Report #13366 check_circle

  • Creation Date: Aug. 20, 2021, 1:43 p.m.
  • Last Update: Aug. 20, 2021, 9:08 p.m.
  • File: relog.exe
  • Results:
Binary
DLL
False cancel
Size
44.50KB
trid
41.0% Win32 Executable MS Visual C++
36.3% Win64 Executable
8.6% Win32 Dynamic Link Library
5.9% Win32 Executable
2.6% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows CLI
Hashes
md5
b5bd958dcd88565cc17e9330032f99ce
sha1
86f8cc31c4996c7d1dacb060870e48733429ce68
crc32
0xf73f0848
sha224
1d4d80788b9a672ff2189018f1d23649275b65e38463a99e19c4bbb8
sha256
2030c6509cee45e3629a9b47d09bd421b83f48f356ed597a03c89306610d720c
sha384
6b687df91a56b8c2aa6ab9d0b834e2fb9f2f9b64cf78234d15c3c34e98d8f85776849fc558bf4c3ea42905dbed695672
sha512
55804fa3aabcdaf14628633d855a5113c6e26a027f45709e1af8f8d91942125c923bd47c7c7082d4b6fddf92981ec510890965518e382022753d209fa95deb7e
ssdeep
768:/zsVR22awTzqvJneZ/HI7vUjO9ZNvv/2rEaQLo6Ec22C2ieU0i:/zsVFdYJIQDv9raEqc2AieU0i
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
VC8_Microsoft_Corporation, domain, IP, contentis_base64, Microsoft_Visual_Cpp_8, HasDebugData, IsConsole, IsPE32, HasRichSignature

Suspicious
True check_circle

Imports
pdh.dll
PdhBindInputDataSourceW, PdhParseCounterPathW, PdhRelogW, PdhCloseLog, PdhEnumObjectsHW, PdhEnumObjectItemsHW, PdhAddCounterW, PdhGetDataSourceTimeRangeH, PdhGetLogFileTypeW, PdhMakeCounterPathW, PdhOpenQueryH, PdhValidatePathExW, PdhExpandWildCardPathHW, PdhEnumMachinesHW
RPCRT4.dll
UuidCreate
msvcp_win.dll
?_Xlength_error@std@@YAXPBD@Z
api-ms-win-core-file-l1-1-0.dll
WriteFile, DeleteFileW, GetFileType, FindFirstFileW, ReadFile, CreateFileW, FindClose, FindNextFileW
api-ms-win-core-file-l1-2-0.dll
GetTempPathW
api-ms-win-core-file-l2-1-2.dll
CopyFileW
api-ms-win-core-heap-l1-1-0.dll
HeapSetInformation, HeapFree, GetProcessHeap, HeapAlloc
api-ms-win-core-heap-l2-1-0.dll
LocalFree
api-ms-win-core-debug-l1-1-0.dll
IsDebuggerPresent
api-ms-win-crt-string-l1-1-0.dll
memset, wcsncmp
api-ms-win-core-handle-l1-1-0.dll
CloseHandle
api-ms-win-core-string-l1-1-0.dll
MultiByteToWideChar, WideCharToMultiByte, CompareStringOrdinal
api-ms-win-crt-private-l1-1-0.dll
_o___stdio_common_vswprintf, _o__callnewh, _o__cexit, _o__configthreadlocale, _o__configure_wide_argv, _o__controlfp_s, _o__crt_atexit, _o__exit, _o__get_initial_wide_environment, _o__initialize_onexit_table, _o__initialize_wide_environment, _o__invalid_parameter_noinfo_noreturn, _o__register_onexit_function, _o__seh_filter_exe, memcpy, _o__set_app_type, _o__set_fmode, _o__set_new_mode, _o__wcsicmp, _o__wcsnicmp, _o__wfsopen, _o__wmakepath_s, _o__wsplitpath_s, _o_exit, _o_fclose, _o_fgetws, _o_free, _o_malloc, _o_terminate, _o_wcstod, _o_wcstok_s, _o_wcstol, _except_handler4_common, _CxxThrowException, _o___stdio_common_vfwprintf, _o___std_exception_destroy, _o___std_exception_copy, _o___stdio_common_vsnwprintf_s, _o___p__commode, _o___p___wargv, _o___p___argc, _o___acrt_iob_func, wcsstr, wcschr, __CxxFrameHandler3
api-ms-win-crt-runtime-l1-1-0.dll
_initterm, _initterm_e, _c_exit, _register_thread_local_exe_atexit_callback
api-ms-win-core-console-l1-1-0.dll
GetConsoleMode, SetConsoleMode, ReadConsoleW, WriteConsoleW, GetConsoleOutputCP
api-ms-win-core-console-l2-1-0.dll
GetConsoleScreenBufferInfo, SetConsoleTextAttribute
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0.dll
GetSystemTimeAsFileTime
api-ms-win-core-version-l1-1-0.dll
GetFileVersionInfoExW, GetFileVersionInfoSizeExW, VerQueryValueW
api-ms-win-core-registry-l1-1-0.dll
RegQueryValueExW, RegOpenKeyExW, RegCloseKey
api-ms-win-core-timezone-l1-1-0.dll
FileTimeToSystemTime, SystemTimeToFileTime
api-ms-win-core-interlocked-l1-1-0.dll
InitializeSListHead
api-ms-win-core-localization-l1-2-0.dll
FormatMessageW, SetThreadUILanguage, GetLocaleInfoW
api-ms-win-core-errorhandling-l1-1-0.dll
GetLastError, SetUnhandledExceptionFilter, UnhandledExceptionFilter
api-ms-win-core-libraryloader-l1-2-0.dll
LoadStringW, FreeLibrary, GetModuleHandleW, GetModuleFileNameW
api-ms-win-core-libraryloader-l1-2-1.dll
LoadLibraryW
api-ms-win-core-processthreads-l1-1-0.dll
GetCurrentProcess, TerminateProcess, GetCurrentProcessId, GetCurrentThreadId
api-ms-win-core-processthreads-l1-1-1.dll
IsProcessorFeaturePresent
api-ms-win-core-processenvironment-l1-1-0.dll
GetStdHandle
Strings
List
relog.pdb
api-ms-win-core-registry-l1-1-0.dll
%08x%08x%08x%08x.relog.tmp
api-ms-win-core-debug-l1-1-0.dll
pdh.dll
msvcp_win.dll
Relog.exe
Relog.exe
name="Microsoft.Windows.Diagnosis.ReLog"
api-ms-win-core-interlocked-l1-1-0.dll
api-ms-win-core-localization-l1-2-0.dll
api-ms-win-core-processthreads-l1-1-1.dll
api-ms-win-core-processthreads-l1-1-0.dll
api-ms-win-core-processenvironment-l1-1-0.dll
api-ms-win-core-console-l2-1-0.dll
api-ms-win-core-console-l1-1-0.dll
api-ms-win-core-version-l1-1-0.dll
api-ms-win-core-sysinfo-l1-1-0.dll
api-ms-win-core-libraryloader-l1-2-1.dll
api-ms-win-core-libraryloader-l1-2-0.dll
api-ms-win-core-errorhandling-l1-1-0.dll
api-ms-win-core-string-l1-1-0.dll
api-ms-win-core-timezone-l1-1-0.dll
api-ms-win-core-profile-l1-1-0.dll
api-ms-win-core-file-l1-2-0.dll
api-ms-win-core-file-l1-1-0.dll
api-ms-win-core-heap-l2-1-0.dll
api-ms-win-core-heap-l1-1-0.dll
api-ms-win-core-file-l2-1-2.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-core-handle-l1-1-0.dll
FATAL: %hs
api-ms-win-crt-private-l1-1-0.dll
_o__wcsicmp
_o__wcsnicmp
_o__register_onexit_function
<requestedPrivileges>
_o___std_exception_destroy
\StringFileInfo\%04x%04x\%s
IsProcessorFeaturePresent
IsDebuggerPresent
TerminateProcess
CreateFileW
QueryPerformanceCounter
RegOpenKeyExW
WriteFile
FindNextFileW
RegQueryValueExW
DeleteFileW
FindFirstFileW
LoadLibraryW
GetModuleHandleW
CopyFileW
GetModuleFileNameW
FreeLibrary
ReadFile
Microsoft Corporation. All rights reserved.
<requestedExecutionLevel
GetConsoleOutputCP
_register_thread_local_exe_atexit_callback
GetProcessHeap
version="5.1.0.0"
_o__wsplitpath_s
7'8-8=8F8L8a8f8r8y8
_o___p__commode
_o__get_initial_wide_environment
_o__initialize_wide_environment
type="win32"
__CxxFrameHandler3
515G5^5d5s5y5
10.0.19041.546
_initterm
_o___p___wargv
_o___p___argc
_o___stdio_common_vswprintf
_o___stdio_common_vfwprintf
_o__cexit
_o__set_fmode
_o___stdio_common_vsnwprintf_s
_o__set_new_mode
_o___acrt_iob_func
_o__set_app_type
_o__exit
.CRT$XIAC
.CRT$XIAA
.CRT$XCAA
<assemblyIdentity
_o__seh_filter_exe
586P6Y6e6l6w6
_o__callnewh
_o_fgetws
_initterm_e
_o__invalid_parameter_noinfo_noreturn
_o__crt_atexit
_o_malloc
_o__initialize_onexit_table
_o_terminate
%1.2f%%
.rdata$brc

Foremost
Matches
0.exe, 44 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: PDH.DLL, api-ms-win-core-string-l1-1-0.dll, api-ms-win-core-libraryloader-l1-2-1.dll, api-ms-win-core-version-l1-1-0.dll, api-ms-win-core-console-l1-1-0.dll, api-ms-win-core-localization-l1-2-0.dll, api-ms-win-core-file-l1-1-0.dll, api-ms-win-core-interlocked-l1-1-0.dll, api-ms-win-core-debug-l1-1-0.dll, api-ms-win-core-handle-l1-1-0.dll, api-ms-win-crt-string-l1-1-0.dll, api-ms-win-core-registry-l1-1-0.dll, api-ms-win-core-file-l2-1-2.dll, api-ms-win-core-timezone-l1-1-0.dll, api-ms-win-core-processthreads-l1-1-0.dll, api-ms-win-core-profile-l1-1-0.dll, api-ms-win-core-sysinfo-l1-1-0.dll, api-ms-win-core-file-l1-2-0.dll, RPCRT4.dll, msvcp_win.dll, api-ms-win-core-processenvironment-l1-1-0.dll, api-ms-win-core-libraryloader-l1-2-0.dll, api-ms-win-core-heap-l1-1-0.dll, api-ms-win-crt-runtime-l1-1-0.dll, api-ms-win-core-console-l2-1-0.dll, api-ms-win-crt-private-l1-1-0.dll, api-ms-win-core-processthreads-l1-1-1.dll, api-ms-win-core-heap-l2-1-0.dll, api-ms-win-core-errorhandling-l1-1-0.dll
hasFiles: True check_circle
Suspicious: %08x%08x%08x%08x.relog.tmp
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 13312
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 8192
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 96860
Suspicous: False cancel

Sections
Allowed: .text, .data, .idata, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 10
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 10
Linker
Version: 14.20
Suspicious: False cancel
Subsystem
Version: 10.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 31552
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: pdh.dll, api-ms-win-core-string-l1-1-0.dll, api-ms-win-core-version-l1-1-0.dll, api-ms-win-core-console-l1-1-0.dll, api-ms-win-core-localization-l1-2-0.dll, api-ms-win-core-file-l1-1-0.dll, api-ms-win-core-interlocked-l1-1-0.dll, api-ms-win-core-debug-l1-1-0.dll, api-ms-win-core-handle-l1-1-0.dll, api-ms-win-core-registry-l1-1-0.dll, api-ms-win-core-timezone-l1-1-0.dll, api-ms-win-core-processthreads-l1-1-0.dll, api-ms-win-core-profile-l1-1-0.dll, api-ms-win-core-sysinfo-l1-1-0.dll, api-ms-win-core-file-l1-2-0.dll, rpcrt4.dll, api-ms-win-core-processenvironment-l1-1-0.dll, api-ms-win-core-heap-l1-1-0.dll, api-ms-win-core-console-l2-1-0.dll, api-ms-win-core-processthreads-l1-1-1.dll, api-ms-win-core-errorhandling-l1-1-0.dll
hasLibs: True check_circle
Suspicious: api-ms-win-core-libraryloader-l1-2-1.dll, api-ms-win-crt-string-l1-1-0.dll, api-ms-win-core-file-l2-1-2.dll, msvcp_win.dll, api-ms-win-core-libraryloader-l1-2-0.dll, api-ms-win-crt-runtime-l1-1-0.dll, api-ms-win-crt-private-l1-1-0.dll, api-ms-win-core-heap-l2-1-0.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2103-04-13 16:59:04
Future: True check_circle

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 1

pushpopmath
.reloc: 3

cpuinstructionsresultscomparison
.text: 2

AVclass
File
Trace
20/8/2021 - 20:45:43.497Unknown4C:\Users\Behemot\Desktop\desktop.ini
20/8/2021 - 20:45:43.497Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 20:45:45.465Write4C:\Windows
20/8/2021 - 20:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 20:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 20:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 20:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 20:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 20:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 20:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 20:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 20:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 20:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 20:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26
20/8/2021 - 20:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26TMP000000A2F27954F4B4C5FD26
20/8/2021 - 20:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 20:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 20:45:47.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 20:45:47.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 20:45:47.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 20:45:47.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 20:45:47.872Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066
20/8/2021 - 20:45:47.872Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066TMP000000A30415A103D3F52066
20/8/2021 - 20:45:47.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
20/8/2021 - 20:45:47.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
20/8/2021 - 20:45:47.872Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
20/8/2021 - 20:45:47.872Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066TMP000000A30415A103D3F52066
20/8/2021 - 20:45:47.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 20:45:47.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 20:45:47.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 20:45:47.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 20:45:47.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 20:45:47.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
20/8/2021 - 20:45:47.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 20:45:47.872Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 20:45:47.903Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26TMP000000A2F27954F4B4C5FD26
20/8/2021 - 20:45:49.497Unknown4C:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/8/2021 - 20:45:49.497Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 20:45:49.497Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 20:45:52.434Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 20:45:52.434Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 20:45:52.434Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 20:45:52.434Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 20:45:52.450Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 20:45:52.450Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 20:45:52.450Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 20:45:52.450Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 20:45:52.450Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 20:45:52.715Write4C:\Monitor
20/8/2021 - 20:45:52.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
20/8/2021 - 20:45:52.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
20/8/2021 - 20:45:52.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
20/8/2021 - 20:45:52.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
20/8/2021 - 20:45:52.856Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 20:45:52.856Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 20:45:53.497Write4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 20:45:53.497Write4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 20:45:53.497Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 20:45:53.497Unknown4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
20/8/2021 - 20:45:53.497Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 20:45:53.497Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
20/8/2021 - 20:45:53.497Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 20:46:9.497Write4C:\Windows\Temp
20/8/2021 - 20:46:17.497Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
20/8/2021 - 20:46:18.262Write4C:\Windows
20/8/2021 - 20:46:19.497Write4C:\Windows
20/8/2021 - 20:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
20/8/2021 - 20:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
20/8/2021 - 20:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
20/8/2021 - 20:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
20/8/2021 - 20:46:27.418Write4C:\Windows\System32\config\SYSTEM
20/8/2021 - 20:46:27.418Write4C:\Windows\System32\config\SYSTEM
20/8/2021 - 20:46:27.418Write4C:\Windows\System32\config\SYSTEM
20/8/2021 - 20:46:27.418Write4C:\Windows\System32\config\SYSTEM
20/8/2021 - 20:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 20:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 20:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 20:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 20:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 20:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 20:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 20:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 20:46:32.434Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 20:46:32.434Write4C:\System Volume Information\Syscache.hve.LOG1
20/8/2021 - 20:46:32.434Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 20:46:32.434Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 20:46:32.434Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 20:46:32.434Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 20:46:32.434Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 20:46:32.434Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 20:46:32.434Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 20:46:32.434Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 20:46:32.434Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 20:46:32.434Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 20:46:32.543Write4C:\System Volume Information\Syscache.hve
20/8/2021 - 20:46:35.450Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 20:46:35.450Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 20:46:55.747Open528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
20/8/2021 - 20:46:55.747Unknown528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
20/8/2021 - 20:47:17.481Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
20/8/2021 - 20:47:27.559Open1864C:\Windows\explorer.exeC:\
20/8/2021 - 20:47:27.559Unknown1864C:\Windows\explorer.exeC:\
20/8/2021 - 20:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot
20/8/2021 - 20:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot
20/8/2021 - 20:47:32.809Unknown1864C:\Windows\explorer.exeC:\Users\Behemot
20/8/2021 - 20:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
20/8/2021 - 20:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
20/8/2021 - 20:47:32.809Unknown1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
20/8/2021 - 20:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes
20/8/2021 - 20:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
20/8/2021 - 20:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 20:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 20:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 20:47:35.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 20:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 20:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 20:47:35.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 20:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 20:47:41.262Read1232C:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Windows Media Player\wmpnetwk.exe
20/8/2021 - 20:47:41.262Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 20:47:41.262Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 20:47:44.278Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 20:47:44.278Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 20:47:58.122Open1864C:\Windows\explorer.exeC:\Windows\System32\netprofm.dll
20/8/2021 - 20:47:58.122Open1864C:\Windows\explorer.exeC:\Windows\System32\netprofm.dll
20/8/2021 - 20:47:58.403Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\Registry.log
20/8/2021 - 20:47:59.481Write4C:\Monitor\Files\Logs\Registry.log
20/8/2021 - 20:47:59.481Read684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
20/8/2021 - 20:47:59.481Unknown4C:\Monitor\Files\Logs\Registry.log
20/8/2021 - 20:48:3.309Write4C:\Users\Behemot\ntuser.dat.LOG1
20/8/2021 - 20:48:3.309Write4C:\Users\Behemot\ntuser.dat.LOG1
20/8/2021 - 20:48:3.309Write4C:\Users\Behemot\ntuser.dat.LOG1
20/8/2021 - 20:48:3.309Write4C:\Users\Behemot\ntuser.dat.LOG1
20/8/2021 - 20:48:3.309Write4C:\Users\Behemot\NTUSER.DAT
20/8/2021 - 20:48:3.309Write4C:\Users\Behemot\NTUSER.DAT
20/8/2021 - 20:48:3.309Write4C:\Users\Behemot\NTUSER.DAT
20/8/2021 - 20:48:3.325Write4C:\Users\Behemot\NTUSER.DAT
20/8/2021 - 20:48:11.309Open4\Device\HarddiskVolume1\System Volume Information
20/8/2021 - 20:48:11.309Unknown4\Device\HarddiskVolume1\System Volume Information
20/8/2021 - 20:48:13.59Open4C:\System Volume Information
20/8/2021 - 20:48:13.59Open4C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
20/8/2021 - 20:48:13.59Open4C:\System Volume Information\{bcf7d7ec-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
20/8/2021 - 20:48:13.59Open4C:\System Volume Information\{bcf7d7f0-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
20/8/2021 - 20:48:13.59Unknown4C:\System Volume Information
20/8/2021 - 20:48:17.481Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
20/8/2021 - 20:48:25.887Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 20:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 20:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 20:48:25.887Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 20:48:25.887Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 20:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 20:48:25.887Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 20:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 20:48:25.887Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 20:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 20:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 20:48:25.887Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 20:48:27.465Write4C:\Users\Behemot
20/8/2021 - 20:48:27.481Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 20:48:27.481Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 20:48:29.543Write684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
20/8/2021 - 20:48:29.543Write684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
20/8/2021 - 20:48:29.543Write684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
20/8/2021 - 20:48:33.465Write4C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
20/8/2021 - 20:48:33.559Write4C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
20/8/2021 - 20:48:33.559Unknown4C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
20/8/2021 - 20:49:17.465Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
20/8/2021 - 20:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
20/8/2021 - 20:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
20/8/2021 - 20:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat
20/8/2021 - 20:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.datcontainer.dat
20/8/2021 - 20:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.dat
20/8/2021 - 20:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.datcontainer.dat
20/8/2021 - 20:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.dat
20/8/2021 - 20:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.datcontainer.dat
20/8/2021 - 20:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.dat
20/8/2021 - 20:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.datcontainer.dat
20/8/2021 - 20:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.dat
20/8/2021 - 20:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.datcontainer.dat
20/8/2021 - 20:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.dat
20/8/2021 - 20:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.datcontainer.dat
20/8/2021 - 20:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.dat
20/8/2021 - 20:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.datcontainer.dat
20/8/2021 - 20:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.dat
20/8/2021 - 20:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.datcontainer.dat
20/8/2021 - 20:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.dat
20/8/2021 - 20:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.datcontainer.dat
20/8/2021 - 20:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.dat
20/8/2021 - 20:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
20/8/2021 - 20:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.dat
20/8/2021 - 20:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.datcontainer.dat
20/8/2021 - 20:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.dat
20/8/2021 - 20:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.datcontainer.dat
20/8/2021 - 20:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 20:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 20:49:20.684Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 20:49:20.684Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 20:49:20.731Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 20:49:20.731Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 20:49:20.825Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 20:49:20.825Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 20:49:20.918Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 20:49:20.918Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 20:49:20.918Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 20:49:20.918Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 20:49:20.918Read1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 20:49:20.965Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 20:49:20.965Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 20:49:20.965Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 20:49:20.965Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
20/8/2021 - 20:49:21.12Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 20:49:21.12Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 20:49:21.59Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
20/8/2021 - 20:49:21.59Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
20/8/2021 - 20:49:21.59Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 20:49:21.59Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 20:49:21.59Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
20/8/2021 - 20:49:21.59Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
20/8/2021 - 20:49:23.684Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 20:49:23.684Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 20:49:23.684Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 20:49:23.684Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 20:49:25.465Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 20:49:25.465Unknown4C:\Monitor\Files\Logs\File.log
20/8/2021 - 20:49:25.887Unknown2360C:\Windows\System32\audiodg.exeC:\Windows
20/8/2021 - 20:49:30.747Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 20:49:30.747Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 20:49:30.793Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 20:49:30.793Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 20:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 20:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 20:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 20:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 20:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 20:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 20:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 20:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 20:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 20:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 20:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 20:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 20:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 20:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 20:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 20:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 20:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 20:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 20:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 20:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 20:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 20:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 20:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 20:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 20:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 20:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 20:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 20:49:30.840Open1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 20:49:30.840Unknown1796C:\Windows\System32\taskhost.exeC:\Users
20/8/2021 - 20:49:30.840Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 20:49:30.840Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 20:49:30.840Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 20:49:30.840Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 20:49:30.840Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 20:49:30.840Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 20:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 20:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 20:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 20:49:30.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 20:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 20:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 20:49:30.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
20/8/2021 - 20:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
20/8/2021 - 20:49:30.856Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
20/8/2021 - 20:49:31.465Write4C:\Monitor\Files\Logs\File.log
20/8/2021 - 20:49:31.465Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 20:49:31.465Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
20/8/2021 - 20:49:31.559Unknown4C:\Monitor\Files\Logs\File.log

Process
Trace
20/8/2021 - 20:49:25.887Terminate684C:\Windows\System32\svchost.exe2360C:\Windows\System32\audiodg.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
20/8/2021 - 20:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruListCurrentLru
20/8/2021 - 20:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectId
20/8/2021 - 20:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectLru
20/8/2021 - 20:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\1E_ObjectLru_
20/8/2021 - 20:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectId
20/8/2021 - 20:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectLru
20/8/2021 - 20:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3E_ObjectLru_
20/8/2021 - 20:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectId
20/8/2021 - 20:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectLru
20/8/2021 - 20:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3F_ObjectLru_
20/8/2021 - 20:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectId
20/8/2021 - 20:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectLru
20/8/2021 - 20:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\40_ObjectLru_
20/8/2021 - 20:46:23.934Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\22
20/8/2021 - 20:46:23.934Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff00
20/8/2021 - 20:46:23.934Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff01
20/8/2021 - 20:46:23.934Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff02
20/8/2021 - 20:46:23.934Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff03
20/8/2021 - 20:47:58.403Write1864C:\Windows\explorer.exeHKCU\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCacheUIStatus
20/8/2021 - 20:47:58.403Write1864C:\Windows\explorer.exeHKCU\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCacheOnlyMember
20/8/2021 - 20:47:58.403Write1864C:\Windows\explorer.exeHKCU\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCacheModifier
20/8/2021 - 20:47:58.403Write1864C:\Windows\explorer.exeHKCU\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCacheModifierSystem

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 87.50%
suspicious: False cancel

NFS 3.0 (Threshold = 0.75)
confidence: 67.33%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 94.66%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 77.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 68.37%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: False cancel

Add to Collection
Download