021 - 5:48:13.59Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 5:48:13.59Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 5:48:16.59Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 5:48:16.59Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 5:48:17.465Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
20/8/2021 - 5:48:25.903Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 5:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 5:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 5:48:25.903Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 5:48:25.903Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 5:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 5:48:25.903Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 5:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 5:48:25.903Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 5:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 5:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 5:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
20/8/2021 - 5:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
20/8/2021 - 5:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat
20/8/2021 - 5:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.datcontainer.dat
20/8/2021 - 5:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.dat
20/8/2021 - 5:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.datcontainer.dat
20/8/2021 - 5:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.dat
20/8/2021 - 5:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.datcontainer.dat
20/8/2021 - 5:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.dat
20/8/2021 - 5:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.datcontainer.dat
20/8/2021 - 5:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.dat
20/8/2021 - 5:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.datcontainer.dat
20/8/2021 - 5:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.dat
20/8/2021 - 5:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.datcontainer.dat
20/8/2021 - 5:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.dat
20/8/2021 - 5:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.datcontainer.dat
20/8/2021 - 5:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.dat
20/8/2021 - 5:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.datcontainer.dat
20/8/2021 - 5:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.dat
20/8/2021 - 5:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.datcontainer.dat
20/8/2021 - 5:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.dat
20/8/2021 - 5:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
20/8/2021 - 5:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.dat
20/8/2021 - 5:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.datcontainer.dat
20/8/2021 - 5:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.dat
20/8/2021 - 5:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.datcontainer.dat
20/8/2021 - 5:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 5:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 5:49:20.715Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 5:49:20.715Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 5:49:20.762Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 5:49:20.762Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 5:49:20.856Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 5:49:20.856Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 5:49:20.950Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 5:49:20.950Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 5:49:20.950Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 5:49:20.950Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 5:49:20.950Read1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 5:49:20.997Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 5:49:20.997Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 5:49:20.997Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 5:49:20.997Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 5:49:21.43Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 5:49:21.43Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 5:49:21.90Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
20/8/2021 - 5:49:21.90Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
20/8/2021 - 5:49:21.90Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 5:49:21.90Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 5:49:21.90Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
20/8/2021 - 5:49:21.90Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
20/8/2021 - 5:49:21.90Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 5:49:23.715Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 5:49:23.715Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 5:49:25.887Unknown2360C:\Windows\System32\audiodg.exeC:\Windows
20/8/2021 - 5:49:30.762Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 5:49:30.762Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 5:49:30.809Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 5:49:30.809Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 5:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 5:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 5:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 5:49:30.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 5:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 5:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 5:49:30.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 5:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 5:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 5:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 5:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 5:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 5:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 5:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 5:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 5:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 5:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 5:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 5:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 5:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 5:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 5:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 5:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 5:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 5:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 5:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 5:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 5:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 5:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 5:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 5:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 5:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 5:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 5:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 5:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 5:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 5:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 5:49:30.856Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 5:49:30.856Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 5:49:30.856Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 5:49:30.856Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 5:49:30.856Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 5:49:30.856Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 5:49:30.872Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 5:49:30.872Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 5:49:31.481Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 5:49:31.481Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 5:49:31.481Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 5:49:31.575Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 5:49:32.465Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

Process
Trace
20/8/2021 - 5:49:25.887Terminate684C:\Windows\System32\svchost.exe2360C:\Windows\System32\audiodg.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
20/8/2021 - 5:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruListCurrentLru
20/8/2021 - 5:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectId
20/8/2021 - 5:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectLru
20/8/2021 - 5:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\1E_ObjectLru_
20/8/2021 - 5:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectId
20/8/2021 - 5:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectLru
20/8/2021 - 5:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3E_ObjectLru_
20/8/2021 - 5:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectId
20/8/2021 - 5:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectLru
20/8/2021 - 5:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3F_ObjectLru_
20/8/2021 - 5:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectId
20/8/2021 - 5:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectLru
20/8/2021 - 5:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\40_ObjectLru_
20/8/2021 - 5:46:23.965Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\22
20/8/2021 - 5:46:23.965Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff00
20/8/2021 - 5:46:23.965Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff01
20/8/2021 - 5:46:23.965Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff02
20/8/2021 - 5:46:23.965Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff03

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 72.50%
suspicious: False cancel

NFS 3.0 (Threshold = 0.75)
confidence: 75.33%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 71.03%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 76.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 65.53%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: False cancel

Add to Collection
Download