Report #13361 check_circle

  • Creation Date: Aug. 20, 2021, 1:43 p.m.
  • Last Update: Aug. 20, 2021, 8:46 p.m.
  • File: regedt32.exe
  • Results:
Binary
DLL
False cancel
Size
10.00KB
trid
61.7% Win64 Executable
14.7% Win32 Dynamic Link Library
10.0% Win32 Executable
4.5% OS/2 Executable
4.4% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
49e9ea6f79338b350a8b23cea47d1a86
sha1
b51311eee2a58fdf80cd55616b5a15291a5ee951
crc32
0xb0958c77
sha224
f61dd09a256cddc97cc22aea4d2887e858a44156a93d84998e35de31
sha256
b9a0659a5f8173629c2cc702f9d786f699be2c1c1bd10ee354494df75c618954
sha384
0b7d872c1ae2c053ceccb83bea2a393105f573e60c5fd8bf6397627a2511151a91a474b7be855fb09d66b6da0244002b
sha512
a6f473794315e9a38c3d08f1777ba14d0de3f98f560e8db120f96ed6fb6ef2a14568f444783ae2520f958e872223a8d4cfaeb98718089e3bc5a3da35539c85e0
ssdeep
96:cT/8zwOtfZOWkcTLEp2TyIRoJIP3DGjsl3tTZFovnzeDJFMVWVEWlZhHWwB:cT8zwqrTaGRoTeTZFovnz0MWbxWG
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, HasRichSignature, contentis_base64, HasDebugData, IP, IsPE32, System_Tools, IsWindowsGUI

Suspicious
True check_circle

Imports
msvcrt.dll
__setusermatherr, _controlfp, ?terminate@@YAXXZ, _acmdln, _initterm, _ismbblead, __p__fmode, _cexit, _exit, exit, __set_app_type, __getmainargs, _amsg_exit, __p__commode, _XcptFilter, _except_handler4_common
SHELL32.dll
ShellExecuteA
KERNEL32.dll
GetModuleHandleA, GetCommandLineA, HeapSetInformation, GetWindowsDirectoryA, GetStartupInfoA, ExitProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, GetModuleHandleW, TerminateProcess, GetCurrentProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStartupInfoW, Sleep, GetTickCount
api-ms-win-core-shlwapi-legacy-l1-1-0.dll
PathAppendA
Strings
List
regedt32.pdb
regedt32.exe
regedt32.exe
regedit.exe
name="Microsoft.Windows.Regedt32"
api-ms-win-core-shlwapi-legacy-l1-1-0.dll
6 6%6G6M6T6Y6f6u6}6
<requestedPrivileges>
_acmdln
ExitProcess
TerminateProcess
ShellExecuteA
QueryPerformanceCounter
GetModuleHandleW
GetModuleHandleA
Registry Editor Utility
Microsoft Corporation. All rights reserved.
GetTickCount
Sleep
<description>Registry Editor Utility</description>
<requestedExecutionLevel
10.0.19041.1 (WinBuild.160101.0800)
version="1.0.0.0"
__p__commode
type="win32"
_initterm
__p__fmode
10.0.19041.1
_ismbblead
.CRT$XIAA
.CRT$XCAA
<assemblyIdentity
__setusermatherr
_controlfp
__set_app_type
_amsg_exit
__getmainargs
level="highestAvailable"
_XcptFilter
.rdata$brc
uiAccess="false"
?terminate@@YAXXZ
Microsoft
Microsoft Corporation
</assembly>
.CRT$XIY
CompanyName
ProductName
StringFileInfo
FileVersion
InternalName
OriginalFilename
VarFileInfo
FileDescription
Translation
`.data
_cexit
_exit
.gfids
@.rsrc
RichS
<security>
</security>
GCTL
RSDS
Windows
!This program cannot be run in DOS mode.
VS_VERSION_INFO
processorArchitecture="x86"
<!-- Copyright (c) Microsoft Corporation -->
_except_handler4_common
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
</requestedPrivileges>
LegalCopyright
SHELL32.dll
Operating System
</trustInfo>
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetCommandLineA
@.reloc
5 5(5.5;5C5I5a5f5l5q5v5{5
GetSystemTimeAsFileTime
HeapSetInformation
GetStartupInfoW
GetStartupInfoA
PathAppendA
ProductVersion
msvcrt.dll
/>
8"898B8M8T8f8l8r8x8~8
.rdata
.idata
.data
exit
t#hl#@
.idata$5
.idata$6
.idata$2

Foremost
Matches
0.exe, 10 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: api-ms-win-core-shlwapi-legacy-l1-1-0.dll, SHELL32.dll, KERNEL32.dll, msvcrt.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 6144
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 8192
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 30681
Suspicous: False cancel

Sections
Allowed: .text, .data, .idata, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 10
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 10
Linker
Version: 14.20
Suspicious: False cancel
Subsystem
Version: 10.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 5536
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: api-ms-win-core-shlwapi-legacy-l1-1-0.dll, shell32.dll, kernel32.dll, msvcrt.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: True check_circle
Valid: True check_circle
Value: 1991-09-04 08:18:33
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 1

garbagebytes
.text: 1

programcontrolflowchange
.text: 1

cpuinstructionsresultscomparison
.rsrc: 2

AVclass
File
Trace
20/8/2021 - 19:45:43.481Unknown4C:\Users\Behemot\Desktop\desktop.ini
20/8/2021 - 19:45:43.481Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 19:45:45.497Write4C:\Windows
20/8/2021 - 19:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 19:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 19:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 19:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 19:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 19:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 19:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 19:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 19:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 19:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 19:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26
20/8/2021 - 19:45:47.872Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26TMP000000A2F27954F4B4C5FD26
20/8/2021 - 19:45:47.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 19:45:47.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 19:45:47.872Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 19:45:47.872Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 19:45:47.872Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 19:45:47.872Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 19:45:47.872Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066
20/8/2021 - 19:45:47.872Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066TMP000000A30415A103D3F52066
20/8/2021 - 19:45:47.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
20/8/2021 - 19:45:47.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
20/8/2021 - 19:45:47.872Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
20/8/2021 - 19:45:47.872Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066TMP000000A30415A103D3F52066
20/8/2021 - 19:45:47.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 19:45:47.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 19:45:47.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 19:45:47.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 19:45:47.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 19:45:47.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 19:45:47.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 19:45:47.887Write804C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 19:45:47.918Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26TMP000000A2F27954F4B4C5FD26
20/8/2021 - 19:45:49.481Unknown4C:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 19:45:49.481Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 19:45:49.481Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 19:45:52.403Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 19:45:52.403Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 19:45:52.403Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 19:45:52.403Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 19:45:52.418Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 19:45:52.418Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 19:45:52.418Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 19:45:52.418Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 19:45:52.418Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 19:45:52.715Write4C:\Monitor
20/8/2021 - 19:45:52.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
20/8/2021 - 19:45:52.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
20/8/2021 - 19:45:52.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
20/8/2021 - 19:45:52.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
20/8/2021 - 19:45:52.856Write804C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 19:45:52.856Write804C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 19:45:53.497Write4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 19:45:53.497Write4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 19:45:53.497Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 19:45:53.497Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 19:45:53.497Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 19:45:53.497Unknown4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 19:45:53.497Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 19:46:9.481Write4C:\Windows\Temp
20/8/2021 - 19:46:17.481Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
20/8/2021 - 19:46:18.262Write4C:\Windows
20/8/2021 - 19:46:19.497Write4C:\Windows
20/8/2021 - 19:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
20/8/2021 - 19:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
20/8/2021 - 19:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
20/8/2021 - 19:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
20/8/2021 - 19:46:27.418Write4C:\Windows\System32\config\SYSTEM
20/8/2021 - 19:46:27.418Write4C:\Windows\System32\config\SYSTEM
20/8/2021 - 19:46:27.418Write4C:\Windows\System32\config\SYSTEM
20/8/2021 - 19:46:27.418Write4C:\Windows\System32\config\SYSTEM
20/8/2021 - 19:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 19:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 19:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 19:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 19:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 19:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 19:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 19:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 19:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 19:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 19:46:32.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 19:46:32.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 19:46:32.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 19:46:32.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 19:46:32.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 19:46:32.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 19:46:32.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 19:46:32.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 19:46:32.418Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 19:46:32.418Write804C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 19:46:32.512Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 19:46:35.450Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 19:46:35.450Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 19:46:55.965Open528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
20/8/2021 - 19:46:55.965Unknown528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
20/8/2021 - 19:47:17.497Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
20/8/2021 - 19:47:27.559Open1864C:\Windows\explorer.exeC:\
20/8/2021 - 19:47:27.559Unknown1864C:\Windows\explorer.exeC:\
20/8/2021 - 19:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot
20/8/2021 - 19:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot
20/8/2021 - 19:47:32.809Unknown1864C:\Windows\explorer.exeC:\Users\Behemot
20/8/2021 - 19:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
20/8/2021 - 19:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
20/8/2021 - 19:47:32.809Unknown1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
20/8/2021 - 19:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes
20/8/2021 - 19:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
20/8/2021 - 19:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 19:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 19:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 19:47:35.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 19:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 19:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 19:47:35.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 19:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 19:47:40.825Read1232C:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Windows Media Player\wmpnetwk.exe
20/8/2021 - 19:47:40.825Write804C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 19:47:40.825Write804C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 19:47:43.825Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 19:47:43.825Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 19:48:11.309Open4\Device\HarddiskVolume1\System Volume Information
20/8/2021 - 19:48:11.309Unknown4\Device\HarddiskVolume1\System Volume Information
20/8/2021 - 19:48:13.59Open4C:\System Volume Information
20/8/2021 - 19:48:13.59Open4C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
20/8/2021 - 19:48:13.59Open4C:\System Volume Information\{bcf7d7ec-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
20/8/2021 - 19:48:13.59Open4C:\System Volume Information\{bcf7d7f0-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
20/8/2021 - 19:48:13.59Unknown4C:\System Volume Information
20/8/2021 - 19:48:17.481Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
20/8/2021 - 19:48:25.872Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 19:48:25.872Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 19:48:25.872Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 19:48:25.872Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 19:48:25.872Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 19:48:25.872Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 19:48:25.872Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 19:48:25.872Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 19:48:25.872Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 19:48:25.872Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 19:48:25.872Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 19:49:17.465Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
20/8/2021 - 19:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
20/8/2021 - 19:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
20/8/2021 - 19:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat
20/8/2021 - 19:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.datcontainer.dat
20/8/2021 - 19:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.dat
20/8/2021 - 19:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.datcontainer.dat
20/8/2021 - 19:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.dat
20/8/2021 - 19:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.datcontainer.dat
20/8/2021 - 19:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.dat
20/8/2021 - 19:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.datcontainer.dat
20/8/2021 - 19:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.dat
20/8/2021 - 19:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.datcontainer.dat
20/8/2021 - 19:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.dat
20/8/2021 - 19:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.datcontainer.dat
20/8/2021 - 19:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.dat
20/8/2021 - 19:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.datcontainer.dat
20/8/2021 - 19:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.dat
20/8/2021 - 19:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.datcontainer.dat
20/8/2021 - 19:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.dat
20/8/2021 - 19:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.datcontainer.dat
20/8/2021 - 19:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.dat
20/8/2021 - 19:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
20/8/2021 - 19:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.dat
20/8/2021 - 19:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.datcontainer.dat
20/8/2021 - 19:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.dat
20/8/2021 - 19:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.datcontainer.dat
20/8/2021 - 19:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 19:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 19:49:20.715Write804C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 19:49:20.715Write804C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 19:49:20.762Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 19:49:20.762Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 19:49:20.856Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 19:49:20.856Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 19:49:20.950Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 19:49:20.950Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 19:49:20.950Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 19:49:20.950Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 19:49:20.950Read1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 19:49:20.997Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 19:49:20.997Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 19:49:20.997Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 19:49:20.997Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 19:49:21.43Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 19:49:21.43Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 19:49:21.90Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
20/8/2021 - 19:49:21.90Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
20/8/2021 - 19:49:21.90Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 19:49:21.90Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 19:49:21.90Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
20/8/2021 - 19:49:21.90Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
20/8/2021 - 19:49:21.90Write804C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 19:49:23.731Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 19:49:23.731Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 19:49:25.887Unknown2360C:\Windows\System32\audiodg.exeC:\Windows
20/8/2021 - 19:49:30.762Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 19:49:30.762Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 19:49:30.809Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 19:49:30.809Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 19:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 19:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 19:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 19:49:30.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 19:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 19:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 19:49:30.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 19:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 19:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 19:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 19:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 19:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 19:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 19:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 19:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 19:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 19:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 19:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 19:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 19:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 19:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 19:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 19:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 19:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 19:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 19:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 19:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 19:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 19:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 19:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 19:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 19:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 19:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 19:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 19:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 19:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 19:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 19:49:30.856Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 19:49:30.856Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 19:49:30.856Write804C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 19:49:30.856Write804C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 19:49:30.856Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 19:49:30.856Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 19:49:30.856Write804C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 19:49:30.872Write804C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 19:49:31.465Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 19:49:31.465Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 19:49:31.465Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 19:49:31.559Unknown4C:\Monitor\Files\Logs\File.log

Process
Trace
20/8/2021 - 19:49:25.887Terminate684C:\Windows\System32\svchost.exe2360C:\Windows\System32\audiodg.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
20/8/2021 - 19:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruListCurrentLru
20/8/2021 - 19:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectId
20/8/2021 - 19:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectLru
20/8/2021 - 19:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\1E_ObjectLru_
20/8/2021 - 19:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectId
20/8/2021 - 19:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectLru
20/8/2021 - 19:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3E_ObjectLru_
20/8/2021 - 19:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectId
20/8/2021 - 19:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectLru
20/8/2021 - 19:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3F_ObjectLru_
20/8/2021 - 19:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectId
20/8/2021 - 19:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectLru
20/8/2021 - 19:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\40_ObjectLru_
20/8/2021 - 19:46:23.934Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\22
20/8/2021 - 19:46:23.934Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff00
20/8/2021 - 19:46:23.934Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff01
20/8/2021 - 19:46:23.934Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff02
20/8/2021 - 19:46:23.934Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff03

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 77.50%
suspicious: False cancel

NFS 3.0 (Threshold = 0.75)
confidence: 78.00%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 93.56%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 69.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 81.93%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: False cancel

Add to Collection
Download