Binary
DLL False
Size 39.27KB
trid 38.4% Win32 Dynamic Link Library
26.3% Win32 Executable 11.8% OS/2 Executable
11.6% Generic Win/DOS Executable 11.6% DOS Executable Generic
type PE
wordsize 32
Subsystem System native
Hashes
md5 d5915a4c454e50d76b343019d9978373
sha1 d55c1104b66bef529644528723cdced4c24c6f52
crc32 0xa0d8d212
sha224 8432f8e7174b8f5fe483fb58a8a96b8edcef6644aee7629623ecef72
sha256 1c14e870a9420d9c18b6caf8f44964ec07fa87f14b896fce50c043a8cb9b543 9
sha384 b460efa70777040440e73de3a1f2f922819d6e8849fa1b53697d56f4d6b87e 4e0c7351637e591add19a290700a0afd9f
sha512 f219f09d7bd19184a138e6dff92e546eb9e6a3fb5f7a00bd4b0d47b47662f09 b35804380ed82d4448d7a6e3229cad7c86526ed4137233346e30f51c2a3db c3fa
ssdeep 768:xB58AT6F3K3YRsNnpgDGGtY52p3T3bmbXXhYMyr:xBCF3KoEnmI20bnh mr
Report #8078
Creation Date: March 2, 2020, 12:43 p.m.
Last Update: March 2, 2020, 3:15 p.m.
File:
blz1.jpg.exe Results:
Community
Google False
HashLib False
YARA
Matches domain, HasDigitalSignature, DebuggerCheck__QueryInfo, Dropper_Strings, contentis_base64, Microsoft_Visual_Cpp_v50v60_MFC, HasOverlay, maldoc_
find_kernel32_base_method_1, url, IsPE32, HasRichSignature
Suspicious True
Strings
List
https://secure.comodo.net/CPS0B http://www.greatis.com
1http://crl.usertrust.com/UTN-USERFirst-Object.crl05 1http://crl.usertrust.com/UTN-USERFirst-Object.crl04 http://ocsp.comodoca.com0
\??\a:\command.rri
%s.del
\??\a:\report.log
\??\a:\report.log
\??\a:\report.txt
\Registry\Machine\SYSTEM\CurrentControlSet\Services\%s
\Registry\Machine\DS\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify http://www.greatis.com0
Rootkit checking has been started...
http://www.usertrust.com1 http://www.usertrust.com1 http://www.usertrust.com1 http://www.usertrust.com1 http://ocsp.usertrust.com0 ntdll.dll
RegRun Partizan - Bootwatch AntiRootkit. Greatis Software (c) 2007-2015.
\Registry\Machine\SYSTEM\CurrentControlSet\Control\Partizan Partizan driver didn't start.
\Registry\Machine\SYSTEM\CurrentControlSet
\Registry\Machine\SYSTEM\CurrentControlSet\Services Partizan driver is active.
Partizan.exe Partizan.exe
Partizan - First Bootwatch Anti-Rootkit
&oomm]]\h]
- Doesn't exist.
File doesn't exist.
File doesn't exist.
File doesn't exist.
Doesn't exist Key is opened.
File does not exist:
File has been safe deleted.
NtSetSecurityObject failed. Status= %lx Key has been flushed:Success!
Key has been flushed:Success!
Error Status=0x%x Error Status=0x%x Error Status=0x%x Error Status=0x%x Error Status=0x%x Error Status=0x%x Error Status=0x%x Error Status=0x%x Error Status=0x%x Error Status=0x%x Error Status=0x%x Error Status=0x%x Error Status=0x%x Error Status=0x%x Error Status=0x%x Error Status=0x%x Error Status=0x%x Error Status=0x%x Error Status=0x%x Error Status=0x%x Error Status=0x%x Error Status=0x%x Error Status=0x%x Error Status=0x%x Error Status=0x%x Error Status=0x%x Error Status=0x%x Error Status=0x%x Error Status=0x%x Deleting registry key:%s Partizan %d.%d started.
Error Status=%d Num Values=%d
\??\C:\reg
\Device\KeyboardClass0 UseSafedelete
FlushKey:Success!
Windows Version:%d.%d Build:%d
Reset file attributes: FAILURE. Error Status=0x%x Reset file attributes: FAILURE. Error Status=0x%x Day: %d. Month:%d.%d Time (GMT +0):%d:%d:%d HideWelcomeMessage
File Open FAILURE. Error Status=0x%x NtOpenFile() failed (Status %lx) Deleting Error=0x%x
Sorry. We could not create the Heap. Bye!
Key has been deleted:Success!
Key has been deleted:Success!
Num SubKeys=%d Num SubKeys=%d
Num SubKeys=%d DeleteKey FAILURE.
DeleteKey FAILURE.
RtlAllocateAndInitializeSid failed.
RtlCreateHeap
File has been recovered.
COMODO CA Limited1$0"
SafeDeleteFile has been unsuccessfull.
Foremost
Matches 0.exe, 35 KB
Suspicious True
Heuristics
IPs hasIPs: False
Allowed Suspicious
hasAllowed: False hasSuspicious: False
URLs Allowed
hasURLs: True
Suspicious: http://www.usertrust.com1, http://ocsp.comodoca.com0, http:/
/www.greatis.com, http://crl.usertrust.com/utn-userfirst-object.crl05, http://
crl.usertrust.com/utn-userfirst-object.crl04, https://secure.comodo.net/cps0 b, http://www.greatis.com0, http://ocsp.usertrust.com0
hasAllowed: False hasSuspicious: True
Files Allowed: ntdll.dll
hasFiles: True
Suspicious: \??\a:\report.txt, \??\a:\report.log hasAllowed: True
hasSuspicious: True
Binary
Sizes RVA
RVA: 16
Suspicious: False Code
Size: 19968
Suspicious: False Image
Address: 4194304 Suspicious: False Stack
Stack: 4096
Suspicious: False Headers
Headers: 1024 Suspicious: False Suspicious: False
Symbols Number
Number: 0
Suspicious: True Pointer
Pointer: 0
Suspicious: True Directories Number: 16 Suspicious: False
Checksum Value: 94960
Suspicous: False
Sections Allowed: .text, .rdata, .data, .rsrc, .reloc Suspicious
hasAllowed: True hasSections: True hasSuspicious: False
Versions OS
Version: 4
Suspicious: False Image
Version: True Suspicious: 4 Linker
Version: 6.0 Suspicious: False Subsystem
Version: 4.0 Suspicious: False Suspicious: False
EntryPoint Address: 4096
Suspicious: False
Anomalies Anomalies
hasAnomalies: False
Libraries Allowed: ntdll.dll
hasLibs: True Suspicious
hasAllowed: True hasSuspicious: False
Timestamp Past: False Valid: True
Value: 2014-12-24 08:14:32 Future: False
Compilation Packed: False
Missing: True Packers
Compiled: False Compilers
Obfuscation XOR: False
Fuzzing: False
PEDetector
Matches None
Suspicious False
Disassembly
hasTricks True
Tricks
cpuinstructionsresultscomparison .rsrc: 1
AVclass
None 1
VirusTotal
md5 d5915a4c454e50d76b343019d9978373
sha1 d55c1104b66bef529644528723cdced4c24c6f52
SCANS (DETECTION RATE = 0.00%)
AVG update: 20190927
version: 18.4.3895.0 detected: False
CMC update: 20190321 version: 1.1.0.977 detected: False
MAX update: 20190927
version: 2019.9.16.1 detected: False
APEX update: 20190924
version: 5.66 detected: False
Bkav update: 20190925
version: 1.3.0.10239 detected: False
K7GW update: 20190926
version: 11.68.32103 detected: False
ALYac update: 20190927
version: 1.1.1.5 detected: False
Avast update: 20190927
version: 18.4.3895.0 detected: False
Avira update: 20190926
version: 8.3.3.8 detected: False
Baidu update: 20190318
version: 1.0.0.2 detected: False
Cyren update: 20190927
version: 6.2.2.2 detected: False
DrWeb update: 20190927
version: 7.0.41.7240 detected: False
GData update: 20190927
version: A:25.23509B:26.16120 detected: False
Panda update: 20190926
version: 4.6.4.2 detected: False
VBA32 update: 20190926
version: 4.1.0 detected: False
VIPRE update: 20190927
version: 78160 detected: False
Zoner update: 20190927
version: 1.0.0.1 detected: False
ClamAV update: 20190926
version: 0.101.4.0 detected: False
Comodo update: 20190927
version: 31534 detected: False
F-Prot update: 20190927
version: 4.7.1.166 detected: False
Ikarus update: 20190926
version: 0.1.5.2 detected: False
McAfee update: 20190927
version: 6.0.6.653 detected: False
Rising update: 20190927
version: 25.0.0.24 detected: False
Sophos update: 20190926
version: 4.98.0
detected: False
Yandex update: 20190923
version: 5.5.2.24 detected: False
Zillya update: 20190926
version: 2.0.0.3911 detected: False
Acronis update: 20190923
version: 1.1.1.58 detected: False
Alibaba update: 20190527
version: 0.3.0.5 detected: False
Arcabit update: 20190927
version: 1.0.0.857 detected: False
Cylance update: 20190927
version: 2.3.1.101 detected: False
Endgame update: 20190918
version: 3.0.15 detected: False
FireEye update: 20190927
version: 29.7.0.0 detected: False
TACHYON update: 20190927
version: 2019-09-27.01 detected: False
Tencent update: 20190927
version: 1.0.0.1 detected: False
ViRobot update: 20190926
version: 2014.3.20.0 detected: False
Webroot update: 20190927 version: 1.0.0.403 detected: False
eGambit update: 20190927
version: v5.0.5 detected: False
Ad-Aware update: 20190927
version: 3.0.5.370 detected: False
AegisLab update: 20190927
version: 4.2 detected: False
Emsisoft update: 20190927
version: 2018.12.0.1641 detected: False
F-Secure update: 20190927
version: 12.0.86.52 detected: False
Fortinet update: 20190927
version: 5.4.247.0 detected: False
Invincea update: 20190904
version: 6.3.6.26157 detected: False
Jiangmin update: 20190927
version: 16.0.100 detected: False
Kingsoft update: 20190927
version: 2013.8.14.323 detected: False
Paloalto update: 20190927
version: 1.0 detected: False
Symantec update: 20190926 version: 1.10.0.0 detected: False
Trapmine update: 20190826
version: 3.1.81.800 detected: False
AhnLab-V3 update: 20190926
version: 3.16.2.25355 detected: False
Antiy-AVL update: 20190926
version: 3.0.0.1 detected: False
Kaspersky update: 20190926
version: 15.0.1.13 detected: False
MaxSecure update: 20190926
version: 1.0.0.1 detected: False
Microsoft update: 20190927
version: 1.1.16400.2 detected: False
Qihoo-360 update: 20190927
version: 1.0.0.1120 detected: False
ZoneAlarm update: 20190927
version: 1.0 detected: False
Cybereason update: 20190616
version: 1.2.449 detected: False
ESET-NOD32 update: 20190927
version: 20086 detected: False
TrendMicro update: 20190927
version: 11.0.0.1006 detected: False
BitDefender update: 20190927
version: 7.2 detected: False
CrowdStrike update: 20190702
version: 1.0 detected: False
K7AntiVirus update: 20190926
version: 11.68.32102 detected: False
SentinelOne update: 20190807
version: 1.0.31.22 detected: False
Avast-Mobile update: 20190926
version: 190926-00 detected: False
Malwarebytes update: 20190927
version: 2.1.1.1115 detected: False
TotalDefense update: 20190925
version: 37.1.62.1 detected: False
CAT-QuickHeal update: 20190926
version: 14.00 detected: False
NANO-Antivirus update: 20190927
version: 1.0.134.24859 detected: False
MicroWorld-eScan update: 20190927 version: 14.0.297.0 detected: False
SUPERAntiSpyware update: 20190920 version: 5.6.0.1032
detected: False
McAfee-GW-Edition update: 20190926 version: v2017.3010 detected: False
TrendMicro-HouseCall update: 20190927 version: 10.0.0.1040 detected: False
total 71
sha256 1c14e870a9420d9c18b6caf8f44964ec07fa87f14b896fce50c043a8cb9b543 9
scan_id 1c14e870a9420d9c18b6caf8f44964ec07fa87f14b896fce50c043a8cb9b543 9-1569553545
resource d5915a4c454e50d76b343019d9978373
permalink https://www.virustotal.com/file/1c14e870a9420d9c18b6caf8f44964ec07fa8 7f14b896fce50c043a8cb9b5439/analysis/1569553545/
positives 0
scan_date 2019-09-27 03:05:45
verbose_msg Scan finished, information embedded
response_code 1
File
Trace
2/3/2020 - 14:45:4 3.465
Un kn ow n
4 C:\Users\Behemot\Desktop\desktop.ini
2/3/2020 - 14:45:4 3.465
Un kn ow n
4 C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf CONHOST.EXE- 1F3E9D7E.pf
2/3/2020 - 14:45:4 7.856
Op en
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Monitor\WKCD_Load_Use.exe
2/3/2020 - 14:45:4 7.856
Un kn ow n
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Monitor\WKCD_Load_Use.exe WKCD_Load_Us
e.exe
2/3/2020 - 14:45:4 7.856
Op en
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Monitor\WKCD_Load_Use.exe
2/3/2020 - 14:45:4 7.856
Un kn ow n
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Monitor\WKCD_Load_Use.exe WKCD_Load_Us
e.exe
2/3/2020 - 14:45:4 7.856
Op en
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Monitor\WKCD_Load_Use.exe
2/3/2020 - 14:45:4 7.856
Un kn ow n
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Monitor\WKCD_Load_Use.exe WKCD_Load_Us
e.exe
2/3/2020 - 14:45:4 7.856
Op en
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Monitor\WKCD_Load_Use.exe
2/3/2020 - 14:45:4 7.856
Un kn ow n
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Monitor\WKCD_Load_Use.exe WKCD_Load_Us
e.exe
2/3/2020 - 14:45:4 7.856
Op en
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Monitor\WKCD_Load_Use.exe
2/3/2020 - 14:45:4 7.856
Un kn ow n
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Monitor\WKCD_Load_Use.exe WKCD_Load_Us
e.exe
2/3/2020 - 14:45:4 7.856
Op en
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Windows\Temp\TMP000000A29CB068C48B7BC3E8
2/3/2020 - 14:45:4 7.872
Un kn ow n
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Windows\Temp\TMP000000A29CB068C48B7BC3E8
TMP000000A2 9CB068C48B7 BC3E8
2
2/3/2020 - 14:45:4 7.872
Op en
9 2 8
C:\Windows\System32\s
vchost.exe C:\Monitor\WKCD_Load_Use.exe
2/3/2020 - 14:45:4 7.872
Op en
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Monitor\WKCD_Load_Use.exe
2/3/2020 - 14:45:4 7.872
Re ad
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Monitor\WKCD_Load_Use.exe WKCD_Load_Us
e.exe
2/3/2020 - 14:45:4 7.872
Re ad
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Monitor\WKCD_Load_Use.exe WKCD_Load_Us
e.exe
2/3/2020 - 14:45:4 7.872
Re ad
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Monitor\WKCD_Load_Use.exe WKCD_Load_Us
e.exe
2/3/2020 - 14:45:4 7.872
Re ad
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Monitor\WKCD_Load_Use.exe WKCD_Load_Us
e.exe
2/3/2020 - 14:45:4 7.872
Op en
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Windows\Temp\TMP000000A3E8C563C46B84409D
2/3/2020 - 14:45:4 7.872
Un kn ow n
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Windows\Temp\TMP000000A3E8C563C46B84409D
TMP000000A3 E8C563C46B84 409D
2/3/2020 - 14:45:4 7.872
Op en
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
2/3/2020 - 14:45:4 7.872
Op en
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
2/3/2020 - 14:45:4 7.887
Re ad
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Monitor\WKCD_Load_Use.exe:Zone.Identifier
2/3/2020 Un 2 TMP000000A3
- 14:45:4 7.887
kn ow n
9 2 8
C:\Windows\System32\s vchost.exe
C:\Windows\Temp\TMP000000A3E8C563C46B84409D E8C563C46B84 409D
2/3/2020 - 14:45:4 7.887
Un kn ow n
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Monitor\WKCD_Load_Use.exe WKCD_Load_Us
e.exe
2/3/2020 - 14:45:4 7.887
Op en
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Monitor\WKCD_Load_Use.exe
2/3/2020 - 14:45:4 7.887
Un kn ow n
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Monitor\WKCD_Load_Use.exe WKCD_Load_Us
e.exe
2/3/2020 - 14:45:4 7.887
Op en
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Monitor\WKCD_Load_Use.exe
2/3/2020 - 14:45:4 7.887
Un kn ow n
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Monitor\WKCD_Load_Use.exe WKCD_Load_Us
e.exe
2/3/2020 - 14:45:4 7.887
Op en
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Monitor\WKCD_Load_Use.exe
2/3/2020 - 14:45:4 7.887
Un kn ow n
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Monitor\WKCD_Load_Use.exe WKCD_Load_Us
e.exe
2/3/2020 - 14:45:4 7.887
Wri te
2 2 7 6
C:\Monitor\WKCD_Load_
Use.exe C:\Monitor\Files\Logs\File.log
2/3/2020 - 14:45:4 7.918
Un kn ow n
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Windows\Temp\TMP000000A29CB068C48B7BC3E8
TMP000000A2 9CB068C48B7 BC3E8
2/3/2020 - 14:45:4 9.465
Un kn ow n
4 C:\Monitor\WKCD_Load_Use.exe WKCD_Load_Us
e.exe
2/3/2020 - 14:45:4 Wri
4 C:\Monitor\Files\Logs\File.log
9.465 te
2/3/2020 - 14:45:4 9.465
Un kn ow n
4 C:\Monitor\Files\Logs\File.log
2/3/2020 - 14:45:5 1.481
Wri
te 4 C:\Windows
2/3/2020 - 14:45:5 2.418
Op en
7 9 6
C:\Windows\System32\s vchost.exe
C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C782 7.pf
2/3/2020 - 14:45:5 2.418
Op en
7 9 6
C:\Windows\System32\s vchost.exe
C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C782 7.pf
2/3/2020 - 14:45:5 2.418
Wri te
7 9 6
C:\Windows\System32\s vchost.exe
C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C782 7.pf
WKCD_LOAD_U SE.EXE-695C78 27.pf
2/3/2020 - 14:45:5 2.418
Un kn ow n
7 9 6
C:\Windows\System32\s vchost.exe
C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C782 7.pf
WKCD_LOAD_U SE.EXE-695C78 27.pf
2/3/2020 - 14:45:5 2.450
Op en
7 9 6
C:\Windows\System32\s
vchost.exe C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
2/3/2020 - 14:45:5 2.450
Un kn ow n
7 9 6
C:\Windows\System32\s
vchost.exe C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf CONHOST.EXE- 1F3E9D7E.pf
2/3/2020 - 14:45:5 2.450
Op en
7 9 6
C:\Windows\System32\s
vchost.exe C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
2/3/2020 - 14:45:5 2.450
Wri te
7 9 6
C:\Windows\System32\s
vchost.exe C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf CONHOST.EXE- 1F3E9D7E.pf
2/3/2020 - 14:45:5 2.450
Un kn ow n
7 9 6
C:\Windows\System32\s
vchost.exe C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf CONHOST.EXE- 1F3E9D7E.pf
2/3/2020 - 14:45:5 2.856
Op en
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Windows\System32\conhost.exe
2/3/2020 - 14:45:5 2.856
Op en
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Windows\System32\conhost.exe
2/3/2020 - 14:45:5 2.856
Op en
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Windows\System32\conhost.exe
2/3/2020 - 14:45:5 2.856
Op en
2 9 2 8
C:\Windows\System32\s
vchost.exe C:\Windows\System32\conhost.exe
2/3/2020 - 14:45:5 3.481
Wri
te 4 C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C782
7.pf
WKCD_LOAD_U SE.EXE-695C78 27.pf
2/3/2020 - 14:45:5 3.481
Wri
te 4 C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf CONHOST.EXE- 1F3E9D7E.pf
2/3/2020 - 14:45:5 3.481
Wri te
2 2 7 6
C:\Monitor\WKCD_Load_
Use.exe C:\Monitor\Files\Logs\File.log
2/3/2020 - 14:45:5 3.481
Wri te
2 2 7 6
C:\Monitor\WKCD_Load_
Use.exe C:\Monitor\Files\Logs\File.log
2/3/2020 - 14:45:5 3.481
Un kn ow n
4 C:\Windows\Prefetch\WKCD_LOAD_USE.EXE-695C782
7.pf
WKCD_LOAD_U SE.EXE-695C78 27.pf
2/3/2020 - 14:45:5 3.497
Un kn ow n
4 C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf CONHOST.EXE- 1F3E9D7E.pf
2/3/2020 - 14:45:5 3.497
Un kn ow n
4 C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf CONHOST.EXE- 1F3E9D7E.pf
2/3/2020 - 14:45:5 5.497
Wri
te 4 C:\Monitor\Files\Logs\File.log
2/3/2020 - 14:45:5 5.497
Un kn ow n
4 C:\Monitor\Files\Logs\File.log
2/3/2020 - 14:45:5 8.950
Op en
1 1 7 2
C:\Windows\System32\s
vchost.exe C:\Windows\ServiceProfiles\LocalService
2/3/2020 - 14:45:5 8.950
Op en
1 1 7 2
C:\Windows\System32\s
vchost.exe C:\Windows\ServiceProfiles\LocalService
2/3/2020 - 14:45:5 8.950
Un kn ow n
1 1 7 2
C:\Windows\System32\s
vchost.exe C:\Windows\ServiceProfiles\LocalService
2/3/2020 - 14:45:5 8.950
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al
2/3/2020 - 14:45:5 8.950
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al
2/3/2020 - 14:45:5 8.950
Un kn ow n
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al
2/3/2020 - 14:45:5 8.950
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al\PnrpSqm
2/3/2020 - 14:45:5 8.950
Op en
1 1 7 2
C:\Windows\System32\s
vchost.exe C:\ProgramData\Microsoft\Windows\Sqm\Upload
2/3/2020 - 14:45:5 8.950
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\ProgramData\Microsoft\Windows\Sqm\Upload\Pnrp ResolveSession0.sqm
2/3/2020 - 14:45:5 8.950
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\ProgramData\Microsoft\Windows\Sqm\Upload\Pnrp ResolveSession0.sqm
2/3/2020 - 14:45:5 9.465
Wri
te 4 C:\Monitor
Un 1
2/3/2020 - 14:46:6.
637
kn ow n
7 5 2
C:\Windows\System32\
wbem\WmiPrvSE.exe C:\Windows\System32
2/3/2020 - 14:46:1 1.497
Wri
te 4 C:\Windows\Temp
2/3/2020 - 14:46:2 3.481
Wri
te 4 C:\Windows
2/3/2020 - 14:46:2 7.418
Wri
te 4 C:\System Volume Information\Syscache.hve.LOG1
2/3/2020 - 14:46:2 7.418
Wri
te 4 C:\System Volume Information\Syscache.hve.LOG1
2/3/2020 - 14:46:2 7.418
Wri
te 4 C:\System Volume Information\Syscache.hve.LOG1
2/3/2020 - 14:46:2 7.418
Wri
te 4 C:\System Volume Information\Syscache.hve.LOG1
2/3/2020 - 14:46:2 7.418
Wri
te 4 C:\System Volume Information\Syscache.hve.LOG1
2/3/2020 - 14:46:2 7.418
Wri
te 4 C:\System Volume Information\Syscache.hve.LOG1
2/3/2020 - 14:46:2 7.418
Wri
te 4 C:\System Volume Information\Syscache.hve.LOG1
2/3/2020 - 14:46:2 7.418
Wri
te 4 C:\System Volume Information\Syscache.hve.LOG1
2/3/2020 - 14:46:2 7.418
Wri
te 4 C:\System Volume Information\Syscache.hve.LOG1
2/3/2020 - 14:46:2 7.418
Wri
te 4 C:\System Volume Information\Syscache.hve.LOG1
2/3/2020 - 14:46:2 Wri
te 2 2 7
C:\Monitor\WKCD_Load_
Use.exe C:\Monitor\Files\Logs\File.log
7.434 6
2/3/2020 - 14:46:2 7.434
Wri
te 4 C:\System Volume Information\Syscache.hve
2/3/2020 - 14:46:2 7.434
Wri
te 4 C:\System Volume Information\Syscache.hve
2/3/2020 - 14:46:2 7.434
Wri
te 4 C:\System Volume Information\Syscache.hve
2/3/2020 - 14:46:2 7.434
Wri
te 4 C:\System Volume Information\Syscache.hve
2/3/2020 - 14:46:2 7.434
Wri
te 4 C:\System Volume Information\Syscache.hve
2/3/2020 - 14:46:2 7.434
Wri
te 4 C:\System Volume Information\Syscache.hve
2/3/2020 - 14:46:2 7.434
Wri
te 4 C:\System Volume Information\Syscache.hve
2/3/2020 - 14:46:2 7.434
Wri
te 4 C:\System Volume Information\Syscache.hve
2/3/2020 - 14:46:2 7.434
Wri
te 4 C:\System Volume Information\Syscache.hve
2/3/2020 - 14:46:2 7.528
Wri
te 4 C:\System Volume Information\Syscache.hve
2/3/2020 - 14:46:2 9.28
Op en
1 1 7 2
C:\Windows\System32\s
vchost.exe C:\Windows\ServiceProfiles\LocalService
2/3/2020 - 14:46:2 9.28
Op en
1 1 7 2
C:\Windows\System32\s
vchost.exe C:\Windows\ServiceProfiles\LocalService
2/3/2020 - 14:46:2
Un kn ow
1 1 7
C:\Windows\System32\s
vchost.exe C:\Windows\ServiceProfiles\LocalService
9.28 n 2
2/3/2020 - 14:46:2 9.28
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al
2/3/2020 - 14:46:2 9.28
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al
2/3/2020 - 14:46:2 9.28
Un kn ow n
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al
2/3/2020 - 14:46:2 9.28
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al\PnrpSqm
2/3/2020 - 14:46:2 9.28
Op en
1 1 7 2
C:\Windows\System32\s
vchost.exe C:\ProgramData\Microsoft\Windows\Sqm\Upload
2/3/2020 - 14:46:2 9.28
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\ProgramData\Microsoft\Windows\Sqm\Upload\Pnrp ResolveSession0.sqm
2/3/2020 - 14:46:2 9.28
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\ProgramData\Microsoft\Windows\Sqm\Upload\Pnrp ResolveSession0.sqm
2/3/2020 - 14:46:3 0.434
Wri
te 4 C:\Monitor\Files\Logs\File.log
2/3/2020 - 14:46:3 0.434
Un kn ow n
4 C:\Monitor\Files\Logs\File.log
2/3/2020 - 14:46:3 2.497
Wri te
6 8 4
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al\lastalive0.dat
2/3/2020 - 14:46:5 5.731
Op en
5 2 8
C:\Windows\System32\
SearchIndexer.exe C:\ProgramData\Microsoft\Search\Data
Un
2/3/2020 - 14:46:5 5.731
kn ow n
5 2 8
C:\Windows\System32\
SearchIndexer.exe C:\ProgramData\Microsoft\Search\Data
2/3/2020 - 14:46:5 9.106
Op en
1 1 7 2
C:\Windows\System32\s
vchost.exe C:\Windows\ServiceProfiles\LocalService
2/3/2020 - 14:46:5 9.106
Op en
1 1 7 2
C:\Windows\System32\s
vchost.exe C:\Windows\ServiceProfiles\LocalService
2/3/2020 - 14:46:5 9.106
Un kn ow n
1 1 7 2
C:\Windows\System32\s
vchost.exe C:\Windows\ServiceProfiles\LocalService
2/3/2020 - 14:46:5 9.106
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al
2/3/2020 - 14:46:5 9.106
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al
2/3/2020 - 14:46:5 9.106
Un kn ow n
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al
2/3/2020 - 14:46:5 9.106
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al\PnrpSqm
2/3/2020 - 14:46:5 9.106
Op en
1 1 7 2
C:\Windows\System32\s
vchost.exe C:\ProgramData\Microsoft\Windows\Sqm\Upload
2/3/2020 - 14:46:5 9.106
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\ProgramData\Microsoft\Windows\Sqm\Upload\Pnrp ResolveSession0.sqm
2/3/2020 - 14:46:5 9.106
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\ProgramData\Microsoft\Windows\Sqm\Upload\Pnrp ResolveSession0.sqm
2
2/3/2020 - 14:46:5 9.106
Wri te
2 7 6
C:\Monitor\WKCD_Load_
Use.exe
C:\Monitor\Files\Logs\File.log
2/3/2020 - 14:46:5 9.106
Wri te
2 2 7 6
C:\Monitor\WKCD_Load_
Use.exe C:\Monitor\Files\Logs\File.log
2/3/2020 - 14:47:2.
106
Wri
te 4 C:\Monitor\Files\Logs\File.log
2/3/2020 - 14:47:2.
106
Un kn ow n
4 C:\Monitor\Files\Logs\File.log
2/3/2020 - 14:47:2 7.559
Op en
1 8 6 4
C:\Windows\explorer.ex
e C:\
2/3/2020 - 14:47:2 7.559
Un kn ow n
1 8 6 4
C:\Windows\explorer.ex
e C:\
2/3/2020 - 14:47:2 9.153
Op en
1 1 7 2
C:\Windows\System32\s
vchost.exe C:\Windows\ServiceProfiles\LocalService
2/3/2020 - 14:47:2 9.153
Op en
1 1 7 2
C:\Windows\System32\s
vchost.exe C:\Windows\ServiceProfiles\LocalService
2/3/2020 - 14:47:2 9.153
Un kn ow n
1 1 7 2
C:\Windows\System32\s
vchost.exe C:\Windows\ServiceProfiles\LocalService
2/3/2020 - 14:47:2 9.153
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al
2/3/2020 - 14:47:2 9.153
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al
2/3/2020 - 14:47:2
Un kn
1
1 C:\Windows\System32\s C:\Windows\ServiceProfiles\LocalService\AppData\Loc
9.153 ow n
7 2
vchost.exe al
2/3/2020 - 14:47:2 9.153
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al\PnrpSqm
2/3/2020 - 14:47:2 9.153
Op en
1 1 7 2
C:\Windows\System32\s
vchost.exe C:\ProgramData\Microsoft\Windows\Sqm\Upload
2/3/2020 - 14:47:2 9.153
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\ProgramData\Microsoft\Windows\Sqm\Upload\Pnrp ResolveSession0.sqm
2/3/2020 - 14:47:2 9.153
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\ProgramData\Microsoft\Windows\Sqm\Upload\Pnrp ResolveSession0.sqm
2/3/2020 - 14:47:3 2.481
Wri te
6 8 4
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al\lastalive1.dat
2/3/2020 - 14:47:3 2.481
Wri te
2 2 7 6
C:\Monitor\WKCD_Load_
Use.exe C:\Monitor\Files\Logs\File.log
2/3/2020 - 14:47:3 2.809
Op en
1 8 6 4
C:\Windows\explorer.ex
e C:\Users\Behemot
2/3/2020 - 14:47:3 2.809
Op en
1 8 6 4
C:\Windows\explorer.ex
e C:\Users\Behemot
2/3/2020 - 14:47:3 2.809
Un kn ow n
1 8 6 4
C:\Windows\explorer.ex
e C:\Users\Behemot
2/3/2020 - 14:47:3 2.809
Op en
1 8 6 4
C:\Windows\explorer.ex
e C:\Users\Behemot\AppData\Roaming
2/3/2020 - 14:47:3 2.809
Op en
1 8 6 4
C:\Windows\explorer.ex
e C:\Users\Behemot\AppData\Roaming
2/3/2020 - 14:47:3 2.809
Un kn ow n
1 8 6 4
C:\Windows\explorer.ex
e C:\Users\Behemot\AppData\Roaming
2/3/2020 - 14:47:3 2.809
Op en
1 8 6 4
C:\Windows\explorer.ex e
C:\Users\Behemot\AppData\Roaming\Microsoft\Windo ws\Themes
2/3/2020 - 14:47:3 2.809
Op en
1 8 6 4
C:\Windows\explorer.ex e
C:\Users\Behemot\AppData\Roaming\Microsoft\Windo ws\Themes\slideshow.ini
2/3/2020 - 14:47:3 5.481
Wri
te 4 C:\Monitor\Files\Logs\File.log
2/3/2020 - 14:47:3 5.481
Un kn ow n
4 C:\Monitor\Files\Logs\File.log
2/3/2020 - 14:47:3 5.856
Op en
7 9 6
C:\Windows\System32\s
vchost.exe C:\Windows\CSC\v2.0.6\namespace
2/3/2020 - 14:47:3 5.856
Un kn ow n
7 9 6
C:\Windows\System32\s
vchost.exe C:\Windows\CSC\v2.0.6\namespace
2/3/2020 - 14:47:3 5.856
Un kn ow n
7 9 6
C:\Windows\System32\s
vchost.exe C:\Windows\CSC\v2.0.6\namespace
2/3/2020 - 14:47:3 5.856
Op en
7 9 6
C:\Windows\System32\s
vchost.exe \Device\Mup\.\.\
2/3/2020 - 14:47:3 5.856
Op en
7 9 6
C:\Windows\System32\s
vchost.exe C:\Windows\CSC\v2.0.6\namespace
2/3/2020 - 14:47:3 5.856
Un kn ow n
7 9 6
C:\Windows\System32\s
vchost.exe C:\Windows\CSC\v2.0.6\namespace
2/3/2020 - 14:47:3 5.856
Un kn ow
7 9 6
C:\Windows\System32\s
vchost.exe \Device\Mup\.\.\
n
2/3/2020 - 14:47:3 5.856
Un kn ow n
7 9 6
C:\Windows\System32\s
vchost.exe C:\Windows\CSC\v2.0.6\namespace
2/3/2020 - 14:47:3 9.606
Re ad
1 2 3 2
C:\Program Files\Windo ws Media Player\wmpn etwk.exe
C:\Program Files\Windows Media Player\wmpnetwk.e xe
2/3/2020 - 14:47:5 9.200
Op en
1 1 7 2
C:\Windows\System32\s
vchost.exe C:\Windows\ServiceProfiles\LocalService
2/3/2020 - 14:47:5 9.200
Op en
1 1 7 2
C:\Windows\System32\s
vchost.exe C:\Windows\ServiceProfiles\LocalService
2/3/2020 - 14:47:5 9.200
Un kn ow n
1 1 7 2
C:\Windows\System32\s
vchost.exe C:\Windows\ServiceProfiles\LocalService
2/3/2020 - 14:47:5 9.200
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al
2/3/2020 - 14:47:5 9.200
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al
2/3/2020 - 14:47:5 9.200
Un kn ow n
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al
2/3/2020 - 14:47:5 9.200
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al\PnrpSqm
2/3/2020 - 14:47:5 9.200
Op en
1 1 7 2
C:\Windows\System32\s
vchost.exe C:\ProgramData\Microsoft\Windows\Sqm\Upload
2/3/2020 - 14:47:5 9.200
Op en
1 1 7
C:\Windows\System32\s vchost.exe
C:\ProgramData\Microsoft\Windows\Sqm\Upload\Pnrp ResolveSession0.sqm
2
2/3/2020 - 14:47:5 9.200
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\ProgramData\Microsoft\Windows\Sqm\Upload\Pnrp ResolveSession0.sqm
2/3/2020 - 14:47:5 9.200
Wri te
2 2 7 6
C:\Monitor\WKCD_Load_
Use.exe C:\Monitor\Files\Logs\File.log
2/3/2020 - 14:48:2.
200
Wri
te 4 C:\Monitor\Files\Logs\File.log
2/3/2020 - 14:48:2.
200
Un kn ow n
4 C:\Monitor\Files\Logs\File.log
2/3/2020 - 14:48:1 1.309
Op
en 4 \Device\HarddiskVolume1\System Volume Informatio n
2/3/2020 - 14:48:1 1.309
Un kn ow n
4 \Device\HarddiskVolume1\System Volume Informatio n
2/3/2020 - 14:48:1 3.59
Op
en 4 C:\System Volume Information
2/3/2020 - 14:48:1 3.59
Op
en 4 C:\System Volume Information\{3808876b-c176-4e4 8-b7ae-04046e6cc752}
2/3/2020 - 14:48:1 3.59
Op en 4
C:\System Volume Information\{bcf7d7ec-4f18-11e8- 8b8a-525400842a13}{3808876b-c176-4e48-b7ae-0 4046e6cc752}
2/3/2020 - 14:48:1 3.59
Op en 4
C:\System Volume Information\{bcf7d7f0-4f18-11e8- 8b8a-525400842a13}{3808876b-c176-4e48-b7ae-0 4046e6cc752}
2/3/2020 - 14:48:1 3.59
Un kn ow n
4 C:\System Volume Information
2/3/2020 - 14:48:2 5.903
Op en
7 9 6
C:\Windows\System32\s
vchost.exe C:\Windows\CSC\v2.0.6\namespace
2/3/2020 - 14:48:2 5.903
Un kn ow n
7 9 6
C:\Windows\System32\s
vchost.exe C:\Windows\CSC\v2.0.6\namespace
2/3/2020 - 14:48:2 5.903
Un kn ow n
7 9 6
C:\Windows\System32\s
vchost.exe C:\Windows\CSC\v2.0.6\namespace
2/3/2020 - 14:48:2 5.903
Op en
7 9 6
C:\Windows\System32\s
vchost.exe \Device\Mup\.\.\
2/3/2020 - 14:48:2 5.903
Op en
7 9 6
C:\Windows\System32\s
vchost.exe C:\Windows\CSC\v2.0.6\namespace
2/3/2020 - 14:48:2 5.903
Un kn ow n
7 9 6
C:\Windows\System32\s
vchost.exe C:\Windows\CSC\v2.0.6\namespace
2/3/2020 - 14:48:2 5.903
Op en
7 9 6
C:\Windows\System32\s
vchost.exe C:\Windows\CSC\v2.0.6\namespace
2/3/2020 - 14:48:2 5.903
Un kn ow n
7 9 6
C:\Windows\System32\s
vchost.exe C:\Windows\CSC\v2.0.6\namespace
2/3/2020 - 14:48:2 5.903
Un kn ow n
7 9 6
C:\Windows\System32\s
vchost.exe \Device\Mup\.\.\
2/3/2020 - 14:48:2 5.903
Un kn ow n
7 9 6
C:\Windows\System32\s
vchost.exe C:\Windows\CSC\v2.0.6\namespace
2/3/2020 - 14:48:2 5.903
Un kn ow n
7 9 6
C:\Windows\System32\s
vchost.exe C:\Windows\CSC\v2.0.6\namespace
2/3/2020 - 14:48:2 9.278
Op en
1 1 7 2
C:\Windows\System32\s
vchost.exe C:\Windows\ServiceProfiles\LocalService
2/3/2020 - 14:48:2 9.278
Op en
1 1 7
C:\Windows\System32\s
vchost.exe C:\Windows\ServiceProfiles\LocalService
2
2/3/2020 - 14:48:2 9.278
Un kn ow n
1 1 7 2
C:\Windows\System32\s
vchost.exe C:\Windows\ServiceProfiles\LocalService
2/3/2020 - 14:48:2 9.278
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al
2/3/2020 - 14:48:2 9.278
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al
2/3/2020 - 14:48:2 9.278
Un kn ow n
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al
2/3/2020 - 14:48:2 9.278
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al\PnrpSqm
2/3/2020 - 14:48:2 9.278
Op en
1 1 7 2
C:\Windows\System32\s
vchost.exe C:\ProgramData\Microsoft\Windows\Sqm\Upload
2/3/2020 - 14:48:2 9.278
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\ProgramData\Microsoft\Windows\Sqm\Upload\Pnrp ResolveSession0.sqm
2/3/2020 - 14:48:2 9.278
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\ProgramData\Microsoft\Windows\Sqm\Upload\Pnrp ResolveSession0.sqm
2/3/2020 - 14:48:2 9.278
Wri te
2 2 7 6
C:\Monitor\WKCD_Load_
Use.exe C:\Monitor\Files\Logs\File.log
2/3/2020 - 14:48:3 2.278
Wri
te 4 C:\Monitor\Files\Logs\File.log
2/3/2020 - 14:48:3 2.278
Un kn ow n
4 C:\Monitor\Files\Logs\File.log
2/3/2020 - 14:48:3 2.465
Wri te
6 8 4
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al\lastalive0.dat
2/3/2020 - 14:48:5 9.340
Op en
1 1 7 2
C:\Windows\System32\s
vchost.exe C:\Windows\ServiceProfiles\LocalService
2/3/2020 - 14:48:5 9.340
Op en
1 1 7 2
C:\Windows\System32\s
vchost.exe C:\Windows\ServiceProfiles\LocalService
2/3/2020 - 14:48:5 9.340
Un kn ow n
1 1 7 2
C:\Windows\System32\s
vchost.exe C:\Windows\ServiceProfiles\LocalService
2/3/2020 - 14:48:5 9.340
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al
2/3/2020 - 14:48:5 9.340
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al
2/3/2020 - 14:48:5 9.340
Un kn ow n
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al
2/3/2020 - 14:48:5 9.340
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al\PnrpSqm
2/3/2020 - 14:48:5 9.340
Op en
1 1 7 2
C:\Windows\System32\s
vchost.exe C:\ProgramData\Microsoft\Windows\Sqm\Upload
2/3/2020 - 14:48:5 9.340
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\ProgramData\Microsoft\Windows\Sqm\Upload\Pnrp ResolveSession0.sqm
2/3/2020 - 14:48:5 9.340
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\ProgramData\Microsoft\Windows\Sqm\Upload\Pnrp ResolveSession0.sqm
2/3/2020 1
- 14:49:2 0.715
Op en
7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
Temporary Internet Files\Content.IE5\container.dat
2/3/2020 - 14:49:2 0.715
Un kn ow n
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
Temporary Internet Files\Content.IE5\container.dat container.dat
2/3/2020 - 14:49:2 0.715
Op en
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
History\History.IE5\container.dat
2/3/2020 - 14:49:2 0.715
Un kn ow n
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
History\History.IE5\container.dat container.dat
2/3/2020 - 14:49:2 0.715
Op en
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Feeds Ca che\container.dat
2/3/2020 - 14:49:2 0.715
Un kn ow n
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Feeds Ca
che\container.dat container.dat
2/3/2020 - 14:49:2 0.715
Op en
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Roaming\Microsoft\Windo ws\IECompatCache\container.dat
2/3/2020 - 14:49:2 0.715
Un kn ow n
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Roaming\Microsoft\Windo
ws\IECompatCache\container.dat container.dat
2/3/2020 - 14:49:2 0.715
Op en
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Roaming\Microsoft\Windo ws\IECompatUACache\container.dat
2/3/2020 - 14:49:2 0.715
Un kn ow n
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Roaming\Microsoft\Windo
ws\IECompatUACache\container.dat container.dat
2/3/2020 - 14:49:2 0.715
Op en
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Roaming\Microsoft\Windo ws\DNTException\container.dat
2/3/2020 Un 1
- 14:49:2 0.715
kn ow n
7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Roaming\Microsoft\Windo ws\DNTException\container.dat
container.dat
2/3/2020 - 14:49:2 0.715
Op en
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Roaming\Microsoft\Windo ws\Cookies\container.dat
2/3/2020 - 14:49:2 0.715
Un kn ow n
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Roaming\Microsoft\Windo
ws\Cookies\container.dat container.dat
2/3/2020 - 14:49:2 0.715
Op en
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Internet E xplorer\EmieSiteList\container.dat
2/3/2020 - 14:49:2 0.715
Un kn ow n
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Internet E
xplorer\EmieSiteList\container.dat container.dat
2/3/2020 - 14:49:2 0.715
Op en
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Internet E xplorer\EmieUserList\container.dat
2/3/2020 - 14:49:2 0.715
Un kn ow n
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Internet E
xplorer\EmieUserList\container.dat container.dat
2/3/2020 - 14:49:2 0.715
Op en
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Internet E xplorer\DOMStore\container.dat
2/3/2020 - 14:49:2 0.715
Un kn ow n
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Internet E
xplorer\DOMStore\container.dat container.dat
2/3/2020 - 14:49:2 0.715
Op en
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
History\History.IE5\MSHist012018050320180504\cont ainer.dat
2/3/2020 - 14:49:2 0.715
Un kn ow n
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
History\History.IE5\MSHist012018050320180504\cont ainer.dat
container.dat
2/3/2020 1
- 14:49:2 0.715
Op en
7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Roaming\Microsoft\Windo ws\IEDownloadHistory\container.dat
2/3/2020 - 14:49:2 0.715
Un kn ow n
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Roaming\Microsoft\Windo
ws\IEDownloadHistory\container.dat container.dat
2/3/2020 - 14:49:2 0.715
Op en
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
AppCache\B2419NGQ\container.dat
2/3/2020 - 14:49:2 0.715
Un kn ow n
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
AppCache\B2419NGQ\container.dat container.dat
2/3/2020 - 14:49:2 0.715
Op en
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache
2/3/2020 - 14:49:2 0.715
Un kn ow n
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache
2/3/2020 - 14:49:2 0.715
Wri te
2 2 7 6
C:\Monitor\WKCD_Load_
Use.exe C:\Monitor\Files\Logs\File.log
2/3/2020 - 14:49:2 0.715
Wri te
2 2 7 6
C:\Monitor\WKCD_Load_
Use.exe C:\Monitor\Files\Logs\File.log
2/3/2020 - 14:49:2 0.715
Wri te
2 2 7 6
C:\Monitor\WKCD_Load_
Use.exe C:\Monitor\Files\Logs\File.log
2/3/2020 - 14:49:2 0.762
Wri te
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache\WebCacheV01.dat
2/3/2020 - 14:49:2 0.762
Wri
te 4 C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache\WebCacheV01.dat
2/3/2020 - 14:49:2 Wri
te 1 7 9
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache\WebCacheV01.dat
0.856 6
2/3/2020 - 14:49:2 0.856
Wri
te 4 C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache\WebCacheV01.dat
2/3/2020 - 14:49:2 0.950
Wri te
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache\WebCacheV01.dat
2/3/2020 - 14:49:2 0.950
Wri
te 4 C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache\WebCacheV01.dat
2/3/2020 - 14:49:2 0.950
Wri te
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache\V01.log
2/3/2020 - 14:49:2 0.950
Wri
te 4 C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache\V01.log
2/3/2020 - 14:49:2 0.950
Re ad
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache\WebCacheV01.dat
2/3/2020 - 14:49:2 0.997
Wri te
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache\V01.log
2/3/2020 - 14:49:2 0.997
Wri
te 4 C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache\V01.log
2/3/2020 - 14:49:2 0.997
Wri te
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache\V01.log
2/3/2020 - 14:49:2 0.997
Wri
te 4 C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache\V01.log
2/3/2020 - 14:49:2 1.43
Wri te
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache\WebCacheV01.dat
2/3/2020 - 14:49:2 Wri
te 4 C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache\WebCacheV01.dat
1.43
2/3/2020 - 14:49:2 1.90
Op en
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
Temporary Internet Files\Content.IE5\container.dat
2/3/2020 - 14:49:2 1.90
Un kn ow n
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
Temporary Internet Files\Content.IE5\container.dat container.dat
2/3/2020 - 14:49:2 1.90
Op en
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache
2/3/2020 - 14:49:2 1.90
Un kn ow n
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache
2/3/2020 - 14:49:2 1.90
Op en
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
Temporary Internet Files\Content.IE5\container.dat
2/3/2020 - 14:49:2 1.90
Un kn ow n
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
Temporary Internet Files\Content.IE5\container.dat container.dat
2/3/2020 - 14:49:2 1.90
Wri te
2 2 7 6
C:\Monitor\WKCD_Load_
Use.exe C:\Monitor\Files\Logs\File.log
2/3/2020 - 14:49:2 3.715
Wri
te 4 C:\Monitor\Files\Logs\File.log
2/3/2020 - 14:49:2 3.715
Un kn ow n
4 C:\Monitor\Files\Logs\File.log
2/3/2020 - 14:49:2 5.872
Un kn ow n
2 3 6 0
C:\Windows\System32\
audiodg.exe C:\Windows
2/3/2020 - 14:49:2 7.512
Re ad
6 8 4
C:\Windows\System32\s
vchost.exe C:\Windows\System32\winevt\Logs\System.evtx
2/3/2020 - 14:49:2 7.512
Re ad
6 8 4
C:\Windows\System32\s
vchost.exe C:\Windows\System32\winevt\Logs\System.evtx
2/3/2020 - 14:49:2 9.387
Op en
1 1 7 2
C:\Windows\System32\s
vchost.exe C:\Windows\ServiceProfiles\LocalService
2/3/2020 - 14:49:2 9.387
Op en
1 1 7 2
C:\Windows\System32\s
vchost.exe C:\Windows\ServiceProfiles\LocalService
2/3/2020 - 14:49:2 9.387
Un kn ow n
1 1 7 2
C:\Windows\System32\s
vchost.exe C:\Windows\ServiceProfiles\LocalService
2/3/2020 - 14:49:2 9.387
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al
2/3/2020 - 14:49:2 9.387
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al
2/3/2020 - 14:49:2 9.387
Un kn ow n
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al
2/3/2020 - 14:49:2 9.387
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Loc al\PnrpSqm
2/3/2020 - 14:49:2 9.387
Op en
1 1 7 2
C:\Windows\System32\s
vchost.exe C:\ProgramData\Microsoft\Windows\Sqm\Upload
2/3/2020 - 14:49:2 9.387
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\ProgramData\Microsoft\Windows\Sqm\Upload\Pnrp ResolveSession0.sqm
2/3/2020 - 14:49:2 9.387
Op en
1 1 7 2
C:\Windows\System32\s vchost.exe
C:\ProgramData\Microsoft\Windows\Sqm\Upload\Pnrp ResolveSession0.sqm
2/3/2020 Wri
1
7 C:\Windows\System32\t C:\Users\Behemot\AppData\Local\Microsoft\Windows\
- 14:49:3 0.793
te 9 6
askhost.exe WebCache\WebCacheV01.dat
2/3/2020 - 14:49:3 0.793
Wri
te 4 C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache\WebCacheV01.dat
2/3/2020 - 14:49:3 0.840
Wri te
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache\WebCacheV01.dat
2/3/2020 - 14:49:3 0.840
Wri
te 4 C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache\WebCacheV01.dat
2/3/2020 - 14:49:3 0.856
Op en
7 9 6
C:\Windows\System32\s
vchost.exe C:\Windows\CSC\v2.0.6\namespace
2/3/2020 - 14:49:3 0.856
Un kn ow n
7 9 6
C:\Windows\System32\s
vchost.exe C:\Windows\CSC\v2.0.6\namespace
2/3/2020 - 14:49:3 0.856
Un kn ow n
7 9 6
C:\Windows\System32\s
vchost.exe C:\Windows\CSC\v2.0.6\namespace
2/3/2020 - 14:49:3 0.856
Op en
7 9 6
C:\Windows\System32\s
vchost.exe \Device\Mup\.\.\
2/3/2020 - 14:49:3 0.856
Op en
7 9 6
C:\Windows\System32\s
vchost.exe C:\Windows\CSC\v2.0.6\namespace
2/3/2020 - 14:49:3 0.856
Un kn ow n
7 9 6
C:\Windows\System32\s
vchost.exe C:\Windows\CSC\v2.0.6\namespace
2/3/2020 - 14:49:3 0.856
Un kn ow n
7 9 6
C:\Windows\System32\s
vchost.exe \Device\Mup\.\.\
2/3/2020 - 14:49:3 0.856
Un kn ow n
7 9 6
C:\Windows\System32\s
vchost.exe C:\Windows\CSC\v2.0.6\namespace
2/3/2020 2
- 14:49:3 0.856
Wri te
2 7 6
C:\Monitor\WKCD_Load_
Use.exe
C:\Monitor\Files\Logs\File.log
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache\V01.chk
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache\V01.chk
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache\V01.chk
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache\V01.chk
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache\V01.chk
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache
2/3/2020 - 14:49:3 0.887
Un kn ow n
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache
2/3/2020 - 14:49:3 0.887
Un kn ow n
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache
2/3/2020 Op
1
7 C:\Windows\System32\t C:\Users\Behemot\AppData\Local\Microsoft\Windows\
- 14:49:3 0.887
en 9 6
askhost.exe WebCache
2/3/2020 - 14:49:3 0.887
Un kn ow n
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache
2/3/2020 - 14:49:3 0.887
Un kn ow n
1 7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\
WebCache
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot\AppData\Local\Microsoft\Windows
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot\AppData\Local\Microsoft\Windows
2/3/2020 - 14:49:3 0.887
Un kn ow n
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot\AppData\Local\Microsoft\Windows
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot\AppData\Local\Microsoft\Windows
2/3/2020 - 14:49:3 0.887
Un kn ow n
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot\AppData\Local\Microsoft\Windows
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot\AppData\Local\Microsoft\Windows
2/3/2020 - 14:49:3 0.887
Un kn ow n
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot\AppData\Local\Microsoft\Windows
2/3/2020 1
- 14:49:3 0.887
Op en
7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local\Microsoft\Windows
2/3/2020 - 14:49:3 0.887
Un kn ow n
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot\AppData\Local\Microsoft\Windows
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot\AppData\Local\Microsoft
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot\AppData\Local\Microsoft
2/3/2020 - 14:49:3 0.887
Un kn ow n
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot\AppData\Local\Microsoft
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot\AppData\Local\Microsoft
2/3/2020 - 14:49:3 0.887
Un kn ow n
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot\AppData\Local\Microsoft
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot\AppData\Local\Microsoft
2/3/2020 - 14:49:3 0.887
Un kn ow n
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot\AppData\Local\Microsoft
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot\AppData\Local\Microsoft
2/3/2020 - 14:49:3 0.887
Un kn ow n
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot\AppData\Local\Microsoft
2/3/2020 1
- 14:49:3 0.887
Op en
7 9 6
C:\Windows\System32\t askhost.exe
C:\Users\Behemot\AppData\Local
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot\AppData\Local
2/3/2020 - 14:49:3 0.887
Un kn ow n
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot\AppData\Local
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot\AppData\Local
2/3/2020 - 14:49:3 0.887
Un kn ow n
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot\AppData\Local
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot\AppData\Local
2/3/2020 - 14:49:3 0.887
Un kn ow n
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot\AppData\Local
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot\AppData\Local
2/3/2020 - 14:49:3 0.887
Un kn ow n
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot\AppData\Local
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot\AppData
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot\AppData
2/3/2020 Un kn
1
7 C:\Windows\System32\t
- 14:49:3 0.887
ow n
9 6
askhost.exe C:\Users\Behemot\AppData
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot\AppData
2/3/2020 - 14:49:3 0.887
Un kn ow n
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot\AppData
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot\AppData
2/3/2020 - 14:49:3 0.887
Un kn ow n
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot\AppData
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot\AppData
2/3/2020 - 14:49:3 0.887
Un kn ow n
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot\AppData
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot
2/3/2020 - 14:49:3 0.887
Un kn ow n
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot
2/3/2020 - 14:49:3
Un kn
1
7 C:\Windows\System32\t
C:\Users\Behemot
0.887 ow n
9 6
askhost.exe
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot
2/3/2020 - 14:49:3 0.887
Un kn ow n
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot
2/3/2020 - 14:49:3 0.887
Un kn ow n
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users\Behemot
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users
2/3/2020 - 14:49:3 0.887
Un kn ow n
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users
2/3/2020 - 14:49:3 0.887
Un kn ow n
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users
2/3/2020 - 14:49:3 0.887
Op en
1 7 9 6
C:\Windows\System32\t
askhost.exe C:\Users
2/3/2020 - 14:49:3
Un kn ow
1 7 9
C:\Windows\System32\t
askhost.exe C:\Users
