Report #13515 check_circle

  • Creation Date: Aug. 20, 2021, 2:33 p.m.
  • Last Update: Aug. 21, 2021, 8:18 a.m.
  • File: vdsldr.exe
  • Results:
Binary
DLL
False cancel
Size
21.50KB
trid
41.0% Win32 Executable MS Visual C++
36.3% Win64 Executable
8.6% Win32 Dynamic Link Library
5.9% Win32 Executable
2.6% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
a63caf3991aa4a7fce0d99df8a501e27
sha1
e0353e0337b42709ddada9cb84b2a811fd641bd3
crc32
0xc84dcccd
sha224
9843bbb60f04aaeb00f78b3268fd8826d291ba024f705b09ebd4b9a7
sha256
f3fab91806bb8a4ec4da3a3220681e660a6874a1b06d4a73b860a020000d9cfb
sha384
df3f0c51a88055d2b062313e712f84187922223bcb6ee5eace237a5df7821ae7231a6b36db47a16985d39b9806e1c1df
sha512
e211c6588745360177fb950446ab2125e86d7a76738f8414568b1d8c437501e0cc1600fad77c668960c82927be5e6f4ecee7283288839b57a891a8ffa0c9c98e
ssdeep
384:2wiFpduI51/WpMgcuz5333CkvJZWosJex/W8+WH4/db:WDug1O3nZWosYx3nI
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
VC8_Microsoft_Corporation, domain, HasRichSignature, contentis_base64, Microsoft_Visual_Cpp_8, Visual_Cpp_2005_Release_Microsoft, HasDebugData, IP, IsPE32, IsWindowsGUI

Suspicious
True check_circle

Imports
ole32.dll
CoSuspendClassObjects, CoInitializeEx, CoInitializeSecurity, CoResumeClassObjects, CoUninitialize, CoCreateInstanceEx
msvcrt.dll
_cexit, _exit, exit, __set_app_type, _controlfp, __p__commode, _XcptFilter, _callnewh, _wcsicmp, ?terminate@@YAXXZ, _except_handler4_common, free, malloc, _wcmdln, _initterm, __setusermatherr, _amsg_exit, __p__fmode, __wgetmainargs, memset
vdsutil.dll
??1CVdsCallTracer@@QAE@XZ, VdsDisableCOMFatalExceptionHandling, VdsTraceEx, IsLocalComputer, ??0CVdsCallTracer@@QAE@KPBD@Z
ADVAPI32.dll
AllocateAndInitializeSid, GetLengthSid, InitializeAcl, AddAccessAllowedAce, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, FreeSid
KERNEL32.dll
HeapSetInformation, SetProcessMitigationPolicy, Sleep, InitializeCriticalSection, SetUnhandledExceptionFilter, GetModuleHandleW, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, GetTickCount, UnhandledExceptionFilter, GetCurrentProcess, GetCommandLineW, GetLastError, CreateThread, CreateEventW, CloseHandle, WaitForSingleObject, GetStartupInfoW, SetEvent, DeleteCriticalSection, GetCurrentThreadId, TerminateProcess
Strings
List
vdsldr.pdb
val LocalServer32 = s 'vdsldr.exe'
vdsutil.dll
vdsldr.exe
vdsldr.exe
vdsldr.exe
name="Microsoft.Windows.VDSLdr"
NoRemove AppID
NoRemove CLSID
ForceRemove 'vdsldr.exe'
CVdsLoader::LoadService, TRACE RETRY, hr=%lX, count=%lu
_wcsicmp
<requestedPrivileges>
CVdsLoader::LoadService, 2, error=%ld
CVdsLoader::LoadService, 5, hr=%lX
CVdsLoader::LoadService, 4, hr=%lX
CVdsLoader::LoadService, 3, hr=%lX
CVdsLoader::LoadService, 1, hr=%lX
CVdsServiceRmt::GetSANPolicy, 1, hr=%lX
CreateEventW
RegServer
UnregServer
REGISTRY
TerminateProcess
CoCreateInstanceEx
QueryPerformanceCounter
GetModuleHandleW
Microsoft Corporation. All rights reserved.
_wcmdln
GetTickCount
Sleep
val AppID = s {5364ED0E-493F-4B16-9DBF-AE486CF22660}
val AppID = s '{5364ED0E-493F-4B16-9DBF-AE486CF22660}'
ForceRemove {5364ED0E-493F-4B16-9DBF-AE486CF22660} = s 'Virtual Disk Service Loader'
CVdsServiceRmt::Reboot()
CVdsServiceRmt::RememberTargetSharedSecret()
?m_NoDebuggerLogging@CVdsTraceSettings@@QAEHXZ
CVdsServiceRmt::SetInitiatorSharedSecret()
CVdsServiceRmt::RegisterProvider()
CVdsServiceRmt::UnregisterProvider()
<requestedExecutionLevel
CVdsServiceRmt::SetAllIpsecSecurity()
InitializeEveryoneSecurityDescriptor()
CVdsServiceRmt::QueryInitiatorAdapters()
LocalServer32 = s '%MODULE%'
CVdsServiceRmt::UninstallDisks()
version="5.1.0.0"
__p__commode
_callnewh
type="win32"
===W=_=e=r=
181D1P1\1h1t1
10.0.19041.746
_initterm
__p__fmode
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
.CRT$XIAA
.CRT$XCAA
<assemblyIdentity
__setusermatherr
CVdsLoader::~CVdsLoader()
_controlfp
CVdsAdviseSinkRmt::OnNotify()
__set_app_type
_amsg_exit
__wgetmainargs
_XcptFilter
CVdsLoader::CVdsLoader()
.rdata$brc
uiAccess="false"
.data$brc
?terminate@@YAXXZ
ATL.DLL
level="asInvoker"
Microsoft
Microsoft Corporation
</assembly>
.CRT$XIY
htP@
CompanyName
5,656[6
ProductName
OriginalFilename
StringFileInfo
VarFileInfo
InternalName
FileDescription
VdsTraceEx
FileVersion
Translation
`.data
|Fi!h
|Fi!h
_cexit
_exit
.gfids
0Rich
@.rsrc
<security>
TSVWhD

Foremost
Matches
0.exe, 21 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: vdsutil.dll, ole32.dll, KERNEL32.dll, msvcrt.dll, USER32.dll, ADVAPI32.dll, ATL.DLL
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 8192
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 8192
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 46306
Suspicous: False cancel

Sections
Allowed: .text, .data, .idata, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 10
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 10
Linker
Version: 14.20
Suspicious: False cancel
Subsystem
Version: 10.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 15808
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: vdsutil.dll, ole32.dll, kernel32.dll, msvcrt.dll, user32.dll, advapi32.dll, atl.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2082-07-25 23:25:18
Future: True check_circle

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 1

pushpopmath
.reloc: 1

garbagebytes
.text: 1

programcontrolflowchange
.text: 1

AVclass
File
Trace
21/8/2021 - 7:45:45.481Write4C:\Windows
21/8/2021 - 7:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 7:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 7:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 7:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 7:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 7:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 7:45:48.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 7:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 7:45:48.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 7:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 7:45:48.872Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26
21/8/2021 - 7:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26TMP000000A2F27954F4B4C5FD26
21/8/2021 - 7:45:48.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 7:45:48.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 7:45:48.872Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 7:45:48.872Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 7:45:48.872Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 7:45:48.872Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 7:45:48.872Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066
21/8/2021 - 7:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066TMP000000A30415A103D3F52066
21/8/2021 - 7:45:48.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
21/8/2021 - 7:45:48.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
21/8/2021 - 7:45:48.872Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
21/8/2021 - 7:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066TMP000000A30415A103D3F52066
21/8/2021 - 7:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 7:45:48.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 7:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 7:45:48.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 7:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 7:45:48.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 7:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 7:45:48.872Write804C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 7:45:48.903Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26TMP000000A2F27954F4B4C5FD26
21/8/2021 - 7:45:49.465Unknown4C:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 7:45:49.465Write4C:\Monitor\Files\Logs\File.log
21/8/2021 - 7:45:49.465Unknown4C:\Monitor\Files\Logs\File.log
21/8/2021 - 7:45:53.418Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
21/8/2021 - 7:45:53.418Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
21/8/2021 - 7:45:53.418Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
21/8/2021 - 7:45:53.418Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
21/8/2021 - 7:45:53.450Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 7:45:53.450Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 7:45:53.450Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 7:45:53.450Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 7:45:53.450Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 7:45:53.497Write4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
21/8/2021 - 7:45:53.497Write4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 7:45:53.497Unknown4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
21/8/2021 - 7:45:53.590Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 7:45:53.590Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 7:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
21/8/2021 - 7:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
21/8/2021 - 7:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
21/8/2021 - 7:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
21/8/2021 - 7:45:53.856Write804C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 7:45:53.856Write804C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 7:45:55.497Write4C:\Monitor\Files\Logs\File.log
21/8/2021 - 7:45:55.497Unknown4C:\Monitor\Files\Logs\File.log
21/8/2021 - 7:45:59.481Write4C:\Monitor
21/8/2021 - 7:46:11.497Write4C:\Windows\Temp
21/8/2021 - 7:46:17.497Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
21/8/2021 - 7:46:18.465Write4C:\Windows
21/8/2021 - 7:46:19.465Write4C:\Windows
21/8/2021 - 7:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
21/8/2021 - 7:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
21/8/2021 - 7:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
21/8/2021 - 7:46:27.418Write4C:\Windows\System32\config\SYSTEM.LOG1
21/8/2021 - 7:46:27.418Write4C:\Windows\System32\config\SYSTEM
21/8/2021 - 7:46:27.418Write4C:\Windows\System32\config\SYSTEM
21/8/2021 - 7:46:27.434Write4C:\Windows\System32\config\SYSTEM
21/8/2021 - 7:46:27.434Write4C:\Windows\System32\config\SYSTEM
21/8/2021 - 7:46:32.434Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 7:46:32.434Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 7:46:32.434Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 7:46:32.434Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 7:46:32.434Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 7:46:32.450Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 7:46:32.450Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 7:46:32.450Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 7:46:32.450Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 7:46:32.450Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 7:46:32.450Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 7:46:32.450Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 7:46:32.450Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 7:46:32.450Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 7:46:32.450Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 7:46:32.450Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 7:46:32.450Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 7:46:32.450Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 7:46:32.450Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 7:46:32.465Write804C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 7:46:32.543Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 7:46:35.481Write4C:\Monitor\Files\Logs\File.log
21/8/2021 - 7:46:35.481Unknown4C:\Monitor\Files\Logs\File.log
21/8/2021 - 7:46:55.747Open528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
21/8/2021 - 7:46:55.747Unknown528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
21/8/2021 - 7:47:17.497Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
21/8/2021 - 7:47:27.559Open1864C:\Windows\explorer.exeC:\
21/8/2021 - 7:47:27.559Unknown1864C:\Windows\explorer.exeC:\
21/8/2021 - 7:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot
21/8/2021 - 7:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot
21/8/2021 - 7:47:32.809Unknown1864C:\Windows\explorer.exeC:\Users\Behemot
21/8/2021 - 7:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
21/8/2021 - 7:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
21/8/2021 - 7:47:32.809Unknown1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
21/8/2021 - 7:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes
21/8/2021 - 7:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
21/8/2021 - 7:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 7:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 7:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 7:47:35.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
21/8/2021 - 7:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 7:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 7:47:35.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
21/8/2021 - 7:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 7:47:41.168Read1232C:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Windows Media Player\wmpnetwk.exe
21/8/2021 - 7:48:11.309Open4\Device\HarddiskVolume1\System Volume Information
21/8/2021 - 7:48:11.309Unknown4\Device\HarddiskVolume1\System Volume Information
21/8/2021 - 7:48:13.59Open4C:\System Volume Information
21/8/2021 - 7:48:13.59Open4C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
21/8/2021 - 7:48:13.59Open4C:\System Volume Information\{bcf7d7ec-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
21/8/2021 - 7:48:13.59Open4C:\System Volume Information\{bcf7d7f0-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
21/8/2021 - 7:48:13.59Unknown4C:\System Volume Information
21/8/2021 - 7:48:13.59Write804C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 7:48:13.59Write804C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 7:48:16.59Write4C:\Monitor\Files\Logs\File.log
21/8/2021 - 7:48:16.59Unknown4C:\Monitor\Files\Logs\File.log
21/8/2021 - 7:48:17.465Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
21/8/2021 - 7:48:25.903Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 7:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 7:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 7:48:25.903Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
21/8/2021 - 7:48:25.903Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 7:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 7:48:25.903Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 7:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 7:48:25.903Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
21/8/2021 - 7:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 7:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 7:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
21/8/2021 - 7:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
21/8/2021 - 7:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat
21/8/2021 - 7:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.datcontainer.dat
21/8/2021 - 7:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.dat
21/8/2021 - 7:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.datcontainer.dat
21/8/2021 - 7:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.dat
21/8/2021 - 7:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.datcontainer.dat
21/8/2021 - 7:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.dat
21/8/2021 - 7:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.datcontainer.dat
21/8/2021 - 7:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.dat
21/8/2021 - 7:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.datcontainer.dat
21/8/2021 - 7:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.dat
21/8/2021 - 7:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.datcontainer.dat
21/8/2021 - 7:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.dat
21/8/2021 - 7:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.datcontainer.dat
21/8/2021 - 7:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.dat
21/8/2021 - 7:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.datcontainer.dat
21/8/2021 - 7:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.dat
21/8/2021 - 7:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.datcontainer.dat
21/8/2021 - 7:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.dat
21/8/2021 - 7:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
21/8/2021 - 7:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.dat
21/8/2021 - 7:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.datcontainer.dat
21/8/2021 - 7:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.dat
21/8/2021 - 7:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.datcontainer.dat
21/8/2021 - 7:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 7:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 7:49:20.684Write804C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 7:49:20.700Write804C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 7:49:20.747Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 7:49:20.747Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 7:49:20.840Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 7:49:20.840Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 7:49:20.934Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 7:49:20.934Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 7:49:20.934Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
21/8/2021 - 7:49:20.934Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
21/8/2021 - 7:49:20.934Read1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 7:49:20.981Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
21/8/2021 - 7:49:20.981Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
21/8/2021 - 7:49:20.981Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
21/8/2021 - 7:49:20.981Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
21/8/2021 - 7:49:21.28Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 7:49:21.28Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 7:49:21.75Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
21/8/2021 - 7:49:21.75Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
21/8/2021 - 7:49:21.75Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 7:49:21.75Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 7:49:21.75Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
21/8/2021 - 7:49:21.75Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
21/8/2021 - 7:49:21.75Write804C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 7:49:23.684Write4C:\Monitor\Files\Logs\File.log
21/8/2021 - 7:49:23.684Unknown4C:\Monitor\Files\Logs\File.log
21/8/2021 - 7:49:25.887Unknown2360C:\Windows\System32\audiodg.exeC:\Windows
21/8/2021 - 7:49:30.731Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 7:49:30.731Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 7:49:30.778Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 7:49:30.778Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 7:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 7:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 7:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 7:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 7:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 7:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 7:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 7:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 7:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 7:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 7:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 7:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 7:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 7:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 7:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 7:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 7:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 7:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 7:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 7:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 7:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 7:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 7:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 7:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 7:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 7:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 7:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 7:49:30.825Open1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 7:49:30.825Unknown1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 7:49:30.825Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 7:49:30.825Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 7:49:30.825Write804C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 7:49:30.825Write804C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 7:49:30.825Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 7:49:30.825Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 7:49:30.825Write804C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 7:49:30.825Write804C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 7:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 7:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 7:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 7:49:30.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
21/8/2021 - 7:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 7:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 7:49:30.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
21/8/2021 - 7:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 7:49:31.481Write4C:\Monitor\Files\Logs\File.log
21/8/2021 - 7:49:31.481Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 7:49:31.481Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 7:49:31.575Unknown4C:\Monitor\Files\Logs\File.log
21/8/2021 - 7:49:32.465Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

Process
Trace
21/8/2021 - 7:49:25.887Terminate684C:\Windows\System32\svchost.exe2360C:\Windows\System32\audiodg.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
21/8/2021 - 7:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruListCurrentLru
21/8/2021 - 7:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectId
21/8/2021 - 7:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectLru
21/8/2021 - 7:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\1E_ObjectLru_
21/8/2021 - 7:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectId
21/8/2021 - 7:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectLru
21/8/2021 - 7:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3E_ObjectLru_
21/8/2021 - 7:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectId
21/8/2021 - 7:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectLru
21/8/2021 - 7:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3F_ObjectLru_
21/8/2021 - 7:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectId
21/8/2021 - 7:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectLru
21/8/2021 - 7:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\40_ObjectLru_
21/8/2021 - 7:46:23.981Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\22
21/8/2021 - 7:46:23.981Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff00
21/8/2021 - 7:46:23.981Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff01
21/8/2021 - 7:46:23.981Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff02
21/8/2021 - 7:46:23.981Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff03

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 95.00%
suspicious: False cancel

NFS 3.0 (Threshold = 0.75)
confidence: 78.00%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 59.62%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 84.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 65.53%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: False cancel

Add to Collection
Download