Report #13452 check_circle

Binary
DLL
False cancel
Size
81.00KB
trid
64.5% Win32 Executable MS Visual C++
13.6% Win32 Dynamic Link Library
9.3% Win32 Executable
4.1% OS/2 Executable
4.1% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
52731f569118c488693e02c199a3db77
sha1
3230ea727e9983177cb3ab4e74ef688b94006891
crc32
0x601385b6
sha224
ff685b8161a419911b9ac50df57434eb7fec92f84a62d7dbf43e50f6
sha256
87d18b8ac27c3a0510b194fd6d5f36fe0aafacb9f57f723e98aa6874dca501fc
sha384
761555ec77cdb9d2e913629c985dcb6098dbc4624e7c27f5e10e2d470e3ba78be295ccfc0c3ff786d28bd136fb15cda9
sha512
0d258196c1a07924f1a9330f7f41098d45af5c43371ad26bb88ea4ba42193b16f457369f2215212202a2db0df224b7adc707f6d5b150a1890cef06f004d60fe0
ssdeep
1536:E5ZUtREC/rMcgEPJV+G57ThjEC0kzJP+V5JS:6UzECTMpuDhjRVJGc
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
VC8_Microsoft_Corporation, domain, HasDebugData, url, HasRichSignature, contentis_base64, Microsoft_Visual_Cpp_8, Visual_Cpp_2005_Release_Microsoft, IsPE32, IP, IsPacked, IsWindowsGUI

Suspicious
True check_circle

Imports
SYSDM.CPL
DisplaySYSDMCPL
msvcrt.dll
_except_handler4_common, _controlfp, ?terminate@@YAXXZ, _wcmdln, _initterm, __setusermatherr, __p__fmode, _cexit, _exit, exit, __set_app_type, __wgetmainargs, _amsg_exit, __p__commode, _XcptFilter
KERNEL32.dll
CompareStringOrdinal
api-ms-win-core-synch-l1-2-0.dll
Sleep
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0.dll
GetTickCount, GetSystemTimeAsFileTime
api-ms-win-core-errorhandling-l1-1-0.dll
SetUnhandledExceptionFilter, UnhandledExceptionFilter
api-ms-win-core-libraryloader-l1-2-0.dll
GetModuleHandleW
api-ms-win-core-processthreads-l1-1-0.dll
GetStartupInfoW, TerminateProcess, GetCurrentProcess, GetCurrentThreadId, GetCurrentProcessId
Strings
List
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
SystemPropertiesPerformance.pdb
a8Rlr'd
name="Microsoft.Windows.Common-Controls"
name="Microsoft.Windows.SystemPropertiesPerformance" type="win32" />
h%%i"
api-ms-win-core-processthreads-l1-1-0.dll
api-ms-win-core-sysinfo-l1-1-0.dll
api-ms-win-core-libraryloader-l1-2-0.dll
api-ms-win-core-errorhandling-l1-1-0.dll
api-ms-win-core-profile-l1-1-0.dll
api-ms-win-core-synch-l1-2-0.dll
<requestedPrivileges>
publicKeyToken="6595b64144ccf1df"
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
Microsoft Corporation. All rights reserved.
_wcmdln
GetTickCount
Sleep
<requestedExecutionLevel
10.0.19041.1 (WinBuild.160101.0800)
version="5.1.0.0"
version="6.0.0.0"
4[,,)N@VFTT>
__p__commode
type="win32"
_initterm
__p__fmode
<dependentAssembly>
10.0.19041.1
/pagefile
,eeeeffbf
ede3__^
&LLLMMaKe
.CRT$XIAA
.CRT$XCAA
<assemblyIdentity
<assemblyIdentity
"#>?AAH
__setusermatherr
>|hlllva~~*(
%(*DEAN
</dependentAssembly>
:*:?:N:V:i:r:y:
<autoElevate>true</autoElevate>
_controlfp
__set_app_type
$(*DEGB
_amsg_exit
__wgetmainargs
level="highestAvailable"
_XcptFilter
<dependency>
.rdata$brc
uiAccess="false"
</dependency>
?terminate@@YAXXZ
$++++888==3`
Microsoft
%)*DEGH
kT|U3ln
Microsoft Corporation
DT@XJFFFD@@>>>>N@T@SSSNNNNNNNNN9DT@S@
%<<<>>>>??9`
r!IAbu`C
T>>>>?@DDDFND
</assembly>
.CRT$XIY
SYSDM.CPL
CompanyName
--.2447
-.2240_
7>AIC
0)FEH
ProductName
..2245_
PAGEFILE
5dh?E
aTP*
&*DECG
Tblllllmmln_
FileDescription
VarFileInfo
StringFileInfo
FileVersion
InternalName
OriginalFilename
Translation
DisplaySYSDMCPL
`.data
&HHJ@sswt
*IHT
!##$#!"
HT%
nWnoo_
XTTTTTTNNSNNV
_cexit
.12457

Foremost
Matches
0.exe, 81 KB, 36.png, 45 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed: http://schemas.microsoft.com/smi/2005/windowssettings
hasURLs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Files
Allowed: api-ms-win-core-synch-l1-2-0.dll, api-ms-win-core-processthreads-l1-1-0.dll, api-ms-win-core-profile-l1-1-0.dll, api-ms-win-core-sysinfo-l1-1-0.dll, msvcrt.dll, api-ms-win-core-libraryloader-l1-2-0.dll, KERNEL32.dll, api-ms-win-core-errorhandling-l1-1-0.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 78848
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 8192
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 104475
Suspicous: False cancel

Sections
Allowed: .text, .data, .idata, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 10
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 10
Linker
Version: 14.20
Suspicious: False cancel
Subsystem
Version: 10.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 5936
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: api-ms-win-core-synch-l1-2-0.dll, api-ms-win-core-processthreads-l1-1-0.dll, api-ms-win-core-profile-l1-1-0.dll, api-ms-win-core-sysinfo-l1-1-0.dll, msvcrt.dll, kernel32.dll, api-ms-win-core-errorhandling-l1-1-0.dll
hasLibs: True check_circle
Suspicious: api-ms-win-core-libraryloader-l1-2-0.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2089-11-08 05:30:49
Future: True check_circle

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 31
.text: 1

pushpopmath
.rsrc: 10

garbagebytes
.rsrc: 12
.text: 1

software breakpoint
.rsrc: 2

programcontrolflowchange
.rsrc: 12
.text: 1

cpuinstructionsresultscomparison
.rsrc: 30

AVclass
File
Trace
21/8/2021 - 2:45:45.465Unknown4C:\Users\Behemot\Desktop\desktop.ini
21/8/2021 - 2:45:45.465Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 2:45:47.481Write4C:\Windows
21/8/2021 - 2:45:49.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 2:45:49.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 2:45:49.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 2:45:49.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 2:45:49.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 2:45:49.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 2:45:49.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 2:45:49.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 2:45:49.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 2:45:49.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 2:45:49.856Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26
21/8/2021 - 2:45:49.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26TMP000000A2F27954F4B4C5FD26
21/8/2021 - 2:45:49.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 2:45:49.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 2:45:49.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 2:45:49.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 2:45:49.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 2:45:49.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 2:45:49.872Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066
21/8/2021 - 2:45:49.872Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066TMP000000A30415A103D3F52066
21/8/2021 - 2:45:49.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
21/8/2021 - 2:45:49.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
21/8/2021 - 2:45:49.872Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
21/8/2021 - 2:45:49.872Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066TMP000000A30415A103D3F52066
21/8/2021 - 2:45:49.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 2:45:49.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 2:45:49.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 2:45:49.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 2:45:49.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 2:45:49.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 2:45:49.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 2:45:49.872Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 2:45:49.950Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26TMP000000A2F27954F4B4C5FD26
21/8/2021 - 2:45:51.497Unknown4C:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 2:45:51.497Write4C:\Monitor\Files\Logs\File.log
21/8/2021 - 2:45:51.497Unknown4C:\Monitor\Files\Logs\File.log
21/8/2021 - 2:45:54.340Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
21/8/2021 - 2:45:54.340Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
21/8/2021 - 2:45:54.340Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
21/8/2021 - 2:45:54.340Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
21/8/2021 - 2:45:54.356Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 2:45:54.356Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 2:45:54.356Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 2:45:54.356Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 2:45:54.356Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 2:45:54.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
21/8/2021 - 2:45:54.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
21/8/2021 - 2:45:54.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
21/8/2021 - 2:45:54.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
21/8/2021 - 2:45:55.465Write4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
21/8/2021 - 2:45:55.465Write4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 2:45:55.465Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 2:45:55.465Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 2:45:55.465Unknown4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
21/8/2021 - 2:45:55.465Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 2:45:55.465Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 2:45:57.481Write4C:\Monitor\Files\Logs\File.log
21/8/2021 - 2:45:57.481Unknown4C:\Monitor\Files\Logs\File.log
21/8/2021 - 2:45:59.497Write4C:\Monitor
21/8/2021 - 2:46:11.465Write4C:\Windows\Temp
21/8/2021 - 2:46:17.497Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
21/8/2021 - 2:46:18.215Write4C:\Windows
21/8/2021 - 2:46:21.465Write4C:\Windows
21/8/2021 - 2:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
21/8/2021 - 2:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
21/8/2021 - 2:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
21/8/2021 - 2:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
21/8/2021 - 2:46:27.418Write4C:\Windows\System32\config\SYSTEM
21/8/2021 - 2:46:27.418Write4C:\Windows\System32\config\SYSTEM
21/8/2021 - 2:46:27.418Write4C:\Windows\System32\config\SYSTEM
21/8/2021 - 2:46:27.418Write4C:\Windows\System32\config\SYSTEM
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 2:46:32.418Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 2:46:32.418Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 2:46:32.512Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 2:46:35.418Write4C:\Monitor\Files\Logs\File.log
21/8/2021 - 2:46:35.418Unknown4C:\Monitor\Files\Logs\File.log
21/8/2021 - 2:46:55.731Open528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
21/8/2021 - 2:46:55.731Unknown528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
21/8/2021 - 2:47:17.481Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
21/8/2021 - 2:47:27.559Open1864C:\Windows\explorer.exeC:\
21/8/2021 - 2:47:27.559Unknown1864C:\Windows\explorer.exeC:\
21/8/2021 - 2:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot
21/8/2021 - 2:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot
21/8/2021 - 2:47:32.809Unknown1864C:\Windows\explorer.exeC:\Users\Behemot
21/8/2021 - 2:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
21/8/2021 - 2:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
21/8/2021 - 2:47:32.809Unknown1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
21/8/2021 - 2:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes
21/8/2021 - 2:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
21/8/2021 - 2:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:47:35.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
21/8/2021 - 2:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:47:35.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
21/8/2021 - 2:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:47:40.606Read1232C:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Windows Media Player\wmpnetwk.exe
21/8/2021 - 2:47:40.606Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 2:47:40.606Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 2:47:43.637Write4C:\Monitor\Files\Logs\File.log
21/8/2021 - 2:47:43.637Unknown4C:\Monitor\Files\Logs\File.log
21/8/2021 - 2:47:58.153Open1864C:\Windows\explorer.exeC:\Windows\System32\netprofm.dll
21/8/2021 - 2:47:58.153Open1864C:\Windows\explorer.exeC:\Windows\System32\netprofm.dll
21/8/2021 - 2:47:58.434Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\Registry.log
21/8/2021 - 2:47:59.465Write4C:\Monitor\Files\Logs\Registry.log
21/8/2021 - 2:47:59.465Unknown4C:\Monitor\Files\Logs\Registry.log
21/8/2021 - 2:47:59.512Read684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
21/8/2021 - 2:48:3.340Write4C:\Users\Behemot\ntuser.dat.LOG1
21/8/2021 - 2:48:3.340Write4C:\Users\Behemot\ntuser.dat.LOG1
21/8/2021 - 2:48:3.340Write4C:\Users\Behemot\ntuser.dat.LOG1
21/8/2021 - 2:48:3.340Write4C:\Users\Behemot\ntuser.dat.LOG1
21/8/2021 - 2:48:3.340Write4C:\Users\Behemot\NTUSER.DAT
21/8/2021 - 2:48:3.340Write4C:\Users\Behemot\NTUSER.DAT
21/8/2021 - 2:48:3.340Write4C:\Users\Behemot\NTUSER.DAT
21/8/2021 - 2:48:3.340Write4C:\Users\Behemot\NTUSER.DAT
21/8/2021 - 2:48:11.309Open4\Device\HarddiskVolume1\System Volume Information
21/8/2021 - 2:48:11.309Unknown4\Device\HarddiskVolume1\System Volume Information
21/8/2021 - 2:48:13.59Open4C:\System Volume Information
21/8/2021 - 2:48:13.59Open4C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
21/8/2021 - 2:48:13.59Open4C:\System Volume Information\{bcf7d7ec-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
21/8/2021 - 2:48:13.59Open4C:\System Volume Information\{bcf7d7f0-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
21/8/2021 - 2:48:13.59Unknown4C:\System Volume Information
21/8/2021 - 2:48:17.481Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
21/8/2021 - 2:48:26.715Write4C:\Users\Behemot
21/8/2021 - 2:48:29.590Write684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
21/8/2021 - 2:48:29.590Write684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
21/8/2021 - 2:48:29.590Write684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
21/8/2021 - 2:48:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:48:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:48:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:48:30.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
21/8/2021 - 2:48:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:48:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:48:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:48:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:48:30.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
21/8/2021 - 2:48:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:48:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:48:30.856Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 2:48:32.590Write4C:\Monitor\Files\Logs\File.log
21/8/2021 - 2:48:32.590Unknown4C:\Monitor\Files\Logs\File.log
21/8/2021 - 2:48:34.465Write4C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
21/8/2021 - 2:48:34.559Write4C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
21/8/2021 - 2:48:34.559Unknown4C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
21/8/2021 - 2:49:17.497Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
21/8/2021 - 2:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
21/8/2021 - 2:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
21/8/2021 - 2:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat
21/8/2021 - 2:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.datcontainer.dat
21/8/2021 - 2:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.dat
21/8/2021 - 2:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.datcontainer.dat
21/8/2021 - 2:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.dat
21/8/2021 - 2:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.datcontainer.dat
21/8/2021 - 2:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.dat
21/8/2021 - 2:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.datcontainer.dat
21/8/2021 - 2:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.dat
21/8/2021 - 2:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.datcontainer.dat
21/8/2021 - 2:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.dat
21/8/2021 - 2:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.datcontainer.dat
21/8/2021 - 2:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.dat
21/8/2021 - 2:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.datcontainer.dat
21/8/2021 - 2:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.dat
21/8/2021 - 2:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.datcontainer.dat
21/8/2021 - 2:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.dat
21/8/2021 - 2:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.datcontainer.dat
21/8/2021 - 2:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.dat
21/8/2021 - 2:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
21/8/2021 - 2:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.dat
21/8/2021 - 2:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.datcontainer.dat
21/8/2021 - 2:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.dat
21/8/2021 - 2:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.datcontainer.dat
21/8/2021 - 2:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 2:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 2:49:20.715Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 2:49:20.715Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 2:49:20.762Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 2:49:20.762Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 2:49:20.856Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 2:49:20.856Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 2:49:20.950Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 2:49:20.950Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 2:49:20.950Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
21/8/2021 - 2:49:20.950Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
21/8/2021 - 2:49:20.950Read1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 2:49:20.997Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
21/8/2021 - 2:49:20.997Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
21/8/2021 - 2:49:20.997Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
21/8/2021 - 2:49:20.997Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
21/8/2021 - 2:49:21.43Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 2:49:21.43Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 2:49:21.90Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
21/8/2021 - 2:49:21.90Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
21/8/2021 - 2:49:21.90Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 2:49:21.90Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 2:49:21.90Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
21/8/2021 - 2:49:21.90Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
21/8/2021 - 2:49:23.715Write4C:\Monitor\Files\Logs\File.log
21/8/2021 - 2:49:23.715Unknown4C:\Monitor\Files\Logs\File.log
21/8/2021 - 2:49:23.715Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 2:49:23.715Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 2:49:25.497Write4C:\Monitor\Files\Logs\File.log
21/8/2021 - 2:49:25.497Unknown4C:\Monitor\Files\Logs\File.log
21/8/2021 - 2:49:25.872Unknown2360C:\Windows\System32\audiodg.exeC:\Windows
21/8/2021 - 2:49:30.762Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 2:49:30.762Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 2:49:30.809Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 2:49:30.809Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 2:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:49:30.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
21/8/2021 - 2:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:49:30.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
21/8/2021 - 2:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 2:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 2:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 2:49:30.856Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 2:49:30.856Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 2:49:30.856Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 2:49:30.856Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 2:49:30.856Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 2:49:30.856Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 2:49:30.872Write2336C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 2:49:31.465Write4C:\Monitor\Files\Logs\File.log
21/8/2021 - 2:49:31.465Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 2:49:31.465Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 2:49:31.465Unknown4C:\Monitor\Files\Logs\File.log

Process
Trace
21/8/2021 - 2:49:25.872Terminate684C:\Windows\System32\svchost.exe2360C:\Windows\System32\audiodg.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
21/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruListCurrentLru
21/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectId
21/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectLru
21/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\1E_ObjectLru_
21/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectId
21/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectLru
21/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3E_ObjectLru_
21/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectId
21/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectLru
21/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3F_ObjectLru_
21/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectId
21/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectLru
21/8/2021 - 2:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\40_ObjectLru_
21/8/2021 - 2:46:23.918Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\22
21/8/2021 - 2:46:23.918Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff00
21/8/2021 - 2:46:23.918Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff01
21/8/2021 - 2:46:23.918Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff02
21/8/2021 - 2:46:23.918Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff03
21/8/2021 - 2:47:58.434Write1864C:\Windows\explorer.exeHKCU\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCacheUIStatus
21/8/2021 - 2:47:58.434Write1864C:\Windows\explorer.exeHKCU\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCacheOnlyMember
21/8/2021 - 2:47:58.434Write1864C:\Windows\explorer.exeHKCU\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCacheModifier
21/8/2021 - 2:47:58.434Write1864C:\Windows\explorer.exeHKCU\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCacheModifierSystem

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 80.00%
suspicious: False cancel

NFS 3.0 (Threshold = 0.75)
confidence: 76.00%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 99.80%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 80.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 69.23%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: False cancel

Add to Collection
Download