Report #13449 check_circle

Binary
DLL
False cancel
Size
81.00KB
trid
41.0% Win32 Executable MS Visual C++
36.3% Win64 Executable
8.6% Win32 Dynamic Link Library
5.9% Win32 Executable
2.6% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
fe7c7f2202a9288e3580423c41546aab
sha1
d8b114af6168fcfe5ffb5785d676600de3c3baca
crc32
0x2d082021
sha224
a1f99ab60cb5936c885d5d48f9f9ba3b8bd011d8d960b2c5b5561d0e
sha256
aef9cb5cda480566b3a8e1e0267f31d52f2b48b96cd3d04006b69345eb207820
sha384
080ff246918b35d594f55dec086f2403eb704de09fdd15f6aab064f6b49a2674d3ee47be5c4d8b7162eaaddda0024f62
sha512
edddaa16ce8a3762cdab72b07cd83894a4342232863845a2712366596836476ddf24904c4d448ad261e300397df6611a796c4db8320723f1119b7757a8e83721
ssdeep
1536:mfdZKtREC/rMcgEPJV+G57ThjEC0kzJP+V5JuM:mHKzECTMpuDhjRVJGY
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
VC8_Microsoft_Corporation, domain, HasDebugData, url, HasRichSignature, contentis_base64, Microsoft_Visual_Cpp_8, Visual_Cpp_2005_Release_Microsoft, IsPE32, IP, IsPacked, IsWindowsGUI

Suspicious
True check_circle

Imports
SYSDM.CPL
DisplaySYSDMCPL
msvcrt.dll
__setusermatherr, _except_handler4_common, _controlfp, ?terminate@@YAXXZ, _wcmdln, _initterm, _XcptFilter, __p__fmode, _cexit, _exit, exit, __set_app_type, __wgetmainargs, _amsg_exit, __p__commode
api-ms-win-core-synch-l1-2-0.dll
Sleep
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0.dll
GetSystemTimeAsFileTime, GetTickCount
api-ms-win-core-errorhandling-l1-1-0.dll
UnhandledExceptionFilter, SetUnhandledExceptionFilter
api-ms-win-core-libraryloader-l1-2-0.dll
GetModuleHandleW
api-ms-win-core-processthreads-l1-1-0.dll
GetCurrentProcess, TerminateProcess, GetStartupInfoW, GetCurrentProcessId, GetCurrentThreadId
Strings
List
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
SystemPropertiesComputerName.pdb
name="Microsoft.Windows.SystemPropertiesComputerName" type="win32" />
a8Rlr'd
name="Microsoft.Windows.Common-Controls"
h%%i"
api-ms-win-core-processthreads-l1-1-0.dll
api-ms-win-core-sysinfo-l1-1-0.dll
api-ms-win-core-libraryloader-l1-2-0.dll
api-ms-win-core-errorhandling-l1-1-0.dll
api-ms-win-core-profile-l1-1-0.dll
api-ms-win-core-synch-l1-2-0.dll
@sysdm.cpl,205
<requestedPrivileges>
publicKeyToken="6595b64144ccf1df"
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
Microsoft Corporation. All rights reserved.
_wcmdln
GetTickCount
Sleep
level="requireAdministrator"
<requestedExecutionLevel
10.0.19041.1 (WinBuild.160101.0800)
version="6.0.0.0"
version="5.1.0.0"
4[,,)N@VFTT>
__p__commode
type="win32"
_initterm
__p__fmode
<dependentAssembly>
10.0.19041.1
,eeeeffbf
ede3__^
&LLLMMaKe
.CRT$XIAA
.CRT$XCAA
<assemblyIdentity
<assemblyIdentity
"#>?AAH
__setusermatherr
>|hlllva~~*(
%(*DEAN
</dependentAssembly>
<autoElevate>true</autoElevate>
_controlfp
__set_app_type
$(*DEGB
_amsg_exit
__wgetmainargs
_XcptFilter
<dependency>
.rdata$brc
uiAccess="false"
</dependency>
?terminate@@YAXXZ
$++++888==3`
Microsoft
%)*DEGH
kT|U3ln
Microsoft Corporation
DT@XJFFFD@@>>>>N@T@SSSNNNNNNNNN9DT@S@
%<<<>>>>??9`
r!IAbu`C
T>>>>?@DDDFND
</assembly>
.CRT$XIY
SYSDM.CPL
CompanyName
--.2447
-.2240_
0)FEH
7>AIC
ProductName
..2245_
5dh?E
aTP*
&*DECG
Tblllllmmln_
OriginalFilename
VarFileInfo
InternalName
FileVersion
StringFileInfo
FileDescription
Translation
DisplaySYSDMCPL
`.data
&HHJ@sswt
*IHT
!##$#!"
HT%
nWnoo_
XTTTTTTNNSNNV
_cexit
.12457
_exit
Now=M

Foremost
Matches
0.exe, 81 KB, 36.png, 45 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed: http://schemas.microsoft.com/smi/2005/windowssettings
hasURLs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Files
Allowed: api-ms-win-core-synch-l1-2-0.dll, api-ms-win-core-processthreads-l1-1-0.dll, api-ms-win-core-profile-l1-1-0.dll, api-ms-win-core-sysinfo-l1-1-0.dll, msvcrt.dll, api-ms-win-core-libraryloader-l1-2-0.dll, api-ms-win-core-errorhandling-l1-1-0.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 78848
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 8192
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 83660
Suspicous: False cancel

Sections
Allowed: .text, .data, .idata, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 10
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 10
Linker
Version: 14.20
Suspicious: False cancel
Subsystem
Version: 10.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 5872
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: api-ms-win-core-synch-l1-2-0.dll, api-ms-win-core-processthreads-l1-1-0.dll, api-ms-win-core-profile-l1-1-0.dll, api-ms-win-core-sysinfo-l1-1-0.dll, msvcrt.dll, api-ms-win-core-errorhandling-l1-1-0.dll
hasLibs: True check_circle
Suspicious: api-ms-win-core-libraryloader-l1-2-0.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2094-07-03 03:38:14
Future: True check_circle

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 31
.text: 1

pushpopmath
.rsrc: 10

garbagebytes
.rsrc: 12
.text: 1

software breakpoint
.rsrc: 2

programcontrolflowchange
.rsrc: 12
.text: 1

cpuinstructionsresultscomparison
.rsrc: 30

AVclass
File
Trace
21/8/2021 - 2:45:43.465Unknown4C:\Users\Behemot\Desktop\desktop.ini
21/8/2021 - 2:45:43.465Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 2:45:45.465Write4C:\Windows
21/8/2021 - 2:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 2:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 2:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 2:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 2:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 2:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 2:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 2:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 2:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 2:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 2:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26
21/8/2021 - 2:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26TMP000000A2F27954F4B4C5FD26
21/8/2021 - 2:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 2:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 2:45:47.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 2:45:47.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 2:45:47.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 2:45:47.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 2:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066
21/8/2021 - 2:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066TMP000000A30415A103D3F52066
21/8/2021 - 2:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
21/8/2021 - 2:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
21/8/2021 - 2:45:47.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
21/8/2021 - 2:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066TMP000000A30415A103D3F52066
21/8/2021 - 2:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 2:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 2:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 2:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 2:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 2:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 2:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 2:45:47.856Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 2:45:47.903Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26TMP000000A2F27954F4B4C5FD26
21/8/2021 - 2:45:49.497Unknown4C:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 2:45:49.497Write4C:\Monitor\Files\Logs\File.log
21/8/2021 - 2:45:49.497Unknown4C:\Monitor\Files\Logs\File.log
21/8/2021 - 2:45:52.715Write4C:\Monitor
21/8/2021 - 2:45:52.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
21/8/2021 - 2:45:52.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
21/8/2021 - 2:45:52.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
21/8/2021 - 2:45:52.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
21/8/2021 - 2:45:52.997Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
21/8/2021 - 2:45:52.997Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
21/8/2021 - 2:45:52.997Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
21/8/2021 - 2:45:52.997Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
21/8/2021 - 2:45:53.28Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 2:45:53.28Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 2:45:53.28Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 2:45:53.28Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 2:45:53.28Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 2:45:53.28Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 2:45:53.28Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 2:45:53.465Write4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
21/8/2021 - 2:45:53.465Write4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 2:45:53.465Write4C:\Monitor\Files\Logs\File.log
21/8/2021 - 2:45:53.465Unknown4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
21/8/2021 - 2:45:53.465Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 2:45:53.465Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 2:45:53.465Unknown4C:\Monitor\Files\Logs\File.log
21/8/2021 - 2:46:9.497Write4C:\Windows\Temp
21/8/2021 - 2:46:17.481Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
21/8/2021 - 2:46:18.262Write4C:\Windows
21/8/2021 - 2:46:19.497Write4C:\Windows
21/8/2021 - 2:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
21/8/2021 - 2:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
21/8/2021 - 2:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
21/8/2021 - 2:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
21/8/2021 - 2:46:27.418Write4C:\Windows\System32\config\SYSTEM
21/8/2021 - 2:46:27.418Write4C:\Windows\System32\config\SYSTEM
21/8/2021 - 2:46:27.418Write4C:\Windows\System32\config\SYSTEM
21/8/2021 - 2:46:27.418Write4C:\Windows\System32\config\SYSTEM
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 2:46:32.434Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 2:46:32.512Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 2:46:35.418Write4C:\Monitor\Files\Logs\File.log
21/8/2021 - 2:46:35.418Unknown4C:\Monitor\Files\Logs\File.log
21/8/2021 - 2:46:55.731Open528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
21/8/2021 - 2:46:55.731Unknown528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
21/8/2021 - 2:47:17.481Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
21/8/2021 - 2:47:27.559Open1864C:\Windows\explorer.exeC:\
21/8/2021 - 2:47:27.559Unknown1864C:\Windows\explorer.exeC:\
21/8/2021 - 2:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot
21/8/2021 - 2:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot
21/8/2021 - 2:47:32.809Unknown1864C:\Windows\explorer.exeC:\Users\Behemot
21/8/2021 - 2:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
21/8/2021 - 2:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
21/8/2021 - 2:47:32.809Unknown1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
21/8/2021 - 2:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes
21/8/2021 - 2:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
21/8/2021 - 2:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:47:35.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
21/8/2021 - 2:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:47:35.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
21/8/2021 - 2:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:47:40.809Read1232C:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Windows Media Player\wmpnetwk.exe
21/8/2021 - 2:47:40.809Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 2:47:40.809Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 2:47:43.809Write4C:\Monitor\Files\Logs\File.log
21/8/2021 - 2:47:43.809Unknown4C:\Monitor\Files\Logs\File.log
21/8/2021 - 2:48:11.309Open4\Device\HarddiskVolume1\System Volume Information
21/8/2021 - 2:48:11.309Unknown4\Device\HarddiskVolume1\System Volume Information
21/8/2021 - 2:48:13.59Open4C:\System Volume Information
21/8/2021 - 2:48:13.59Open4C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
21/8/2021 - 2:48:13.59Open4C:\System Volume Information\{bcf7d7ec-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
21/8/2021 - 2:48:13.59Open4C:\System Volume Information\{bcf7d7f0-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
21/8/2021 - 2:48:13.59Unknown4C:\System Volume Information
21/8/2021 - 2:48:17.465Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
21/8/2021 - 2:48:25.872Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:48:25.872Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:48:25.872Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:48:25.872Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
21/8/2021 - 2:48:25.872Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:48:25.872Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:48:25.872Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:48:25.872Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:48:25.872Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
21/8/2021 - 2:48:25.872Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:48:25.872Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
21/8/2021 - 2:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
21/8/2021 - 2:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat
21/8/2021 - 2:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.datcontainer.dat
21/8/2021 - 2:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.dat
21/8/2021 - 2:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.datcontainer.dat
21/8/2021 - 2:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.dat
21/8/2021 - 2:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.datcontainer.dat
21/8/2021 - 2:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.dat
21/8/2021 - 2:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.datcontainer.dat
21/8/2021 - 2:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.dat
21/8/2021 - 2:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.datcontainer.dat
21/8/2021 - 2:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.dat
21/8/2021 - 2:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.datcontainer.dat
21/8/2021 - 2:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.dat
21/8/2021 - 2:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.datcontainer.dat
21/8/2021 - 2:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.dat
21/8/2021 - 2:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.datcontainer.dat
21/8/2021 - 2:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.dat
21/8/2021 - 2:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.datcontainer.dat
21/8/2021 - 2:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.dat
21/8/2021 - 2:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
21/8/2021 - 2:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.dat
21/8/2021 - 2:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.datcontainer.dat
21/8/2021 - 2:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.dat
21/8/2021 - 2:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.datcontainer.dat
21/8/2021 - 2:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 2:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 2:49:20.700Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 2:49:20.700Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 2:49:20.747Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 2:49:20.747Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 2:49:20.840Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 2:49:20.840Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 2:49:20.934Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 2:49:20.934Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 2:49:20.934Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
21/8/2021 - 2:49:20.934Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
21/8/2021 - 2:49:20.934Read1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 2:49:20.981Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
21/8/2021 - 2:49:20.981Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
21/8/2021 - 2:49:20.981Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
21/8/2021 - 2:49:20.981Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
21/8/2021 - 2:49:21.28Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 2:49:21.28Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 2:49:21.75Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
21/8/2021 - 2:49:21.75Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
21/8/2021 - 2:49:21.75Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 2:49:21.75Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 2:49:21.75Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
21/8/2021 - 2:49:21.75Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
21/8/2021 - 2:49:21.75Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 2:49:23.715Write4C:\Monitor\Files\Logs\File.log
21/8/2021 - 2:49:23.715Unknown4C:\Monitor\Files\Logs\File.log
21/8/2021 - 2:49:25.856Unknown2360C:\Windows\System32\audiodg.exeC:\Windows
21/8/2021 - 2:49:30.762Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 2:49:30.762Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 2:49:30.809Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 2:49:30.809Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 2:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:49:30.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
21/8/2021 - 2:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:49:30.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
21/8/2021 - 2:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 2:49:30.856Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 2:49:30.856Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 2:49:30.856Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 2:49:30.856Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 2:49:30.856Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 2:49:30.856Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 2:49:30.856Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 2:49:30.872Write2576C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 2:49:31.465Write4C:\Monitor\Files\Logs\File.log
21/8/2021 - 2:49:31.465Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 2:49:31.465Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 2:49:31.465Unknown4C:\Monitor\Files\Logs\File.log
21/8/2021 - 2:49:32.481Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

Process
Trace
21/8/2021 - 2:49:25.856Terminate684C:\Windows\System32\svchost.exe2360C:\Windows\System32\audiodg.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
21/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruListCurrentLru
21/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectId
21/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectLru
21/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\1E_ObjectLru_
21/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectId
21/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectLru
21/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3E_ObjectLru_
21/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectId
21/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectLru
21/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3F_ObjectLru_
21/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectId
21/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectLru
21/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\40_ObjectLru_
21/8/2021 - 2:46:23.887Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\22
21/8/2021 - 2:46:23.887Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff00
21/8/2021 - 2:46:23.887Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff01
21/8/2021 - 2:46:23.887Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff02
21/8/2021 - 2:46:23.887Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff03

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 82.50%
suspicious: False cancel

NFS 3.0 (Threshold = 0.75)
confidence: 72.67%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 99.86%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 80.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 56.01%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: False cancel

Add to Collection
Download