Report #13573 check_circle

  • Creation Date: Aug. 20, 2021, 2:49 p.m.
  • Last Update: Aug. 21, 2021, 12:36 p.m.
  • File: wuapihost.exe
  • Results:
Binary
DLL
False cancel
Size
9.50KB
trid
41.0% Win32 Executable MS Visual C++
36.3% Win64 Executable
8.6% Win32 Dynamic Link Library
5.9% Win32 Executable
2.6% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
56f835d02e7798914db961a26c49bea3
sha1
e394ef6ee40e82dce0a2882376bf6bfcdf966097
crc32
0x62247973
sha224
3ccad1ae7d9ea2951c6be88f4859f25a8120b86d28d67fd56588fb52
sha256
b3ea9966a6dd268165f361751d1c8c058744c77be220a9d52834f79c5ee44483
sha384
d2ee59e5a5cee22b6dbf5d30bfdae4de248d8c4fbbe88d19a4c6dab058d377ffd4ba1bf318cc14a5146e71061d0467e9
sha512
1f0ca31cdde23eccd03016308c0432576701a606b4b35bc1fcfbec01419f4cf18b13dba0436c3cda1082af41cbbc5510e6d93c6cd4d467d0f04989302c05c217
ssdeep
96:b6Y7xaZqr1gd4UuPfXn9aMp2kGXtfDGjUdsg4loNWVILI8MpyZ8elJetuXSPEWP1:eEc0gdCp487oNsczMpo8ebet/MWPfWa
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
VC8_Microsoft_Corporation, domain, HasRichSignature, contentis_base64, Microsoft_Visual_Cpp_8, Visual_Cpp_2005_Release_Microsoft, HasDebugData, IsPE32, IsWindowsGUI

Suspicious
True check_circle

Imports
msvcrt.dll
__setusermatherr, _except_handler4_common, _controlfp, ?terminate@@YAXXZ, _wcmdln, _initterm, _XcptFilter, __p__fmode, _cexit, _exit, exit, __set_app_type, __wgetmainargs, _amsg_exit, __p__commode
api-ms-win-core-com-l1-1-0.dll
CoUninitialize, CoRevokeClassObject, CoInitializeEx, CoWaitForMultipleHandles, CoGetClassObject, CoFreeUnusedLibraries, CoRegisterClassObject
api-ms-win-core-heap-l1-1-0.dll
HeapSetInformation
api-ms-win-core-synch-l1-1-0.dll
CreateEventW, SetEvent
api-ms-win-core-synch-l1-2-0.dll
Sleep
api-ms-win-core-handle-l1-1-0.dll
CloseHandle
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0.dll
GetTickCount, GetSystemTimeAsFileTime
api-ms-win-shcore-thread-l1-1-0.dll
SetProcessReference
api-ms-win-core-threadpool-l1-2-0.dll
IsThreadpoolTimerSet, CloseThreadpoolTimer, WaitForThreadpoolTimerCallbacks, CreateThreadpoolTimer, SetThreadpoolTimer
api-ms-win-core-errorhandling-l1-1-0.dll
UnhandledExceptionFilter, GetLastError, SetUnhandledExceptionFilter
api-ms-win-core-libraryloader-l1-2-0.dll
GetModuleHandleW
api-ms-win-core-processthreads-l1-1-0.dll
GetCurrentThreadId, TerminateProcess, GetStartupInfoW, GetCurrentProcess, GetCurrentProcessId
Strings
List
wuapihost.pdb
wuapihost.exe
api-ms-win-core-processthreads-l1-1-0.dll
api-ms-win-core-threadpool-l1-2-0.dll
api-ms-win-core-sysinfo-l1-1-0.dll
api-ms-win-core-libraryloader-l1-2-0.dll
api-ms-win-core-errorhandling-l1-1-0.dll
api-ms-win-shcore-thread-l1-1-0.dll
api-ms-win-core-profile-l1-1-0.dll
api-ms-win-core-synch-l1-2-0.dll
api-ms-win-core-synch-l1-1-0.dll
api-ms-win-core-heap-l1-1-0.dll
api-ms-win-core-com-l1-1-0.dll
api-ms-win-core-handle-l1-1-0.dll
CreateEventW
TerminateProcess
wuapihost
wuapihost
GetModuleHandleW
CoGetClassObject
QueryPerformanceCounter
Microsoft Corporation. All rights reserved.
_wcmdln
GetTickCount
Sleep
10.0.19041.1 (WinBuild.160101.0800)
__p__commode
_initterm
__p__fmode
10.0.19041.1
.CRT$XIAA
.CRT$XCAA
__setusermatherr
_controlfp
__set_app_type
_amsg_exit
__wgetmainargs
_XcptFilter
.rdata$brc
SetProcessReference
?terminate@@YAXXZ
Microsoft
Microsoft Corporation
.CRT$XIY
CompanyName
ProductName
StringFileInfo
FileDescription
FileVersion
InternalName
OriginalFilename
VarFileInfo
CoRegisterClassObject
Translation
`.data
_cexit
_exit
.gfids
@.rsrc
Rich
GCTL
RSDS
Windows
!This program cannot be run in DOS mode.
VS_VERSION_INFO
_except_handler4_common
LegalCopyright
Operating System
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
SetThreadpoolTimer
GetLastError
CoFreeUnusedLibraries
SetEvent
@.reloc
9=9W9_9e9r9
HeapSetInformation
CoInitializeEx
GetStartupInfoW
CreateThreadpoolTimer
CoUninitialize
CloseThreadpoolTimer
GetSystemTimeAsFileTime
CloseHandle
ProductVersion
msvcrt.dll
.rdata
.idata
.data
exit
&eR=&
4es`O
? ?<?@?
&eR=
54 @
.idata$2
.idata$3
.idata$5
.idata$4

Foremost
Matches
0.exe, 9 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: api-ms-win-shcore-thread-l1-1-0.dll, api-ms-win-core-sysinfo-l1-1-0.dll, api-ms-win-core-threadpool-l1-2-0.dll, api-ms-win-core-processthreads-l1-1-0.dll, msvcrt.dll, api-ms-win-core-synch-l1-2-0.dll, api-ms-win-core-libraryloader-l1-2-0.dll, api-ms-win-core-heap-l1-1-0.dll, api-ms-win-core-synch-l1-1-0.dll, api-ms-win-core-profile-l1-1-0.dll, api-ms-win-core-com-l1-1-0.dll, api-ms-win-core-handle-l1-1-0.dll, api-ms-win-core-errorhandling-l1-1-0.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 5120
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 8192
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 55720
Suspicous: False cancel

Sections
Allowed: .text, .data, .idata, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 10
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 10
Linker
Version: 14.20
Suspicious: False cancel
Subsystem
Version: 10.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 6592
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: api-ms-win-shcore-thread-l1-1-0.dll, api-ms-win-core-sysinfo-l1-1-0.dll, api-ms-win-core-threadpool-l1-2-0.dll, api-ms-win-core-processthreads-l1-1-0.dll, msvcrt.dll, api-ms-win-core-synch-l1-2-0.dll, api-ms-win-core-heap-l1-1-0.dll, api-ms-win-core-synch-l1-1-0.dll, api-ms-win-core-profile-l1-1-0.dll, api-ms-win-core-com-l1-1-0.dll, api-ms-win-core-handle-l1-1-0.dll, api-ms-win-core-errorhandling-l1-1-0.dll
hasLibs: True check_circle
Suspicious: api-ms-win-core-libraryloader-l1-2-0.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2009-12-20 06:51:57
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 1

garbagebytes
.text: 1

programcontrolflowchange
.text: 1

AVclass
File
Trace
21/8/2021 - 11:45:42.481Write4C:\Users\Behemot
21/8/2021 - 11:45:42.481Unknown4C:\Users\Behemot\Desktop\desktop.ini
21/8/2021 - 11:45:42.481Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 11:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 11:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 11:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 11:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 11:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 11:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 11:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 11:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 11:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 11:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 11:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26
21/8/2021 - 11:45:47.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26TMP000000A2F27954F4B4C5FD26
21/8/2021 - 11:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 11:45:47.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 11:45:47.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 11:45:47.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 11:45:47.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 11:45:47.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 11:45:47.872Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066
21/8/2021 - 11:45:47.872Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066TMP000000A30415A103D3F52066
21/8/2021 - 11:45:47.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
21/8/2021 - 11:45:47.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
21/8/2021 - 11:45:47.872Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
21/8/2021 - 11:45:47.872Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A30415A103D3F52066TMP000000A30415A103D3F52066
21/8/2021 - 11:45:47.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 11:45:47.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 11:45:47.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 11:45:47.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 11:45:47.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 11:45:47.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
21/8/2021 - 11:45:47.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 11:45:47.872Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 11:45:47.918Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2F27954F4B4C5FD26TMP000000A2F27954F4B4C5FD26
21/8/2021 - 11:45:48.481Unknown4C:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
21/8/2021 - 11:45:48.481Write4C:\Monitor\Files\Logs\File.log
21/8/2021 - 11:45:48.481Unknown4C:\Monitor\Files\Logs\File.log
21/8/2021 - 11:45:52.372Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
21/8/2021 - 11:45:52.372Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
21/8/2021 - 11:45:52.372Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
21/8/2021 - 11:45:52.372Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
21/8/2021 - 11:45:52.387Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 11:45:52.387Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 11:45:52.387Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 11:45:52.387Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 11:45:52.387Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 11:45:52.465Write4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
21/8/2021 - 11:45:52.465Write4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 11:45:52.465Unknown4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
21/8/2021 - 11:45:52.465Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 11:45:52.465Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
21/8/2021 - 11:45:52.465Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 11:45:52.465Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 11:45:52.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
21/8/2021 - 11:45:52.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
21/8/2021 - 11:45:52.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
21/8/2021 - 11:45:52.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
21/8/2021 - 11:45:54.481Write4C:\Monitor\Files\Logs\File.log
21/8/2021 - 11:45:54.481Unknown4C:\Monitor\Files\Logs\File.log
21/8/2021 - 11:45:57.965Write4C:\Monitor
21/8/2021 - 11:45:59.528Write684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\System.evtx
21/8/2021 - 11:45:59.528Write684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\System.evtx
21/8/2021 - 11:45:59.528Write684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\Security.evtx
21/8/2021 - 11:45:59.528Write684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\Security.evtx
21/8/2021 - 11:46:0.465Write4C:\Windows\System32\winevt\Logs\System.evtx
21/8/2021 - 11:46:0.465Write4C:\Windows\System32\winevt\Logs\Security.evtx
21/8/2021 - 11:46:2.465Write4C:\Windows\System32\winevt\Logs\System.evtx
21/8/2021 - 11:46:2.465Write4C:\Windows\System32\winevt\Logs\Security.evtx
21/8/2021 - 11:46:2.465Unknown4C:\Windows\System32\winevt\Logs\System.evtx
21/8/2021 - 11:46:2.465Unknown4C:\Windows\System32\winevt\Logs\Security.evtx
21/8/2021 - 11:46:10.465Write4C:\Windows\Temp
21/8/2021 - 11:46:10.465Write4C:\Windows
21/8/2021 - 11:46:17.481Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
21/8/2021 - 11:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 11:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 11:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 11:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 11:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 11:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 11:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 11:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 11:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 11:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
21/8/2021 - 11:46:27.418Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 11:46:27.418Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 11:46:27.418Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 11:46:27.418Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 11:46:27.418Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 11:46:27.418Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 11:46:27.418Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 11:46:27.418Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 11:46:27.418Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 11:46:27.418Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 11:46:27.528Write4C:\System Volume Information\Syscache.hve
21/8/2021 - 11:46:30.418Write4C:\Monitor\Files\Logs\File.log
21/8/2021 - 11:46:30.418Unknown4C:\Monitor\Files\Logs\File.log
21/8/2021 - 11:46:37.528Write4C:\Windows\System32\config\SYSTEM.LOG1
21/8/2021 - 11:46:37.528Write4C:\Windows\System32\config\SYSTEM.LOG1
21/8/2021 - 11:46:37.528Write4C:\Windows\System32\config\SYSTEM.LOG1
21/8/2021 - 11:46:37.528Write4C:\Windows\System32\config\SYSTEM.LOG1
21/8/2021 - 11:46:37.528Write4C:\Windows\System32\config\SYSTEM
21/8/2021 - 11:46:37.528Write4C:\Windows\System32\config\SYSTEM
21/8/2021 - 11:46:37.528Write4C:\Windows\System32\config\SYSTEM
21/8/2021 - 11:46:37.528Write4C:\Windows\System32\config\SYSTEM
21/8/2021 - 11:46:55.731Open528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
21/8/2021 - 11:46:55.731Unknown528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
21/8/2021 - 11:47:17.481Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
21/8/2021 - 11:47:27.559Open1864C:\Windows\explorer.exeC:\
21/8/2021 - 11:47:27.559Unknown1864C:\Windows\explorer.exeC:\
21/8/2021 - 11:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot
21/8/2021 - 11:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot
21/8/2021 - 11:47:32.809Unknown1864C:\Windows\explorer.exeC:\Users\Behemot
21/8/2021 - 11:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
21/8/2021 - 11:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
21/8/2021 - 11:47:32.809Unknown1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
21/8/2021 - 11:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes
21/8/2021 - 11:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
21/8/2021 - 11:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 11:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 11:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 11:47:35.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
21/8/2021 - 11:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 11:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 11:47:35.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
21/8/2021 - 11:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 11:47:35.856Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 11:47:35.856Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 11:47:38.872Write4C:\Monitor\Files\Logs\File.log
21/8/2021 - 11:47:38.872Unknown4C:\Monitor\Files\Logs\File.log
21/8/2021 - 11:47:41.356Read1232C:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Windows Media Player\wmpnetwk.exe
21/8/2021 - 11:48:11.309Open4\Device\HarddiskVolume1\System Volume Information
21/8/2021 - 11:48:11.309Unknown4\Device\HarddiskVolume1\System Volume Information
21/8/2021 - 11:48:13.59Open4C:\System Volume Information
21/8/2021 - 11:48:13.59Open4C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
21/8/2021 - 11:48:13.59Open4C:\System Volume Information\{bcf7d7ec-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
21/8/2021 - 11:48:13.59Open4C:\System Volume Information\{bcf7d7f0-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
21/8/2021 - 11:48:13.59Unknown4C:\System Volume Information
21/8/2021 - 11:48:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 11:48:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 11:48:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 11:48:30.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
21/8/2021 - 11:48:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 11:48:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 11:48:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 11:48:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 11:48:30.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
21/8/2021 - 11:48:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 11:48:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 11:48:30.856Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 11:48:33.872Write4C:\Monitor\Files\Logs\File.log
21/8/2021 - 11:48:33.872Unknown4C:\Monitor\Files\Logs\File.log
21/8/2021 - 11:48:47.481Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
21/8/2021 - 11:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
21/8/2021 - 11:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
21/8/2021 - 11:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat
21/8/2021 - 11:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.datcontainer.dat
21/8/2021 - 11:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.dat
21/8/2021 - 11:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.datcontainer.dat
21/8/2021 - 11:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.dat
21/8/2021 - 11:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.datcontainer.dat
21/8/2021 - 11:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.dat
21/8/2021 - 11:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.datcontainer.dat
21/8/2021 - 11:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.dat
21/8/2021 - 11:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.datcontainer.dat
21/8/2021 - 11:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.dat
21/8/2021 - 11:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.datcontainer.dat
21/8/2021 - 11:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.dat
21/8/2021 - 11:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.datcontainer.dat
21/8/2021 - 11:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.dat
21/8/2021 - 11:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.datcontainer.dat
21/8/2021 - 11:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.dat
21/8/2021 - 11:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.datcontainer.dat
21/8/2021 - 11:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.dat
21/8/2021 - 11:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
21/8/2021 - 11:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.dat
21/8/2021 - 11:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.datcontainer.dat
21/8/2021 - 11:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.dat
21/8/2021 - 11:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.datcontainer.dat
21/8/2021 - 11:49:20.700Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 11:49:20.700Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 11:49:20.700Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 11:49:20.747Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 11:49:20.747Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 11:49:20.840Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 11:49:20.840Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 11:49:20.934Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 11:49:20.934Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 11:49:20.934Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
21/8/2021 - 11:49:20.934Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
21/8/2021 - 11:49:20.934Read1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 11:49:20.981Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
21/8/2021 - 11:49:20.981Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
21/8/2021 - 11:49:20.981Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
21/8/2021 - 11:49:20.981Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
21/8/2021 - 11:49:20.981Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 11:49:21.28Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 11:49:21.28Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 11:49:21.75Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
21/8/2021 - 11:49:21.75Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
21/8/2021 - 11:49:21.75Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 11:49:21.75Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 11:49:21.75Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
21/8/2021 - 11:49:21.75Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
21/8/2021 - 11:49:23.731Write4C:\Monitor\Files\Logs\File.log
21/8/2021 - 11:49:23.731Unknown4C:\Monitor\Files\Logs\File.log
21/8/2021 - 11:49:25.887Unknown2360C:\Windows\System32\audiodg.exeC:\Windows
21/8/2021 - 11:49:30.762Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 11:49:30.762Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 11:49:30.809Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 11:49:30.809Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
21/8/2021 - 11:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 11:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 11:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 11:49:30.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
21/8/2021 - 11:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 11:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 11:49:30.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
21/8/2021 - 11:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 11:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 11:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 11:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 11:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 11:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 11:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 11:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 11:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 11:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 11:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 11:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 11:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 11:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 11:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 11:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 11:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 11:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 11:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 11:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 11:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 11:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 11:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 11:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 11:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 11:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 11:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 11:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 11:49:30.856Open1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 11:49:30.856Unknown1796C:\Windows\System32\taskhost.exeC:\Users
21/8/2021 - 11:49:30.856Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 11:49:30.856Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 11:49:30.856Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 11:49:30.856Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 11:49:30.872Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 11:49:30.872Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 11:49:30.872Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 11:49:30.872Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 11:49:31.481Write4C:\Monitor\Files\Logs\File.log
21/8/2021 - 11:49:31.481Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 11:49:31.481Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
21/8/2021 - 11:49:31.481Write1344C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
21/8/2021 - 11:49:31.481Unknown4C:\Monitor\Files\Logs\File.log
21/8/2021 - 11:49:33.497Write4C:\Monitor\Files\Logs\File.log
21/8/2021 - 11:49:33.497Unknown4C:\Monitor\Files\Logs\File.log

Process
Trace
21/8/2021 - 11:49:25.887Terminate684C:\Windows\System32\svchost.exe2360C:\Windows\System32\audiodg.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
21/8/2021 - 11:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruListCurrentLru
21/8/2021 - 11:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectId
21/8/2021 - 11:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectLru
21/8/2021 - 11:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\1E_ObjectLru_
21/8/2021 - 11:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectId
21/8/2021 - 11:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectLru
21/8/2021 - 11:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3E_ObjectLru_
21/8/2021 - 11:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectId
21/8/2021 - 11:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectLru
21/8/2021 - 11:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3F_ObjectLru_
21/8/2021 - 11:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectId
21/8/2021 - 11:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectLru
21/8/2021 - 11:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\40_ObjectLru_
21/8/2021 - 11:46:29.340Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\22
21/8/2021 - 11:46:29.340Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff00
21/8/2021 - 11:46:29.340Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff01
21/8/2021 - 11:46:29.340Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff02
21/8/2021 - 11:46:29.340Write4\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\24ffffffffffffffffffffffffffffff03

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 80.00%
suspicious: False cancel

NFS 3.0 (Threshold = 0.75)
confidence: 69.33%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 50.00%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 81.17%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 84.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 50.55%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: False cancel

Add to Collection
Download