Report #3615 cancel

  • Creation Date: Nov. 17, 2019, 3:37 p.m.
  • Last Update: Nov. 17, 2019, 9:54 p.m.
  • File: avgggggg.exe
  • Results:
AVclass
banbra
1
VirusTotal
md5
8308e0202ecf5cd565e401dac6e9b822
sha1
c42c26d0002fc481e3d2939c45057be361952161
SCANS (DETECTION RATE = 54.93%)
AVG
result: Win32:Trojan-gen
update: 20190805
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=99)
update: 20190806
version: 2018.9.12.1
detected: True check_circle

APEX
result: Malicious
update: 20190804
version: 5.47
detected: True check_circle

Bkav
update: 20190801
version: 1.3.0.10239
detected: False cancel

K7GW
result: Spyware ( 0054f1a31 )
update: 20190806
version: 11.59.31642
detected: True check_circle

ALYac
result: Trojan.GenericKD.41530751
update: 20190805
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Trojan-gen
update: 20190805
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/Spy.Banker.ceumb
update: 20190805
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
update: 20190805
version: 6.2.0.1
detected: False cancel

DrWeb
update: 20190805
version: 7.0.41.7240
detected: False cancel

GData
result: Trojan.GenericKD.41530751
update: 20190806
version: A:25.22996B:26.15719
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20190805
version: 4.6.4.2
detected: True check_circle

VBA32
result: TScope.Trojan.Delf
update: 20190805
version: 4.0.0
detected: True check_circle

VIPRE
update: 20190805
version: 76930
detected: False cancel

Zoner
update: 20190805
version: 1.0.0.1
detected: False cancel

ClamAV
update: 20190805
version: 0.101.3.0
detected: False cancel

Comodo
update: 20190805
version: 31280
detected: False cancel

F-Prot
update: 20190806
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan-Spy.Agent
update: 20190805
version: 0.1.5.2
detected: True check_circle

McAfee
result: Artemis!8308E0202ECF
update: 20190805
version: 6.0.6.653
detected: True check_circle

Rising
result: Spyware.Banker!8.8D (TFE:4:teweSOKkWQC)
update: 20190805
version: 25.0.0.24
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20190805
version: 4.98.0
detected: True check_circle

Yandex
update: 20190804
version: 5.5.2.24
detected: False cancel

Zillya
update: 20190802
version: 2.0.0.3867
detected: False cancel

Acronis
update: 20190805
version: 1.0.1.51
detected: False cancel

Alibaba
result: TrojanSpy:Win32/Banker.71ea73a7
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Generic.D279B57F
update: 20190805
version: 1.0.0.850
detected: True check_circle

Cylance
result: Unsafe
update: 20190806
version: 2.3.1.101
detected: True check_circle

FireEye
result: Generic.mg.8308e0202ecf5cd5
update: 20190805
version: 29.7.0.0
detected: True check_circle

TACHYON
update: 20190805
version: 2019-08-05.02
detected: False cancel

Tencent
update: 20190806
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20190805
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20190806
version: 1.0.0.403
detected: False cancel

eGambit
update: 20190806
version: v4.3.6
detected: False cancel

Ad-Aware
result: Trojan.GenericKD.41530751
update: 20190805
version: 3.0.5.370
detected: True check_circle

AegisLab
update: 20190805
version: 4.2
detected: False cancel

Emsisoft
result: Trojan.GenericKD.41530751 (B)
update: 20190805
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Trojan.TR/Spy.Banker.ceumb
update: 20190805
version: 12.0.86.52
detected: True check_circle

Fortinet
result: W32/Banbra.AEID!tr
update: 20190806
version: 5.4.247.0
detected: True check_circle

Invincea
update: 20190717
version: 6.3.6.26157
detected: False cancel

Jiangmin
update: 20190805
version: 16.0.100
detected: False cancel

Kingsoft
update: 20190806
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20190806
version: 1.0
detected: False cancel

Symantec
result: Trojan.Gen.2
update: 20190805
version: 1.10.0.0
detected: True check_circle

Trapmine
result: malicious.moderate.ml.score
update: 20190522
version: 3.1.62.789
detected: True check_circle

AhnLab-V3
result: Malware/Gen.Generic.C3361736
update: 20190805
version: 3.15.3.24531
detected: True check_circle

Antiy-AVL
result: Trojan[Banker]/Win32.Banbra
update: 20190805
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Trojan-Banker.Win32.Banbra.gen
update: 20190805
version: 15.0.1.13
detected: True check_circle

MaxSecure
update: 20190803
version: 1.0.0.1
detected: False cancel

Microsoft
result: Trojan:Win32/Tiggre!plock
update: 20190805
version: 1.1.16200.1
detected: True check_circle

Qihoo-360
result: Win32/Trojan.909
update: 20190806
version: 1.0.0.1120
detected: True check_circle

Trustlook
update: 20190806
version: 1.0
detected: False cancel

ZoneAlarm
result: HEUR:Trojan-Banker.Win32.Banbra.gen
update: 20190805
version: 1.0
detected: True check_circle

Cybereason
result: malicious.0002fc
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of Win32/Spy.Banker.AEID
update: 20190805
version: 19804
detected: True check_circle

TrendMicro
result: TROJ_GEN.R002C0WH219
update: 20190805
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.GenericKD.41530751
update: 20190805
version: 7.2
detected: True check_circle

CrowdStrike
update: 20190212
version: 1.0
detected: False cancel

K7AntiVirus
result: Spyware ( 0054f1a31 )
update: 20190805
version: 11.59.31642
detected: True check_circle

SentinelOne
update: 20190604
version: 1.0.27.333
detected: False cancel

Avast-Mobile
update: 20190805
version: 190805-00
detected: False cancel

Malwarebytes
update: 20190805
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20190805
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.Banbra
update: 20190805
version: 14.00
detected: True check_circle

NANO-Antivirus
update: 20190805
version: 1.0.134.24859
detected: False cancel

MicroWorld-eScan
result: Trojan.GenericKD.41530751
update: 20190805
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20190802
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: Artemis
update: 20190805
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R002C0WH219
update: 20190805
version: 10.0.0.1040
detected: True check_circle

total
71
sha256
0d774567aa19c155ff79047c983781a32bc804fd605a36a7521ffef7db3ff312
scan_id
0d774567aa19c155ff79047c983781a32bc804fd605a36a7521ffef7db3ff312-1565045404
resource
8308e0202ecf5cd565e401dac6e9b822
positives
39
scan_date
2019-08-05 22:50:04
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
17/11/2019 - 20:45:44.497Unknown4C:\Users\Behemot\Desktop\desktop.ini
17/11/2019 - 20:45:44.497Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
17/11/2019 - 20:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
17/11/2019 - 20:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
17/11/2019 - 20:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
17/11/2019 - 20:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
17/11/2019 - 20:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
17/11/2019 - 20:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
17/11/2019 - 20:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
17/11/2019 - 20:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
17/11/2019 - 20:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
17/11/2019 - 20:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
17/11/2019 - 20:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A13589B7957053C575
17/11/2019 - 20:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A13589B7957053C575TMP000000A13589B7957053C575
17/11/2019 - 20:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
17/11/2019 - 20:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
17/11/2019 - 20:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
17/11/2019 - 20:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
17/11/2019 - 20:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
17/11/2019 - 20:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
17/11/2019 - 20:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2AF46498673C01EB8
17/11/2019 - 20:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2AF46498673C01EB8TMP000000A2AF46498673C01EB8
17/11/2019 - 20:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
17/11/2019 - 20:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
17/11/2019 - 20:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
17/11/2019 - 20:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2AF46498673C01EB8TMP000000A2AF46498673C01EB8
17/11/2019 - 20:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
17/11/2019 - 20:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
17/11/2019 - 20:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
17/11/2019 - 20:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
17/11/2019 - 20:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
17/11/2019 - 20:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
17/11/2019 - 20:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
17/11/2019 - 20:45:48.856Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
17/11/2019 - 20:45:48.903Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A13589B7957053C575TMP000000A13589B7957053C575
17/11/2019 - 20:45:50.497Unknown4C:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
17/11/2019 - 20:45:50.497Write4C:\Monitor\Files\Logs\File.log
17/11/2019 - 20:45:50.497Unknown4C:\Monitor\Files\Logs\File.log
17/11/2019 - 20:45:53.512Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
17/11/2019 - 20:45:53.512Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
17/11/2019 - 20:45:53.512Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
17/11/2019 - 20:45:53.512Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
17/11/2019 - 20:45:53.528Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
17/11/2019 - 20:45:53.528Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
17/11/2019 - 20:45:53.528Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
17/11/2019 - 20:45:53.528Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
17/11/2019 - 20:45:53.528Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
17/11/2019 - 20:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
17/11/2019 - 20:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
17/11/2019 - 20:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
17/11/2019 - 20:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
17/11/2019 - 20:45:54.465Write4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
17/11/2019 - 20:45:54.465Write4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
17/11/2019 - 20:45:54.465Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
17/11/2019 - 20:45:54.465Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
17/11/2019 - 20:45:54.465Unknown4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
17/11/2019 - 20:45:54.465Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
17/11/2019 - 20:45:54.465Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
17/11/2019 - 20:45:56.481Write4C:\Monitor\Files\Logs\File.log
17/11/2019 - 20:45:56.481Unknown4C:\Monitor\Files\Logs\File.log
17/11/2019 - 20:45:58.965Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
17/11/2019 - 20:45:58.965Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
17/11/2019 - 20:45:58.965Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
17/11/2019 - 20:45:58.965Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
17/11/2019 - 20:45:58.965Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
17/11/2019 - 20:45:58.965Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
17/11/2019 - 20:45:58.965Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
17/11/2019 - 20:45:58.965Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
17/11/2019 - 20:45:58.965Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
17/11/2019 - 20:45:58.965Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
17/11/2019 - 20:46:0.465Write4C:\Windows
17/11/2019 - 20:46:4.497Write4C:\Monitor
17/11/2019 - 20:46:6.653Unknown1752C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32
17/11/2019 - 20:46:18.715Write4C:\Windows\Temp
17/11/2019 - 20:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
17/11/2019 - 20:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
17/11/2019 - 20:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
17/11/2019 - 20:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
17/11/2019 - 20:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
17/11/2019 - 20:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
17/11/2019 - 20:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
17/11/2019 - 20:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
17/11/2019 - 20:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
17/11/2019 - 20:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
17/11/2019 - 20:46:27.418Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
17/11/2019 - 20:46:27.418Write4C:\System Volume Information\Syscache.hve
17/11/2019 - 20:46:27.418Write4C:\System Volume Information\Syscache.hve
17/11/2019 - 20:46:27.418Write4C:\System Volume Information\Syscache.hve
17/11/2019 - 20:46:27.418Write4C:\System Volume Information\Syscache.hve
17/11/2019 - 20:46:27.418Write4C:\System Volume Information\Syscache.hve
17/11/2019 - 20:46:27.418Write4C:\System Volume Information\Syscache.hve
17/11/2019 - 20:46:27.418Write4C:\System Volume Information\Syscache.hve
17/11/2019 - 20:46:27.418Write4C:\System Volume Information\Syscache.hve
17/11/2019 - 20:46:27.418Write4C:\System Volume Information\Syscache.hve
17/11/2019 - 20:46:27.512Write4C:\System Volume Information\Syscache.hve
17/11/2019 - 20:46:29.12Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
17/11/2019 - 20:46:29.12Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
17/11/2019 - 20:46:29.12Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
17/11/2019 - 20:46:29.12Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
17/11/2019 - 20:46:29.12Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
17/11/2019 - 20:46:29.12Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
17/11/2019 - 20:46:29.12Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
17/11/2019 - 20:46:29.12Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
17/11/2019 - 20:46:29.12Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
17/11/2019 - 20:46:29.12Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
17/11/2019 - 20:46:30.418Write4C:\Monitor\Files\Logs\File.log
17/11/2019 - 20:46:30.418Unknown4C:\Monitor\Files\Logs\File.log
17/11/2019 - 20:46:32.481Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
17/11/2019 - 20:46:55.747Open528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
17/11/2019 - 20:46:55.747Unknown528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
17/11/2019 - 20:46:59.75Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
17/11/2019 - 20:46:59.75Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
17/11/2019 - 20:46:59.75Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
17/11/2019 - 20:46:59.75Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
17/11/2019 - 20:46:59.75Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
17/11/2019 - 20:46:59.75Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
17/11/2019 - 20:46:59.75Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
17/11/2019 - 20:46:59.75Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
17/11/2019 - 20:46:59.75Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
17/11/2019 - 20:46:59.75Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
17/11/2019 - 20:46:59.75Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
17/11/2019 - 20:46:59.75Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
17/11/2019 - 20:47:2.75Write4C:\Monitor\Files\Logs\File.log
17/11/2019 - 20:47:2.75Unknown4C:\Monitor\Files\Logs\File.log
17/11/2019 - 20:47:27.559Open1864C:\Windows\explorer.exeC:\
17/11/2019 - 20:47:27.559Unknown1864C:\Windows\explorer.exeC:\
17/11/2019 - 20:47:29.122Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
17/11/2019 - 20:47:29.122Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
17/11/2019 - 20:47:29.122Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
17/11/2019 - 20:47:29.122Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
17/11/2019 - 20:47:29.122Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
17/11/2019 - 20:47:29.122Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
17/11/2019 - 20:47:29.122Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
17/11/2019 - 20:47:29.122Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
17/11/2019 - 20:47:29.122Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
17/11/2019 - 20:47:29.122Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
17/11/2019 - 20:47:32.497Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
17/11/2019 - 20:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot
17/11/2019 - 20:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot
17/11/2019 - 20:47:32.809Unknown1864C:\Windows\explorer.exeC:\Users\Behemot
17/11/2019 - 20:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
17/11/2019 - 20:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
17/11/2019 - 20:47:32.809Unknown1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
17/11/2019 - 20:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes
17/11/2019 - 20:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
17/11/2019 - 20:47:32.809Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
17/11/2019 - 20:47:35.809Write4C:\Monitor\Files\Logs\File.log
17/11/2019 - 20:47:35.809Unknown4C:\Monitor\Files\Logs\File.log
17/11/2019 - 20:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
17/11/2019 - 20:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
17/11/2019 - 20:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
17/11/2019 - 20:47:35.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
17/11/2019 - 20:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
17/11/2019 - 20:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
17/11/2019 - 20:47:35.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
17/11/2019 - 20:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
17/11/2019 - 20:47:39.559Read1232C:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Windows Media Player\wmpnetwk.exe
17/11/2019 - 20:47:59.184Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
17/11/2019 - 20:47:59.184Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
17/11/2019 - 20:47:59.184Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
17/11/2019 - 20:47:59.184Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
17/11/2019 - 20:47:59.184Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
17/11/2019 - 20:47:59.184Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
17/11/2019 - 20:47:59.184Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
17/11/2019 - 20:47:59.184Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
17/11/2019 - 20:47:59.184Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
17/11/2019 - 20:47:59.184Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
17/11/2019 - 20:47:59.184Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
17/11/2019 - 20:48:2.184Write4C:\Monitor\Files\Logs\File.log
17/11/2019 - 20:48:2.184Unknown4C:\Monitor\Files\Logs\File.log
17/11/2019 - 20:48:11.309Open4\Device\HarddiskVolume1\System Volume Information
17/11/2019 - 20:48:11.309Unknown4\Device\HarddiskVolume1\System Volume Information
17/11/2019 - 20:48:13.59Open4C:\System Volume Information
17/11/2019 - 20:48:13.59Open4C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
17/11/2019 - 20:48:13.59Open4C:\System Volume Information\{bcf7d7ec-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
17/11/2019 - 20:48:13.59Open4C:\System Volume Information\{bcf7d7f0-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
17/11/2019 - 20:48:13.59Unknown4C:\System Volume Information
17/11/2019 - 20:48:25.887Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
17/11/2019 - 20:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
17/11/2019 - 20:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
17/11/2019 - 20:48:25.887Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
17/11/2019 - 20:48:25.887Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
17/11/2019 - 20:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
17/11/2019 - 20:48:25.887Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
17/11/2019 - 20:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
17/11/2019 - 20:48:25.887Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
17/11/2019 - 20:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
17/11/2019 - 20:48:25.887Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
17/11/2019 - 20:48:29.262Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
17/11/2019 - 20:48:29.262Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
17/11/2019 - 20:48:29.262Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
17/11/2019 - 20:48:29.262Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
17/11/2019 - 20:48:29.262Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
17/11/2019 - 20:48:29.262Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
17/11/2019 - 20:48:29.262Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
17/11/2019 - 20:48:29.262Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
17/11/2019 - 20:48:29.262Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
17/11/2019 - 20:48:29.262Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
17/11/2019 - 20:48:29.262Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
17/11/2019 - 20:48:32.262Write4C:\Monitor\Files\Logs\File.log
17/11/2019 - 20:48:32.262Unknown4C:\Monitor\Files\Logs\File.log
17/11/2019 - 20:48:32.497Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
17/11/2019 - 20:48:59.340Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
17/11/2019 - 20:48:59.340Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
17/11/2019 - 20:48:59.340Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
17/11/2019 - 20:48:59.340Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
17/11/2019 - 20:48:59.340Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
17/11/2019 - 20:48:59.340Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
17/11/2019 - 20:48:59.340Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
17/11/2019 - 20:48:59.340Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
17/11/2019 - 20:48:59.340Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
17/11/2019 - 20:48:59.340Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
17/11/2019 - 20:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
17/11/2019 - 20:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
17/11/2019 - 20:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat
17/11/2019 - 20:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.datcontainer.dat
17/11/2019 - 20:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.dat
17/11/2019 - 20:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.datcontainer.dat
17/11/2019 - 20:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.dat
17/11/2019 - 20:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.datcontainer.dat
17/11/2019 - 20:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.dat
17/11/2019 - 20:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.datcontainer.dat
17/11/2019 - 20:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.dat
17/11/2019 - 20:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.datcontainer.dat
17/11/2019 - 20:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.dat
17/11/2019 - 20:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.datcontainer.dat
17/11/2019 - 20:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.dat
17/11/2019 - 20:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.datcontainer.dat
17/11/2019 - 20:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.dat
17/11/2019 - 20:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.datcontainer.dat
17/11/2019 - 20:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.dat
17/11/2019 - 20:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.datcontainer.dat
17/11/2019 - 20:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.dat
17/11/2019 - 20:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
17/11/2019 - 20:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.dat
17/11/2019 - 20:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.datcontainer.dat
17/11/2019 - 20:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.dat
17/11/2019 - 20:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.datcontainer.dat
17/11/2019 - 20:49:20.715Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
17/11/2019 - 20:49:20.715Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
17/11/2019 - 20:49:20.715Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
17/11/2019 - 20:49:20.715Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
17/11/2019 - 20:49:20.715Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
17/11/2019 - 20:49:20.762Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
17/11/2019 - 20:49:20.762Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
17/11/2019 - 20:49:20.856Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
17/11/2019 - 20:49:20.856Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
17/11/2019 - 20:49:20.950Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
17/11/2019 - 20:49:20.950Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
17/11/2019 - 20:49:20.950Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
17/11/2019 - 20:49:20.950Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
17/11/2019 - 20:49:20.950Read1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
17/11/2019 - 20:49:20.997Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
17/11/2019 - 20:49:20.997Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
17/11/2019 - 20:49:20.997Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
17/11/2019 - 20:49:20.997Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
17/11/2019 - 20:49:21.43Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
17/11/2019 - 20:49:21.43Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
17/11/2019 - 20:49:21.90Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
17/11/2019 - 20:49:21.90Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
17/11/2019 - 20:49:21.90Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
17/11/2019 - 20:49:21.90Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
17/11/2019 - 20:49:21.90Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
17/11/2019 - 20:49:21.90Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
17/11/2019 - 20:49:21.90Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
17/11/2019 - 20:49:23.715Write4C:\Monitor\Files\Logs\File.log
17/11/2019 - 20:49:23.715Unknown4C:\Monitor\Files\Logs\File.log
17/11/2019 - 20:49:25.872Unknown2360C:\Windows\System32\audiodg.exeC:\Windows
17/11/2019 - 20:49:27.512Read684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\System.evtx
17/11/2019 - 20:49:27.512Read684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\System.evtx
17/11/2019 - 20:49:29.387Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
17/11/2019 - 20:49:29.387Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
17/11/2019 - 20:49:29.387Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
17/11/2019 - 20:49:29.387Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
17/11/2019 - 20:49:29.387Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
17/11/2019 - 20:49:29.387Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
17/11/2019 - 20:49:29.387Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
17/11/2019 - 20:49:29.387Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
17/11/2019 - 20:49:29.387Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
17/11/2019 - 20:49:29.387Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
17/11/2019 - 20:49:30.793Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
17/11/2019 - 20:49:30.793Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
17/11/2019 - 20:49:30.840Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
17/11/2019 - 20:49:30.840Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
17/11/2019 - 20:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
17/11/2019 - 20:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
17/11/2019 - 20:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
17/11/2019 - 20:49:30.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
17/11/2019 - 20:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
17/11/2019 - 20:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
17/11/2019 - 20:49:30.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
17/11/2019 - 20:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
17/11/2019 - 20:49:30.856Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
17/11/2019 - 20:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
17/11/2019 - 20:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
17/11/2019 - 20:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
17/11/2019 - 20:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
17/11/2019 - 20:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
17/11/2019 - 20:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
17/11/2019 - 20:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
17/11/2019 - 20:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
17/11/2019 - 20:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
17/11/2019 - 20:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
17/11/2019 - 20:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
17/11/2019 - 20:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
17/11/2019 - 20:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
17/11/2019 - 20:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
17/11/2019 - 20:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
17/11/2019 - 20:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
17/11/2019 - 20:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
17/11/2019 - 20:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
17/11/2019 - 20:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
17/11/2019 - 20:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
17/11/2019 - 20:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
17/11/2019 - 20:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
17/11/2019 - 20:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
17/11/2019 - 20:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users
17/11/2019 - 20:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users
17/11/2019 - 20:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users
17/11/2019 - 20:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users
17/11/2019 - 20:49:30.887Open1796C:\Windows\System32\taskhost.exeC:\Users
17/11/2019 - 20:49:30.887Unknown1796C:\Windows\System32\taskhost.exeC:\Users
17/11/2019 - 20:49:30.887Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
17/11/2019 - 20:49:30.887Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
17/11/2019 - 20:49:30.887Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
17/11/2019 - 20:49:30.887Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
17/11/2019 - 20:49:30.887Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
17/11/2019 - 20:49:30.887Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
17/11/2019 - 20:49:30.887Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
17/11/2019 - 20:49:31.497Write4C:\Monitor\Files\Logs\File.log
17/11/2019 - 20:49:31.497Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
17/11/2019 - 20:49:31.497Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
17/11/2019 - 20:49:31.497Unknown4C:\Monitor\Files\Logs\File.log
17/11/2019 - 20:49:32.481Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

Process
Trace
17/11/2019 - 20:46:6.653Terminate564C:\Windows\System32\svchost.exe1752C:\Windows\System32\wbem\WmiPrvSE.exe
17/11/2019 - 20:49:25.872Terminate684C:\Windows\System32\svchost.exe2360C:\Windows\System32\audiodg.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
17/11/2019 - 20:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruListCurrentLru
17/11/2019 - 20:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectId
17/11/2019 - 20:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectLru
17/11/2019 - 20:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\1E_ObjectLru_
17/11/2019 - 20:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectId
17/11/2019 - 20:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectLru
17/11/2019 - 20:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3E_ObjectLru_
17/11/2019 - 20:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectId
17/11/2019 - 20:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectLru
17/11/2019 - 20:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3F_ObjectLru_
17/11/2019 - 20:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectId
17/11/2019 - 20:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectLru
17/11/2019 - 20:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\40_ObjectLru_

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel