Report #13153

(1)

Binary

DLL False

Size 162.50KB

trid 41.0% Win32 Executable MS Visual C++

36.3% Win64 Executable

8.6% Win32 Dynamic Link Library 5.9% Win32 Executable

2.6% OS/2 Executable

type PE

wordsize 32

Subsystem Windows GUI

Hashes

md5 95d7e834afa55526302d2783a94cdd9b

sha1 b2e5fd5e6f8e675c4e4039b14506b1206c0afcd1

crc32 0x519ede1b

sha224 27ea962f845d6819c6d153ebe1c0d631ee3b65020539d45915536aec

sha256 2a7afae03b4aeab95a647bf42ddf71f8c733f0d512981dc111366152eda8f87 7

sha384 452d87b2628282f07ec8f982dd7e42b4f74425f2ba30d7b6a391eef0a5cd0f9 a0f1ebc8322c05797c7dcf7308fc431c8

sha512 73a3c52bbdb5ce4293d6e72af823c36c1607c0e75de00d28b7252ea328966 87b94e3a060d3f8e4f990cc1dcf40c480efc58caef70103a7c04a98ac1cf1db3 d6a

ssdeep 3072:0vkypr5zwEJ+b+Tz+XIwnVS570M9kdatGCO+xmBc+hMPhPsx8:gw8+

ZVs7nyatGt+SYF

Report #13153

Creation Date: Aug. 20, 2021, 1:34 a.m.

Last Update: Aug. 20, 2021, 5:18 a.m.

File:

fvenotify.exe Results:

(2)

Community

Google False

HashLib False

YARA

Matches domain, contentis_base64, screenshot, HasDebugData, url, HasRichSignatu re, win_mutex, IsPacked, maldoc_find_kernel32_base_method_1, win_token, IsPE32, escalate_priv, IsWindowsGUI, IP

Suspicious True

Imports

BDEUI.dll ?RefreshStatus@BuiVolume@@QAEJ_N@Z, ?ManagementRequiresElevation

@BuiVolume@@QBE_NXZ, BuisCreateElevatedProxyObject, ??1BuiVolume@

@QAE@XZ, ?Init@BuiVolume@@QAEJPAG@Z, ??0BuiVolume@@QAE@_N@

Z, ?DeleteVolumeList@BuiVolume@@SGXPAPAU_BuiVolumeNode@@@Z, ? GetAllVolumes@BuiVolume@@SGJPAPAU_BuiVolumeNode@@@Z, ?IsFveNot ifyNecessary@BuiVolume@@QBE_NXZ, ?ResumeStatusRefreshing@BuiVolu me@@QAEXXZ, ?SuspendStatusRefreshing@BuiVolume@@QAEXXZ, ?CanB eResumed@BuiVolume@@QBE_NXZ, BuisIsHardwareReadyForConversion, ? ResumeConversion@BuiVolume@@QAEJXZ, ?ImplicitPauseConversion@Bui Volume@@QAEJXZ, ?SetProxyObject@BuiVolume@@QAEXPAUIDispatch@@

@Z, BuisCreateProxyObject, ?GetConvertedPercent@BuiVolume@@QBENX Z

GDI32.dll GetObjectW, BitBlt, DeleteDC, SelectObject, CreateCompatibleDC, DeleteO bject

USER32.dll DestroyIcon, GetIconInfo, DrawIconEx, CreateIconIndirect, LoadStringW, Sh owWindow, SendMessageW, DestroyWindow, GetWindowLongW, SetWindo wLongW, RegisterWindowMessageW, MoveWindow, PostMessageW, LoadIm ageW, GetSystemMetrics, RegisterDeviceNotificationW, SetForegroundWind ow, GetCursorPos, LoadMenuW, GetSubMenu, TrackPopupMenu, PostQuitMe ssage, UnregisterDeviceNotification, CreateWindowExW, DispatchMessage W, TranslateMessage, GetMessageW, DefWindowProcW, RegisterClassExW, LoadIconW

msvcrt.dll towupper, _vsnwprintf, malloc, wcstol, _callnewh, free, _XcptFilter, __p__co mmode, _amsg_exit, __set_app_type, exit, memcpy, _exit, _controlfp, ?term inate@@YAXXZ, _except_handler4_common, _acmdln, _initterm, __setuser matherr, _ismbblead, __p__fmode, __CxxFrameHandler3, _cexit, __getmaina rgs, _ftol2, _ftol2_sse, memset

SHELL32.dll ShellExecuteW, Shell_NotifyIconGetRect, Shell_NotifyIconW, CommandLineT oArgvW

(3)

ADVAPI32.dll AllocateAndInitializeSid, CheckTokenMembership, FreeSid, RegGetValueW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, InitiateS hutdownW

KERNEL32.dll GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, Quer yPerformanceCounter, SetUnhandledExceptionFilter, GetStartupInfoW, Free Library, TerminateProcess, FormatMessageW, GetModuleHandleW, GetCurre ntProcess, GetTickCount, Sleep, CreateMutexW, CloseHandle, GetCommand LineW, RegisterApplicationRestart, HeapSetInformation, HeapFree, SetLastE rror, GetModuleHandleExW, GetModuleFileNameW, GetProcessMitigationPol icy, LocalAlloc, HeapAlloc, GetProcAddress, GetProcessHeap, CreateFileW, L oadLibraryW, UnhandledExceptionFilter, LocalFree, GetLastError

api-ms-win-core-com-l1-1-0.dll CoInitializeEx, CoCreateInstance, CoUninitialize

Strings

List

fvenotify.pdb 6I.SR

t.Sj

COMCTL32.dll BDEUI.dll imageres.dll ntdll.dll fvenotify.exe fvenotify.exe

name="Microsoft.Windows.Common-Controls"

u"hp%A

TaskbarCreated

api-ms-win-core-com-l1-1-0.dll Software\Policies\Microsoft\FVE

System\CurrentControlSet\Policies\Microsoft\FVE

?HasSmartCardProtector@VolumeFveStatus@@QBE_NXZ SeShutdownPrivilege

Microsoft.BitLockerDriveEncryption SSSLOM!H"

?InitialVolume==

<description>BitLocker Drive Encryption Notification Applet</description>

publicKeyToken="6595b64144ccf1df"

+%%%) _acmdln

GetProcAddress

BitLocker Drive Encryption Notification Utility FcD4E85

OleSelfRegister OpenProcessToken TerminateProcess ShellExecuteW

?IsEncrypting@VolumeFveStatus@@QBE_NXZ

?IsEncrypted@VolumeFveStatus@@QBE_NXZ

?IsDecrypted@VolumeFveStatus@@QBE_NXZ

?IsDecrypting@VolumeFveStatus@@QBE_NXZ CoCreateInstance

(4)

FreeLibrary CreateMutexW GetModuleHandleW RegGetValueW LoadLibraryW

QueryPerformanceCounter GetModuleFileNameW CreateFileW

WinSta0 GetTickCount

?SetProxyObject@BuiVolume@@QAEXPAUIDispatch@@@Z Sleep

?HasTpmProtector@VolumeFveStatus@@QBE_NXZ BitBlt

?ImplicitPauseConversion@BuiVolume@@QAEJXZ

?NO_DRIVE_LETTER@BuiVolume@@2IB

?RefreshStatus@BuiVolume@@QAEJ_N@Z

?SuspendStatusRefreshing@BuiVolume@@QAEXXZ

?ManagementRequiresElevation@BuiVolume@@QBE_NXZ

?HasPassphraseProtector@VolumeFveStatus@@QBE_NXZ

?ResumeStatusRefreshing@BuiVolume@@QAEXXZ

?IsPreProvisioned@VolumeFveStatus@@QBE_NXZ

?HasPinProtector@VolumeFveStatus@@QBE_NXZ

?HasPBKDF2RecoveryPassword@VolumeFveStatus@@QBE_NXZ

?IsPartiallyConverted@VolumeFveStatus@@QBE_NXZ

?FailedDryRun@VolumeFveStatus@@QBE_NXZ

?HasRecoveryData@VolumeFveStatus@@QBE_NXZ

?IsOn@VolumeFveStatus@@QBE_NXZ

?IsSecure@VolumeFveStatus@@QBE_NXZ

?HasStartupKeyProtector@VolumeFveStatus@@QBE_NXZ

?GetConvertedPercent@BuiVolume@@QBENXZ

?CanBeResumed@BuiVolume@@QBE_NXZ

?Init@BuiVolume@@QAEJPAG@Z

?IsDEAutoProvisioned@VolumeFveStatus@@QBE_NXZ

??0VolumeFveStatus@@QAE@K_KJW4_FVE_WIPING_STATE@@@Z

?IsPaused@VolumeFveStatus@@QBE_NXZ

?NeedsRestart@VolumeFveStatus@@QBE_NXZ

<requestedExecutionLevel

?IsRoamingDevice@VolumeFveStatus@@QBE_NXZ

??4VolumeFveStatus@@QAEAAV0@ABV0@@Z

?HasRecoveryPassword@VolumeFveStatus@@QBE_NXZ

?IsOsCriticalVolume@VolumeFveStatus@@QBE_NXZ

?ResumeConversion@BuiVolume@@QAEJXZ

?IsOsVolume@VolumeFveStatus@@QBE_NXZ

??4BuiVolume@@QAEAAV0@ABV0@@Z

?GetExtendedFlags@VolumeFveStatus@@QBE_KXZ

?IsConverting@VolumeFveStatus@@QBE_NXZ

?HasExternalKey@VolumeFveStatus@@QBE_NXZ

?IsUnknownFveVersion@VolumeFveStatus@@QBE_NXZ

?IsFveNotifyNecessary@BuiVolume@@QBE_NXZ

?IsEDriveVolume@VolumeFveStatus@@QBE_NXZ

??4VolumeFveStatus@@QAEAAV0@$$QAV0@@Z

?GetStatusFlags@VolumeFveStatus@@QBEKXZ

?GetLastConvertStatus@VolumeFveStatus@@QBEJXZ

?IsCsvMetadataVolume@VolumeFveStatus@@QBE_NXZ

?IsDisabled@VolumeFveStatus@@QBE_NXZ

??0VolumeFveStatus@@IAE@XZ

?DeleteVolumeList@BuiVolume@@SGXPAPAU_BuiVolumeNode@@@Z

(5)

?IsLocked@VolumeFveStatus@@QBE_NXZ

??0BuiVolume@@QAE@_N@Z

?GetAllVolumes@BuiVolume@@SGJPAPAU_BuiVolumeNode@@@Z

Foremost

Matches 0.exe, 162 KB, 171.png, 56 KB

Suspicious True

Heuristics

IPs hasIPs: False

Allowed Suspicious

hasAllowed: False hasSuspicious: False

URLs Allowed: http://schemas.microsoft.com/smi/2005/windowssettings hasURLs: True

Suspicious

hasAllowed: True hasSuspicious: False

Files Allowed: imageres.dll, ntdll.dll, ADVAPI32.dll, SHELL32.dll, BDEUI.dll, USER 32.dll, msvcrt.dll, COMCTL32.dll, api-ms-win-core-com-l1-1-0.dll, GDI32.dll, KERNEL32.dll

hasFiles: True Suspicious

Binary

Sizes RVA

RVA: 16

Suspicious: False Code

Size: 100352 Suspicious: False Image

Address: 4194304 Suspicious: False Stack

Stack: 8192 Suspicious: False Headers

Headers: 1024 Suspicious: False Suspicious: False

(6)

Symbols Number Number: 0

Suspicious: True Pointer

Pointer: 0

Suspicious: True Directories Number: 16 Suspicious: False

Checksum Value: 202264

Suspicous: False

Sections Allowed: .text, .data, .idata, .rsrc, .reloc Suspicious

hasAllowed: True hasSections: True hasSuspicious: False

Versions OS

Version: 10

Suspicious: False Image

Version: False Suspicious: 10 Linker

Version: 14.20 Suspicious: False Subsystem

Version: 10.0 Suspicious: False Suspicious: False

EntryPoint Address: 65248

Suspicious: False

Anomalies Anomalies

hasAnomalies: False

Libraries Allowed: imageres.dll, ntdll.dll, advapi32.dll, shell32.dll, bdeui.dll, user32.d ll, msvcrt.dll, comctl32.dll, api-ms-win-core-com-l1-1-0.dll, gdi32.dll, kernel3 2.dll

hasLibs: True Suspicious

Timestamp Past: True

Valid: True

(7)

Value: 1976-05-31 06:05:59 Future: False

Compilation Packed: False

Missing: False Packers

Compiled: True

Compilers: Microsoft Visual C++ 8

Obfuscation XOR: False

Fuzzing: False

PEDetector

Matches None

Suspicious False

Disassembly

hasTricks True

Tricks

ldr .text: 1

pushret .rsrc: 25

.text: 6

pushpopmath .rsrc: 13

.text: 2 .reloc: 5

ss register .text: 1

garbagebytes .rsrc: 14

.text: 4

hookdetection .rsrc: 3

isdebbugerpresent .text: 1

fakeconditionaljumps .rsrc: 2

(8)

programcontrolflowchange .rsrc: 12 .text: 4

cpuinstructionsresultscomparison .rsrc: 7

AVclass

None 1

VirusTotal

md5 95d7e834afa55526302d2783a94cdd9b

sha1 b2e5fd5e6f8e675c4e4039b14506b1206c0afcd1

SCANS (DETECTION RATE = 0.00%)

CMC update: 20210506

version: 2.10.2019.1 detected: False

MAX update: 20210614

APEX update: 20210613

version: 6.174 detected: False

Bkav update: 20210612

K7GW update: 20210614

version: 11.187.37442 detected: False

ALYac update: 20210614

Avast update: 20210614

version: 21.1.5827.0

(9)

detected: False

Avira update: 20210614

Baidu update: 20190318

Cynet update: 20210614

Cyren update: 20210614

DrWeb update: 20210614

GData update: 20210614

version: A:25.29950B:27.23354 detected: False

Panda update: 20210613

VBA32 update: 20210614

VIPRE update: 20210614

version: 93282 detected: False

Zoner update: 20210613

ClamAV update: 20210613

(10)

Comodo update: 20210614 version: 33620 detected: False

Ikarus update: 20210614

Lionic update: 20210614

McAfee update: 20210614

Rising update: 20210614

Sophos update: 20210614

Yandex update: 20210613

Zillya update: 20210611

Acronis update: 20210512

Alibaba update: 20190527

Arcabit update: 20210614

(11)

Elastic update: 20210524 version: 4.0.22 detected: False

FireEye update: 20210614

Sangfor update: 20210607

TACHYON update: 20210614

version: 2021-06-14.02 detected: False

Tencent update: 20210614

ViRobot update: 20210614

Webroot update: 20210614

eGambit update: 20210614

detected: False

Ad-Aware update: 20210614

Emsisoft update: 20210614

F-Secure update: 20210614

Fortinet update: 20210614

version: 6.2.142.0

(12)

detected: False

Jiangmin update: 20210613

Kingsoft update: 20210614

Paloalto update: 20210614

Symantec update: 20210613

AhnLab-V3 update: 20210614

Antiy-AVL update: 20210614

Kaspersky update: 20210614

MaxSecure update: 20210614

Microsoft update: 20210614

Qihoo-360 update: 20210614

ZoneAlarm update: 20210614

(13)

Cybereason update: 20210330 version: 1.2.449 detected: False

ESET-NOD32 update: 20210614

version: 23459 detected: False

Gridinsoft update: 20210614

TrendMicro update: 20210614

BitDefender update: 20210614

CrowdStrike update: 20210203

K7AntiVirus update: 20210614

SentinelOne update: 20210518

Malwarebytes update: 20210614

CAT-QuickHeal update: 20210613

NANO-Antivirus update: 20210614

(14)

BitDefenderTheta update: 20210610 version: 7.2.37796.0 detected: False

MicroWorld-eScan update: 20210614 version: 14.0.409.0 detected: False

SUPERAntiSpyware update: 20210612 version: 5.6.0.1032 detected: False

McAfee-GW-Edition update: 20210613 version: v2019.1.2+3728 detected: False

TrendMicro-HouseCall update: 20210614 version: 10.0.0.1040 detected: False

total 68

sha256 2a7afae03b4aeab95a647bf42ddf71f8c733f0d512981dc111366152eda8f87 7

scan_id 2a7afae03b4aeab95a647bf42ddf71f8c733f0d512981dc111366152eda8f87 7-1623662482

resource 95d7e834afa55526302d2783a94cdd9b

permalink https://www.virustotal.com/gui/file/2a7afae03b4aeab95a647bf42ddf71f8c7 33f0d512981dc111366152eda8f877/detection/f-2a7afae03b4aeab95a647b f42ddf71f8c733f0d512981dc111366152eda8f877-1623662482

positives 0

scan_date 2021-06-14 09:21:22

verbose_msg Scan finished, information embedded

response_code 1

File

Trace

20/8/2021 Un kn

(15)

- 4:45:42.

497

ow n

4 C:\Users\Behemot\Desktop\desktop.ini

20/8/2021 - 4:45:42.

497

Un kn ow n

4 C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf CONHOST.EXE- 1F3E9D7E.pf

20/8/2021 - 4:45:46.

465

Wri

te 4 C:\Users\Behemot

20/8/2021 - 4:45:47.

856

Op en

2 9 2 8

C:\Windows\System32\s

vchost.exe C:\Monitor\WKCD_Load_Use.exe

20/8/2021 - 4:45:47.

856

Un kn ow n

2 9 2 8

vchost.exe C:\Monitor\WKCD_Load_Use.exe WKCD_Load_Us

e.exe

20/8/2021 - 4:45:47.

856

Op en

2 9 2 8

20/8/2021 - 4:45:47.

856

Un kn ow n

2 9 2 8

e.exe

20/8/2021 - 4:45:47.

856

Op en

2 9 2 8

20/8/2021 - 4:45:47.

856

Un kn ow n

2 9 2 8

e.exe

20/8/2021 - 4:45:47.

856

Op en

2 9 2 8

20/8/2021 - 4:45:47.

856

Un kn ow n

2 9 2 8

e.exe

20/8/2021 - 4:45:47. Op

en 2 9

2 C:\Windows\System32\s

(16)

856 8

20/8/2021 - 4:45:47.

856

Un kn ow n

2 9 2 8

e.exe

20/8/2021 - 4:45:47.

856

Op en

2 9 2 8

vchost.exe C:\Windows\Temp\TMP000000A2F27954F4B4C5FD26

20/8/2021 - 4:45:47.

856

Un kn ow n

2 9 2 8

TMP000000A2F 27954F4B4C5F D26

20/8/2021 - 4:45:47.

856

Op en

2 9 2 8

20/8/2021 - 4:45:47.

856

Op en

2 9 2 8

20/8/2021 - 4:45:47.

856

Re ad

2 9 2 8

e.exe

20/8/2021 - 4:45:47.

856

Re ad

2 9 2 8

e.exe

20/8/2021 - 4:45:47.

856

Re ad

2 9 2 8

e.exe

20/8/2021 - 4:45:47.

856

Re ad

2 9 2 8

e.exe

20/8/2021 - 4:45:47.

856

Op en

2 9 2 8

vchost.exe C:\Windows\Temp\TMP000000A30415A103D3F52066

20/8/2021 - 4:45:47.

Un kn ow

2 9 2

TMP000000A3 0415A103D3F5

(17)

872 n 8 2066

20/8/2021 - 4:45:47.

872

Op en

2 9 2 8

vchost.exe C:\Monitor\WKCD_Load_Use.exe:Zone.Identifier

20/8/2021 - 4:45:47.

872

Op en

2 9 2 8

20/8/2021 - 4:45:47.

872

Re ad

2 9 2 8

20/8/2021 - 4:45:47.

872

Un kn ow n

2 9 2 8

TMP000000A3 0415A103D3F5 2066

20/8/2021 - 4:45:47.

872

Un kn ow n

2 9 2 8

e.exe

20/8/2021 - 4:45:47.

872

Op en

2 9 2 8

20/8/2021 - 4:45:47.

872

Un kn ow n

2 9 2 8

e.exe

20/8/2021 - 4:45:47.

872

Op en

2 9 2 8

20/8/2021 - 4:45:47.

872

Un kn ow n

2 9 2 8

e.exe

20/8/2021 - 4:45:47.

872

Op en

2 9 2 8

20/8/2021 - 4:45:47.

872

Un kn ow

2 9 2

e.exe

(18)

n 8

20/8/2021 - 4:45:47.

872

Un kn ow n

2 9 2 8

TMP000000A2F 27954F4B4C5F D26

20/8/2021 - 4:45:47.

887

Wri te

2 9 4 8

C:\Monitor\WKCD_Load_

Use.exe C:\Monitor\Files\Logs\File.log

20/8/2021 - 4:45:48.

497

Un kn ow n

4 C:\Monitor\WKCD_Load_Use.exe WKCD_Load_Us

e.exe

20/8/2021 - 4:45:48.

497

Wri

te 4 C:\Monitor\Files\Logs\File.log

20/8/2021 - 4:45:48.

497

Un kn ow n

4 C:\Monitor\Files\Logs\File.log

20/8/2021 - 4:45:52.

403

Op en

7 9 6

C:\Windows\System32\s vchost.exe

C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C782 7.pf

20/8/2021 - 4:45:52.

403

Op en

7 9 6

20/8/2021 - 4:45:52.

403

Wri te

7 9 6

WKCD_LOAD_U SE.EXE-695C78 27.pf

20/8/2021 - 4:45:52.

403

Un kn ow n

7 9 6

20/8/2021 - 4:45:52.

434

Op en

7 9 6

vchost.exe C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf

20/8/2021 - 4:45:52.

434

Un kn ow n

7 9 6

vchost.exe C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf CONHOST.EXE- 1F3E9D7E.pf

20/8/2021 - 4:45:52.

434

Op en

7 9 6

vchost.exe C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf

(19)

20/8/2021 - 4:45:52.

434

Wri te

7 9 6

20/8/2021 - 4:45:52.

434

Un kn ow n

7 9 6

20/8/2021 - 4:45:52.

497

Wri

te 4 C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C782 7.pf

20/8/2021 - 4:45:52.

497

Wri

te 4 C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf CONHOST.EXE- 1F3E9D7E.pf

20/8/2021 - 4:45:52.

497

Un kn ow n

4 C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C782 7.pf

20/8/2021 - 4:45:52.

497

Un kn ow n

20/8/2021 - 4:45:52.

497

Un kn ow n

20/8/2021 - 4:45:52.

497

Wri te

2 9 4 8

20/8/2021 - 4:45:52.

497

Wri te

2 9 4 8

20/8/2021 - 4:45:52.

856

Op en

2 9 2 8

vchost.exe C:\Windows\System32\conhost.exe

20/8/2021 - 4:45:52.

856

Op en

2 9 2 8

20/8/2021 - 4:45:52.

856

Op en

2 9 2 8

(20)

20/8/2021 - 4:45:52.

856

Op en

2 9 2 8

20/8/2021 - 4:45:54.

465

Wri

20/8/2021 - 4:45:54.

465

Un kn ow n

20/8/2021 - 4:45:57.

465

Wri

te 4 C:\Monitor

20/8/2021 - 4:45:59.

528

Wri te

6 8 4

vchost.exe C:\Windows\System32\winevt\Logs\System.evtx

20/8/2021 - 4:45:59.

528

Wri te

6 8 4

vchost.exe C:\Windows\System32\winevt\Logs\System.evtx

20/8/2021 - 4:45:59.

528

Wri te

6 8 4

vchost.exe C:\Windows\System32\winevt\Logs\Security.evtx

20/8/2021 - 4:45:59.

528

Wri te

6 8 4

vchost.exe C:\Windows\System32\winevt\Logs\Security.evtx

20/8/2021 - 4:46:0.4 65

Wri

te 4 C:\Windows\System32\winevt\Logs\System.evtx

20/8/2021 - 4:46:0.4 65

Wri

te 4 C:\Windows\System32\winevt\Logs\Security.evtx

20/8/2021 - 4:46:2.4 81

Wri

te 4 C:\Windows\System32\winevt\Logs\System.evtx

20/8/2021 - 4:46:2.4 81

Wri

te 4 C:\Windows\System32\winevt\Logs\Security.evtx

20/8/2021 - 4:46:2.4 81

Un kn ow n

4 C:\Windows\System32\winevt\Logs\System.evtx

(21)

20/8/2021 - 4:46:2.4 81

Un kn ow n

4 C:\Windows\System32\winevt\Logs\Security.evtx

20/8/2021 - 4:46:7.7 15

Wri

te 4 C:\Windows\Temp

20/8/2021 - 4:46:10.

465

Wri

te 4 C:\Windows

20/8/2021 - 4:46:17.

481

Wri te

6 8 4

C:\Windows\ServiceProfiles\LocalService\AppData\Loc al\lastalive0.dat

20/8/2021 - 4:46:27.

418

Wri

te 4 C:\System Volume Information\Syscache.hve.LOG1

20/8/2021 - 4:46:27.

418

Wri

20/8/2021 - 4:46:27.

418

Wri

20/8/2021 - 4:46:27.

418

Wri

20/8/2021 - 4:46:27.

418

Wri

20/8/2021 - 4:46:27.

418

Wri

20/8/2021 - 4:46:27.

418

Wri

20/8/2021 - 4:46:27.

418

Wri

20/8/2021 - 4:46:27.

418

Wri

20/8/2021 Wri

(22)

- 4:46:27.

418

20/8/2021 - 4:46:27.

418

Wri

te 4 C:\System Volume Information\Syscache.hve

20/8/2021 - 4:46:27.

418

Wri

20/8/2021 - 4:46:27.

418

Wri

20/8/2021 - 4:46:27.

418

Wri

20/8/2021 - 4:46:27.

418

Wri

20/8/2021 - 4:46:27.

418

Wri

20/8/2021 - 4:46:27.

418

Wri

20/8/2021 - 4:46:27.

418

Wri

20/8/2021 - 4:46:27.

418

Wri

20/8/2021 - 4:46:27.

418

Wri te

2 9 4 8

20/8/2021 - 4:46:27.

512

Wri

20/8/2021 - 4:46:30.

418

Wri

20/8/2021 - 4:46:30.

418

Un kn

ow 4 C:\Monitor\Files\Logs\File.log

(23)

n

20/8/2021 - 4:46:37.

512

Wri

te 4 C:\Windows\System32\config\SYSTEM.LOG1

20/8/2021 - 4:46:37.

512

Wri

20/8/2021 - 4:46:37.

512

Wri

20/8/2021 - 4:46:37.

512

Wri

20/8/2021 - 4:46:37.

512

Wri

te 4 C:\Windows\System32\config\SYSTEM

20/8/2021 - 4:46:37.

512

Wri

20/8/2021 - 4:46:37.

512

Wri

20/8/2021 - 4:46:37.

512

Wri

20/8/2021 - 4:46:55.

997

Op en

5 2 8

C:\Windows\System32\

SearchIndexer.exe C:\ProgramData\Microsoft\Search\Data

20/8/2021 - 4:46:55.

997

Un kn ow n

5 2 8

SearchIndexer.exe C:\ProgramData\Microsoft\Search\Data

20/8/2021 - 4:47:17.

497

Wri te

6 8 4

20/8/2021 - 4:47:27.

559

Op en

1 8 6 4

C:\Windows\explorer.ex

e C:\

20/8/2021 - 4:47:27.

559

Un kn ow

1 8 6

e C:\

(24)

n 4

20/8/2021 - 4:47:32.

809

Op en

1 8 6 4

e C:\Users\Behemot

20/8/2021 - 4:47:32.

809

Op en

1 8 6 4

e C:\Users\Behemot

20/8/2021 - 4:47:32.

809

Un kn ow n

1 8 6 4

e C:\Users\Behemot

20/8/2021 - 4:47:32.

809

Op en

1 8 6 4

e C:\Users\Behemot\AppData\Roaming

20/8/2021 - 4:47:32.

809

Op en

1 8 6 4

20/8/2021 - 4:47:32.

809

Un kn ow n

1 8 6 4

20/8/2021 - 4:47:32.

809

Op en

1 8 6 4

C:\Windows\explorer.ex e

C:\Users\Behemot\AppData\Roaming\Microsoft\Windo ws\Themes

20/8/2021 - 4:47:32.

809

Op en

1 8 6 4

C:\Windows\explorer.ex e

C:\Users\Behemot\AppData\Roaming\Microsoft\Windo ws\Themes\slideshow.ini

20/8/2021 - 4:47:35.

856

Op en

7 9 6

vchost.exe C:\Windows\CSC\v2.0.6\namespace

20/8/2021 - 4:47:35.

856

Un kn ow n

7 9 6

20/8/2021 - 4:47:35.

856

Un kn ow n

7 9 6

(25)

20/8/2021 - 4:47:35.

856

Op en

7 9 6

vchost.exe \Device\Mup\.\.\

20/8/2021 - 4:47:35.

856

Op en

7 9 6

20/8/2021 - 4:47:35.

856

Un kn ow n

7 9 6

20/8/2021 - 4:47:35.

856

Un kn ow n

7 9 6

20/8/2021 - 4:47:35.

856

Un kn ow n

7 9 6

20/8/2021 - 4:47:35.

856

Wri te

2 9 4 8

20/8/2021 - 4:47:35.

856

Wri te

2 9 4 8

20/8/2021 - 4:47:38.

872

Wri

20/8/2021 - 4:47:38.

872

Un kn ow n

20/8/2021 - 4:47:41.

75

Re ad

1 2 3 2

C:\Program Files\Windo ws Media Player\wmpn etwk.exe

C:\Program Files\Windows Media Player\wmpnetwk.e xe

20/8/2021 - 4:48:11.

309

Op

en 4 \Device\HarddiskVolume1\System Volume Informatio n

20/8/2021 - 4:48:11.

309

Un kn ow n

4 \Device\HarddiskVolume1\System Volume Informatio n

(26)

20/8/2021 - 4:48:13.

59

Op

en 4 C:\System Volume Information

20/8/2021 - 4:48:13.

59

Op

en 4 C:\System Volume Information\{3808876b-c176-4e4 8-b7ae-04046e6cc752}

20/8/2021 - 4:48:13.

59

Op en 4

C:\System Volume Information\{bcf7d7ec-4f18-11e8- 8b8a-525400842a13}{3808876b-c176-4e48-b7ae-0 4046e6cc752}

20/8/2021 - 4:48:13.

59

Op en 4

C:\System Volume Information\{bcf7d7f0-4f18-11e8- 8b8a-525400842a13}{3808876b-c176-4e48-b7ae-0 4046e6cc752}

20/8/2021 - 4:48:13.

59

Un kn ow n

4 C:\System Volume Information

20/8/2021 - 4:48:25.

903

Op en

7 9 6

20/8/2021 - 4:48:25.

903

Un kn ow n

7 9 6

20/8/2021 - 4:48:25.

903

Un kn ow n

7 9 6

20/8/2021 - 4:48:25.

903

Op en

7 9 6

20/8/2021 - 4:48:25.

903

Op en

7 9 6

20/8/2021 - 4:48:25.

903

Un kn ow n

7 9 6

20/8/2021 - 4:48:25.

903

Op en

7 9 6

20/8/2021 - 4:48:25.

Un kn 7

9 C:\Windows\System32\s

C:\Windows\CSC\v2.0.6\namespace

(27)

903 ow n

6 vchost.exe

20/8/2021 - 4:48:25.

903

Un kn ow n

7 9 6

20/8/2021 - 4:48:25.

903

Un kn ow n

7 9 6

20/8/2021 - 4:48:25.

903

Un kn ow n

7 9 6

20/8/2021 - 4:48:25.

903

Wri te

2 9 4 8

20/8/2021 - 4:48:28.

903

Wri

20/8/2021 - 4:48:28.

903

Un kn ow n

20/8/2021 - 4:48:32.

465

Wri te

6 8 4

20/8/2021 - 4:49:20.

700

Op en

1 7 9 6

C:\Windows\System32\t askhost.exe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\

Temporary Internet Files\Content.IE5\container.dat

20/8/2021 - 4:49:20.

700

Un kn ow n

1 7 9 6

Temporary Internet Files\Content.IE5\container.dat container.dat

20/8/2021 - 4:49:20.

700

Op en

1 7 9 6

History\History.IE5\container.dat

20/8/2021 - 4:49:20.

700

Un kn ow n

1 7 9 6

History\History.IE5\container.dat container.dat

(28)

20/8/2021 - 4:49:20.

700

Op en

1 7 9 6

C:\Users\Behemot\AppData\Local\Microsoft\Feeds Ca che\container.dat

20/8/2021 - 4:49:20.

700

Un kn ow n

1 7 9 6

C:\Users\Behemot\AppData\Local\Microsoft\Feeds Ca

che\container.dat container.dat

20/8/2021 - 4:49:20.

700

Op en

1 7 9 6

C:\Users\Behemot\AppData\Roaming\Microsoft\Windo ws\IECompatCache\container.dat

20/8/2021 - 4:49:20.

700

Un kn ow n

1 7 9 6

C:\Users\Behemot\AppData\Roaming\Microsoft\Windo

ws\IECompatCache\container.dat container.dat

20/8/2021 - 4:49:20.

700

Op en

1 7 9 6

C:\Users\Behemot\AppData\Roaming\Microsoft\Windo ws\IECompatUACache\container.dat

20/8/2021 - 4:49:20.

700

Un kn ow n

1 7 9 6

ws\IECompatUACache\container.dat container.dat

20/8/2021 - 4:49:20.

700

Op en

1 7 9 6

C:\Users\Behemot\AppData\Roaming\Microsoft\Windo ws\DNTException\container.dat

20/8/2021 - 4:49:20.

700

Un kn ow n

1 7 9 6

ws\DNTException\container.dat container.dat

20/8/2021 - 4:49:20.

700

Op en

1 7 9 6

C:\Users\Behemot\AppData\Roaming\Microsoft\Windo ws\Cookies\container.dat

20/8/2021 - 4:49:20.

700

Un kn ow n

1 7 9 6

ws\Cookies\container.dat container.dat

20/8/2021 - 4:49:20.

700

Op en

1 7 9 6

C:\Users\Behemot\AppData\Local\Microsoft\Internet E xplorer\EmieSiteList\container.dat

(29)

20/8/2021 - 4:49:20.

700

Un kn ow n

1 7 9 6

C:\Users\Behemot\AppData\Local\Microsoft\Internet E

xplorer\EmieSiteList\container.dat container.dat

20/8/2021 - 4:49:20.

700

Op en

1 7 9 6

C:\Users\Behemot\AppData\Local\Microsoft\Internet E xplorer\EmieUserList\container.dat

20/8/2021 - 4:49:20.

700

Un kn ow n

1 7 9 6

xplorer\EmieUserList\container.dat container.dat

20/8/2021 - 4:49:20.

700

Op en

1 7 9 6

C:\Users\Behemot\AppData\Local\Microsoft\Internet E xplorer\DOMStore\container.dat

20/8/2021 - 4:49:20.

700

Un kn ow n

1 7 9 6

xplorer\DOMStore\container.dat container.dat

20/8/2021 - 4:49:20.

700

Op en

1 7 9 6

History\History.IE5\MSHist012018050320180504\cont ainer.dat

20/8/2021 - 4:49:20.

700

Un kn ow n

1 7 9 6

History\History.IE5\MSHist012018050320180504\cont ainer.dat

container.dat

20/8/2021 - 4:49:20.

700

Op en

1 7 9 6

C:\Users\Behemot\AppData\Roaming\Microsoft\Windo ws\IEDownloadHistory\container.dat

20/8/2021 - 4:49:20.

700

Un kn ow n

1 7 9 6

ws\IEDownloadHistory\container.dat container.dat

20/8/2021 - 4:49:20.

700

Op en

1 7 9 6

AppCache\B2419NGQ\container.dat

20/8/2021 - 4:49:20.

700

Un kn ow n

1 7 9 6

AppCache\B2419NGQ\container.dat container.dat

(30)

20/8/2021 - 4:49:20.

700

Op en

1 7 9 6

WebCache

20/8/2021 - 4:49:20.

700

Un kn ow n

1 7 9 6

WebCache

20/8/2021 - 4:49:20.

700

Wri te

2 9 4 8

20/8/2021 - 4:49:20.

747

Wri te

1 7 9 6

WebCache\WebCacheV01.dat

20/8/2021 - 4:49:20.

747

Wri

te 4 C:\Users\Behemot\AppData\Local\Microsoft\Windows\

20/8/2021 - 4:49:20.

840

Wri te

1 7 9 6

20/8/2021 - 4:49:20.

840

Wri

20/8/2021 - 4:49:20.

934

Wri te

1 7 9 6

20/8/2021 - 4:49:20.

934

Wri

20/8/2021 - 4:49:20.

934

Wri te

1 7 9 6

WebCache\V01.log

20/8/2021 - 4:49:20.

934

Wri

WebCache\V01.log

20/8/2021 - 4:49:20.

934

Re ad

1 7 9 6

(31)

20/8/2021 - 4:49:20.

981

Wri te

1 7 9 6

WebCache\V01.log

20/8/2021 - 4:49:20.

981

Wri

WebCache\V01.log

20/8/2021 - 4:49:20.

981

Wri te

1 7 9 6

WebCache\V01.log

20/8/2021 - 4:49:20.

981

Wri

WebCache\V01.log

20/8/2021 - 4:49:20.

981

Wri te

2 9 4 8

20/8/2021 - 4:49:21.

28

Wri te

1 7 9 6

20/8/2021 - 4:49:21.

28

Wri

20/8/2021 - 4:49:21.

75

Op en

1 7 9 6

20/8/2021 - 4:49:21.

75

Un kn ow n

1 7 9 6

20/8/2021 - 4:49:21.

75

Op en

1 7 9 6

WebCache

20/8/2021 - 4:49:21.

75

Un kn ow n

1 7 9 6

WebCache

20/8/2021 - 4:49:21.

75

Op en

1 7 9

(32)

6

20/8/2021 - 4:49:21.

75

Un kn ow n

1 7 9 6

20/8/2021 - 4:49:23.

715

Wri

20/8/2021 - 4:49:23.

715

Un kn ow n

20/8/2021 - 4:49:25.

840

Un kn ow n

2 3 6 0

audiodg.exe C:\Windows

20/8/2021 - 4:49:30.

747

Wri te

1 7 9 6

20/8/2021 - 4:49:30.

747

Wri

20/8/2021 - 4:49:30.

793

Wri te

1 7 9 6

20/8/2021 - 4:49:30.

793

Wri

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

WebCache\V01.chk

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

WebCache\V01.chk

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

WebCache\V01.chk

1

(33)

20/8/2021 - 4:49:30.

840

Op en

7 9 6

WebCache\V01.chk

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

WebCache\V01.chk

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

WebCache

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

WebCache

20/8/2021 - 4:49:30.

840

Un kn ow n

1 7 9 6

WebCache

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

WebCache

20/8/2021 - 4:49:30.

840

Un kn ow n

1 7 9 6

WebCache

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

WebCache

20/8/2021 - 4:49:30.

840

Un kn ow n

1 7 9 6

WebCache

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

WebCache

20/8/2021 - 4:49:30.

840

Un kn ow n

1 7 9 6

WebCache

(34)

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

C:\Windows\System32\t

askhost.exe C:\Users\Behemot\AppData\Local\Microsoft\Windows

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

20/8/2021 - 4:49:30.

840

Un kn ow n

1 7 9 6

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

20/8/2021 - 4:49:30.

840

Un kn ow n

1 7 9 6

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

20/8/2021 - 4:49:30.

840

Un kn ow n

1 7 9 6

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

20/8/2021 - 4:49:30.

840

Un kn ow n

1 7 9 6

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

askhost.exe C:\Users\Behemot\AppData\Local\Microsoft

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

Un 1

(35)

20/8/2021 - 4:49:30.

840

kn ow n

7 9 6

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

20/8/2021 - 4:49:30.

840

Un kn ow n

1 7 9 6

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

20/8/2021 - 4:49:30.

840

Un kn ow n

1 7 9 6

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

20/8/2021 - 4:49:30.

840

Un kn ow n

1 7 9 6

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

askhost.exe C:\Users\Behemot\AppData\Local

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

20/8/2021 - 4:49:30.

840

Un kn ow n

1 7 9 6

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

Un 1

(36)

20/8/2021 - 4:49:30.

840

kn ow n

7 9 6

C:\Users\Behemot\AppData\Local

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

20/8/2021 - 4:49:30.

840

Un kn ow n

1 7 9 6

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

20/8/2021 - 4:49:30.

840

Un kn ow n

1 7 9 6

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

askhost.exe C:\Users\Behemot\AppData

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

20/8/2021 - 4:49:30.

840

Un kn ow n

1 7 9 6

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

20/8/2021 - 4:49:30.

840

Un kn ow n

1 7 9 6

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

Un 1

(37)

20/8/2021 - 4:49:30.

840

kn ow n

7 9 6

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

20/8/2021 - 4:49:30.

840

Un kn ow n

1 7 9 6

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

askhost.exe C:\Users\Behemot

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

20/8/2021 - 4:49:30.

840

Un kn ow n

1 7 9 6

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

20/8/2021 - 4:49:30.

840

Un kn ow n

1 7 9 6

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

20/8/2021 - 4:49:30.

840

Un kn ow n

1 7 9 6

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

(38)

20/8/2021 - 4:49:30.

840

Un kn ow n

1 7 9 6

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

askhost.exe C:\Users

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

20/8/2021 - 4:49:30.

840

Un kn ow n

1 7 9 6

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

20/8/2021 - 4:49:30.

840

Un kn ow n

1 7 9 6

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

20/8/2021 - 4:49:30.

840

Un kn ow n

1 7 9 6

20/8/2021 - 4:49:30.

840

Op en

1 7 9 6

20/8/2021 - 4:49:30.

840

Un kn ow n

1 7 9 6

20/8/2021 - 4:49:30.

840

Wri te

1 7 9 6

WebCache\V01.chk

20/8/2021

(39)

- 4:49:30.

840

Wri te

4 C:\Users\Behemot\AppData\Local\Microsoft\Windows\

WebCache\V01.chk

20/8/2021 - 4:49:30.

840

Wri te

2 9 4 8

20/8/2021 - 4:49:30.

840

Wri te

2 9 4 8

20/8/2021 - 4:49:30.

840

Wri te

1 7 9 6

WebCache\V01.chk

20/8/2021 - 4:49:30.

840

Wri

WebCache\V01.chk

20/8/2021 - 4:49:30.

840

Wri te

2 9 4 8

20/8/2021 - 4:49:30.

840

Wri te

2 9 4 8

20/8/2021 - 4:49:30.

856

Op en

7 9 6

20/8/2021 - 4:49:30.

856

Un kn ow n

7 9 6

20/8/2021 - 4:49:30.

856

Un kn ow n

7 9 6

20/8/2021 - 4:49:30.

856

Op en

7 9 6

20/8/2021 - 4:49:30.

856

Op en

7 9 6

(40)

20/8/2021 - 4:49:30.

856

Un kn ow n

7 9 6

20/8/2021 - 4:49:30.

856

Un kn ow n

7 9 6

20/8/2021 - 4:49:30.

856

Un kn ow n

7 9 6

20/8/2021 - 4:49:31.

497

Wri

20/8/2021 - 4:49:31.

497

Un kn ow n

20/8/2021 - 4:49:31.

497

Un kn ow n

WebCache\V01.chk

20/8/2021 - 4:49:31.

497

Un kn ow n

WebCache\V01.chk

20/8/2021 - 4:49:31.

497

Wri te

2 9 4 8

20/8/2021 - 4:49:32.

465

Wri te

6 8 4

20/8/2021 - 4:49:33.

497

Wri

20/8/2021 - 4:49:33.

497

Un kn ow n

Process

(41)

Trace

20/8/2021 - 4:49:25.84 0

Terminat e

68 4

C:\Windows\System32\svchost.e xe

236 0

C:\Windows\System32\audiodg.e xe

Analysis

Reason Timeout

Status Sucessfully Executed

Results 1

Registry

Trace

20/8/2021 - 4:4 6:22.418

Wr

ite 4 \REGISTRY\A\{BCF7D7EA-4F18-11E8-8B8A-525400842A13}\DefaultObje

ctStore\LruList CurrentLru

20/8/2021 - 4:4 6:22.418

Wr

ctStore\LruList\00000000000000ED ObjectId

20/8/2021 - 4:4 6:22.418

Wr

ctStore\LruList\00000000000000ED ObjectLru

20/8/2021 - 4:4 6:22.418

Wr

ctStore\ObjectTable\1E _ObjectLru_

20/8/2021 - 4:4 6:22.418

Wr

ctStore\LruList\00000000000000E8 ObjectId

20/8/2021 - 4:4 6:22.418

Wr

ctStore\LruList\00000000000000E8 ObjectLru

20/8/2021 - 4:4 6:22.418

Wr

ctStore\ObjectTable\3E _ObjectLru_

20/8/2021 - 4:4 6:22.418

Wr

ctStore\LruList\00000000000000EB ObjectId

20/8/2021 - 4:4 6:22.418

Wr

ctStore\LruList\00000000000000EB ObjectLru

20/8/2021 - 4:4 6:22.418

Wr

ctStore\ObjectTable\3F _ObjectLru_

(42)

20/8/2021 - 4:4 6:22.418

Wr

ctStore\LruList\00000000000000F0 ObjectId

20/8/2021 - 4:4 6:22.418

Wr

ctStore\LruList\00000000000000F0 ObjectLru

20/8/2021 - 4:4 6:22.418

Wr

ctStore\ObjectTable\40 _ObjectLru_

20/8/2021 - 4:4 6:29.309

Wr

ite 4 \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1 a-11d4-9123-0050047759bc}\22

20/8/2021 - 4:4 6:29.309

Wr

ffffffffffffffffffffff ffffffff00

20/8/2021 - 4:4 6:29.309

Wr

20/8/2021 - 4:4 6:29.309

Wr

20/8/2021 - 4:4 6:29.309

Wr

File Summary

Created Identified: True

Deleted Identified: False

Process Summary

Created Identified: False

Deleted Identified: True

Registry Summary

Proxy Identified: False

AutoRun Identified: False

Created Identified: True

(43)

Deleted Identified: False

Browsers Identified: False

Internet Identified: False

DNS

Query

Response

TCP

Info

UDP

Info

HTTP

Info

Summary

DNS False

TCP False

UDP False

(44)

HTTP False

Results

BINARY

NFS 2.0 (Threshold = 0.8) confidence: 72.50%

suspicious: False

NFS 3.0 (Threshold = 0.75) confidence: 82.67%

suspicious: True

Decision Tree (NFS-BRMalware) confidence: 100.00%

MalConv (Ember: Raw Bytes, Threshold=0.5) confidence: 97.15%

Random Forest (100 estimators, NFS-BRMalware) confidence: 70.00%

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35) confidence: 76.85%

LightGDM (Ember: File Characteristics, Threshold=0.8336) confidence: 100.00%