Report #5622 check_circle

  • Creation Date: Feb. 11, 2020, 5:46 p.m.
  • Last Update: Feb. 11, 2020, 8:13 p.m.
  • File: FLab.exe
  • Results:
Binary
DLL
False cancel
Size
16.55MB
trid
66.9% Inno Setup installer
25.3% Win32 EXE PECompact compressed
2.7% Win32 Executable
1.2% Win16/32 Executable Delphi generic
1.2% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
a3954bfbf97972b6e2996c8e97f6ab4c
sha1
f531eefedef19d27baa0bd3511edc1ef5318d16a
crc32
0xe75a2f87
sha224
078e4d19d2a724b90d2eb4c9ab44f72f1ccfbbebfc4a3b527436713a
sha256
d23ca3a9fa2c90b5f871ffa2392a63aaa50e9f037fbc0ba9e1025e303fdb16fb
sha384
4206179b16fbfac2d92d8656ab009ee2f8e5c6c9c96c20515a11979043130ae893e7e722c39bc6ff018c29d4b5753a72
sha512
9000056c5203604ba7540dcb1525094256e7d335aad5f944a254678c913e04988ff7823a7de398f8662de498193b67e9d6685534b41e9bef4e324a351079e993
ssdeep
393216:RqUWewpX1ciTRBSKWUql0K1zeoLcXtj/FUp:MUWZn3dDqxkNGp
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
IP, UPX20030XMarkusOberhumerLaszloMolnarJohnReiser, Borland_Delphi_30_, CRC32_poly_Constant, BASE64_table, escalate_priv, Borland, network_dns, borland_delphi, Delphi_FormShow, Microsoft_Visual_Cpp_v50v60_MFC, HasDigitalSignature, HasOverlay, CRC32_table, UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser, win_token, OpenSSL_DSA, win_hook, win_mutex, network_tcp_socket, screenshot, network_tcp_listen, Borland_Delphi_v40_v50, keylogger, MD5_Constants, Borland_Delphi_40_additional, UPXv20MarkusLaszloReiser, UPX, IsPE32, Borland_Delphi_40, network_ssl, Delphi_Random, IsWindowsGUI, IsPacked, win_files_operation, anti_dbg, Borland_Delphi_Setup_Module, Borland_Delphi_DLL, url, android_meterpreter, contentis_base64, win_registry, Delphi_CompareCall, Browsers, Borland_Delphi_30_additional, Borland_Delphi_v30, Big_Numbers4, Big_Numbers3, Big_Numbers2, Big_Numbers1

Suspicious
True check_circle

Strings
List
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Bhttp://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
/http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
/http://crl3.digicert.com/sha2-assured-cs-g1.crl05
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
riceletronics.hopto.org
5http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
http://www.precocampeao.com.br/counters/drake/go.php
http://www.indyproject.org/
2http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
2http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
.http://www.digicert.com/ssl-cps-repository.htm0
https://www.digicert.com/CPS0
https://www.digicert.com/CPS0
https://www.digicert.com/CPS0
info@itau.com.br
info@itau.com.br
email@exemplo.com
info@itau.com.br0
info@itau.com.br0
http://ipinfo.io/json
http://ipinfo.io/json
http://ipinfo.io/json
http://ipinfo.io/json
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
Vcl.Graphics
t.Ht
Winapi.Windows
Winapi.Windows
Winapi.Windows
tc.pF
s.TD
rg.sT
rg.sB
A.ci
NPUQ.AO
rg.pE
DlE.VN
Uh.At
t.Id
c.AS
LabelFont.Name
Font.Style

Foremost
Matches
11421.bmp, 1 KB, 11424.bmp, 1 KB, 11428.bmp, 1 KB, 11431.bmp, 1 KB, 11434.bmp, 1 KB, 11438.bmp, 822 B, 11440.bmp, 1 KB, 11443.bmp, 1 KB, 11447.bmp, 1 KB, 11450.bmp, 1 KB, 33855.bmp, 1 KB, 33858.bmp, 1 KB, 10303.exe, 123 KB, 10464.png, 39 KB, 11038.png, 17 KB, 11079.png, 34 KB, 11166.png, 46 KB, 12296.png, 6 KB, 12310.png, 6 KB, 12675.png, 6 KB, 12688.png, 6 KB, 13507.png, 21 KB, 13930.png, 6 KB, 13943.png, 6 KB, 14226.png, 6 KB, 14240.png, 6 KB, 14877.png, 6 KB, 14891.png, 6 KB, 15640.png, 6 KB, 15654.png, 6 KB, 15871.png, 6 KB, 15885.png, 6 KB, 16489.png, 6 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed: 3.6.4.1, 1, ec2-3-6-4-1.ap-south-1.compute.amazonaws.com., 255.255.255.255, 1, record, 127.0.0.1, 1, localhost.
Suspicious: 1.5.1.1, 0, Unknown, 1.3.0.2, 0, Unknown, 1.0.0.3, 0, Unknown, 1.5.0.1, 0, Unknown, 0.0.0.1, 0, Unknown
hasAllowed: True check_circle
hasSuspicious: True check_circle

URLs
Allowed: http://schemas.microsoft.com/smi/2005/windowssettings
hasURLs: True check_circle
Suspicious: http://ts-ocsp.ws.symantec.com07, http://crl4.digicert.com/sha2-assured-cs-g1.crl0l, http://crl4.digicert.com/digicertassuredidca-1.crl0w, http://crl3.digicert.com/sha2-assured-cs-g1.crl05, http://cacerts.digicert.com/digicertassuredidrootca.crt0, https://www.mozilla.com0, http://crl3.digicert.com/digicertassuredidrootca.crl0:, http://ocsp.digicert.com0c, http://crl.thawte.com/thawtetimestampingca.crl0, http://ocsp.digicert.com0a, http://ocsp.digicert.com0n, http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(, http://ocsp.thawte.com0, http://crl3.digicert.com/digicertassuredidrootca.crl0o, http://www.indyproject.org/, http://cacerts.digicert.com/digicertsha2assuredidcodesigningca.crt0, http://crl4.digicert.com/digicertassuredidrootca.crl0, http://www.precocampeao.com.br/counters/drake/go.php, http://cacerts.digicert.com/digicertassuredidca-1.crt0, http://ipinfo.io/json, http://crl4.digicert.com/digicertassuredidrootca.crl0:, http://crl3.digicert.com/digicertassuredidca-1.crl08, https://www.digicert.com/cps0, http://www.digicert.com/ssl-cps-repository.htm0, http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
hasAllowed: True check_circle
hasSuspicious: True check_circle

Files
Allowed: secur32.dll, ssleay32.dll, security.dll, MSWSOCK.DLL, MAPI32.DLL, Fwpuclnt.dll, WS2_32.DLL, user32.dll, uxtheme.dll, dwmapi.dll, COMCTL32.DLL, Normaliz.dll, kernel.dll, ole32.dll, imm32.dll, olepro32.dll, Kernel32.dll, gdi32.dll, IdnDL.dll, Wship6.dll, oleaut32.dll, Msctf.dll, iphlpapi.dll, libeay32.dll, msimg32.dll, libssl32.dll, RICHED20.DLL, winmm.dll, wtsapi32.dll, Shcore.dll, windowscodecs.dll, wsock32.dll, netapi32.dll, wininet.dll, msvcrt.dll, oleacc.dll, advapi32.dll, gdiplus.dll, version.dll, shell32.dll, http://www.precocampeao.com.br/counters/drake/go.php
hasFiles: True check_circle
Suspicious: XML files (*.xml)|*.xml, PDF files (*.pdf)|*.pdf, Data.DB, Space delimited text files (*.txt)|*.txt, Custom delimited text files (*.txt)|*.txt, Colon delimited text files (*.txt)|*.txt, Tab delimited text files (*.txt)|*.txt, 50FA27C8065B91B95DF4.txt
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 12585472
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 16384
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 17350021
Suspicous: False cancel

Sections
Allowed: .text, .itext, .data, .bss, .idata, .didata, .edata, .tls, .rdata, .reloc, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 2.25
Suspicious: False cancel
Subsystem
Version: 5.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 4763440
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: secur32.dll, security.dll, mswsock.dll, mapi32.dll, ws2_32.dll, user32.dll, uxtheme.dll, dwmapi.dll, comctl32.dll, normaliz.dll, ole32.dll, imm32.dll, olepro32.dll, kernel32.dll, gdi32.dll, idndl.dll, wship6.dll, oleaut32.dll, msctf.dll, msimg32.dll, riched20.dll, winmm.dll, wtsapi32.dll, shcore.dll, windowscodecs.dll, wsock32.dll, netapi32.dll, wininet.dll, msvcrt.dll, oleacc.dll, advapi32.dll, gdiplus.dll, version.dll, shell32.dll
hasLibs: True check_circle
Suspicious: ssleay32.dll, fwpuclnt.dll, kernel.dll, iphlpapi.dll, libeay32.dll, libssl32.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2019-07-17 13:45:42
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Borland Delphi 3.0 (???), Borland Delphi 4.0

Obfuscation
XOR: True check_circle
Fuzzing: True check_circle

PEDetector
Matches
5275168
Suspicious
True check_circle
Disassembly
hasTricks
True check_circle
Tricks
pushret
.data: 13
.rsrc: 3019
.text: 142
.idata: 2
.itext: 10

pushpopmath
.data: 13
.rsrc: 2418
.text: 370
.reloc: 322

ss register
.rsrc: 25
.reloc: 1

garbagebytes
.data: 7
.rsrc: 1309
.text: 117
.idata: 2
.itext: 10

hookdetection
.data: 1
.rsrc: 81
.text: 4
.reloc: 27

software breakpoint
.rsrc: 82
.text: 27
.reloc: 102

fakeconditionaljumps
.rsrc: 64
.text: 2

programcontrolflowchange
.data: 7
.rsrc: 1247
.text: 115
.idata: 2
.itext: 10

cpuinstructionsresultscomparison
.data: 23
.rsrc: 172
.text: 73
.reloc: 3

AVclass
banbra
1
VirusTotal
md5
a3954bfbf97972b6e2996c8e97f6ab4c
sha1
f531eefedef19d27baa0bd3511edc1ef5318d16a
SCANS (DETECTION RATE = 41.43%)
AVG
result: Win32:BankerX-gen [Trj]
update: 20191016
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
update: 20191016
version: 2019.9.16.1
detected: False cancel

APEX
result: Malicious
update: 20191015
version: 5.74
detected: True check_circle

Bkav
update: 20191015
version: 1.3.0.10239
detected: False cancel

K7GW
result: Spyware ( 00551b2c1 )
update: 20191010
version: 11.72.32236
detected: True check_circle

ALYac
update: 20191016
version: 1.1.1.5
detected: False cancel

Avast
result: Win32:BankerX-gen [Trj]
update: 20191016
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/Spy.Banker.oqpuq
update: 20191015
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
update: 20191016
version: 6.2.2.2
detected: False cancel

DrWeb
update: 20191016
version: 7.0.41.7240
detected: False cancel

GData
result: Win32.Trojan.Agent.4RFU8E
update: 20191016
version: A:25.23702B:26.16308
detected: True check_circle

Panda
update: 20191015
version: 4.6.4.2
detected: False cancel

VBA32
result: TScope.Trojan.Delf
update: 20191015
version: 4.1.0
detected: True check_circle

VIPRE
update: 20191015
version: 78592
detected: False cancel

Zoner
update: 20191015
version: 1.0.0.1
detected: False cancel

ClamAV
update: 20191015
version: 0.102.0.0
detected: False cancel

Comodo
update: 20191016
version: 31607
detected: False cancel

F-Prot
update: 20191016
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan-Spy.Agent
update: 20191015
version: 0.1.5.2
detected: True check_circle

McAfee
result: Artemis!A3954BFBF979
update: 20191016
version: 6.0.6.653
detected: True check_circle

Rising
result: Spyware.Banker!8.8D (TFE:4:teweSOKkWQC)
update: 20191016
version: 25.0.0.24
detected: True check_circle

Sophos
result: Troj/DwnLdr-YJS
update: 20191016
version: 4.98.0
detected: True check_circle

Yandex
update: 20191015
version: 5.5.2.24
detected: False cancel

Zillya
result: Trojan.Banbra.Win32.29844
update: 20191015
version: 2.0.0.3925
detected: True check_circle

Acronis
update: 20191005
version: 1.1.1.58
detected: False cancel

Alibaba
result: TrojanSpy:Win32/Banker.547f3f43
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
update: 20191015
version: 1.0.0.859
detected: False cancel

Cylance
update: 20191016
version: 2.3.1.101
detected: False cancel

Endgame
result: malicious (high confidence)
update: 20190918
version: 3.0.15
detected: True check_circle

FireEye
result: Generic.mg.a3954bfbf97972b6
update: 20191016
version: 29.7.0.0
detected: True check_circle

TACHYON
update: 20191016
version: 2019-10-16.01
detected: False cancel

Tencent
update: 20191016
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20191015
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20191016
version: 1.0.0.403
detected: False cancel

eGambit
update: 20191016
version: v5.0.6
detected: False cancel

Ad-Aware
update: 20191016
version: 3.0.5.370
detected: False cancel

AegisLab
update: 20191016
version: 4.2
detected: False cancel

Emsisoft
update: 20191016
version: 2018.12.0.1641
detected: False cancel

F-Secure
update: 20191013
version: 12.0.86.52
detected: False cancel

Fortinet
result: W32/Banbra.AEID!tr
update: 20191016
version: 5.4.247.0
detected: True check_circle

Invincea
update: 20190904
version: 6.3.6.26157
detected: False cancel

Jiangmin
update: 20191016
version: 16.0.100
detected: False cancel

Kingsoft
update: 20191016
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20191016
version: 1.0
detected: False cancel

Symantec
result: ML.Attribute.HighConfidence
update: 20191015
version: 1.11.0.0
detected: True check_circle

Trapmine
update: 20190826
version: 3.1.81.800
detected: False cancel

AhnLab-V3
result: Malware/Gen.Generic.C3361736
update: 20191015
version: 3.16.3.25410
detected: True check_circle

Antiy-AVL
update: 20191016
version: 3.0.0.1
detected: False cancel

Kaspersky
result: HEUR:Trojan-Banker.Win32.Banbra.gen
update: 20191016
version: 15.0.1.13
detected: True check_circle

Microsoft
result: PUA:Win32/InstallCore
update: 20191016
version: 1.1.16400.2
detected: True check_circle

Qihoo-360
result: Win32/Trojan.909
update: 20191016
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: HEUR:Trojan-Banker.Win32.Banbra.gen
update: 20191016
version: 1.0
detected: True check_circle

Cybereason
result: malicious.edef19
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of Win32/Spy.Banker.AEID
update: 20191016
version: 20187
detected: True check_circle

TrendMicro
result: TROJ_GEN.R002C0RHE19
update: 20191016
version: 11.0.0.1006
detected: True check_circle

BitDefender
update: 20191016
version: 7.2
detected: False cancel

CrowdStrike
update: 20190702
version: 1.0
detected: False cancel

K7AntiVirus
result: Spyware ( 00551b2c1 )
update: 20191015
version: 11.73.32285
detected: True check_circle

SentinelOne
update: 20190807
version: 1.0.31.22
detected: False cancel

Avast-Mobile
update: 20191012
version: 191012-04
detected: False cancel

Malwarebytes
update: 20191016
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20191015
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.Banbra
update: 20191015
version: 14.00
detected: True check_circle

NANO-Antivirus
update: 20191016
version: 1.0.134.24859
detected: False cancel

MicroWorld-eScan
update: 20191016
version: 14.0.297.0
detected: False cancel

SUPERAntiSpyware
update: 20191011
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: Artemis
update: 20191015
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R002C0RHE19
update: 20191016
version: 10.0.0.1040
detected: True check_circle

total
70
sha256
d23ca3a9fa2c90b5f871ffa2392a63aaa50e9f037fbc0ba9e1025e303fdb16fb
scan_id
d23ca3a9fa2c90b5f871ffa2392a63aaa50e9f037fbc0ba9e1025e303fdb16fb-1571193084
resource
a3954bfbf97972b6e2996c8e97f6ab4c
positives
29
scan_date
2019-10-16 02:31:24
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
11/2/2020 - 19:45:44.497Unknown4C:\Users\Behemot\Desktop\desktop.ini
11/2/2020 - 19:45:44.497Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
11/2/2020 - 19:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
11/2/2020 - 19:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
11/2/2020 - 19:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
11/2/2020 - 19:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
11/2/2020 - 19:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
11/2/2020 - 19:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
11/2/2020 - 19:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
11/2/2020 - 19:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
11/2/2020 - 19:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
11/2/2020 - 19:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
11/2/2020 - 19:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A13589B7957053C575
11/2/2020 - 19:45:48.856Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A13589B7957053C575TMP000000A13589B7957053C575
11/2/2020 - 19:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
11/2/2020 - 19:45:48.856Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
11/2/2020 - 19:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
11/2/2020 - 19:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
11/2/2020 - 19:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
11/2/2020 - 19:45:48.856Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
11/2/2020 - 19:45:48.872Open2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2AF46498673C01EB8
11/2/2020 - 19:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2AF46498673C01EB8TMP000000A2AF46498673C01EB8
11/2/2020 - 19:45:48.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
11/2/2020 - 19:45:48.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
11/2/2020 - 19:45:48.872Read2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
11/2/2020 - 19:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A2AF46498673C01EB8TMP000000A2AF46498673C01EB8
11/2/2020 - 19:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
11/2/2020 - 19:45:48.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
11/2/2020 - 19:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
11/2/2020 - 19:45:48.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
11/2/2020 - 19:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
11/2/2020 - 19:45:48.872Open2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exe
11/2/2020 - 19:45:48.872Unknown2928C:\Windows\System32\svchost.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
11/2/2020 - 19:45:48.872Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
11/2/2020 - 19:45:48.918Unknown2928C:\Windows\System32\svchost.exeC:\Windows\Temp\TMP000000A13589B7957053C575TMP000000A13589B7957053C575
11/2/2020 - 19:45:50.465Unknown4C:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
11/2/2020 - 19:45:50.465Write4C:\Monitor\Files\Logs\File.log
11/2/2020 - 19:45:50.465Unknown4C:\Monitor\Files\Logs\File.log
11/2/2020 - 19:45:53.372Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
11/2/2020 - 19:45:53.372Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pf
11/2/2020 - 19:45:53.372Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
11/2/2020 - 19:45:53.372Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
11/2/2020 - 19:45:53.387Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
11/2/2020 - 19:45:53.387Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
11/2/2020 - 19:45:53.387Open796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
11/2/2020 - 19:45:53.387Write796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
11/2/2020 - 19:45:53.387Unknown796C:\Windows\System32\svchost.exeC:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
11/2/2020 - 19:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
11/2/2020 - 19:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
11/2/2020 - 19:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
11/2/2020 - 19:45:53.856Open2928C:\Windows\System32\svchost.exeC:\Windows\System32\conhost.exe
11/2/2020 - 19:45:54.497Write4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
11/2/2020 - 19:45:54.497Write4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
11/2/2020 - 19:45:54.497Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
11/2/2020 - 19:45:54.497Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
11/2/2020 - 19:45:54.497Unknown4C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C7827.pfWKCD_LOAD_USE.EXE-695C7827.pf
11/2/2020 - 19:45:54.497Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
11/2/2020 - 19:45:54.497Unknown4C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pfCONHOST.EXE-1F3E9D7E.pf
11/2/2020 - 19:45:56.465Write4C:\Monitor\Files\Logs\File.log
11/2/2020 - 19:45:56.481Unknown4C:\Monitor\Files\Logs\File.log
11/2/2020 - 19:45:58.950Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
11/2/2020 - 19:45:58.950Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
11/2/2020 - 19:45:58.950Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
11/2/2020 - 19:45:58.950Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
11/2/2020 - 19:45:58.950Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
11/2/2020 - 19:45:58.950Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
11/2/2020 - 19:45:58.950Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
11/2/2020 - 19:45:58.950Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
11/2/2020 - 19:45:58.950Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
11/2/2020 - 19:45:58.950Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
11/2/2020 - 19:46:0.497Write4C:\Windows
11/2/2020 - 19:46:4.481Write4C:\Monitor
11/2/2020 - 19:46:6.637Unknown1752C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32
11/2/2020 - 19:46:18.715Write4C:\Windows\Temp
11/2/2020 - 19:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
11/2/2020 - 19:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
11/2/2020 - 19:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
11/2/2020 - 19:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
11/2/2020 - 19:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
11/2/2020 - 19:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
11/2/2020 - 19:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
11/2/2020 - 19:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
11/2/2020 - 19:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
11/2/2020 - 19:46:27.418Write4C:\System Volume Information\Syscache.hve.LOG1
11/2/2020 - 19:46:27.418Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
11/2/2020 - 19:46:27.418Write4C:\System Volume Information\Syscache.hve
11/2/2020 - 19:46:27.418Write4C:\System Volume Information\Syscache.hve
11/2/2020 - 19:46:27.418Write4C:\System Volume Information\Syscache.hve
11/2/2020 - 19:46:27.418Write4C:\System Volume Information\Syscache.hve
11/2/2020 - 19:46:27.418Write4C:\System Volume Information\Syscache.hve
11/2/2020 - 19:46:27.418Write4C:\System Volume Information\Syscache.hve
11/2/2020 - 19:46:27.418Write4C:\System Volume Information\Syscache.hve
11/2/2020 - 19:46:27.418Write4C:\System Volume Information\Syscache.hve
11/2/2020 - 19:46:27.418Write4C:\System Volume Information\Syscache.hve
11/2/2020 - 19:46:27.512Write4C:\System Volume Information\Syscache.hve
11/2/2020 - 19:46:29.12Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
11/2/2020 - 19:46:29.12Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
11/2/2020 - 19:46:29.12Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
11/2/2020 - 19:46:29.12Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
11/2/2020 - 19:46:29.12Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
11/2/2020 - 19:46:29.12Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
11/2/2020 - 19:46:29.12Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
11/2/2020 - 19:46:29.12Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
11/2/2020 - 19:46:29.12Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
11/2/2020 - 19:46:29.12Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
11/2/2020 - 19:46:30.418Write4C:\Monitor\Files\Logs\File.log
11/2/2020 - 19:46:30.418Unknown4C:\Monitor\Files\Logs\File.log
11/2/2020 - 19:46:32.481Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
11/2/2020 - 19:46:55.981Open528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
11/2/2020 - 19:46:55.981Unknown528C:\Windows\System32\SearchIndexer.exeC:\ProgramData\Microsoft\Search\Data
11/2/2020 - 19:46:59.75Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
11/2/2020 - 19:46:59.75Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
11/2/2020 - 19:46:59.75Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
11/2/2020 - 19:46:59.75Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
11/2/2020 - 19:46:59.75Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
11/2/2020 - 19:46:59.75Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
11/2/2020 - 19:46:59.75Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
11/2/2020 - 19:46:59.75Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
11/2/2020 - 19:46:59.75Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
11/2/2020 - 19:46:59.75Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
11/2/2020 - 19:46:59.75Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
11/2/2020 - 19:46:59.75Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
11/2/2020 - 19:47:2.75Write4C:\Monitor\Files\Logs\File.log
11/2/2020 - 19:47:2.75Unknown4C:\Monitor\Files\Logs\File.log
11/2/2020 - 19:47:27.559Open1864C:\Windows\explorer.exeC:\
11/2/2020 - 19:47:27.559Unknown1864C:\Windows\explorer.exeC:\
11/2/2020 - 19:47:29.137Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
11/2/2020 - 19:47:29.137Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
11/2/2020 - 19:47:29.137Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
11/2/2020 - 19:47:29.137Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
11/2/2020 - 19:47:29.137Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
11/2/2020 - 19:47:29.137Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
11/2/2020 - 19:47:29.137Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
11/2/2020 - 19:47:29.137Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
11/2/2020 - 19:47:29.137Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
11/2/2020 - 19:47:29.137Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
11/2/2020 - 19:47:32.465Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
11/2/2020 - 19:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot
11/2/2020 - 19:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot
11/2/2020 - 19:47:32.809Unknown1864C:\Windows\explorer.exeC:\Users\Behemot
11/2/2020 - 19:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
11/2/2020 - 19:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
11/2/2020 - 19:47:32.809Unknown1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming
11/2/2020 - 19:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes
11/2/2020 - 19:47:32.809Open1864C:\Windows\explorer.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
11/2/2020 - 19:47:32.809Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
11/2/2020 - 19:47:35.840Write4C:\Monitor\Files\Logs\File.log
11/2/2020 - 19:47:35.840Unknown4C:\Monitor\Files\Logs\File.log
11/2/2020 - 19:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
11/2/2020 - 19:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
11/2/2020 - 19:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
11/2/2020 - 19:47:35.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
11/2/2020 - 19:47:35.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
11/2/2020 - 19:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
11/2/2020 - 19:47:35.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
11/2/2020 - 19:47:35.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
11/2/2020 - 19:47:39.684Read1232C:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Windows Media Player\wmpnetwk.exe
11/2/2020 - 19:47:59.184Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
11/2/2020 - 19:47:59.184Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
11/2/2020 - 19:47:59.184Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
11/2/2020 - 19:47:59.184Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
11/2/2020 - 19:47:59.184Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
11/2/2020 - 19:47:59.184Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
11/2/2020 - 19:47:59.184Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
11/2/2020 - 19:47:59.184Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
11/2/2020 - 19:47:59.184Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
11/2/2020 - 19:47:59.184Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
11/2/2020 - 19:47:59.184Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
11/2/2020 - 19:48:2.184Write4C:\Monitor\Files\Logs\File.log
11/2/2020 - 19:48:2.184Unknown4C:\Monitor\Files\Logs\File.log
11/2/2020 - 19:48:11.309Open4\Device\HarddiskVolume1\System Volume Information
11/2/2020 - 19:48:11.309Unknown4\Device\HarddiskVolume1\System Volume Information
11/2/2020 - 19:48:13.59Open4C:\System Volume Information
11/2/2020 - 19:48:13.59Open4C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
11/2/2020 - 19:48:13.59Open4C:\System Volume Information\{bcf7d7ec-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
11/2/2020 - 19:48:13.59Open4C:\System Volume Information\{bcf7d7f0-4f18-11e8-8b8a-525400842a13}{3808876b-c176-4e48-b7ae-04046e6cc752}
11/2/2020 - 19:48:13.59Unknown4C:\System Volume Information
11/2/2020 - 19:48:25.903Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
11/2/2020 - 19:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
11/2/2020 - 19:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
11/2/2020 - 19:48:25.903Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
11/2/2020 - 19:48:25.903Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
11/2/2020 - 19:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
11/2/2020 - 19:48:25.903Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
11/2/2020 - 19:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
11/2/2020 - 19:48:25.903Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
11/2/2020 - 19:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
11/2/2020 - 19:48:25.903Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
11/2/2020 - 19:48:29.231Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
11/2/2020 - 19:48:29.231Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
11/2/2020 - 19:48:29.231Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
11/2/2020 - 19:48:29.231Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
11/2/2020 - 19:48:29.231Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
11/2/2020 - 19:48:29.231Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
11/2/2020 - 19:48:29.231Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
11/2/2020 - 19:48:29.231Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
11/2/2020 - 19:48:29.231Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
11/2/2020 - 19:48:29.231Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
11/2/2020 - 19:48:29.231Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
11/2/2020 - 19:48:32.231Write4C:\Monitor\Files\Logs\File.log
11/2/2020 - 19:48:32.231Unknown4C:\Monitor\Files\Logs\File.log
11/2/2020 - 19:48:32.465Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
11/2/2020 - 19:48:59.278Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
11/2/2020 - 19:48:59.278Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
11/2/2020 - 19:48:59.278Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
11/2/2020 - 19:48:59.278Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
11/2/2020 - 19:48:59.278Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
11/2/2020 - 19:48:59.278Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
11/2/2020 - 19:48:59.278Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
11/2/2020 - 19:48:59.278Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
11/2/2020 - 19:48:59.278Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
11/2/2020 - 19:48:59.278Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
11/2/2020 - 19:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
11/2/2020 - 19:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
11/2/2020 - 19:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat
11/2/2020 - 19:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\container.datcontainer.dat
11/2/2020 - 19:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.dat
11/2/2020 - 19:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Feeds Cache\container.datcontainer.dat
11/2/2020 - 19:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.dat
11/2/2020 - 19:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatCache\container.datcontainer.dat
11/2/2020 - 19:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.dat
11/2/2020 - 19:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.datcontainer.dat
11/2/2020 - 19:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.dat
11/2/2020 - 19:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\DNTException\container.datcontainer.dat
11/2/2020 - 19:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.dat
11/2/2020 - 19:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\container.datcontainer.dat
11/2/2020 - 19:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.dat
11/2/2020 - 19:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.datcontainer.dat
11/2/2020 - 19:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.dat
11/2/2020 - 19:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.datcontainer.dat
11/2/2020 - 19:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.dat
11/2/2020 - 19:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.datcontainer.dat
11/2/2020 - 19:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.dat
11/2/2020 - 19:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
11/2/2020 - 19:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.dat
11/2/2020 - 19:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.datcontainer.dat
11/2/2020 - 19:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.dat
11/2/2020 - 19:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\AppCache\B2419NGQ\container.datcontainer.dat
11/2/2020 - 19:49:20.684Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
11/2/2020 - 19:49:20.684Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
11/2/2020 - 19:49:20.684Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
11/2/2020 - 19:49:20.684Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
11/2/2020 - 19:49:20.684Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
11/2/2020 - 19:49:20.731Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
11/2/2020 - 19:49:20.731Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
11/2/2020 - 19:49:20.825Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
11/2/2020 - 19:49:20.825Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
11/2/2020 - 19:49:20.918Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
11/2/2020 - 19:49:20.918Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
11/2/2020 - 19:49:20.918Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
11/2/2020 - 19:49:20.918Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
11/2/2020 - 19:49:20.918Read1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
11/2/2020 - 19:49:20.965Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
11/2/2020 - 19:49:20.965Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
11/2/2020 - 19:49:20.965Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
11/2/2020 - 19:49:20.965Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.log
11/2/2020 - 19:49:21.12Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
11/2/2020 - 19:49:21.12Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
11/2/2020 - 19:49:21.59Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
11/2/2020 - 19:49:21.59Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
11/2/2020 - 19:49:21.59Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
11/2/2020 - 19:49:21.59Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
11/2/2020 - 19:49:21.59Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
11/2/2020 - 19:49:21.59Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.datcontainer.dat
11/2/2020 - 19:49:21.59Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
11/2/2020 - 19:49:23.684Write4C:\Monitor\Files\Logs\File.log
11/2/2020 - 19:49:23.684Unknown4C:\Monitor\Files\Logs\File.log
11/2/2020 - 19:49:25.903Unknown2360C:\Windows\System32\audiodg.exeC:\Windows
11/2/2020 - 19:49:27.497Read684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\System.evtx
11/2/2020 - 19:49:27.497Read684C:\Windows\System32\svchost.exeC:\Windows\System32\winevt\Logs\System.evtx
11/2/2020 - 19:49:29.325Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
11/2/2020 - 19:49:29.325Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
11/2/2020 - 19:49:29.325Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService
11/2/2020 - 19:49:29.325Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
11/2/2020 - 19:49:29.325Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
11/2/2020 - 19:49:29.325Unknown1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local
11/2/2020 - 19:49:29.325Open1172C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
11/2/2020 - 19:49:29.325Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload
11/2/2020 - 19:49:29.325Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
11/2/2020 - 19:49:29.325Open1172C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm
11/2/2020 - 19:49:30.731Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
11/2/2020 - 19:49:30.731Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
11/2/2020 - 19:49:30.762Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
11/2/2020 - 19:49:30.762Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
11/2/2020 - 19:49:30.778Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
11/2/2020 - 19:49:30.778Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
11/2/2020 - 19:49:30.778Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
11/2/2020 - 19:49:30.778Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/2/2020 - 19:49:30.778Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/2/2020 - 19:49:30.778Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/2/2020 - 19:49:30.778Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/2/2020 - 19:49:30.778Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
11/2/2020 - 19:49:30.778Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
11/2/2020 - 19:49:30.778Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
11/2/2020 - 19:49:30.778Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
11/2/2020 - 19:49:30.778Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 19:49:30.778Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 19:49:30.778Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 19:49:30.778Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 19:49:30.778Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
11/2/2020 - 19:49:30.778Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
11/2/2020 - 19:49:30.778Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
11/2/2020 - 19:49:30.778Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
11/2/2020 - 19:49:30.778Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
11/2/2020 - 19:49:30.778Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
11/2/2020 - 19:49:30.778Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
11/2/2020 - 19:49:30.778Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
11/2/2020 - 19:49:30.778Unknown1796C:\Windows\System32\taskhost.exeC:\Users\Behemot
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users
11/2/2020 - 19:49:30.778Unknown1796C:\Windows\System32\taskhost.exeC:\Users
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users
11/2/2020 - 19:49:30.778Unknown1796C:\Windows\System32\taskhost.exeC:\Users
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users
11/2/2020 - 19:49:30.778Unknown1796C:\Windows\System32\taskhost.exeC:\Users
11/2/2020 - 19:49:30.778Open1796C:\Windows\System32\taskhost.exeC:\Users
11/2/2020 - 19:49:30.778Unknown1796C:\Windows\System32\taskhost.exeC:\Users
11/2/2020 - 19:49:30.778Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
11/2/2020 - 19:49:30.778Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
11/2/2020 - 19:49:30.778Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
11/2/2020 - 19:49:30.778Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
11/2/2020 - 19:49:30.778Write1796C:\Windows\System32\taskhost.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
11/2/2020 - 19:49:30.778Write4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
11/2/2020 - 19:49:30.793Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
11/2/2020 - 19:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
11/2/2020 - 19:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
11/2/2020 - 19:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
11/2/2020 - 19:49:30.856Open796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
11/2/2020 - 19:49:30.856Open796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
11/2/2020 - 19:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
11/2/2020 - 19:49:30.856Unknown796C:\Windows\System32\svchost.exe\Device\Mup\.\.\
11/2/2020 - 19:49:30.856Unknown796C:\Windows\System32\svchost.exeC:\Windows\CSC\v2.0.6\namespace
11/2/2020 - 19:49:30.856Write544C:\Monitor\WKCD_Load_Use.exeC:\Monitor\Files\Logs\File.log
11/2/2020 - 19:49:31.465Write4C:\Monitor\Files\Logs\File.log
11/2/2020 - 19:49:31.465Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
11/2/2020 - 19:49:31.465Unknown4C:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\V01.chk
11/2/2020 - 19:49:31.465Unknown4C:\Monitor\Files\Logs\File.log
11/2/2020 - 19:49:32.497Write684C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

Process
Trace
11/2/2020 - 19:46:6.637Terminate564C:\Windows\System32\svchost.exe1752C:\Windows\System32\wbem\WmiPrvSE.exe
11/2/2020 - 19:49:25.903Terminate684C:\Windows\System32\svchost.exe2360C:\Windows\System32\audiodg.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
11/2/2020 - 19:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruListCurrentLru
11/2/2020 - 19:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectId
11/2/2020 - 19:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EDObjectLru
11/2/2020 - 19:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\1E_ObjectLru_
11/2/2020 - 19:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectId
11/2/2020 - 19:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000E8ObjectLru
11/2/2020 - 19:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3E_ObjectLru_
11/2/2020 - 19:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectId
11/2/2020 - 19:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000EBObjectLru
11/2/2020 - 19:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\3F_ObjectLru_
11/2/2020 - 19:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectId
11/2/2020 - 19:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\LruList\00000000000000F0ObjectLru
11/2/2020 - 19:46:22.418Write4\REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObjectStore\ObjectTable\40_ObjectLru_

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 39.61%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 95.10%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 60.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 37.58%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 48.00%
suspicious: False cancel

Add to Collection
Download