1c2bdfa5...b0b4 | Grouped Behavior
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Riskware, Trojan, Ransomware

1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4 (SHA256)

1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe

Windows Exe (x86-32)

Created at 2018-08-28 15:01:00

Notifications (2/4)

Some extracted files may be missing in the report since the maximum number of extracted files was reached during the analysis. You can increase the limit in the configuration settings.

The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.

The overall sleep time of all monitored processes was truncated from "10 minutes" to "10 seconds" to reveal dormant functionality.

The operating system was rebooted during the analysis.

Monitored Processes

Process Overview
»
ID PID Monitor Reason Integrity Level Image Name Command Line Origin ID
#1 0xc50 Analysis Target High (Elevated) 1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe "C:\Users\CIiHmnxMn6Ps\Desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe" -
#2 0xb44 Child Process High (Elevated) cmd.exe "C:\Windows\system32\cmd.exe" /c vssadmin delete shadows /all #1
#4 0x1cd0 Child Process High (Elevated) cmd.exe C:\Windows\system32\cmd.exe /c ""C:\windows\clerlog.bat" " #1
#5 0x1fa4 Child Process High (Elevated) vssadmin.exe vssadmin delete shadows /all #2

Behavior Information - Grouped by Category

Process #1: 1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe
14950 0
»
Information Value
ID #1
File Name c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe
Command Line "C:\Users\CIiHmnxMn6Ps\Desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe"
Initial Working Directory C:\Users\CIiHmnxMn6Ps\Desktop\
Monitor Start Time: 00:00:48, Reason: Analysis Target
Unmonitor End Time: 00:04:57, Reason: Terminated by Timeout
Monitor Duration 00:04:09
OS Process Information
»
Information Value
PID 0xc50
Parent PID 0x820 (c:\windows\explorer.exe)
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username LHNIWSJ\CIiHmnxMn6Ps
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x C4C
0x C48
0x 360
0x CE8
0x CFC
0x 190
0x D08
0x 7F0
0x CEC
0x D24
0x D18
0x D44
0x D30
0x D10
0x D28
0x D2C
0x D14
0x 578
0x 7BC
0x B28
0x B48
0x E04
0x DF8
0x DF4
0x D58
0x D54
0x D50
0x D48
0x D4C
0x E30
0x E24
0x E34
0x E28
0x E2C
0x E20
0x E1C
0x E18
0x E14
0x E0C
0x E10
0x CF8
0x D3C
0x CF0
0x CF4
0x E4C
0x CD8
0x CD4
0x CC4
0x CCC
0x CD0
0x CE0
0x CC8
0x CC0
0x B0
0x E5C
0x E70
0x E64
0x E6C
0x E68
0x E60
0x E58
0x E54
0x E50
0x D88
0x D94
0x D90
0x D8C
0x D78
0x D74
0x D64
0x D6C
0x D70
0x D80
0x D68
0x D84
0x D60
0x E98
0x E88
0x E9C
0x E90
0x E94
0x E8C
0x E84
0x E80
0x E7C
0x E74
0x E78
0x A74
0x 2E4
0x BE4
0x C38
0x B04
0x BE8
0x 328
0x 2C4
0x 520
0x 164
0x 778
0x 850
0x B34
0x 534
0x 7E8
0x AD0
0x 390
0x 8D8
0x 554
0x 864
0x 15C
0x 458
0x 528
0x 93C
0x A44
0x B68
0x C04
0x C1C
0x C34
0x C30
0x C70
0x 54C
0x DF0
0x 2D0
0x 148
0x BD8
0x BDC
0x 510
0x 810
0x EE8
0x EEC
0x EE4
0x EA4
0x F18
0x F14
0x FB8
0x FAC
0x FBC
0x FB4
0x FB0
0x FC0
0x FA8
0x FA4
0x FA0
0x F9C
0x F94
0x F98
0x 52C
0x 538
0x F8C
0x F90
0x F34
0x EE0
0x EDC
0x EBC
0x ED4
0x ED8
0x EF0
0x EC0
0x EB8
0x ED0
0x ECC
0x EB0
0x EC4
0x EC8
0x EF4
0x EB4
0x EAC
0x F30
0x FE4
0x F04
0x F1C
0x F24
0x F20
0x F0C
0x F28
0x F2C
0x EFC
0x F08
0x F00
0x C3C
0x EA0
0x EA8
0x EF8
0x F38
0x F3C
0x F40
0x F4C
0x F50
0x F54
0x F58
0x F5C
0x 3D0
0x C20
0x FDC
0x C58
0x C0C
0x 9B8
0x FF4
0x FFC
0x B38
0x C44
0x FF8
0x FCC
0x FD4
0x FE0
0x FD8
0x FE8
0x FF0
0x FD0
0x FC8
0x 9C0
0x 3AC
0x 504
0x 784
0x 780
0x 8D4
0x 868
0x 8B4
0x 9CC
0x BD0
0x A7C
0x C14
0x 71C
0x 914
0x D98
0x C2C
0x C28
0x 57C
0x 2E8
0x 41C
0x 34C
0x 6D4
0x 814
0x 8CC
0x 8D0
0x A2C
0x 92C
0x 7F4
0x B2C
0x 2D4
0x 514
0x F70
0x 62C
0x 640
0x 664
0x 718
0x 6AC
0x 6CC
0x 634
0x 750
0x 77C
0x 770
0x 61C
0x 764
0x 7A0
0x 790
0x 4E8
0x 4D4
0x DE8
0x DEC
0x 7D4
0x 40C
0x D04
0x 694
0x 474
0x DA0
0x C08
0x DA4
0x 704
0x D9C
0x C18
0x 7DC
0x 404
0x 4C8
0x 2BC
0x 508
0x 988
0x 98C
0x A68
0x 788
0x 2B8
0x 478
0x F80
0x F6C
0x F84
0x F88
0x F68
0x F64
0x 980
0x A60
0x A6C
0x C54
0x 984
0x DA8
0x 388
0x B40
0x 438
0x 84
0x 1A0
0x 724
0x BF4
0x 120
0x 930
0x 7E4
0x 85C
0x 84C
0x 76C
0x DE4
0x 9D4
0x 9DC
0x 9E0
0x 9BC
0x 9D0
0x 9F4
0x 9F0
0x 9FC
0x A00
0x A08
0x DC8
0x 97C
0x 8DC
0x AC0
0x AE8
0x 9EC
0x ACC
0x 9D8
0x B50
0x 9C8
0x B64
0x B70
0x B78
0x B54
0x B7C
0x B80
0x B84
0x B88
0x B8C
0x B90
0x B94
0x B98
0x BA0
0x B9C
0x BA4
0x BA8
0x BAC
0x BB0
0x BB4
0x BB8
0x BBC
0x BC0
0x BC4
0x BC8
0x BCC
0x 51C
0x 9B4
0x 768
0x 540
0x BD4
0x C94
0x 830
0x C8C
0x 7EC
0x C64
0x 884
0x 114
0x C68
0x 854
0x C9C
0x 5B8
0x 224
0x C98
0x 804
0x 364
0x 324
0x 348
0x 350
0x 2B0
0x 278
0x 5F4
0x 304
0x D7C
0x 5C0
0x 6E0
0x AB4
0x C90
0x B24
0x 9F8
0x B4C
0x 1004
0x 1008
0x 100C
0x 1010
0x 1014
0x 1018
0x 101C
0x 1020
0x 1024
0x 1028
0x 102C
0x 1030
0x 1034
0x 1038
0x 103C
0x 1040
0x 1044
0x 1048
0x 104C
0x 1050
0x 1054
0x 1058
0x 105C
0x 1060
0x 1064
0x 1068
0x 106C
0x 1070
0x 1074
0x 1078
0x 107C
0x 1080
0x 1084
0x 1088
0x 108C
0x 1090
0x 1094
0x 1098
0x 109C
0x 10A0
0x 10A4
0x 10A8
0x 10AC
0x 10B0
0x 10B4
0x 10B8
0x 10BC
0x 10C0
0x 10C4
0x 10C8
0x 10CC
0x 10D0
0x 10D4
0x 10D8
0x 10DC
0x 10E0
0x 10E4
0x 10E8
0x 10EC
0x 10F0
0x 10F4
0x 10F8
0x 10FC
0x 1100
0x 1104
0x 1108
0x 110C
0x 1110
0x 1114
0x 1118
0x 111C
0x 1120
0x 1124
0x 1128
0x 112C
0x 1130
0x 1134
0x 1138
0x 113C
0x 1140
0x 1144
0x 1148
0x 114C
0x 1150
0x 1154
0x 1158
0x 115C
0x 1160
0x 1164
0x 1168
0x 116C
0x 1170
0x 1174
0x 1178
0x 117C
0x 1180
0x 1184
0x 1188
0x 118C
0x 1190
0x 1194
0x 1198
0x 119C
0x 11A0
0x 11A4
0x 11A8
0x 11AC
0x 11B0
0x 11B4
0x 11B8
0x 11BC
0x 11C0
0x 11C4
0x 11C8
0x 11CC
0x 11D0
0x 11D4
0x 11D8
0x 11DC
0x 11E0
0x 11E4
0x 11E8
0x 11EC
0x 11F0
0x 11F4
0x 11F8
0x 11FC
0x 1200
0x 1204
0x 1208
0x 120C
0x 1210
0x 1214
0x 1218
0x 121C
0x 1220
0x 1224
0x 1228
0x 122C
0x 1230
0x 1234
0x 1238
0x 123C
0x 1240
0x 1244
0x 1248
0x 124C
0x 1250
0x 1254
0x 1258
0x 125C
0x 1260
0x 1264
0x 1268
0x 1278
0x 127C
0x 1280
0x 1284
0x 128C
0x 1290
0x 1294
0x 1298
0x 129C
0x 12A0
0x 12A4
0x 12A8
0x 12AC
0x 12B0
0x 12B4
0x 12B8
0x 12BC
0x 12C0
0x 12C4
0x 12C8
0x 12CC
0x 12D0
0x 12D4
0x 12D8
0x 12DC
0x 12E0
0x 12E4
0x 12E8
0x 12EC
0x 12F0
0x 12F4
0x 12F8
0x 12FC
0x 1300
0x 1304
0x 1308
0x 130C
0x 1310
0x 1314
0x 1318
0x 131C
0x 1320
0x 1324
0x 1328
0x 132C
0x 1330
0x 1334
0x 1338
0x 133C
0x 1340
0x 1344
0x 1348
0x 134C
0x 1350
0x 1354
0x 1358
0x 135C
0x 1360
0x 1364
0x 1368
0x 136C
0x 1370
0x 1374
0x 1378
0x 137C
0x 1380
0x 1384
0x 1388
0x 138C
0x 1390
0x 1394
0x 1398
0x 139C
0x 13A0
0x 13A4
0x 13A8
0x 13AC
0x 13B0
0x 13B4
0x 13B8
0x 13BC
0x 13C0
0x 13C4
0x 13C8
0x 13CC
0x 13D0
0x 13D4
0x 13D8
0x 13DC
0x 13E0
0x 13E4
0x 13E8
0x 13EC
0x 13F0
0x 13F4
0x 13F8
0x 13FC
0x 9E8
0x 95C
0x 968
0x 994
0x 990
0x 978
0x 96C
0x 99C
0x 904
0x B74
0x B58
0x B60
0x 548
0x 954
0x 5C8
0x 1274
0x 1270
0x 1404
0x 1408
0x 140C
0x 1410
0x 1414
0x 1418
0x 141C
0x 1420
0x 1424
0x 1428
0x 142C
0x 1430
0x 1434
0x 1438
0x 143C
0x 1440
0x 1444
0x 1448
0x 144C
0x 1450
0x 1454
0x 1458
0x 145C
0x 1460
0x 1464
0x 1468
0x 146C
0x 1470
0x 1474
0x 1478
0x 147C
0x 1480
0x 1484
0x 1488
0x 148C
0x 1490
0x 1494
0x 1498
0x 149C
0x 14A0
0x 14A4
0x 14A8
0x 14AC
0x 14B0
0x 14B4
0x 14B8
0x 14BC
0x 14C0
0x 14C4
0x 14C8
0x 14CC
0x 14D0
0x 14D4
0x 14D8
0x 14DC
0x 14E0
0x 14E4
0x 14E8
0x 14EC
0x 14F0
0x 14F4
0x 14F8
0x 14FC
0x 1500
0x 1504
0x 1508
0x 150C
0x 1510
0x 1514
0x 1518
0x 151C
0x 1520
0x 1524
0x 1528
0x 152C
0x 1530
0x 1534
0x 1538
0x 153C
0x 1540
0x 1544
0x 1548
0x 154C
0x 1550
0x 1554
0x 1558
0x 155C
0x 1560
0x 1564
0x 1568
0x 156C
0x 1570
0x 1574
0x 1578
0x 157C
0x 1580
0x 1584
0x 1588
0x 158C
0x 1590
0x 1594
0x 1598
0x 159C
0x 15A0
0x 15A4
0x 15A8
0x 15AC
0x 15B0
0x 15B4
0x 15B8
0x 15BC
0x 15C0
0x 15C4
0x 15C8
0x 15CC
0x 15D0
0x 15D4
0x 15D8
0x 15DC
0x 15E0
0x 15E4
0x 15E8
0x 15EC
0x 15F0
0x 15F4
0x 15F8
0x 15FC
0x 1600
0x 1604
0x 1608
0x 160C
0x 1610
0x 1614
0x 1618
0x 161C
0x 1620
0x 1624
0x 1628
0x 162C
0x 1630
0x 1634
0x 1638
0x 163C
0x 1640
0x 1644
0x 1648
0x 164C
0x 1650
0x 1654
0x 1658
0x 165C
0x 1660
0x 1664
0x 1668
0x 166C
0x 1670
0x 1674
0x 167C
0x 1680
0x 1684
0x 1688
0x 168C
0x 1690
0x 1694
0x 1698
0x 169C
0x 16A0
0x 16A4
0x 16A8
0x 16AC
0x 16B0
0x 16B4
0x 16B8
0x 16BC
0x 16C0
0x 16C4
0x 16C8
0x 16CC
0x 16D0
0x 16D4
0x 16D8
0x 16DC
0x 16E0
0x 16E4
0x 16E8
0x 16EC
0x 16F0
0x 16F4
0x 16F8
0x 16FC
0x 1700
0x 1704
0x 1708
0x 170C
0x 1710
0x 1714
0x 1718
0x 171C
0x 1720
0x 1724
0x 1728
0x 172C
0x 1730
0x 1734
0x 1738
0x 173C
0x 1740
0x 1744
0x 1748
0x 174C
0x 1750
0x 1754
0x 1758
0x 175C
0x 1760
0x 1764
0x 1768
0x 176C
0x 1770
0x 1774
0x 1778
0x 177C
0x 1780
0x 1784
0x 1788
0x 178C
0x 1790
0x 1794
0x 1798
0x 179C
0x 17A0
0x 17A4
0x 17A8
0x 17AC
0x 17B0
0x 17B4
0x 17B8
0x 17BC
0x 17C0
0x 17C4
0x 17C8
0x 17CC
0x 17D0
0x 17D4
0x 17D8
0x 17DC
0x 17E0
0x 17E4
0x 17E8
0x 17EC
0x 17F0
0x 17F4
0x 17F8
0x 17FC
0x 700
0x 63C
0x 5D4
0x 5A8
0x 5DC
0x 1804
0x 1808
0x 180C
0x 1810
0x 1814
0x 1818
0x 181C
0x 1820
0x 1824
0x 1828
0x 182C
0x 1830
0x 1834
0x 1838
0x 183C
0x 1840
0x 1844
0x 1848
0x 184C
0x 1850
0x 1854
0x 1858
0x 185C
0x 1860
0x 1864
0x 1868
0x 186C
0x 1870
0x 1874
0x 1878
0x 187C
0x 1880
0x 1884
0x 1888
0x 188C
0x 1890
0x 1894
0x 1898
0x 189C
0x 18A0
0x 18A4
0x 18A8
0x 18AC
0x 18B0
0x 18B4
0x 18B8
0x 18BC
0x 18C0
0x 18C4
0x 18C8
0x 18CC
0x 18D0
0x 18D4
0x 18D8
0x 18DC
0x 18E0
0x 18E4
0x 18E8
0x 18EC
0x 18F0
0x 18F4
0x 18F8
0x 18FC
0x 1900
0x 1904
0x 1908
0x 190C
0x 1910
0x 1914
0x 1918
0x 191C
0x 1920
0x 1924
0x 1928
0x 192C
0x 1930
0x 1934
0x 1938
0x 193C
0x 1940
0x 1944
0x 1948
0x 194C
0x 1950
0x 1954
0x 1958
0x 195C
0x 1960
0x 1964
0x 1968
0x 196C
0x 1970
0x 1974
0x 1978
0x 197C
0x 1980
0x 1984
0x 1988
0x 1990
0x 1998
0x 199C
0x 19A0
0x 19A4
0x 19A8
0x 19AC
0x 19B0
0x 19B4
0x 19B8
0x 19BC
0x 19C0
0x 19C4
0x 19C8
0x 19CC
0x 19D0
0x 19D4
0x 19D8
0x 19DC
0x 19E0
0x 19E4
0x 19E8
0x 19EC
0x 19F0
0x 19F4
0x 19F8
0x 19FC
0x 1A00
0x 1A04
0x 1A08
0x 1A0C
0x 1A10
0x 1A14
0x 1A18
0x 1A1C
0x 1A20
0x 1A24
0x 1A28
0x 1A2C
0x 1A30
0x 1A34
0x 1A38
0x 1A3C
0x 1A40
0x 1A44
0x 1A48
0x 1A4C
0x 1A50
0x 1A54
0x 1A58
0x 1A5C
0x 1A60
0x 1A64
0x 1A68
0x 1A6C
0x 198C
0x 1994
0x 1A70
0x 1A74
0x 1A78
0x 1A7C
0x 1A80
0x 1A84
0x 1A88
0x 1A8C
0x 1A90
0x 1A94
0x 1A98
0x 1A9C
0x 1AA0
0x 1AA4
0x 1AA8
0x 1AAC
0x 1AB0
0x 1AB4
0x 1AB8
0x 1ABC
0x 1AC0
0x 1AC4
0x 1AC8
0x 1ACC
0x 1AD0
0x 1AD4
0x 1AD8
0x 1ADC
0x 1AE0
0x 1AE4
0x 1AE8
0x 1AEC
0x 1AF0
0x 1AF4
0x 1AF8
0x 1AFC
0x 1B00
0x 1B04
0x 1B08
0x 1B0C
0x 1B10
0x 1B14
0x 1B18
0x 1B1C
0x 1B20
0x 1B24
0x 1B28
0x 1B2C
0x 1B30
0x 1B34
0x 1B38
0x 1B3C
0x 1B40
0x 1B44
0x 1B48
0x 1B4C
0x 1B50
0x 1B54
0x 1B58
0x 1B5C
0x 1B60
0x 1B64
0x 1B68
0x 1B6C
0x 1B70
0x 1B74
0x 1B78
0x 1B7C
0x 1B80
0x 1B84
0x 1B88
0x 1B8C
0x 1B90
0x 1B94
0x 1B98
0x 1B9C
0x 1BA0
0x 1BA4
0x 1BA8
0x 1BAC
0x 1BB0
0x 1BB4
0x 1BB8
0x 1BBC
0x 1BC0
0x 1BC4
0x 1BC8
0x 1BCC
0x 1BD0
0x 1BD4
0x 1BD8
0x 1BDC
0x 1BE0
0x 1BE4
0x 1BE8
0x 1BEC
0x 1BF0
0x 1BF4
0x 1BF8
0x 1BFC
0x 1C04
0x 1C08
0x 1C0C
0x 1C10
0x 1C14
0x 1C18
0x 1C1C
0x 1C20
0x 1C24
0x 1C28
0x 1C2C
0x 1C30
0x 1C34
0x 1C38
0x 1C3C
0x 1C40
0x 1C44
0x 1C48
0x 1C4C
0x 1C50
0x 1C54
0x 1C58
0x 1C5C
0x 1C60
0x 1C64
0x 1C68
0x 1C6C
0x 1C70
0x 1C74
0x 1C78
0x 1C7C
0x 1C80
0x 1C84
0x 1C88
0x 1C8C
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
private_0x0000000000020000 0x00020000 0x00023fff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00030fff Private Memory rw True False False -
pagefile_0x0000000000040000 0x00040000 0x00053fff Pagefile Backed Memory r True False False -
private_0x0000000000060000 0x00060000 0x0009ffff Private Memory rw True False False -
private_0x00000000000a0000 0x000a0000 0x0019ffff Private Memory rw True False False -
pagefile_0x00000000001a0000 0x001a0000 0x001a3fff Pagefile Backed Memory r True False False -
private_0x00000000001b0000 0x001b0000 0x001b1fff Private Memory rw True False False -
private_0x00000000001c0000 0x001c0000 0x001fffff Private Memory rw True False False -
private_0x0000000000200000 0x00200000 0x00200fff Private Memory rw True False False -
private_0x0000000000210000 0x00210000 0x0021ffff Private Memory rw True False False -
private_0x0000000000210000 0x00210000 0x00225fff Private Memory rw True False False -
pagefile_0x0000000000210000 0x00210000 0x00217fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000210000 0x00210000 0x00213fff Pagefile Backed Memory rw True False False -
crypt32.dll.mui 0x00210000 0x00219fff Memory Mapped File r False False False -
pagefile_0x0000000000220000 0x00220000 0x00223fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000220000 0x00220000 0x00220fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000230000 0x00230000 0x00237fff Pagefile Backed Memory rw True False False -
private_0x0000000000230000 0x00230000 0x0023ffff Private Memory rw True False False -
pagefile_0x0000000000230000 0x00230000 0x00233fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000230000 0x00230000 0x00230fff Pagefile Backed Memory r True False False -
private_0x0000000000240000 0x00240000 0x0024ffff Private Memory rw True False False -
private_0x0000000000250000 0x00250000 0x0028ffff Private Memory rw True False False -
pagefile_0x0000000000290000 0x00290000 0x00293fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000290000 0x00290000 0x00290fff Pagefile Backed Memory r True False False -
cversions.2.db 0x002a0000 0x002a3fff Memory Mapped File r True False False -
private_0x00000000002b0000 0x002b0000 0x003affff Private Memory rw True False False -
private_0x00000000003b0000 0x003b0000 0x003dffff Private Memory rw True False False -
cversions.2.db 0x003b0000 0x003b3fff Memory Mapped File r True False False -
cversions.1.db 0x003c0000 0x003c3fff Memory Mapped File r True False False -
private_0x00000000003c0000 0x003c0000 0x003cffff Private Memory rw True False False -
pagefile_0x00000000003c0000 0x003c0000 0x003c3fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000003c0000 0x003c0000 0x003c0fff Pagefile Backed Memory rw True False False -
user32.dll.mui 0x003c0000 0x003c4fff Memory Mapped File r False False False -
private_0x00000000003d0000 0x003d0000 0x003dffff Private Memory rw True False False -
propsys.dll.mui 0x003e0000 0x003f0fff Memory Mapped File r False False False -
1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe 0x00400000 0x00406fff Memory Mapped File rwx True True False
locale.nls 0x00410000 0x004cdfff Memory Mapped File r False False False -
private_0x00000000004d0000 0x004d0000 0x005cffff Private Memory rw True False False -
pagefile_0x00000000005d0000 0x005d0000 0x00757fff Pagefile Backed Memory r True False False -
oleaut32.dll 0x00760000 0x007f0fff Memory Mapped File r False False False -
{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000f.db 0x00760000 0x007a2fff Memory Mapped File r True False False -
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001b.db 0x007b0000 0x007c2fff Memory Mapped File r True False False -
pagefile_0x00000000007d0000 0x007d0000 0x007d0fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000007e0000 0x007e0000 0x007e3fff Pagefile Backed Memory rw True False False -
c_932.nls 0x007e0000 0x00807fff Memory Mapped File r False False False -
private_0x0000000000810000 0x00810000 0x0081ffff Private Memory rw True False False -
pagefile_0x0000000000820000 0x00820000 0x009a0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000009b0000 0x009b0000 0x01daffff Pagefile Backed Memory r True False False -
{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db 0x01db0000 0x01e3afff Memory Mapped File r True False False -
private_0x0000000001e40000 0x01e40000 0x01e7ffff Private Memory rw True False False -
private_0x0000000001e80000 0x01e80000 0x01e83fff Private Memory rw True False False -
private_0x0000000001e90000 0x01e90000 0x01e9ffff Private Memory rw True False False -
private_0x0000000001ea0000 0x01ea0000 0x01f9ffff Private Memory rw True False False -
sortdefault.nls 0x01fa0000 0x022d6fff Memory Mapped File r False False False -
private_0x00000000022e0000 0x022e0000 0x023dffff Private Memory rw True False False -
private_0x00000000023e0000 0x023e0000 0x024dffff Private Memory rw True False False -
private_0x00000000024e0000 0x024e0000 0x0251ffff Private Memory rw True False False -
private_0x0000000002520000 0x02520000 0x0261ffff Private Memory rw True False False -
private_0x0000000002620000 0x02620000 0x0265ffff Private Memory rw True False False -
private_0x0000000002660000 0x02660000 0x0275ffff Private Memory rw True False False -
private_0x0000000002760000 0x02760000 0x0279ffff Private Memory rw True False False -
private_0x00000000027a0000 0x027a0000 0x0289ffff Private Memory rw True False False -
private_0x00000000028a0000 0x028a0000 0x028dffff Private Memory rw True False False -
private_0x00000000028e0000 0x028e0000 0x029dffff Private Memory rw True False False -
pagefile_0x00000000029e0000 0x029e0000 0x02a97fff Pagefile Backed Memory r True False False -
private_0x0000000002aa0000 0x02aa0000 0x02b1ffff Private Memory rw True False False -
private_0x0000000002b20000 0x02b20000 0x02b5ffff Private Memory rw True False False -
displaylanguagenames.en_us.txt id nl5vaviiqoza.badnews 0x02b20000 0x02b28fff Memory Mapped File rw True True False
c2rmanifest.access.access.x-none.msi.16.x-none.xml id nl5vaviiqoza.badnews 0x02b20000 0x02b2afff Memory Mapped File rw True True False
api-ms-win-core-namedpipe-l1-1-0.dll id nl5vaviiqoza.badnews 0x02b20000 0x02b24fff Memory Mapped File rw True True False
c2rmanifest.accessmuiset.msi.16.en-us.xml id nl5vaviiqoza.badnews 0x02b20000 0x02b20fff Memory Mapped File rw True True False
c2rmanifest.dcf.dcf.x-none.msi.16.x-none.xml id nl5vaviiqoza.badnews 0x02b20000 0x02b23fff Memory Mapped File rw True True False
c2rmanifest.dcfmui.msi.16.en-us.xml id nl5vaviiqoza.badnews 0x02b20000 0x02b22fff Memory Mapped File rw True True False
s641033.hash id nl5vaviiqoza.badnews 0x02b20000 0x02b20fff Memory Mapped File rw True True False
appxmanifestloc.16.en-us.xml id nl5vaviiqoza.badnews 0x02b30000 0x02b32fff Memory Mapped File rw True True False
agencyr.ttf id nl5vaviiqoza.badnews 0x02b30000 0x02b3efff Memory Mapped File rw True True False
maple.gif id nl5vaviiqoza.badnews 0x02b40000 0x02b40fff Memory Mapped File rw True True False
adjacencyletter.dotx id nl5vaviiqoza.badnews 0x02b40000 0x02b70fff Memory Mapped File rw True True False
private_0x0000000002b60000 0x02b60000 0x02c5ffff Private Memory rw True False False -
appvisvsubsystems32.dll id nl5vaviiqoza.badnews 0x02b80000 0x02b96fff Memory Mapped File rw True True False
workflow.visualbasic.targets id nl5vaviiqoza.badnews 0x02b80000 0x02b81fff Memory Mapped File rw True True False
winfxlist.xml id nl5vaviiqoza.badnews 0x02b90000 0x02b90fff Memory Mapped File rw True True False
api-ms-win-core-file-l1-2-0.dll id nl5vaviiqoza.badnews 0x02ba0000 0x02ba4fff Memory Mapped File rw True True False
mswds_en.lex id nl5vaviiqoza.badnews 0x02bb0000 0x02c1cfff Memory Mapped File rw True True False
c2rmanifest.accessmui.msi.16.en-us.xml id nl5vaviiqoza.badnews 0x02bc0000 0x02bcefff Memory Mapped File rw True True False
api-ms-win-core-file-l2-1-0.dll id nl5vaviiqoza.badnews 0x02bc0000 0x02bc4fff Memory Mapped File rw True True False
addins.store id nl5vaviiqoza.badnews 0x02bc0000 0x02bc2fff Memory Mapped File rw True True False
6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 id nl5vaviiqoza.badnews 0x02bd0000 0x02bd0fff Memory Mapped File rw True True False
java.exe id nl5vaviiqoza.badnews 0x02be0000 0x02c12fff Memory Mapped File rw True True False
hx.hxt id nl5vaviiqoza.badnews 0x02c20000 0x02c20fff Memory Mapped File rw True True False
gifimp32.flt id nl5vaviiqoza.badnews 0x02c20000 0x02c5cfff Memory Mapped File rw True True False
private_0x0000000002c60000 0x02c60000 0x02c9ffff Private Memory rw True False False -
local state id nl5vaviiqoza.badnews 0x02c60000 0x02c72fff Memory Mapped File rw True True False
fdate.dll id nl5vaviiqoza.badnews 0x02c60000 0x02c7cfff Memory Mapped File rw True True False
agencyb.ttf id nl5vaviiqoza.badnews 0x02c60000 0x02c6efff Memory Mapped File rw True True False
user-32.png id nl5vaviiqoza.badnews 0x02c60000 0x02c60fff Memory Mapped File rw True True False
psget.resource.psd1 id nl5vaviiqoza.badnews 0x02c60000 0x02c6bfff Memory Mapped File rw True True False
msoeuro.dll id nl5vaviiqoza.badnews 0x02c80000 0x02c8bfff Memory Mapped File rw True True False
api-ms-win-core-file-l2-1-0.dll id nl5vaviiqoza.badnews 0x02c80000 0x02c84fff Memory Mapped File rw True True False
api-ms-win-core-localization-l1-2-0.dll id nl5vaviiqoza.badnews 0x02c80000 0x02c85fff Memory Mapped File rw True True False
fbiblio.dll id nl5vaviiqoza.badnews 0x02c90000 0x02caefff Memory Mapped File rw True True False
v64.hash id nl5vaviiqoza.badnews 0x02c90000 0x02c90fff Memory Mapped File rw True True False
private_0x0000000002ca0000 0x02ca0000 0x02d9ffff Private Memory rw True False False -
epsimp32.flt id nl5vaviiqoza.badnews 0x02cb0000 0x02d57fff Memory Mapped File rw True True False
ose.exe id nl5vaviiqoza.badnews 0x02cb0000 0x02ceffff Memory Mapped File rw True True False
c2rpridslicensefiles_auto.xml id nl5vaviiqoza.badnews 0x02cb0000 0x02cc4fff Memory Mapped File rw True True False
concrt140.dll id nl5vaviiqoza.badnews 0x02cd0000 0x02d0bfff Memory Mapped File rw True True False
psreadline.psd1 id nl5vaviiqoza.badnews 0x02cf0000 0x02cf0fff Memory Mapped File rw True True False
displaylanguagenames.en_gb_euro.txt id nl5vaviiqoza.badnews 0x02cf0000 0x02cf8fff Memory Mapped File rw True True False
hx.hxc id nl5vaviiqoza.badnews 0x02cf0000 0x02cf0fff Memory Mapped File rw True True False
vc_runtimeminimum_x86.msi id nl5vaviiqoza.badnews 0x02d00000 0x02d22fff Memory Mapped File rw True True False
versiondescriptor.xml id nl5vaviiqoza.badnews 0x02d10000 0x02d12fff Memory Mapped File rw True True False
microsoft.visualstudio.tools.applications.addinadapter.v10.0.dll id nl5vaviiqoza.badnews 0x02d10000 0x02d1afff Memory Mapped File rw True True False
microsoft.visualstudio.tools.applications.addinadapter.v9.0.dll id nl5vaviiqoza.badnews 0x02d10000 0x02d1dfff Memory Mapped File rw True True False
api-ms-win-core-synch-l1-2-0.dll id nl5vaviiqoza.badnews 0x02d10000 0x02d14fff Memory Mapped File rw True True False
microsoft.powershell.psreadline.resources.dll id nl5vaviiqoza.badnews 0x02d20000 0x02d24fff Memory Mapped File rw True True False
microsoft.visualstudio.tools.applications.hostadapter.v10.0.dll id nl5vaviiqoza.badnews 0x02d20000 0x02d29fff Memory Mapped File rw True True False
vc_runtimeadditional_x64.msi id nl5vaviiqoza.badnews 0x02d30000 0x02d52fff Memory Mapped File rw True True False
appvisvsubsystems64.dll id nl5vaviiqoza.badnews 0x02d30000 0x02d54fff Memory Mapped File rw True True False
api-ms-win-core-file-l1-2-0.dll id nl5vaviiqoza.badnews 0x02d60000 0x02d64fff Memory Mapped File rw True True False
pagefile_0x0000000002da0000 0x02da0000 0x02dd2fff Pagefile Backed Memory rw True False False -
private_0x0000000002de0000 0x02de0000 0x02e1ffff Private Memory rw True False False -
ntuser.dat id nl5vaviiqoza.badnews 0x02de0000 0x02e1ffff Memory Mapped File rw True True False
ntuser.dat.log1 id nl5vaviiqoza.badnews 0x02de0000 0x02de5fff Memory Mapped File rw True True False
private_0x0000000002e20000 0x02e20000 0x02f1ffff Private Memory rw True False False -
regid.1991-06.com.microsoft office 16 click-to-run extensibility component.swidtag id nl5vaviiqoza.badnews 0x02e20000 0x02e20fff Memory Mapped File rw True True False
chucu jadnvk.contact id nl5vaviiqoza.badnews 0x02e20000 0x02e20fff Memory Mapped File rw True True False
vc_runtimeadditional_x64.msi id nl5vaviiqoza.badnews 0x02e20000 0x02e42fff Memory Mapped File rw True True False
acrofx32.dll id nl5vaviiqoza.badnews 0x02e20000 0x02e33fff Memory Mapped File rw True True False
.lnk id nl5vaviiqoza.badnews 0x02e30000 0x02e30fff Memory Mapped File rw True True False
install.ins id nl5vaviiqoza.badnews 0x02e40000 0x02e40fff Memory Mapped File rw True True False
updatesessionorchestration.019.etl id nl5vaviiqoza.badnews 0x02e40000 0x02e41fff Memory Mapped File rw True True False
masterdescriptor.en-us.xml id nl5vaviiqoza.badnews 0x02e40000 0x02e45fff Memory Mapped File rw True True False
microsoft.visualstudio.tools.applications.contract.v10.0.dll id nl5vaviiqoza.badnews 0x02e50000 0x02e56fff Memory Mapped File rw True True False
regid.1991-06.com.microsoft office 16 click-to-run licensing component.swidtag id nl5vaviiqoza.badnews 0x02ea0000 0x02ea0fff Memory Mapped File rw True True False
updatesessionorchestration.002.etl id nl5vaviiqoza.badnews 0x02ea0000 0x02ea3fff Memory Mapped File rw True True False
updatesessionorchestration.003.etl id nl5vaviiqoza.badnews 0x02ea0000 0x02ea3fff Memory Mapped File rw True True False
updatesessionorchestration.017.etl id nl5vaviiqoza.badnews 0x02ea0000 0x02ea0fff Memory Mapped File rw True True False
desktop.ini id nl5vaviiqoza.badnews 0x02ea0000 0x02ea0fff Memory Mapped File rw True True False
ppcrlconfig600.dll id nl5vaviiqoza.badnews 0x02ea0000 0x02ea5fff Memory Mapped File rw True True False
api-ms-win-core-debug-l1-1-0.dll id nl5vaviiqoza.badnews 0x02ea0000 0x02ea4fff Memory Mapped File rw True True False
powershellget.psd1 id nl5vaviiqoza.badnews 0x02ea0000 0x02ea5fff Memory Mapped File rw True True False
updateux.001.etl id nl5vaviiqoza.badnews 0x02ea0000 0x02ea0fff Memory Mapped File rw True True False
api-ms-win-core-file-l1-1-0.dll id nl5vaviiqoza.badnews 0x02ea0000 0x02ea5fff Memory Mapped File rw True True False
api-ms-win-core-file-l1-2-0.dll id nl5vaviiqoza.badnews 0x02ea0000 0x02ea4fff Memory Mapped File rw True True False
api-ms-win-core-localization-l1-2-0.dll id nl5vaviiqoza.badnews 0x02ea0000 0x02ea5fff Memory Mapped File rw True True False
api-ms-win-core-memory-l1-1-0.dll id nl5vaviiqoza.badnews 0x02ea0000 0x02ea4fff Memory Mapped File rw True True False
readme.txt id nl5vaviiqoza.badnews 0x02ea0000 0x02ea0fff Memory Mapped File rw True True False
displaylanguagenames.en_ca.txt id nl5vaviiqoza.badnews 0x02ea0000 0x02ea8fff Memory Mapped File rw True True False
user-40.png id nl5vaviiqoza.badnews 0x02ea0000 0x02ea0fff Memory Mapped File rw True True False
masterdatastore.xml id nl5vaviiqoza.badnews 0x02ea0000 0x02ea0fff Memory Mapped File rw True True False
api-ms-win-core-processenvironment-l1-1-0.dll id nl5vaviiqoza.badnews 0x02ea0000 0x02ea4fff Memory Mapped File rw True True False
desktop.ini id nl5vaviiqoza.badnews 0x02eb0000 0x02eb0fff Memory Mapped File rw True True False
private_0x0000000002f20000 0x02f20000 0x02f5ffff Private Memory rw True False False -
private_0x0000000002f60000 0x02f60000 0x0305ffff Private Memory rw True False False -
accessible.tlb id nl5vaviiqoza.badnews 0x03030000 0x03030fff Memory Mapped File rw True True False
accessiblemarshal.dll id nl5vaviiqoza.badnews 0x03030000 0x03036fff Memory Mapped File rw True True False
api-ms-win-core-console-l1-1-0.dll id nl5vaviiqoza.badnews 0x03030000 0x03034fff Memory Mapped File rw True True False
indexed locations.search-ms id nl5vaviiqoza.badnews 0x03030000 0x03030fff Memory Mapped File rw True True False
api-ms-win-core-file-l1-2-0.dll id nl5vaviiqoza.badnews 0x03030000 0x03034fff Memory Mapped File rw True True False
api-ms-win-core-localization-l1-2-0.dll id nl5vaviiqoza.badnews 0x03030000 0x03035fff Memory Mapped File rw True True False
api-ms-win-core-processthreads-l1-1-1.dll id nl5vaviiqoza.badnews 0x03030000 0x03034fff Memory Mapped File rw True True False
masterdatastore.xml id nl5vaviiqoza.badnews 0x03030000 0x03030fff Memory Mapped File rw True True False
customizations.xml id nl5vaviiqoza.badnews 0x03030000 0x03031fff Memory Mapped File rw True True False
enutxt.pdf id nl5vaviiqoza.badnews 0x03030000 0x03031fff Memory Mapped File rw True True False
psget.format.ps1xml id nl5vaviiqoza.badnews 0x03030000 0x03033fff Memory Mapped File rw True True False
workflow.visualbasic.targets id nl5vaviiqoza.badnews 0x03030000 0x03031fff Memory Mapped File rw True True False
17dfc292991c7c24.timestamp id nl5vaviiqoza.badnews 0x03030000 0x03030fff Memory Mapped File rw True True False
api-ms-win-core-errorhandling-l1-1-0.dll id nl5vaviiqoza.badnews 0x03030000 0x03034fff Memory Mapped File rw True True False
readermessages id nl5vaviiqoza.badnews 0x03030000 0x03039fff Memory Mapped File rw True True False
customizations.xml id nl5vaviiqoza.badnews 0x03030000 0x03030fff Memory Mapped File rw True True False
psget.resource.psd1 id nl5vaviiqoza.badnews 0x03030000 0x0303cfff Memory Mapped File rw True True False
customizations.xml id nl5vaviiqoza.badnews 0x03030000 0x03030fff Memory Mapped File rw True True False
customizations.xml id nl5vaviiqoza.badnews 0x03030000 0x03031fff Memory Mapped File rw True True False
masterdatastore.xml id nl5vaviiqoza.badnews 0x03030000 0x03030fff Memory Mapped File rw True True False
vstoee100.tlb id nl5vaviiqoza.badnews 0x03030000 0x03034fff Memory Mapped File rw True True False
vstoee90.tlb id nl5vaviiqoza.badnews 0x03030000 0x03035fff Memory Mapped File rw True True False
telemetry.asm-windowsdefault.json.bk id nl5vaviiqoza.badnews 0x03030000 0x03030fff Memory Mapped File rw True True False
uss.chk id nl5vaviiqoza.badnews 0x03030000 0x03031fff Memory Mapped File rw True True False
windows.uif.static id nl5vaviiqoza.badnews 0x03030000 0x03030fff Memory Mapped File rw True True False
masterdatastore.xml id nl5vaviiqoza.badnews 0x03030000 0x03030fff Memory Mapped File rw True True False
masterdescriptor.x-none.xml id nl5vaviiqoza.badnews 0x03030000 0x03035fff Memory Mapped File rw True True False
s640.hash id nl5vaviiqoza.badnews 0x03030000 0x03030fff Memory Mapped File rw True True False
workflow.targets id nl5vaviiqoza.badnews 0x03030000 0x03031fff Memory Mapped File rw True True False
displaylanguagenames.en_gb.txt id nl5vaviiqoza.badnews 0x03030000 0x03038fff Memory Mapped File rw True True False
microsoft.stdformat.dll id nl5vaviiqoza.badnews 0x03030000 0x03035fff Memory Mapped File rw True True False
deploymentconfig.1.xml id nl5vaviiqoza.badnews 0x03040000 0x03040fff Memory Mapped File rw True True False
wlive48x48.png id nl5vaviiqoza.badnews 0x03040000 0x03041fff Memory Mapped File rw True True False
updater.ini id nl5vaviiqoza.badnews 0x03040000 0x03040fff Memory Mapped File rw True True False
desktop.lnk id nl5vaviiqoza.badnews 0x03040000 0x03040fff Memory Mapped File rw True True False
desktop.ini id nl5vaviiqoza.badnews 0x03040000 0x03040fff Memory Mapped File rw True True False
deploymentconfig.0.xml id nl5vaviiqoza.badnews 0x03050000 0x03050fff Memory Mapped File rw True True False
ntuser.dat{77a2c7ed-26f0-11e5-80da-e41d2d741090}.tm.blf id nl5vaviiqoza.badnews 0x03050000 0x0305ffff Memory Mapped File rw True True False
reagent.xml id nl5vaviiqoza.badnews 0x03050000 0x03050fff Memory Mapped File rw True True False
license id nl5vaviiqoza.badnews 0x03050000 0x03050fff Memory Mapped File rw True True False
desktop.ini id nl5vaviiqoza.badnews 0x03050000 0x03050fff Memory Mapped File rw True True False
extensibility.dll id nl5vaviiqoza.badnews 0x03050000 0x03053fff Memory Mapped File rw True True False
customizations.xml id nl5vaviiqoza.badnews 0x03050000 0x03050fff Memory Mapped File rw True True False
desktop.ini id nl5vaviiqoza.badnews 0x03050000 0x03050fff Memory Mapped File rw True True False
workflow.targets id nl5vaviiqoza.badnews 0x03050000 0x03051fff Memory Mapped File rw True True False
psget.resource.psd1 id nl5vaviiqoza.badnews 0x03050000 0x0305cfff Memory Mapped File rw True True False
dcfmui.msi.16.en-us.boot.tree.dat id nl5vaviiqoza.badnews 0x03050000 0x03051fff Memory Mapped File rw True True False
dcfmui.msi.16.en-us.tree.dat id nl5vaviiqoza.badnews 0x03050000 0x03052fff Memory Mapped File rw True True False
nislog.txt id nl5vaviiqoza.badnews 0x03050000 0x03058fff Memory Mapped File rw True True False
psreadline.format.ps1xml id nl5vaviiqoza.badnews 0x03050000 0x03050fff Memory Mapped File rw True True False
access.lnk id nl5vaviiqoza.badnews 0x03050000 0x03050fff Memory Mapped File rw True True False
mpr.dll.mui 0x03060000 0x03060fff Memory Mapped File r False False False -
bootsect.bak id nl5vaviiqoza.badnews 0x03070000 0x03071fff Memory Mapped File rw True True False
private_0x0000000003070000 0x03070000 0x030affff Private Memory rw True False False -
private_0x00000000030b0000 0x030b0000 0x031affff Private Memory rw True False False -
private_0x00000000031b0000 0x031b0000 0x031effff Private Memory rw True False False -
vstofiles.cat id nl5vaviiqoza.badnews 0x031b0000 0x031c5fff Memory Mapped File rw True True False
msgfilt.dll id nl5vaviiqoza.badnews 0x031b0000 0x031c1fff Memory Mapped File rw True True False
adodb.dll id nl5vaviiqoza.badnews 0x031d0000 0x031edfff Memory Mapped File rw True True False
private_0x00000000031f0000 0x031f0000 0x032effff Private Memory rw True False False -
desktop.ini id nl5vaviiqoza.badnews 0x031f0000 0x031f0fff Memory Mapped File rw True True False
customizations.xml id nl5vaviiqoza.badnews 0x032d0000 0x032d0fff Memory Mapped File rw True True False
onedrive.lnk id nl5vaviiqoza.badnews 0x032d0000 0x032d0fff Memory Mapped File rw True True False
desktop.ini id nl5vaviiqoza.badnews 0x032d0000 0x032d0fff Memory Mapped File rw True True False
winfxlist.xml id nl5vaviiqoza.badnews 0x032d0000 0x032d0fff Memory Mapped File rw True True False
accessmuiset.msi.16.en-us.tree.dat id nl5vaviiqoza.badnews 0x032d0000 0x032d1fff Memory Mapped File rw True True False
dcf.x-none.msi.16.x-none.boot.tree.dat id nl5vaviiqoza.badnews 0x032d0000 0x032e4fff Memory Mapped File rw True True False
vstoinstaller.exe id nl5vaviiqoza.badnews 0x032d0000 0x032e8fff Memory Mapped File rw True True False
pipelinesegments.store id nl5vaviiqoza.badnews 0x032d0000 0x032effff Memory Mapped File rw True True False
customizations.xml id nl5vaviiqoza.badnews 0x032e0000 0x032e1fff Memory Mapped File rw True True False
psget.format.ps1xml id nl5vaviiqoza.badnews 0x032e0000 0x032e3fff Memory Mapped File rw True True False
acecache11.lst id nl5vaviiqoza.badnews 0x032e0000 0x032e0fff Memory Mapped File rw True True False
masterdatastore.xml id nl5vaviiqoza.badnews 0x032e0000 0x032e0fff Memory Mapped File rw True True False
masterdatastore.xml id nl5vaviiqoza.badnews 0x032e0000 0x032e0fff Memory Mapped File rw True True False
aclviho asldjfl.contact id nl5vaviiqoza.badnews 0x03530000 0x03530fff Memory Mapped File rw True True False
database1.accdb id nl5vaviiqoza.badnews 0x03540000 0x03596fff Memory Mapped File rw True True False
reader_dc.helpcfg id nl5vaviiqoza.badnews 0x03570000 0x03570fff Memory Mapped File rw True True False
customizations.xml id nl5vaviiqoza.badnews 0x03570000 0x03570fff Memory Mapped File rw True True False
customizations.xml id nl5vaviiqoza.badnews 0x03570000 0x03570fff Memory Mapped File rw True True False
settings.ini id nl5vaviiqoza.badnews 0x03570000 0x03570fff Memory Mapped File rw True True False
masterdescriptor.x-none.xml id nl5vaviiqoza.badnews 0x03570000 0x03575fff Memory Mapped File rw True True False
4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b id nl5vaviiqoza.badnews 0x03580000 0x03580fff Memory Mapped File rw True True False
58.0.3029.110.manifest id nl5vaviiqoza.badnews 0x03590000 0x03590fff Memory Mapped File rw True True False
ppcrlconfig600.dll id nl5vaviiqoza.badnews 0x03590000 0x03596fff Memory Mapped File rw True True False
bing.url id nl5vaviiqoza.badnews 0x035a0000 0x035a0fff Memory Mapped File rw True True False
customizations.xml id nl5vaviiqoza.badnews 0x035d0000 0x035d0fff Memory Mapped File rw True True False
accessmui.msi.16.en-us.boot.tree.dat id nl5vaviiqoza.badnews 0x035d0000 0x035d8fff Memory Mapped File rw True True False
accessmui.msi.16.en-us.tree.dat id nl5vaviiqoza.badnews 0x035d0000 0x035d9fff Memory Mapped File rw True True False
accessmuiset.msi.16.en-us.boot.tree.dat id nl5vaviiqoza.badnews 0x035d0000 0x035d0fff Memory Mapped File rw True True False
masterdatastore.xml id nl5vaviiqoza.badnews 0x035d0000 0x035d0fff Memory Mapped File rw True True False
maintenanceservice-install.log id nl5vaviiqoza.badnews 0x038e0000 0x038e0fff Memory Mapped File rw True True False
downloads.lnk id nl5vaviiqoza.badnews 0x038e0000 0x038e0fff Memory Mapped File rw True True False
customizations.xml id nl5vaviiqoza.badnews 0x038e0000 0x038e1fff Memory Mapped File rw True True False
mpcache-a14cde2848bb5d8b88dfafe00552abfc83c353ce.bin.7e id nl5vaviiqoza.badnews 0x03a00000 0x03afffff Memory Mapped File rw True True False
microsoft.office.tools.v9.0.dll id nl5vaviiqoza.badnews 0x03b40000 0x03b59fff Memory Mapped File rw True True False
masterdatastore.xml id nl5vaviiqoza.badnews 0x03b60000 0x03b60fff Memory Mapped File rw True True False
ntuser.dat.log2 id nl5vaviiqoza.badnews 0x05200000 0x0527dfff Memory Mapped File rw True True False
state.rsm id nl5vaviiqoza.badnews 0x05200000 0x05200fff Memory Mapped File rw True True False
state.rsm id nl5vaviiqoza.badnews 0x05210000 0x05210fff Memory Mapped File rw True True False
vcredist_x86.exe id nl5vaviiqoza.badnews 0x05210000 0x0527ffff Memory Mapped File rw True True True
ntuser.dat{77a2c7ed-26f0-11e5-80da-e41d2d741090}.tmcontainer00000000000000000001.regtrans-ms id nl5vaviiqoza.badnews 0x05340000 0x053bffff Memory Mapped File rw True True False
ntuser.dat{77a2c7ed-26f0-11e5-80da-e41d2d741090}.tmcontainer00000000000000000002.regtrans-ms id nl5vaviiqoza.badnews 0x05340000 0x053bffff Memory Mapped File rw True True False
customizations.xml id nl5vaviiqoza.badnews 0x05380000 0x05386fff Memory Mapped File rw True True False
customizations.xml id nl5vaviiqoza.badnews 0x05390000 0x05390fff Memory Mapped File rw True True False
msaddndr.olb id nl5vaviiqoza.badnews 0x05cc0000 0x05cc5fff Memory Mapped File rw True True False
state.rsm id nl5vaviiqoza.badnews 0x05cc0000 0x05cc0fff Memory Mapped File rw True True False
updatesessionorchestration.018.etl id nl5vaviiqoza.badnews 0x05d00000 0x05d01fff Memory Mapped File rw True True False
uninstall.exe id nl5vaviiqoza.badnews 0x05f10000 0x05f25fff Memory Mapped File rw True True False
safe browsing bloom prefix set id nl5vaviiqoza.badnews 0x05f10000 0x05fbcfff Memory Mapped File rw True True False
state.rsm id nl5vaviiqoza.badnews 0x05f30000 0x05f30fff Memory Mapped File rw True True False
copyright id nl5vaviiqoza.badnews 0x05f30000 0x05f30fff Memory Mapped File rw True True False
microsoft.visualstudio.tools.office.addinadapter.v9.0.dll id nl5vaviiqoza.badnews 0x05fc0000 0x05fd5fff Memory Mapped File rw True True False
vc_runtimeadditional_x86.msi id nl5vaviiqoza.badnews 0x06050000 0x06072fff Memory Mapped File rw True True False
a3dutils.dll id nl5vaviiqoza.badnews 0x06150000 0x06178fff Memory Mapped File rw True True False
vstoee.dll id nl5vaviiqoza.badnews 0x06150000 0x06179fff Memory Mapped File rw True True False
armsvc.exe id nl5vaviiqoza.badnews 0x06150000 0x06164fff Memory Mapped File rw True True False
vc_runtimeminimum_x64.msi id nl5vaviiqoza.badnews 0x06150000 0x06174fff Memory Mapped File rw True True False
vc_runtimeminimum_x64.msi id nl5vaviiqoza.badnews 0x06150000 0x06172fff Memory Mapped File rw True True False
vc_runtimeadditional_x86.msi id nl5vaviiqoza.badnews 0x06150000 0x06172fff Memory Mapped File rw True True False
atl100.dll id nl5vaviiqoza.badnews 0x06150000 0x06176fff Memory Mapped File rw True True False
boot.sdi id nl5vaviiqoza.badnews 0x06300000 0x063fffff Memory Mapped File rw True True False
state.rsm id nl5vaviiqoza.badnews 0x06300000 0x06300fff Memory Mapped File rw True True False
state.rsm id nl5vaviiqoza.badnews 0x06310000 0x06310fff Memory Mapped File rw True True False
vcredist_x64.exe id nl5vaviiqoza.badnews 0x06340000 0x063affff Memory Mapped File rw True True False
ose.exe id nl5vaviiqoza.badnews 0x06380000 0x063bffff Memory Mapped File rw True True False
1494870c-9912-c184-4cc9-b401-a53f4d8de290.pdf id nl5vaviiqoza.badnews 0x064c0000 0x064edfff Memory Mapped File rw True True False
access.x-none.msi.16.x-none.boot.tree.dat id nl5vaviiqoza.badnews 0x064c0000 0x064e0fff Memory Mapped File rw True True False
vc_runtimeminimum_x86.msi id nl5vaviiqoza.badnews 0x064c0000 0x064e3fff Memory Mapped File rw True True False
vc_runtimeminimum_x86.msi id nl5vaviiqoza.badnews 0x064c0000 0x064e4fff Memory Mapped File rw True True False
microsoft.powershell.psreadline.dll id nl5vaviiqoza.badnews 0x064c0000 0x064e5fff Memory Mapped File rw True True False
vc_runtimeminimum_x64.msi id nl5vaviiqoza.badnews 0x064c0000 0x064e3fff Memory Mapped File rw True True False
mpcache-a14cde2848bb5d8b88dfafe00552abfc83c353ce.bin.80 id nl5vaviiqoza.badnews 0x06a80000 0x06b7ffff Memory Mapped File rw True True False
mpcache-a14cde2848bb5d8b88dfafe00552abfc83c353ce.bin.87 id nl5vaviiqoza.badnews 0x06a80000 0x06b7ffff Memory Mapped File rw True True False
msdia80.dll id nl5vaviiqoza.badnews 0x06d00000 0x06d9cfff Memory Mapped File rw True True False
access.x-none.msi.16.x-none.tree.dat id nl5vaviiqoza.badnews 0x06da0000 0x06de5fff Memory Mapped File rw True True False
c2rmanifest.excel.excel.x-none.msi.16.x-none.xml id nl5vaviiqoza.badnews 0x07c40000 0x07cc7fff Memory Mapped File rw True True False
jre-8u131-windows-x64.exe id nl5vaviiqoza.badnews 0x08000000 0x080fffff Memory Mapped File rw True True False
officeclicktorun.exe id nl5vaviiqoza.badnews 0x08280000 0x0837ffff Memory Mapped File rw True True False
baseimagefam8 id nl5vaviiqoza.badnews 0x08500000 0x085fffff Memory Mapped File rw True True False
winre.wim id nl5vaviiqoza.badnews 0x09400000 0x094fffff Memory Mapped File rw True True False
mpcache-a14cde2848bb5d8b88dfafe00552abfc83c353ce.bin.67 id nl5vaviiqoza.badnews 0x09400000 0x094fffff Memory Mapped File rw True True False
bootstat.dat id nl5vaviiqoza.badnews 0x09680000 0x0968ffff Memory Mapped File rw True True False
autologger-diagtrack-listener.etl id nl5vaviiqoza.badnews 0x0a540000 0x0a5dffff Memory Mapped File rw True True False
store.vol id nl5vaviiqoza.badnews 0x0b640000 0x0b73ffff Memory Mapped File rw True True False
msdia100.dll id nl5vaviiqoza.badnews 0x0b640000 0x0b703fff Memory Mapped File rw True True False
adobearmhelper.exe id nl5vaviiqoza.badnews 0x0b640000 0x0b6a7fff Memory Mapped File rw True True False
dcf.x-none.msi.16.x-none.tree.dat id nl5vaviiqoza.badnews 0x0b680000 0x0b6a6fff Memory Mapped File rw True True False
vc_redist.x64.exe id nl5vaviiqoza.badnews 0x0b780000 0x0b83efff Memory Mapped File rw True True False
vc_redist.x86.exe id nl5vaviiqoza.badnews 0x0b840000 0x0b8c1fff Memory Mapped File rw True True False
cab1.cab id nl5vaviiqoza.badnews 0x0b9c0000 0x0babffff Memory Mapped File rw True True False
psget.psm1 id nl5vaviiqoza.badnews 0x0ba00000 0x0ba34fff Memory Mapped File rw True True False
psget.psm1 id nl5vaviiqoza.badnews 0x0ba80000 0x0bab4fff Memory Mapped File rw True True False
airspace.etw.man id nl5vaviiqoza.badnews 0x0bd80000 0x0bde3fff Memory Mapped File rw True True False
integratedoffice.exe id nl5vaviiqoza.badnews 0x0bd90000 0x0be8ffff Memory Mapped File rw True True False
msdia80.dll id nl5vaviiqoza.badnews 0x0bed0000 0x0bfaffff Memory Mapped File rw True True False
ace.dll id nl5vaviiqoza.badnews 0x0cb80000 0x0cc68fff Memory Mapped File rw True True False
msdia100.dll id nl5vaviiqoza.badnews 0x0cc80000 0x0cd71fff Memory Mapped File rw True True False
adobearm.exe id nl5vaviiqoza.badnews 0x0cf40000 0x0d03ffff Memory Mapped File rw True True False
cab1.cab id nl5vaviiqoza.badnews 0x0d440000 0x0d53ffff Memory Mapped File rw True True False
guest.bmp id nl5vaviiqoza.badnews 0x0da80000 0x0db44fff Memory Mapped File rw True True False
cab1.cab id nl5vaviiqoza.badnews 0x0dd00000 0x0ddfffff Memory Mapped File rw True True False
javaw.exe id nl5vaviiqoza.badnews 0x0e580000 0x0e5b2fff Memory Mapped File rw True True False
javaws.exe id nl5vaviiqoza.badnews 0x0e980000 0x0e9cdfff Memory Mapped File rw True True False
uss.log id nl5vaviiqoza.badnews 0x0fe80000 0x0ff7ffff Memory Mapped File rw True True False
acrobroker.exe id nl5vaviiqoza.badnews 0x103c0000 0x10406fff Memory Mapped File rw True True False
excel.x-none.msi.16.x-none.boot.tree.dat id nl5vaviiqoza.badnews 0x10410000 0x10476fff Memory Mapped File rw True True False
vcredist_x86.exe id nl5vaviiqoza.badnews 0x10500000 0x10571fff Memory Mapped File rw True True False
vcredist_x64.exe id nl5vaviiqoza.badnews 0x10580000 0x105f1fff Memory Mapped File rw True True False
cab1.cab id nl5vaviiqoza.badnews 0x10d80000 0x10e45fff Memory Mapped File rw True True False
chromesetup.exe id nl5vaviiqoza.badnews 0x12d90000 0x12e8ffff Memory Mapped File rw True True False
maintenanceservice.exe id nl5vaviiqoza.badnews 0x14f50000 0x14f7afff Memory Mapped File rw True True False
accicons.exe id nl5vaviiqoza.badnews 0x16200000 0x162fffff Memory Mapped File rw True True False
readme.htm id nl5vaviiqoza.badnews 0x16d40000 0x16d44fff Memory Mapped File rw True True False
microsoft.mshtml.dll id nl5vaviiqoza.badnews 0x171c0000 0x172bffff Memory Mapped File rw True True False
cab1.cab id nl5vaviiqoza.badnews 0x172c0000 0x17388fff Memory Mapped File rw True True False
cab1.cab id nl5vaviiqoza.badnews 0x17750000 0x1784ffff Memory Mapped File rw True True False
cab1.cab id nl5vaviiqoza.badnews 0x183d0000 0x184ccfff Memory Mapped File rw True True False
acecore.dll id nl5vaviiqoza.badnews 0x18610000 0x1870ffff Memory Mapped File rw True True False
cab1.cab id nl5vaviiqoza.badnews 0x19910000 0x19a0ffff Memory Mapped File rw True True False
cab1.cab id nl5vaviiqoza.badnews 0x19e10000 0x19f0ffff Memory Mapped File rw True True False
msdia90.dll id nl5vaviiqoza.badnews 0x20d60000 0x20e03fff Memory Mapped File rw True True False
mslid.dll id nl5vaviiqoza.badnews 0x22b20000 0x22ba9fff Memory Mapped File rw True True False
liclua.exe id nl5vaviiqoza.badnews 0x234e0000 0x23570fff Memory Mapped File rw True True False
acrordrdcupd1800920044_incr.msp id nl5vaviiqoza.badnews 0x26580000 0x2667ffff Memory Mapped File rw True True False
aiodlite.dll id nl5vaviiqoza.badnews 0x26600000 0x2664ffff Memory Mapped File rw True True False
dbghelp.dll id nl5vaviiqoza.badnews 0x29490000 0x2958ffff Memory Mapped File rw True True False
cab1.cab id nl5vaviiqoza.badnews 0x29750000 0x2984ffff Memory Mapped File rw True True False
safe browsing bloom id nl5vaviiqoza.badnews 0x29cd0000 0x29dcffff Memory Mapped File rw True True False
cab1.cab id nl5vaviiqoza.badnews 0x2a210000 0x2a303fff Memory Mapped File rw True True False
dw20.exe id nl5vaviiqoza.badnews 0x2a310000 0x2a40ffff Memory Mapped File rw True True False
wow64cpu.dll 0x73030000 0x73037fff Memory Mapped File rwx False False False -
wow64.dll 0x73040000 0x7308efff Memory Mapped File rwx False False False -
wow64win.dll 0x73090000 0x73102fff Memory Mapped File rwx False False False -
iertutil.dll 0x741f0000 0x744b0fff Memory Mapped File rwx False False False -
urlmon.dll 0x744c0000 0x7461ffff Memory Mapped File rwx False False False -
dwmapi.dll 0x74600000 0x7461cfff Memory Mapped File rwx False False False -
propsys.dll 0x74620000 0x74761fff Memory Mapped File rwx False False False -
userenv.dll 0x74770000 0x74788fff Memory Mapped File rwx False False False -
ntmarta.dll 0x74790000 0x747b7fff Memory Mapped File rwx False False False -
rsaenh.dll 0x747c0000 0x747eefff Memory Mapped File rwx False False False -
bcrypt.dll 0x747f0000 0x7480afff Memory Mapped File rwx False False False -
cryptsp.dll 0x74810000 0x74822fff Memory Mapped File rwx False False False -
comctl32.dll 0x74830000 0x748c1fff Memory Mapped File rwx False False False -
mpr.dll 0x748d0000 0x748e6fff Memory Mapped File rwx False False False -
uxtheme.dll 0x74900000 0x74974fff Memory Mapped File rwx False False False -
dpapi.dll 0x74980000 0x74987fff Memory Mapped File rwx False False False -
apphelp.dll 0x74990000 0x74a20fff Memory Mapped File rwx False False False -
bcryptprimitives.dll 0x74a30000 0x74a88fff Memory Mapped File rwx False False False -
cryptbase.dll 0x74a90000 0x74a99fff Memory Mapped File rwx False False False -
sspicli.dll 0x74aa0000 0x74abdfff Memory Mapped File rwx False False False -
user32.dll 0x74ad0000 0x74c0ffff Memory Mapped File rwx False False False -
shlwapi.dll 0x74c10000 0x74c53fff Memory Mapped File rwx False False False -
advapi32.dll 0x74c60000 0x74cdafff Memory Mapped File rwx False False False -
powrprof.dll 0x74ce0000 0x74d23fff Memory Mapped File rwx False False False -
kernelbase.dll 0x74d30000 0x74ea5fff Memory Mapped File rwx False False False -
combase.dll 0x74f70000 0x75129fff Memory Mapped File rwx False False False -
kernel32.dll 0x75130000 0x7521ffff Memory Mapped File rwx False False False -
imm32.dll 0x75220000 0x7524afff Memory Mapped File rwx False False False -
kernel.appcore.dll 0x752b0000 0x752bbfff Memory Mapped File rwx False False False -
shell32.dll 0x752c0000 0x7667efff Memory Mapped File rwx False False False -
crypt32.dll 0x76680000 0x767f4fff Memory Mapped File rwx False False False -
windows.storage.dll 0x76800000 0x76cdcfff Memory Mapped File rwx False False False -
oleaut32.dll 0x76ce0000 0x76d71fff Memory Mapped File rwx False False False -
msctf.dll 0x76da0000 0x76ebffff Memory Mapped File rwx False False False -
ole32.dll 0x76f30000 0x77019fff Memory Mapped File rwx False False False -
cfgmgr32.dll 0x77020000 0x77055fff Memory Mapped File rwx False False False -
sechost.dll 0x770b0000 0x770f2fff Memory Mapped File rwx False False False -
profapi.dll 0x77100000 0x7710efff Memory Mapped File rwx False False False -
msasn1.dll 0x771c0000 0x771cdfff Memory Mapped File rwx False False False -
shcore.dll 0x771d0000 0x7725cfff Memory Mapped File rwx False False False -
rpcrt4.dll 0x772c0000 0x7736bfff Memory Mapped File rwx False False False -
gdi32.dll 0x77370000 0x774bcfff Memory Mapped File rwx False False False -
clbcatq.dll 0x77670000 0x776f1fff Memory Mapped File rwx False False False -
msvcrt.dll 0x778d0000 0x7798dfff Memory Mapped File rwx False False False -
ntdll.dll 0x77990000 0x77b08fff Memory Mapped File rwx False False False -
private_0x000000007fe92000 0x7fe92000 0x7fe94fff Private Memory rw True False False -
private_0x000000007fe95000 0x7fe95000 0x7fe97fff Private Memory rw True False False -
private_0x000000007fe98000 0x7fe98000 0x7fe9afff Private Memory rw True False False -
private_0x000000007fe9b000 0x7fe9b000 0x7fe9dfff Private Memory rw True False False -
private_0x000000007fe9e000 0x7fe9e000 0x7fea0fff Private Memory rw True False False -
private_0x000000007fea1000 0x7fea1000 0x7fea3fff Private Memory rw True False False -
private_0x000000007fea4000 0x7fea4000 0x7fea6fff Private Memory rw True False False -
private_0x000000007fea7000 0x7fea7000 0x7fea9fff Private Memory rw True False False -
private_0x000000007feaa000 0x7feaa000 0x7feacfff Private Memory rw True False False -
private_0x000000007fead000 0x7fead000 0x7feaffff Private Memory rw True False False -
pagefile_0x000000007feb0000 0x7feb0000 0x7ffaffff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffd5000 0x7ffd5000 0x7ffd7fff Private Memory rw True False False -
private_0x000000007ffd8000 0x7ffd8000 0x7ffdafff Private Memory rw True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7ffaf7a0ffff Private Memory r True False False -
ntdll.dll 0x7ffaf7a10000 0x7ffaf7bd1fff Memory Mapped File rwx False False False -
private_0x00007ffaf7bd2000 0x7ffaf7bd2000 0x7ffffffeffff Private Memory r True False False -
For performance reasons, the remaining 2825 entries are omitted.
The remaining entries can be found in flog.txt.
Created Files
»
Filename File Size Hash Values YARA Match Actions
C:\windows\clerlog.bat 0.19 KB MD5: 3aa0082ea4ca459fa9f13af5c2788d58
SHA1: a60205292bc2d40a3e6bfc5b5699151a54f8858a
SHA256: e89243c6ebcc85c215de36fc45b06fea95ac63ae0e45d277c373728f42686b95
SSDeep: 3:mKDDQjZYpIeNCzvFN6JKHzeB9AHHBmTPySAdQqFN8tovJRAATijwcAbWmIRSpNyj:hE1GXQWJ64zTlaAATiQbHJXIl
True
C:\Users\CIiHmnxMn6Ps\Desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe 13.00 KB MD5: eafaa42673af89821d56bd7fc848a88f
SHA1: 86a7d03e710d54651752e99046669088696e68b8
SHA256: 1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4
SSDeep: 192:MZote8k1WXCNc7m6mhWavEoh/w+I2w6+o4NIWJWNrPSvmPld:M78kMXU+m6mQu5hor2uoc7D+d
False
\\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe ID NL5VaVIIqOZA.BadNews 446.54 KB MD5: 3f3624300ce76e65acaaf579e2e41e30
SHA1: c5a741b82fd7ef80187b52035ea950170a3fdf6f
SHA256: 816942b126e04a47cbc647e648a27aa26a4648de2c19375a44070a659ea95ad4
SSDeep: 12288:3YboGopjlDYMlDE90Xht+luCOBps5VewmaZ/HBacV3:Idop9T8a+luCOAVdfkO
True
\\?\C:\Users\CIiHmnxMn6Ps\Contacts\chucu jadnvk.contact ID NL5VaVIIqOZA.BadNews 2.65 KB MD5: 52e085032df7e4cae40b6ac285dea2f3
SHA1: 1c4ecd5027096729d6b410a4837effeda5116975
SHA256: 3e0b82198c803e3e58625e4b121f14b89106580b04f22295cc6799bd938b9498
SSDeep: 48:LyIOvZT1unNWSVsS88wcKPVTtPPs89PhZQ8nioTO2XErnghmQfIgFB4RjEJr0L9D:LMmWFMGfs89hOZoVCFwIApr0L9hTMIb
False
\\?\C:\Users\CIiHmnxMn6Ps\Desktop\MqqaQUIOXt.avi ID NL5VaVIIqOZA.BadNews 64.48 KB MD5: 862bada4ee75cd3b1c061107a2f9bf55
SHA1: efe0042b4456c931aa4b3730eeb44c55dc6ef27d
SHA256: 5a7a8e6ee363ce00694ecfc64da00622796c63897786fce604c6e52b025c5438
SSDeep: 1536:BgC/pnX0kOuKYj/EP/A9rGQkoVHB8aeItzw6GSvN:DxX0IHj/KCGQNvXGC
False
\\?\C:\Users\CIiHmnxMn6Ps\Pictures\FTCT.png ID NL5VaVIIqOZA.BadNews 18.04 KB MD5: 9484cffab0c4f27dade0d7bfd9f68b63
SHA1: 474033a886a345efdaf077f4857c5d9fff6c8c49
SHA256: 4571f68a60b4b9aaf81391a3056377fefbea1b510e97e9d1378826f5d1843bc4
SSDeep: 384:NYPimYBpCavwLv8kSyMISLe4d/phV0QSmOL9h5:yPimYBp8v85yMId4d/KQSrL9D
False
\\?\C:\Users\CIiHmnxMn6Ps\Searches\Indexed Locations.search-ms ID NL5VaVIIqOZA.BadNews 1.74 KB MD5: 88bb084f20cb6249083d58f4e6409d1e
SHA1: 0c266e19a8f609a159649f16370236a141496f07
SHA256: c4386d2ff6c086d73edc3e69e05972a5e7b7bfbad9008b2f3e303ce8a9a40b83
SSDeep: 48:tl+caAJzxRgm3fFnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:tlBR3fUoVCFwIApr0L9hTMIb
False
\\?\C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.psd1 ID NL5VaVIIqOZA.BadNews 23.15 KB MD5: 601972fa750378499ba97c12ff3ee0ae
SHA1: 9f4dd2ec079120e7201560393c0e644caa964b4a
SHA256: b408a9f3b34d53eb5a0d1d1a50ef670475ccdc38d84271850c59ccf2c519461e
SSDeep: 384:RwcX5WnQUHTV8qyNYmGCpT0oBVhuUpifb6om7MeCpdWkVrC0Fn7AUWK8qWvS866s:RwO5vUzVKN6qBVhJ0fb6F6dWurpnzWKJ
False
\\?\C:\Users\CIiHmnxMn6Ps\Videos\crv__X6D-6VzmL-1hsmr.swf ID NL5VaVIIqOZA.BadNews 14.93 KB MD5: 9cb9506ec13caed31f71839065b4395b
SHA1: 7b92785ff7f6c1634384f96b5358fe799ceb3612
SHA256: bed7da59b19d030953e21e1cc637be3f2098941c4baa8fd8afb0ffbe513ec27a
SSDeep: 384:geod2RAzagGNzTlMBfwuRwYr2u2x/c6Pi99dJfaHt3FOfPfaL5oSmOL9h5:gjARAzoNnlNcw1u2l/PKLfaHt8fauSrp
False
\\?\C:\Users\CIiHmnxMn6Ps\Documents\desktop.ini ID NL5VaVIIqOZA.BadNews 1.89 KB MD5: e5ac253720451a033231e840b61921bc
SHA1: 51d5b72bbd61a535f57042fe28c311b0754f6577
SHA256: 1e884ac192efab931575babe61594e3d42c94bb7a2a6a2c819481b6417ef7c55
SSDeep: 48:xpjVBiLYljC7Zv7FXZ9wDYnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:/+LYljkjFp+oVCFwIApr0L9hTMIb
False
\\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.014.etl ID NL5VaVIIqOZA.BadNews 17.50 KB MD5: 16630ed77379431f23c89e57618db004
SHA1: 51bd9acb2bbf2b4f387c04deec0f70296d9ac931
SHA256: 07aa5ed01400fe82c5dfc8ab84194c98206fcca9dd1e254515e40c639cb05aa0
SSDeep: 384:2FJgS1jtr2F3/KQZT/2Naeb/9/Ef3hwW7ZfetuSkcDrOF6lDFrsHSxCcoZ3+VlIC:eZr2FvzTeNRztmBZNSkcDCoDFsSxCcIK
False
\\?\C:\Program Files\Uninstall Information\broadwaychildrenvocational.exe ID NL5VaVIIqOZA.BadNews 75.00 KB MD5: 1aedaf25980acec7ee67a284601ef9da
SHA1: c1ce72a2717b0b263bc685c1121434ca719f7667
SHA256: 37ecf5e966fcf8a6934eb3e94fa9627c2631af253b03a29ac790922a6ea34365
SSDeep: 1536:2M9xkOs+dYasd6kqLya+Uru8uaZ5DLxqu4PiCKy/Nn6JeNQs8SvN:2MQmua86k4Vvq83DLoOyl6J/s8C
False
\\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\opDlC6QUcl.doc ID NL5VaVIIqOZA.BadNews 54.13 KB MD5: 5c69941a1af153a31617b33737217eea
SHA1: a6cfb084e46ba44d0dbd9edb49908ae064c0a833
SHA256: 941d39440e3073c847de389672d4bc1db7b9c790b85ddcafa3c8558553511543
SSDeep: 1536:Gk87LOWQiKAut+rMlLPzu9AhBC5Bis5sSvN:p8HO0/WUGLbgAj2OC
False
\\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\zKc7RH_1b.rtf ID NL5VaVIIqOZA.BadNews 16.94 KB MD5: 69a96008ad0be99294163aa9fa32cf0e
SHA1: b4c5c584ca6ccd2cfb7a857d26933e52d0ac6841
SHA256: c8d0d3e6fedd4a410bd3d4bff3ddac28f26cef8d756a12bb6e138a65a6bc61c5
SSDeep: 384:pusLLgRVi+zT5UFK77dYPPr9deC6l0aukqUTSmOL9h5:puFRV11hQeC6VFSrL9D
False
\\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.011.etl ID NL5VaVIIqOZA.BadNews 17.50 KB MD5: 06a6e5acec6f41e4f01ded4338733f2a
SHA1: a0e910e293fb1e6a532f0abadc56dc4b3d406ba3
SHA256: 58671b0a45704936a61ac4013b4771063c077c420778c1c79473c01b429d92f2
SSDeep: 384:qWevpwDz6F12e7TVLflP97s6epYW97iQ98SOUjXRadbexYSmOL9h5:qWevLyevHPepY47z98cPxYSrL9D
False
\\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag ID NL5VaVIIqOZA.BadNews 2.55 KB MD5: e9895904dd6edb132cdce97e50381d58
SHA1: a18341d94c617b07a0b4887771913990aa4e82f0
SHA256: 20bec416642828e3236721354b531f40b9e348e71e0c81aae6c4f3976bf16f81
SSDeep: 48:aubLYkX0JLn0OX6llzwaBfY1nioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:lbMkILnrXqlcaBYEoVCFwIApr0L9hTMO
False
\\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1pUvjwM8UwKSFGy.gif ID NL5VaVIIqOZA.BadNews 87.86 KB MD5: c69adc02894c370a6ea2d0a492a875fb
SHA1: 0ca9e465f461276ee9c05a3b633f58cba8a2d1f9
SHA256: f5d661834033f8ba7a3ece792c0ff72b0a1976279a36697931fb5cfb410a4438
SSDeep: 1536:7h+nkZ/67qKo7PpWc7Fny9Vp0GFqd2n9ng8usOTRxUBpzZkyLdEz6wM59lcQ+IsY:tAkZ/DDPowR6p0mt9nMTAvtLdEzRmcd6
False
\\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PSGet.Format.ps1xml ID NL5VaVIIqOZA.BadNews 15.41 KB MD5: 89728b7520f5437967f13b20b44e8b9c
SHA1: ba5e0d746f721e8a3357380edf25227af634cb11
SHA256: 736ba4187f03bb3858f72bab4ed8389d3a7693d430fa29a7a00ead9667670d8f
SSDeep: 384:W1Bi7lirV2HtCgdNimnDeNE3ebi0IfYimSmOL9h5:gBii2dd0QeOub/IfGSrL9D
False
\\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\a80ysSR.flv ID NL5VaVIIqOZA.BadNews 66.38 KB MD5: df038ceeb4e101e2ed98dbef7a4d5189
SHA1: 2ffbf706e847921d856e5f6029a7b9c172ef92ab
SHA256: bae43ffd39e429856c301b488e70db72d9364ce3e39009ec3e5fa416a9779d4b
SSDeep: 1536:la1MbQ07uJLaaRNFb6jen+psf1uPweawMuJhTq4ixhdSvN:lJt8Nwjc+x2w7TrS3C
False
\\?\C:\Users\CIiHmnxMn6Ps\Documents\EnKHxADYKnu.csv ID NL5VaVIIqOZA.BadNews 30.81 KB MD5: 46994522299365d23e0c4240002a80b6
SHA1: 05d6b69853bde8100576e8d14209977a933cd071
SHA256: 84c553a11756e08221aa028ad800feca96e6a1f8ef6c273541b51c96ac211633
SSDeep: 768:WqMrFqFpQXezLLMMK2gVjD1RiwBdqHX193j9KM3XjX5KoSrL9D:nMwQULMr3Vi4qHld9KM3XNrSvN
False
\\?\C:\Users\CIiHmnxMn6Ps\Searches\Everywhere.search-ms ID NL5VaVIIqOZA.BadNews 1.74 KB MD5: 50d11b083c8c8cc66f42e22330d4282c
SHA1: 4d7973208cd359a4deaec56ee99f0cf26d24a882
SHA256: df0aeede48947ab5091be2ec8d9ae92064132827bc8d16d1451d8fc309a6a981
SSDeep: 48:cBYDVFxQk/vaUlFMnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:cB2DMqFpoVCFwIApr0L9hTMIb
False
\\?\C:\Users\Default\NTUSER.DAT.LOG1 ID NL5VaVIIqOZA.BadNews 25.50 KB MD5: d593135fb9f18b1e81eed83c82da2c15
SHA1: c934e50daf11cbc48fe8f738dc4fbb3dd5530856
SHA256: 326b977a9476c3f23aa4ed9f03d1247549f796301a77153352c5096dac2523df
SSDeep: 768:o70QlHS55AMlNuhDTPESIojvq0J+NSrL9D:oDHMGLESpjvaNSvN
False
\\?\C:\Program Files\Microsoft Office 15\debate gs response.exe ID NL5VaVIIqOZA.BadNews 75.00 KB MD5: 4b508526bf7d1527bc39c99ed48dbc76
SHA1: 4441089a9ebe61374fcded6b8b14dc2ac9f420d2
SHA256: 5a56d3ce83f53dad62055aad33213f7782c048725d21624a536dcd1c5a90c080
SSDeep: 1536:qtHGy2KDFiPntj98xtnkNIKD4KSUqzhYM4e00qOpDIrij6wi6GrbSvN:qtHuKhYSxtnQI1rzhYMW0nEij6wi6AC
False
\\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1XisO9.avi ID NL5VaVIIqOZA.BadNews 50.07 KB MD5: f6bc75c49afbccd95a0e8bd523842b10
SHA1: efbc7bc173f6c531fedd3227cc7769b0d5b2d6f3
SHA256: fcbbdadf5eee9074faf98fc22bd51d1eb08eaaa817d70ee30d05e6a34bf11c71
SSDeep: 1536:BkJbCzTSylY0D5jG3eWPEvE0bIyiVYgSvN:BkJbg+ylke7vkhVXC
False
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll ID NL5VaVIIqOZA.BadNews 22.19 KB MD5: d364927c4cea4e8f097ed55c3e402d9d
SHA1: 55eb83fc3b6a6e9b1cbff67cdf03aaf8ab8e8e1a
SHA256: 1ca547557e051ba31101cf13ce62f5ac6eba404616d06fb12718045b9a4e4c77
SSDeep: 384:mdcCFSM9QGfy5h6cC9CzIyNiVRqNiI5Y0freGn0sQNe9ZxigTIq6SmOL9h5:rCFjQGcCgjNiVRqNH5Y0fn0Pe9LsLSrp
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-1462094071-1423818996-289466292-1000\46a78fa46b43fb180b4fa21773f8ff3e_427a1946-e0ff-4097-8c9e-ca2c1e22780b 2.17 KB MD5: 2dc692b87d877b90ea345a23784b35ce
SHA1: ad6f57fefc6ff2403af7f61e7e5858797063fb7b
SHA256: 7a7b923cf63b45e765c42bd967ee34eb577e29509954865f773773477f083627
SSDeep: 3::
False
\\?\C:\Users\CIiHmnxMn6Ps\Links\desktop.ini ID NL5VaVIIqOZA.BadNews 1.99 KB MD5: 3d805c03ec363dd4021f0410b9bc4a95
SHA1: 9b01f57a52f992048323eec6102d8447040eb4a5
SHA256: c4989065400654028003a5483b0728583111065e96777cf3ac6303edc0ccef60
SSDeep: 48:m3P/2Lnjf3p3qgnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:ue1goVCFwIApr0L9hTMIb
False
\\?\C:\Boot\BOOTSTAT.DAT ID NL5VaVIIqOZA.BadNews 65.50 KB MD5: 238812eaffd1166119153583d876d82c
SHA1: 3b32d17ac7a3835d8e1c19180f7dc6348a7187dd
SHA256: 13e2a98f94313eaea0f4eff43f56f09f0992944da4c53fdf6d3f7b55cc28698b
SSDeep: 1536:rpGFqVMimTG7by8HAqDubXML7h5t6L+CfzHdlD7W1ZwM/nSvN:rpGFqQK7Nh97ENjTynC
False
\\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.015.etl ID NL5VaVIIqOZA.BadNews 17.50 KB MD5: 0962ff1869746c2bdd0aa82e47b63547
SHA1: 719afa2157fd6860856ac816aad996cdbe7936d0
SHA256: 72cb8969d4aa3553b3da8b0888ae8d792d425f52c478d12435faa850fbdad13a
SSDeep: 384:wP7irfxK2JhXx7tn0Ed7pb6G4VDS1Yr7sWKyTrs+HWkOxtA0oSmOL9h5:wP7G04hXtiMpeG401e75ZHs+5OxGjSrp
False
\\?\C:\Users\CIiHmnxMn6Ps\Documents\L9ZzdDugiqj.pptx ID NL5VaVIIqOZA.BadNews 13.35 KB MD5: 834a0c051c0548f982f64c2f45b1ff56
SHA1: 615583c20b6f6baab28a5df736e38356097dbb22
SHA256: d4761c59da0d701626a7b8d1629b17d18544e751c725e56486ae1c199c482aba
SSDeep: 384:ZZA5km/wuexO374vYdKP2ZVUjtkrOPc4oF+eSmOL9h5:ZZA5fEA9dk2gxeQeSrL9D
False
\\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.016.etl ID NL5VaVIIqOZA.BadNews 17.50 KB MD5: 2a78f8f9e15c36ea0f660c56a8325fd1
SHA1: 7748cb3eda94c96c12932c01e3220637ea47bde0
SHA256: 4205dadccbde0c18b224db22970d4022a22e595032459c55f2f44a04b91d876c
SSDeep: 384:4W+/8rs+v7y+5pSprCT6omv0iJbQinrdKz+hfmSmOL9h5:M8s+Dy+DSJ+Ev0iq7+9mSrL9D
False
\\?\C:\Users\CIiHmnxMn6Ps\Pictures\YZAivOG1xExfHd6\SChpKyqP63Wc3Ifl.jpg ID NL5VaVIIqOZA.BadNews 57.13 KB MD5: a82745f2a03649d42fc112dbcdc6800d
SHA1: d36d2a33597d98ed8b34fad7b0affa5cc25febcb
SHA256: 05afb6bb8c5130bcf93b886d5db440a9f6931890fa8adeb958e7232b454e5bcf
SSDeep: 1536:z+cgSfHmuFsDAXmMJWdxrUNvW8S5+uy2wNgI2uSvN:SIvFGmJWdmNvWbq2inDC
False
\\?\C:\Users\Default\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TMContainer00000000000000000001.regtrans-ms ID NL5VaVIIqOZA.BadNews 513.50 KB MD5: 2937fc702597e89801ddb7bf348666ab
SHA1: 61f35e30f7ba4475d67b62ae494f838d23cb8d63
SHA256: 68a7fa594148cc1a747d7cc33175a56e321737c4040c88f5b82702f12e82f8da
SSDeep: 12288:piwvSSA06/mO+Gnz1vGaxmsowocgggpCdpkz8oFUpXU0He9:piwvSSA9z+GzvQsMjCD75X1a
False
\\?\C:\Recovery\WindowsRE\boot.sdi ID NL5VaVIIqOZA.BadNews 3.02 MB MD5: 753a6a141c18c418b5bf6d8207569442
SHA1: e71e765c2a5aa92746a57d8c5714d1c7c233589f
SHA256: 6a83073d2c434eb4336cc83557889d0ce23831dfc752f9f937a4f63c514f8d19
SSDeep: 24576:UEJtUhYJXNWkei26Syiz88qKRdb8r+d3PUu8NPU+DWBH/vB:UEk6JXNk61iDqKRt8rCfUu5B/p
False
\\?\C:\Users\CIiHmnxMn6Ps\Music\2F5ig6v.mp3 ID NL5VaVIIqOZA.BadNews 74.58 KB MD5: 98df563cd8307706ad1fbc5cfdceee5b
SHA1: 6a90025a3d5661803bb067b3763edf161d127c1e
SHA256: 8d7cf463ec001a21bfa38320d44fc037f7c267b8697e5eda991852dd641e8ad2
SSDeep: 1536:eNrtKppJy87jUxDgSmCm/yKSq/YB0cWGauS+FoMPSvN:evKxy8yA9/FS+HfxyC
False
\\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\N83zhof_RAlqZS5ui.csv ID NL5VaVIIqOZA.BadNews 38.75 KB MD5: 3fe06108c2b8b078504d27f7e7308aa0
SHA1: da1777b939d064da013ea0d8844fbc79752011b0
SHA256: 00f2852738c0d162845371e0fd5213989e19a58d071d9e06914030c6029963a1
SSDeep: 768:8/Kblq0wBfGHpnH36jp1ZFbZ6IekwDIhW2MxLU56ZEOCV6RSrL9D:8/KIVGJq91LbnekbW2M6Oc6RSvN
False
\\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf ID NL5VaVIIqOZA.BadNews 183.96 KB MD5: c7f545566c67de5b3d0e2cb75757f80e
SHA1: b0140fe92eb94af18de31eaff8ed3ebd4db281d2
SHA256: 15247636ab206a790ec7b191326103792d32ab73717594e3e79023a43f18eed6
SSDeep: 3072:FqL/QaKjTIeRQ0Ewh1X8ij/UCnoCiLZxtAa6TtUS+YxYqdFixYrlXHC:rEwcijMyc0p+uYqy6B3C
False
\\?\C:\Users\CIiHmnxMn6Ps\Desktop\gru-RJpD1yp7Z.mp4 ID NL5VaVIIqOZA.BadNews 35.27 KB MD5: 5874e4dd2e43aa2b6d969fcd3ef73911
SHA1: c0b27ad8ab888ee3d0652cab59b744d0e072d4af
SHA256: 0b01e6a012bd8b39a513eae9e6c293a4a5dd44adec8a3913d39c88c98c99f3c8
SSDeep: 768:exyXIAZetxYef1q3bR7KrqnR6OHmn5Xtz2d3/hlqSrL9D:exy7ZegQiR7KrqRGXtK4SvN
False
\\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PSGet.psm1 ID NL5VaVIIqOZA.BadNews 212.64 KB MD5: 7ee96e32769a779e93f05371baf89585
SHA1: f4f9d060aae51b5a8244b33443bbe07f03ec793f
SHA256: f99efd10a40ada528fbecb0b8610f3e3d279b9c68f0961e5fb0d93d94e06a4d4
SSDeep: 6144:SXlpMuNRSyiv1Yka8SXFcAWqTf+ZNH/zDaJJ23oZhqC:iW0MyivKkaHvWq7qNf/eJ23o7B
False
\\?\C:\Program Files\MSBuild\delivered-sapphire-divisions.exe ID NL5VaVIIqOZA.BadNews 75.00 KB MD5: 5f1d22c08020b72c2fa21e542a4b8647
SHA1: 856e135b9c2b81391b13e225c1f4e2e0d274caea
SHA256: 8d8431f050e2000eea25a00fe705f990a3298ad8d10f4cacb9732e242c05daf3
SSDeep: 1536:c7Emu013/yx2RmraKM2JfA+Kv9MHyWbgw90dnjk+qQsA8GocYgdSvN:cYmus6WmVIKgw9Qw+OGAuC
False
\\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\2 u0.xlsx ID NL5VaVIIqOZA.BadNews 24.05 KB MD5: dd2452fc314c7e382c3a158bd2a7d2dc
SHA1: 6d03df9f71c15ae4c6917cc68d7cd80bc793b4bf
SHA256: 5d21d2b5f2014f68fff71c1d223121852eef2d8c3316ebdbeb392da4089664e3
SSDeep: 384:lfXcALbHYF/MqoxT7nEzSwIvZ5QlXIf9XjmMKc4b0J+FdOmxhrODe1SmOL9h5:lfcV0tvnEzDIXMim7YIPFhrOcSrL9D
False
\\?\C:\BOOTSECT.BAK ID NL5VaVIIqOZA.BadNews 9.50 KB MD5: d99e2895cbc70b4f7328fa8bf2322d0d
SHA1: 2cbb2e047c77542fb78ec537c22e9192c9cb2694
SHA256: a213a180e397922a0c256c6ecbb442cbdc8f14834761e467112f51deb50a72bb
SSDeep: 192:AEb6GOrEKMEKgRmNgSwrRJIEAQVOZzHbc+I9M/Gxl1ghahMRzNVImOL9hTV:A5EeQk9adQcp4z31+ahMxNSmOL9h5
False
\\?\C:\Program Files\Uninstall Information\product-fears-seafood.exe ID NL5VaVIIqOZA.BadNews 75.00 KB MD5: 9bad76329d5802cd42355d8986b884ac
SHA1: 24f31f7e68762206a1ca28ef3d0b974a469dc6ad
SHA256: 5ba19e5877e1ab9a1c2f6e6b3fd13e1248778eaab777b85bef7ab7804ca7ca77
SSDeep: 1536:aWPNWLPVGdTVIRMwqcuom/BjjQhcgyDh8hEbkHDa7LelO2/xoztW3xqE1oZxXlSF:ZAGdTS4DrJjBNCesdO2ZutIx9WZxVC
False
\\?\C:\Users\CIiHmnxMn6Ps\Documents\ptRBp.docx ID NL5VaVIIqOZA.BadNews 94.73 KB MD5: da6dbb19a49f097359ed10b1216eb859
SHA1: 08871d74a32633f74fca08f51c2facb2e5ca5b60
SHA256: e5f84aa9aeb1dd4a3522f959e69374de379754a22cf1e27c2ba229022ddb7e19
SSDeep: 1536:qxUJGYLkaf/A+9zp4p8BuMM2yumSI0oZDYZ07vdTz2d/CokjkKct0aFwjnnVPusu:cUJGYLku/blGCBM2yuIZD42RzVoxHWTC
False
\\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\3hWv.wav ID NL5VaVIIqOZA.BadNews 64.51 KB MD5: c1edb71b1b1b347a41939964e027e93f
SHA1: 4401c95854127a6e6d41d99c85167f4870705f05
SHA256: fa8e69585046b9acded7a50b3d9128cc72d2f9b699395dd273a2f414eb1543f3
SSDeep: 1536:DAZdNy6gFONnEdw5ISeYHWb9UP+wI7U+R6UEmC5h+nZaXB6Jor30SvN:8b8hd4gRC+pCj6ZaXMJoYC
False
\\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\5VlZfX9.wav ID NL5VaVIIqOZA.BadNews 22.14 KB MD5: 17b794d3feabcdd4b5a973577dcf6c5b
SHA1: 558ab5099d78d7573a748dd5d3ce6996248b76a9
SHA256: e9713022a088dbee8210fffea4c31e34d21339586be53e6875985e7f0cb99fa4
SSDeep: 384:qosGRDrjrHfLaJGoyYnckvdmUYWIdpR2ZCWoOhnwP49r7gmGk2xzcOQcnlpjSmOp:qo/FnHDaGl2vUlW3uOyPs0mTiHnlpjSF
False
\\?\C:\Users\CIiHmnxMn6Ps\Favorites\desktop.ini ID NL5VaVIIqOZA.BadNews 1.89 KB MD5: 4bb8b8d0abd95e948a5f48274f82872e
SHA1: 836b620bff595d64aeb1c6a6bc93a7878eb151f2
SHA256: c27687888a9bbd2da703abb4ac6f5f0f2451bf512f47da630a99d85cd16262d1
SSDeep: 48:9NGTo88ITEaVcsODnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:9NGDXEaKyoVCFwIApr0L9hTMIb
False
\\?\C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini ID NL5VaVIIqOZA.BadNews 2.71 KB MD5: 6163f689c2815e0675a204f22758617a
SHA1: 64e1d8e2a992cdc017520e89de8ee4934f22bae1
SHA256: bbad8a36c005a18aa00ba9e024d51af099d7caeb47abff7896bab17f383acf0c
SSDeep: 48:AxGEBVHiZp4erxij2Zy+PLSN/Lli4UrZkVdjgRnioTO2XErnghmQfIgFB4RjEJry:AxGyVH7eK2o+TaxUevjFoVCFwIApr0LN
False
\\?\C:\Users\Public\Documents\desktop.ini ID NL5VaVIIqOZA.BadNews 1.77 KB MD5: 251a2a8d8f294b52c86327d810a195a6
SHA1: cfc952462ea69a2e6689629fd6db079457324f13
SHA256: f4b51356bd6ad4475ad5f3480d5c7f150d92076969e4775fba8ba87cd0f24f98
SSDeep: 48:AcwJmjjVKTSDnn1nioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:JSmcuDnnEoVCFwIApr0L9hTMIb
False
\\?\C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe ID NL5VaVIIqOZA.BadNews 88.09 KB MD5: 1309d15b6d71e8f529e95f23197940f6
SHA1: 25de3b15ce87925d2706793fa7a8293013892559
SHA256: c40c78568c1fbd5c82fc9539712abe319e674324e5745b21ea3ba2ff86ec4ece
SSDeep: 1536:94vIpXQtPou6pkdx65+48NjNMTLy8/9aFKeDdIvOVcjTb5W3BuYN+qutILSvN:qIpgt16U65+48NaTLy8IAkc+gI3BujWC
False
\\?\C:\Users\CIiHmnxMn6Ps\Documents\SoPLA--zPj.pptx ID NL5VaVIIqOZA.BadNews 74.16 KB MD5: 6afcdc816b536a1dbec25c20a3a8ed25
SHA1: a9f62a7dbf7cb0bed651ced35f0c910f1954ec33
SHA256: 9f85fbb566efdf87df3088b0101f1aecbf4113fb8beab68946a0b34a068bb593
SSDeep: 1536:ZslfX4bMKdhcKM/QNGIrTHO4FXLQL/4ifGsLYqkpmKypW+RSvN:Yf+hdFBNLLKgKGuYJppyo+RC
False
\\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm ID NL5VaVIIqOZA.BadNews 2.14 KB MD5: b622f42147ff73fd919d3ba14c7ad914
SHA1: 8ccf2b6e76b48ac58e73d40da31dddbfd928d3a0
SHA256: 18424cd05427e7fbfb6288d0e35398b845809f459a81964b93cfb58ffc199d8d
SSDeep: 48:LJXelANqWvQYo4/3DnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:VXiANPj5PGoVCFwIApr0L9hTMIb
False
\\?\C:\Users\CIiHmnxMn6Ps\Desktop\NIIxcls.doc ID NL5VaVIIqOZA.BadNews 64.28 KB MD5: f86314c32cc87c0b370eadaeb33d6ad4
SHA1: e745d35c0c2a872a5602b200b437b1ea2974f1a7
SHA256: 520eda4ea0413d8fddc6f2e87b7e3d98c1731a8866121871bb09d1da666437e1
SSDeep: 1536:g5RMBj80tTWZffHjhSWX+sSLXcg0tnvkFrASSvN:o6J80gZffn+sSDc/tvkFkSC
False
\\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.012.etl ID NL5VaVIIqOZA.BadNews 17.50 KB MD5: a34f1dec4f21c975b54a38afae263f0e
SHA1: 411210eeb6b8876f0c4a12ddc39b6e2df756f751
SHA256: 899509f0eceeac020007a8781ca2ae618dcd448adc1adbbbba4c3761ff831581
SSDeep: 384:vTF8Zs8iNyGdHhFMRVYRuVqKzJP/Bd6JMfm7vbyPXzvnSmOL9h5:vTFubGl0VYRuJz5uO/7nSrL9D
False
\\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.003.etl ID NL5VaVIIqOZA.BadNews 17.50 KB MD5: daa7ebeb877e4e7ec87cd9b305d8b822
SHA1: 22cf00592668722562911d02688f3866c72440fa
SHA256: c6836daf4d0b9464ec133f50bf45c4f9c83f86e21b138dc73bf438f247d24206
SSDeep: 384:czaSb7SiOTGZWCu7fHD30AZd4jTpjOiaLd+m+idkSmOL9h5:HSAvCu7PHm6iaLURckSrL9D
False
\\?\C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE ID NL5VaVIIqOZA.BadNews 254.17 KB MD5: 6793e8a9e76db8554d6239f6d474b3b1
SHA1: f0510767d0c9f9712db7c9a1520e7d1fe73c1168
SHA256: f85a92ddffca46243cfd86d3d5d37c43dd62a6a89b20a06f7190eab74f7447d8
SSDeep: 6144:jz7m2xMUcp6yxA5eBpbu3RADOlhhNoKRgEFjzXApC:jz7Lx3cp6IxfbuBmOl7qKFFjzXt
False
\\?\C:\Program Files (x86)\desktop.ini ID NL5VaVIIqOZA.BadNews 1.67 KB MD5: 85938cf69e7dd396c61da774e4b79b33
SHA1: 538fa1d2052c198caafefd0b5684c3baf68acd7c
SHA256: 1a1fde2378604daf410255985695854255d344a5fea36da0e155d6538ac7268c
SSDeep: 48:BwcZywBQnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:uctBFoVCFwIApr0L9hTMIb
False
\\?\C:\Users\CIiHmnxMn6Ps\Contacts\desktop.ini ID NL5VaVIIqOZA.BadNews 1.90 KB MD5: 1f96373b06833f228b1dc00826d27135
SHA1: 664f45ab8cbc0e7c806ff857ebd7e014654dfb1d
SHA256: afc17a6adc1568f0ca88e96e1ce397962995bc7a2cc7a64d46e5c2b15fb23979
SSDeep: 48:WbIMXsXGiohb9nioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:W0efbMoVCFwIApr0L9hTMIb
False
\\?\C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\58.0.3029.110.manifest ID NL5VaVIIqOZA.BadNews 1.72 KB MD5: 240df524aba4e16aef5bcf1bd7e050a8
SHA1: d50106b75c91ae8cc414c812b556abaca9a7f01b
SHA256: 4431771c8df52bc3b353d89ba68345cc957fcca72cc453e513d4baff411ae780
SSDeep: 48:QZB/l42vlrmjRnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:+BBCjYoVCFwIApr0L9hTMIb
False
\\?\C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll ID NL5VaVIIqOZA.BadNews 27.95 KB MD5: 5b50ba784d6a6d6765ecf60ac2bdc976
SHA1: 8e5ec5ea0e5c87fa0d1c8bf71245c510453c5418
SHA256: fd5da5a13f4f98d760098ff1b09fa3195f625187f6e3a8cd80f276523945415c
SSDeep: 768:y4ABO/rrWxrEVq34e5DWAZKSQ6Oa0XWuTGbylSrL9D:vAUrrWxYVqIk/E4mRTc0SvN
False
\\?\C:\Program Files\Windows Journal\family-parliamentary.exe ID NL5VaVIIqOZA.BadNews 75.00 KB MD5: 4de833016a48cfd82e4b61bcfe7b9d27
SHA1: 617fb149633d2b8699e0fee90e8f441ffa8b3f15
SHA256: e7f9e20c57fe413d1cd93daa6d7b9f609a46972d9cf5d7251c8a5db9af0238b6
SSDeep: 1536:UGYLinoRvhy4dUvA5bYYJSQ4a5NFuWOGQ6fBEHjI7bNv5lCVagXPFvemSQ7wtmJE:UlLio/DdUY5bYYJSFafPJsjIN6zPFq8e
False
\\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.017.etl ID NL5VaVIIqOZA.BadNews 5.50 KB MD5: 83ddcaec3f5e686d5a8c82307bce2bf4
SHA1: 813956a4350ae93dd885502b5484bceb9409c760
SHA256: 8790a8e08d8be3565a271ffd560259c3c83b8ce4c52388495128e05484c301ca
SSDeep: 96:MKXn5Da4oTgRJajWHCO04pyhQTPwH0CfkkgsmotGBcrz21roVCFwIApr0L9hTMIb:M6n5Da4oTgRUaHCO02hTStuCyaVImOLN
False
\\?\C:\Users\Default\NTUSER.DAT ID NL5VaVIIqOZA.BadNews 257.50 KB MD5: 7566a03c7aae7a8a9b31d646443d7149
SHA1: 75372386d8a3316a83ae02ac09007d17dc99e80f
SHA256: 7a3cff3cef2adb0901704ff42d3c9974e0b9f2d5758321dc0c1fcd96f4c043a8
SSDeep: 6144:58nDaEtMdpUUVfOZCC87f6gLZcX2P7z7/KF/bm242Zv54qrC:ank9fu8r6qcmjz7/KJb5rIt
False
\\?\C:\Users\CIiHmnxMn6Ps\Desktop\IqG7uC.pdf ID NL5VaVIIqOZA.BadNews 80.02 KB MD5: 5cea0f96681f37ee84c32c95c2d1327c
SHA1: 1b493de6ddfc666fd19043079cb608212c1edcc3
SHA256: 47e63629be3020070166c59e23208ad365021a0c8f2d4b0071827a7ce5451960
SSDeep: 1536:pgUZDWXIdvmu7t67DaYr9cXH6iN0QG/rvXDVV1lS7vG1k/KtNSvN:pgUZDSGvFceQcXxcrvXJFubSLC
False
\\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews 1.76 KB MD5: fcb954cb1e3002c1925b648584712ea9
SHA1: b91c9507e16bf8fb0078e95822de9472e4f421bc
SHA256: c1e91941bd2c2ac078430efbe5804a50c4ad78bd6cbb7cf62b531205ba384331
SSDeep: 48:9M1MPldzaVWnDXnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:dxtGoVCFwIApr0L9hTMIb
False
\\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\aclfz Zg378Y6_qpE5.gif ID NL5VaVIIqOZA.BadNews 60.28 KB MD5: 8d813e985cf34f18f526e674c4ddb858
SHA1: 87b557ef2fb600e9feaf2be6bc0316104f67508d
SHA256: 13865fafb0b33a16e524b5bf1228939e85bdba750de8910c1181da91a05e5930
SSDeep: 1536:HvPeMvSCvSbK7rUCkKGITCS+b38cnIQtRSSKAh/SvN:HvPXvSCvSerxdISGRrt1h/C
False
\\?\C:\Users\CIiHmnxMn6Ps\Documents\AQyW3K.docx ID NL5VaVIIqOZA.BadNews 91.81 KB MD5: 074f51995c45a5333d2051317f1d5a8b
SHA1: b9e61e09675da091fb03ab74f94176affe75fffa
SHA256: b42909799afc030e7c242ccf3ab97d447f5d5b6a14068c55cb5bf9125d7a9cf9
SSDeep: 1536:B75wWR9DqGg1sqf3sbNcMM/X0RC18gyuRYmD/nvtSGHTqcNNTepTSvN:hYr2AvELAYAFSEMC
False
\\?\C:\Users\Public\Videos\desktop.ini ID NL5VaVIIqOZA.BadNews 1.87 KB MD5: 1064890d9eeaccea799ce0b736415eae
SHA1: b71d36a6d82542f1598b5208de7d90c7ff2eb11d
SHA256: d6bd07686c22117c4800fe05e9dded9d341ec13bdaefeceb9ed3a5fd20dac3d5
SSDeep: 48:FHxJNMDbmwhZynioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:ZxJ+FoVCFwIApr0L9hTMIb
False
\\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.010.etl ID NL5VaVIIqOZA.BadNews 17.50 KB MD5: 6e73b7f3e600b35337759fc8d370f436
SHA1: e8747b93ba2bca164e42dc6efa069f97503b1d84
SHA256: c1353fa36fa0e73045a909674cf1ecaa930a6242b14951cae6d25539e180a697
SSDeep: 384:Tmmi4Vk3IzJcO6DC5bcvFG/Tg1OxDusMbLq91xSqXx+ggNSmOL9h5:CxmDzJcOQeIgkYx9Mi/+VNSrL9D
False
\\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe ID NL5VaVIIqOZA.BadNews 453.62 KB MD5: 51c0c0761b0592009d8a07854b982c83
SHA1: 3b1ef426f21b0f9072ff76ba73ed41cdbb21ee64
SHA256: 818c02b3a5513feee6a27935a212600a641bdc6d6ac24b8ace5a3dc1cad056ed
SSDeep: 12288:REroOfc9KcgdVpJf+ZBhdN8siAs8QFg3NX/roHbrycH:KroOfOiVpJfKLN3vQu35/r4+cH
False
\\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.004.etl ID NL5VaVIIqOZA.BadNews 17.50 KB MD5: fb35698c3683193b96f1895a0beebd43
SHA1: 9b4a2786dbbc033499f8ceb6a1fe88b7c98c7e4c
SHA256: b95fd88a4c1af4e58509ba508597d6ea74313bc8f9980e2022f1b55cf5021255
SSDeep: 384:oKGsB10760JVQ9Q+1MNHA9tS0cVKx2vS4bs4tCWZB+Qyf/SmOL9h5:oKlB2FV8QB5AjUVk23g4pZg/SrL9D
False
\\?\C:\Users\Default\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TMContainer00000000000000000002.regtrans-ms ID NL5VaVIIqOZA.BadNews 513.50 KB MD5: 5184511a3285461d88ca42139f159cc8
SHA1: 90c86f340d4cc95c041a68a224c600908f275227
SHA256: c022c49724133258e256ba7b9968aba736a2a9e957c44ed02c2c05a1f577ba30
SSDeep: 12288:iO0zoGq/pAjxXs9SofrwzI78VG/7GZqnFn24n3:iO0o/21ALf7EG/Bn7n3
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-1462094071-1423818996-289466292-1000\46a78fa46b43fb180b4fa21773f8ff3e_427a1946-e0ff-4097-8c9e-ca2c1e22780b 0.05 KB MD5: 0e74b2d60180ca3a437d55528e1845ff
SHA1: f002adc25ab2fc62b181790d0f5369045b4966e5
SHA256: 75183ca2bd0d0ee61fa5ac42333bb6235eefa8f5210a42fc758ea03223105cfe
SSDeep: 3:/l4lQgdocl:exdocl
False
\\?\C:\Users\CIiHmnxMn6Ps\Desktop\3lc6q9_bWuznu2v.jpg ID NL5VaVIIqOZA.BadNews 79.25 KB MD5: d7a8c6a489e1c6fb7bd598167b954b0b
SHA1: 36a574fe0b4ab8ceb501fdf340ecc25f1c335aa4
SHA256: ef0e0dafb99631acb6742618f53d5b9e9c4215dd5f5e11701428d6fa4350fb86
SSDeep: 1536:OdIgx5yVwnvm/rkrompu3xEcYITIFP+ZXo1ZBp252LI8VNFOJLpDPSvN:OdNIfzkTJcXfZY1Lps2LI8VNoBC
False
\\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe ID NL5VaVIIqOZA.BadNews 446.40 KB MD5: 558ee84c867eb0eda2b3119dbbefda42
SHA1: 6c02e49352c15fea2a9ec46d6a3990d0287b3209
SHA256: c49200269597de1ca18639900738cdf5ddcddc838a5ba1a793aa332655f3c89a
SSDeep: 12288:9wTuZ0CJl0qVdGYcVRw5M7UkHlkPkfVsWFM0dl:9k20CJl0wGYcVRwm4kFkPk9pFM2
False
\\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-errorhandling-l1-1-0.dll ID NL5VaVIIqOZA.BadNews 19.18 KB MD5: d837803822c4f590d3f810c17c207c0a
SHA1: 73b6f56f42bbede6bde03188d4d530c35fd69589
SHA256: ce75c631d8b19a63c4b74410818aec0625f1810f135419323be34d718d3e96e1
SSDeep: 384:MXsTMNA7hdYvMpM06LXJ0AKz5zahrNGrp7VfMdwaTYafap2KoqKiNRaSmOL9h5:MXC/haveMTJCWrNGhVgU2bqKiNsSrL9D
False
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll ID NL5VaVIIqOZA.BadNews 20.19 KB MD5: 927a6335fbaddc62fab143cc7360d5b7
SHA1: 28a0e1490d41fe5632afda65a30da85a4fef1de3
SHA256: 41893d1ebd54801732c5d79001697a8e925a70c8034a9a447e1f595a5fd51b8f
SSDeep: 384:qhXP0BNbxLps+Bo0IPjcE4fuYIyfC54rK39ik8VwvDPUgCz1rhASmOL9h5:ZbxLS+Bobjcjfux5eIv8VwbPtEr6SrLN
False
\\?\C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl ID NL5VaVIIqOZA.BadNews 641.50 KB MD5: d84b0ede3680cbf4cc8a5dfee441c40e
SHA1: 9ca1e82683122a680c6f7ee562290b159cd4d7da
SHA256: 64ed5d81da9c6d8ff84567f1f477b90c0825bd2c055f096ee62ec683cb1c0d4e
SSDeep: 12288:xj1Y+2uozVBbfMoGITjlOzkPrBl1OBFACZtWkfQvVvponqZ/+nP/Xb610:w+eVJfYIYs1AJQkfD/Xb610
False
\\?\C:\Users\CIiHmnxMn6Ps\Pictures\desktop.ini ID NL5VaVIIqOZA.BadNews 1.99 KB MD5: ef29eb941889d0c195a614c3f6ce8fd7
SHA1: 7b980105ad7451dc121db7b7175ef9e1a7eeb861
SHA256: 075554b793ccf25242ce101818de299273cfa14abee8778c9464c47940434601
SSDeep: 48:F/7AyeigWWHcnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:2uIoVCFwIApr0L9hTMIb
False
\\?\C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages ID NL5VaVIIqOZA.BadNews 39.50 KB MD5: 807e8e4c41437fb15d1355df0a1b3f0e
SHA1: a7bcd2b9e0e8aaa0aa124ed0bc62f8763aa09c9e
SHA256: 3ae6b53b54c97c03e3f8ebb8674e643144895a463a6691e88aa74ad0408065ef
SSDeep: 768:PNtlpLIPvWnDcVTVL/4WRod2PEEStCybKp1U3mmSrL9D:lbJbcVVLtO88EStCyyGWmSvN
False
\\?\C:\Program Files (x86)\Windows Portable Devices\advantageknowledgestormdaddy.exe ID NL5VaVIIqOZA.BadNews 75.00 KB MD5: 64e9b3d010cca76d77809214ea7ed251
SHA1: d2e270a52d57935f49d926baf32ee658b9345548
SHA256: e191d51442aebcdb4a71b421009ee02013127a55ae4b66275854794b9773f8fa
SSDeep: 1536:prOgBzir28m+yDc0PiUX/IJFOoAWml02LFMNh1/FndnDMwd5Z67GQOqQGiSvN:Udr21PDPiUX/IJFOLe2LFUh1nDMA5Z4p
False
\\?\C:\Users\CIiHmnxMn6Ps\Documents\8i3uwnGFbhZjcDNzr5.docx ID NL5VaVIIqOZA.BadNews 58.07 KB MD5: 39dc88d7b4a2ff71ab1e09208e6d11ea
SHA1: 150bb0de121cb4b579afa2dc4dbaf2690acec4a0
SHA256: 881ee785c211cf7527eb3c4f929269ea364d0cea2a3216d317614c299632ced1
SSDeep: 1536:oDZzTZcyl5SoDr/fwl05/AdBrxYtd+A5NhESvN:oBTqy7rQl0APxYtHvhEC
False
\\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\ENUtxt.pdf ID NL5VaVIIqOZA.BadNews 8.90 KB MD5: de1db05e7fc0a45112d7f2d9c469dcad
SHA1: 2ea3aa4f2587289c4063d6c1e70a1937dc491dfb
SHA256: fb208646a341e8facca58953be5b95c591fe09399fcfadd773700c7cb4cc499f
SSDeep: 192:ZtYUZproRUkJVzuv7fp8rwv52XItVCdmksSpjkjvDfQyahe18NzVImOL9hTV:PPo9ojfqrFnnp0rfQ0+xSmOL9h5
False
\\?\C:\Users\CIiHmnxMn6Ps\Links\Downloads.lnk ID NL5VaVIIqOZA.BadNews 2.45 KB MD5: ae61bfdf23f61e5aa097794f35ddd736
SHA1: 26849b225b040840554d6c1176b7416e468665c4
SHA256: 2a198a9a8bb43b6a8fa2690b5e750043df1be94b3323d0cf77693388e02efcb0
SSDeep: 48:HmtfD0EwUwyJzre00OuJjknGamnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:GtfD0jUvNe00OuhkGYoVCFwIApr0L9h5
False
\\?\C:\Users\CIiHmnxMn6Ps\Pictures\YZAivOG1xExfHd6\ijOxx.png ID NL5VaVIIqOZA.BadNews 14.87 KB MD5: dd0c45f0820f9539d685c31ec53c5a91
SHA1: 0f9a5c803de6937c3b76db37079cb8d7d165ab7a
SHA256: 0df1b307f19c11e02f17c8553e265dece6a14e3e88f10711e2f607769e207d46
SSDeep: 384:JjEE2aVGHeAYqY61sZvL7KYVVCc5O+QQq4Slkg4xSmOL9h5:FEE9GBYk6/VD+Qq4bgkSrL9D
False
\\?\C:\Users\CIiHmnxMn6Ps\Music\5rnBuaW9.wav ID NL5VaVIIqOZA.BadNews 37.90 KB MD5: 73eb081946fa555f57cebe65454c0d78
SHA1: 76fa8d5645777b1309264284be25b3fcd911b816
SHA256: 474edcefed5106e8a9f96df0da24e64ee74a0778bbef8b1b4c1279ccd44628a4
SSDeep: 768:63QP7s8puMctzvJxTOhk5oW4/AKscfxBRhuqQLv+O3MwnvbBq13yLAtPBBLvgxpV:6MTDkvJxwN/AQxPhuDmOdq13o+wYC+SF
False
\\?\C:\Users\CIiHmnxMn6Ps\Documents\NK_VOcd7S.pptx ID NL5VaVIIqOZA.BadNews 5.55 KB MD5: 676955b7fc6ee988cd9ec5c81c275adf
SHA1: 6d7b5def2ed938ffa5230daa405f0633016f8554
SHA256: 5e1a9ec8f14be32115e7e5d81a0f83927230e57bdfe7f28eabb1e70799dc7d48
SSDeep: 96:O/cWmQcOrND2eMw4cp8/xRvRSLN+pJwSTSv4Bk2y7oVCFwIApr0L9hTMIb:+USNLvkxtRKNwwnyk1MVImOL9hTV
False
\\?\C:\Users\CIiHmnxMn6Ps\Videos\aP-_O_tjBmfT6a OG.mkv ID NL5VaVIIqOZA.BadNews 35.45 KB MD5: 4c3011420f363b903056202ac325f85b
SHA1: ec04aab4d8fd214237bd8b5d19fe20879e1a074a
SHA256: f647e810be6f19742826f2f8981728362b86f3c1ac92aa79471cdcc2f653045b
SSDeep: 768:t9x+jO/MNr3nPQWl4CykA4yR+KIfhZDUapQbPTgBIOFA8gyFSrL9D:oCWYWl4C6J+b/QfmIejnFSvN
False
\\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml ID NL5VaVIIqOZA.BadNews 3.43 KB MD5: 0cf92fc64b6b79ac26712136965d33fc
SHA1: cdd32d0d64c116a17910a349da7e7cb8dab955f4
SHA256: 58ffe019033bbc0c4bf0f25ef54c428d17e2bcf793a69d661bfec1a72c587a87
SSDeep: 96:1Saow4FUQBcV2ge+AojCTWqoVCFwIApr0L9hTMIb:1Uw4SkgZASVImOL9hTV
False
\\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\3H9CRbT.m4a ID NL5VaVIIqOZA.BadNews 19.82 KB MD5: 5c046fb8f97a88e28cbf135bda413427
SHA1: 34e72ac9d58b3a51012bd0b88917e6cf1bd8f469
SHA256: 4bafca9361b5c5f755c54311eef6e1833379ef002d2a2b7fb6903e458525cb7f
SSDeep: 384:s5MGp7LVF7Yr/tnjXSlJsYPQZuwEmnFH98iIdRAxNSmOL9h5:sbJVF7clnTLLZjESP9KCNSrL9D
False
\\?\C:\Users\CIiHmnxMn6Ps\Pictures\3VA2_ n7PHo9aZ3-odx\m4dkHJVzpeWkT.png ID NL5VaVIIqOZA.BadNews 7.28 KB MD5: fc95e73197e1c4a4750590ec6ad4d8d9
SHA1: 32ccd18f835b67db30a0a0cdfa492bbf96912647
SHA256: 3ecf51aba12e038010c99efd804a927f299484de7583bc966c11ee3e4723c3b5
SSDeep: 192:eLWQ+rjkRSXma//fE/hWn/XozCqVImOL9hTV:UWQaQBWnPySmOL9h5
False
\\?\C:\Users\CIiHmnxMn6Ps\Desktop\M5-6yrLRIKeVPVkftsA.avi ID NL5VaVIIqOZA.BadNews 99.78 KB MD5: a0461d9e540cec7cc07fdecf01885c2b
SHA1: c736a295197c3ffebfc3959858b27994508df4c1
SHA256: 000975196556541e7cb8ec32e2ad4ceb7a2e8bf93e1052d045f93c74a93008a4
SSDeep: 3072:dO3Qa2Z4LvsBfkY3IyRVlQizzsFjwnaNC:kAa20vsBfk/c7NzS64C
False
\\?\C:\Users\CIiHmnxMn6Ps\Documents\8EXUdg A.pptx ID NL5VaVIIqOZA.BadNews 53.66 KB MD5: abf652340f3c49199278de858b1c8915
SHA1: 938fe4a2074960d1228d8b7979da1d6aa4353ec4
SHA256: 76f436042d94701698972c3358482282ee0330f2a802a8b1a40377d3c0993964
SSDeep: 768:R+zXR63Zldeb/f7Gc27EPqH4DpSz8IcWml0Bh2ivvoRyNbxSrL9D:R+zXR63Z8f7GTAPqHgRIm0BEMoRUNSvN
False
\\?\C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PSGet.Format.ps1xml ID NL5VaVIIqOZA.BadNews 15.41 KB MD5: 6f28985af6f1e8d3504e6abe28abf9ff
SHA1: 4b3bbc1531d419f295604fffcd884d6fc45ca03c
SHA256: 3d4a980509eea0ffb62348c89bd3b0e75c5d3da2042cd216303975f947759d44
SSDeep: 384:kkpY1ehDKSeaa7rmzjbDmsuCXys+cSmOL9h5:W1wKqavcXDmsJXy8SrL9D
False
\\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag ID NL5VaVIIqOZA.BadNews 2.55 KB MD5: 867e635e6fb9236986b588e498a9b060
SHA1: 08412edfe9090714413deb36536aeaa832bf7ca8
SHA256: 7ecd49bd917b05d1f85cd58a5e2e87fe95385ee5fdd53f7a767484b31bd36359
SSDeep: 48:pJID2yWDE0PFOZekDNaJtElQxcvbnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:H+FLeJJqacveoVCFwIApr0L9hTMIb
False
\\?\C:\ProgramData\Microsoft\MF\Pending.GRL ID NL5VaVIIqOZA.BadNews 16.12 KB MD5: 7d42ecff374c127639dd9a247839a9f8
SHA1: fc5af244abdc97ca4c138fa7e2d70b33c46487c6
SHA256: 58e6f5eb1fdb30815f71feb51be670439ff00c9b5e43b4bd17bd57f11f715936
SSDeep: 384:VQ0ILbzayn8FjlgKhDK/upcxVhm52B7vNI+pJ4DM7ZSSmOL9h5:ULa+8G8CpxK5YvNIyQM7ZSSrL9D
False
\\?\C:\Users\Public\desktop.ini ID NL5VaVIIqOZA.BadNews 1.67 KB MD5: 852bf8d8a8197455e36f7d731587a9f6
SHA1: 0c2f45c9a1004782fff80ec4d54b98151fa6f4dd
SHA256: 3eb188eb928952b265fa6b74cd3f17b8d1c7e6496bf88398396b11a08c3746d8
SSDeep: 48:a/li7tnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:a/lvoVCFwIApr0L9hTMIb
False
\\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\9RHfa dbtHtO.docx ID NL5VaVIIqOZA.BadNews 53.66 KB MD5: d1bf6a5a2d9c331850f9084cfe8abe9c
SHA1: 976c0fcb6bd48f22d7b362c12823983bdd88f86f
SHA256: c925db5cca6826b827525258538ada680b65aa797106ee1a7896aec982e73aa9
SSDeep: 1536:b+gEVJWt2JXDIylUey+7P7QbbG0pCqLMC359mqf3q3mjSvN:b6VJWwBNlVyAP7QjCE9mm6mjC
False
\\?\C:\Program Files\Microsoft Office\AppXManifest.xml ID NL5VaVIIqOZA.BadNews 5.78 MB MD5: be8e77b12b0dfc3a36b437e951c60736
SHA1: 5ab7b47a862c8062f343a7e3b13785307691bd6b
SHA256: 1e089df8675270238131ce6b435f04e97b0e80c6998d0a2a0ae4d512a8ad155f
SSDeep: 24576:rhvUK9rkKRxUKTEEKgulMyujbN2PPpd6J9FuZ9/OCC+KJ3NIRWi3NIHM5rh:rhT9rkEEOulMyukPku2+E3NI13NIs5F
False
\\?\C:\Program Files\Java\jre1.8.0_131\COPYRIGHT ID NL5VaVIIqOZA.BadNews 4.67 KB MD5: d0d1be8ed1ba11b53fa29466bb11ae31
SHA1: 4e8091d04b807fd71440adf6fb6295b49a2c4f5b
SHA256: 54daf80495f011dc41fb0c8f6d79956a62ed7dc917a2e4b5671c889d128a0c46
SSDeep: 96:JQaNwSo5c5mRjie0PgjZBJmiS5wXcd9ZoVCFwIApr0L9hTMIb:yS/mVOwbErCUUVImOL9hTV
False
\\?\C:\Users\CIiHmnxMn6Ps\Favorites\Bing.url ID NL5VaVIIqOZA.BadNews 1.70 KB MD5: 89a9ee44187adbe8c338173a25ebd6b3
SHA1: 20223c0482830ff8e28cbc93e4edf9668e566883
SHA256: e40c8e356c6abd2678fc5e0056c1286ce232c9004fcd867fe4387737f67c306f
SSDeep: 48:9Ov9IKLQnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:9OVIK5oVCFwIApr0L9hTMIb
False
\\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.007.etl ID NL5VaVIIqOZA.BadNews 17.50 KB MD5: 02f73c105fc920ba5a5c1c88608c4d8e
SHA1: 3541af36a4fb06c561821865167a259a7f79f602
SHA256: 51a85ea67f4c36a3fbc073fc167f2e550e58e7721cdce08792041979311ac386
SSDeep: 384:RClLWU+QoqP/8d/M0GpvHk72Y70GdSb3MFSmOL9h5:RiWJFqP/8K0GpvHQEGdPSrL9D
False
\\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-console-l1-1-0.dll ID NL5VaVIIqOZA.BadNews 19.69 KB MD5: 3e51279f9d28365947aafd3d8a196a11
SHA1: 09876abc05e0e8fdb1a6dab6606cd55de2329456
SHA256: bf3ca15aadf0de13c69f8acad68ec33e9739185e0f9ac8d031fce30838c78eeb
SSDeep: 384:0g6LlC3h65dz3v2vNUyEIQ/psLolWplYCNm44UlO2NNNSmOL9h5:0g6L43h65Bm6J/+LowplYCNm4CqSrL9D
False
\\?\C:\Program Files\Microsoft Office 15\italianbreakfastinstructors.exe ID NL5VaVIIqOZA.BadNews 75.00 KB MD5: 5849cd9c3cf84694b0a88fd071c8b3be
SHA1: a4f3ba0edabb107cd37d5236331571c8ffb1d24d
SHA256: 844cebc185d8701c2585987ae3c95ecc90fbfb76fd45250fd9d06e072aa8e026
SSDeep: 1536:w9A9zgF6E8mb/HhZ2FRgTBp6kzyj+JdBn3obzERTlYyzM3cbsgnr3hlJSvN:w9A9zbOHHgUBp6iyyln3oMCFUsC1C
False
\\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml ID NL5VaVIIqOZA.BadNews 4.02 KB MD5: e405747f19e8a749024f1051c9680c49
SHA1: f0a23bff689ae974c2747c8c7e6714d4bd131739
SHA256: b25187359d9baba2de728213bf94ee19cf4c1947689d4fa927735648e10d4e53
SSDeep: 96:pxGPOfIo8ctiuc85vB09T6UwEZdRsWoVCFwIApr0L9hTMIb:CPOf5Vtjc85u9+UhZTslVImOL9hTV
False
\\?\C:\Users\CIiHmnxMn6Ps\Documents\Database1.accdb ID NL5VaVIIqOZA.BadNews 349.50 KB MD5: 82bc2a1351bbe3ba7013d5aa2ed5a30d
SHA1: 90f532e66fe937436e1a2f95e429a01fa1406561
SHA256: c6f07736213ce6f89087a0f456e91de8b42d54436f595fdb395001720b7a7202
SSDeep: 6144:m35pLe3NjvLA4MUbPnqmRB8yRH6OaDxNAytw4dS9jXoP3H6YIAmHfA2il+P2OEz6:epLe3V59WmRB8yRahNVSFJYfMA2icPM6
False
\\?\C:\Users\Default\NTUSER.DAT.LOG2 ID NL5VaVIIqOZA.BadNews 505.50 KB MD5: b85fab7f508f6bbd72c9b54da3020cca
SHA1: 3b2998d86fa6d9e251bc4c5895751b99e8795bb3
SHA256: c86b19a3ca39cc3c05a5ceb92b66ffe9cd7654483d44f11074763b4a72f258f3
SSDeep: 12288:emruK2ZuCd5zIDMsJkPknGMf4STKD8kgxLIiWQ95wDZKKrWJLKu9W9t:emr2ZJ58DGyP4STKD8jxLI7scwQ6W9t
False
\\?\C:\Users\CIiHmnxMn6Ps\Videos\7mLe.flv ID NL5VaVIIqOZA.BadNews 40.05 KB MD5: 84d213603fb1b89ca1151c5f72ef402f
SHA1: f1543971fc72f56a03ba4d74abd2b6091e1ac3f8
SHA256: 83e39dcc4b462d6525604f42141e73d67ff2658521445168e563d71b7f228a9a
SSDeep: 768:tBRPX7IiMPY2nSy86B73o/NuUJ2Z3Jz/iGLjJpGucTXunKfIASrL9D:t/v7IRY2nJr73oJWNrXTcTXu2IASvN
False
\\?\C:\Program Files\Uninstall Information\admit-marvel.exe ID NL5VaVIIqOZA.BadNews 75.00 KB MD5: 75efe03ebee82c289d36feae7791bfaa
SHA1: 79e8ef8b7181df298885c381659587c45963f23a
SHA256: 7f1632cc0ef674494f5147f1cfbf98340d62f73194bcc801f97572ccf74263f8
SSDeep: 1536:evG742u086+PMWGDn8KS97StWjLSd1p8rjItVbXLM9hWSPHmP3cJzSvN:eWXt+PMpn81Od1p80NbMygLJC
False
\\?\C:\How To Decode Files.hta 1.25 KB MD5: 6e172775b44bc4b0ae13f7fb06fe5b7f
SHA1: 64899ee23d101e93dc3ddcdaa173c60b6c6f9d3d
SHA256: 38400d198714ebdac3925b44c2d54c0de2c6b7e2b09134f16d93eeb86e66449a
SSDeep: 24:k/bxHNJAlfHuReCoizRZfvQipe+vemXFvRcTDjR6UhlUSOYoAzFrSY:gxtJAlfqnhkOGvhSSgAtB
False
\\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\q4 MB-.wav ID NL5VaVIIqOZA.BadNews 9.75 KB MD5: cdc2b637100350d3415e1a0fa7e7b7fd
SHA1: b80848abc7e625e36a9471103e2c7999f8b8e28f
SHA256: 4e1664023ef603123119fe06a463cdb4faa1d9c0cebd0b2f7edf3324b6a23109
SSDeep: 192:Olhi3dN4JNRI2Ng8W120nc8JcZH83Zv1/QNMCMpblbzm658QMVImOL9hTV:ihPXI26XnWsZvKWppbzBWSmOL9h5
False
\\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\Oao-IUQTyvQHV.ppt ID NL5VaVIIqOZA.BadNews 93.42 KB MD5: a8e8a9c3d25d44fa900820c1e03dccc8
SHA1: cf4041abf647e65340ba8d124ab5aa7bdc2c1c06
SHA256: 00e536f7b3be9f14a73edd00fb6b00b5dfc11a9518c9f2f196cf2bf6d901fcec
SSDeep: 1536:Nxyt84L3VVYUoRLJ/h9m9RGIDAcWhGxnBAHii/FQLeZ+NQSD7R4/VR146aSvN:NxOzTVVp6t5m4c/xBmiuFQyMNQo7Ri2q
False
\\?\C:\Users\CIiHmnxMn6Ps\Contacts\Aclviho ASldjfl.contact ID NL5VaVIIqOZA.BadNews 2.65 KB MD5: 5158e9f2101627f3248c9cf6c4f9e57f
SHA1: 10812e38e735ad5c4efd81ce7b75c199119fa60f
SHA256: eb07e5de276b5311b2ac24b349ef7d0ef6be1ed699e51f58119e05495dc35b75
SSDeep: 48:tpueyt0sMeqp5m/f0k1wAZ0XpkEB4Ltq0iiOB+Z91nioTO2XErnghmQfIgFB4RjL:tpuN0g8a0C1ZOkY4PiiA+Z9EoVCFwIAQ
False
\\?\C:\Users\CIiHmnxMn6Ps\Pictures\OgQN5HkjveTjh\DEgCXYOGoIw\2An4F5UkE42NKunbAyO.gif ID NL5VaVIIqOZA.BadNews 62.97 KB MD5: ecfdfeb419eb31207a7018c3e3b313f2
SHA1: 5fbca30abae7a76cb5a7825c68cbd1630d28cf78
SHA256: 3125590dd96ff3f759434b85c7307c7328c7a49276f0466d1d13b23dbc609f32
SSDeep: 1536:E8wdWsk5tS1e8x/0yIcR+Kq4Btb/I2EwmA8swSvN:EPd+iFxMyN44b/I2EwmA87C
False
\\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\qfKkMd0PO54RLkUoc.ppt ID NL5VaVIIqOZA.BadNews 59.09 KB MD5: 95510fcdaa3fe2e9d703c3c816fecb27
SHA1: 95af01213f63356927b2302f168eab81cd46aaa0
SHA256: f44a8587c6798ba6d987689d16df53f5a14d2c9124110721c738239b22e3cd97
SSDeep: 1536:yF3/GerlkhXWFDtUX2iwcvAvlHJm4bdCB5U/JfXSvN:yEerl0oDtlgvAv5JmYYBexfC
False
\\?\C:\Users\CIiHmnxMn6Ps\Desktop\2Gnkxda mKIU4zQx0C6.bmp ID NL5VaVIIqOZA.BadNews 92.78 KB MD5: 0fe23b7ccc01fe5cfda97d92beaed632
SHA1: 38433c21de3423d5ac7279eeb87e1647fd1eae2b
SHA256: d9ecb5a0bfc8ebe5a36701e815c421aac7dac413c485a702e57e77a2c4a11e7d
SSDeep: 1536:qr1/sXstfbsU9ypq2xfHvn7IrrNV9B/afggmGObUTLXNRQ7RkyzzEQXQcmGAg/v+:qZxj7ExfHv7yNxag3GObUTLXNWRkyzzI
False
\\?\C:\Recovery\WindowsRE\ReAgent.xml ID NL5VaVIIqOZA.BadNews 2.52 KB MD5: a558aa9999e9748f42fc6fc923a90285
SHA1: 3d9e40b6163f481bef842609cc6eaa0d3bbbfd42
SHA256: 740c7446ecdcafaf5347a5a8d98551d381d0cdf82d41abe9e6f2460cd3672f1d
SSDeep: 48:SNmK5/73hlRF+aofYapzo0D2Bcwv0seF/nioTO2XErnghmQfIgFB4RjEJr0L9hTV:rKVDvRtwp+0DybeFaoVCFwIApr0L9hTV
False
\\?\C:\Users\CIiHmnxMn6Ps\Desktop\Cya8Law.jpg ID NL5VaVIIqOZA.BadNews 77.36 KB MD5: 4664181cfd37060916fcc069b974e83c
SHA1: 41b06a04bd2105278e8efaaf018168fd42ccb058
SHA256: b483badbfcd895cb8ed376a6eecc1e23d2c352ef5f747940c22c96293388ce45
SSDeep: 1536:OcCu+wOKfV34poRyEFMhXdnC1/MvFCq1ySnTeq2ecEuzDSMoSvN:Ocp+w9V34SRyEFMZ8BMdCiX/AZoC
False
\\?\C:\Users\CIiHmnxMn6Ps\Searches\desktop.ini ID NL5VaVIIqOZA.BadNews 2.01 KB MD5: 1ec41238280281f333bbb8cda23fa9c7
SHA1: 6bd6c0f598d2f8870e13b047207fa048bc333b4a
SHA256: d1123360f4b049ad098ce3e7b817857a2e8dbb17d034ae41071f5b20e19288bc
SSDeep: 48:Iu5sf3ynpG1jconnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:wfCnY1OoVCFwIApr0L9hTMIb
False
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\.LNK ID NL5VaVIIqOZA.BadNews 3.94 KB MD5: bc93eb7a51a1151ab17d86ed90ce65bc
SHA1: 483018c806b1efb6ee45355cf70d43fc78f59633
SHA256: 9bf6fc051f07f09c4d8da0072ab7d608d5c9e157780f5908252ea0a9db72b320
SSDeep: 96:6GmtFh9dcOtjUYP3tstx63pUeuoVCFwIApr0L9hTMIb:6GmH9SNYftaopUe9VImOL9hTV
False
\\?\C:\Program Files (x86)\Microsoft.NET\slovenia.exe ID NL5VaVIIqOZA.BadNews 75.00 KB MD5: 780098baa5e7420a195795682ac080b7
SHA1: 3e4ae52e5dbba10cb498795400c4265c42f454af
SHA256: 880eb18c4b933932d5c2a87ddffacfe64fcb95650ec0b7ba0f3fb01298638179
SSDeep: 1536:LmZeA6hNWE5uUvo2cwCNsPgSe5wYZhiww9Kuumat6d+mthWWU63dSvN:aMA6PWE3onrRSawhww95HTWV6tC
False
\\?\C:\Program Files\Microsoft Office 15\teach.exe ID NL5VaVIIqOZA.BadNews 75.00 KB MD5: 18dc4dfb3b1368e4ced44899aa02ac02
SHA1: 51c8d68a28ceacd184aa07b7c870dc568089ba53
SHA256: 9122f8c58efc5e148efd2dc917fb99bf6ee93550214e3df648484c81b3b1ad7e
SSDeep: 1536:bNMVxJsfQI2b1QY2uINhQ45YwVKAvEa+hUqLOhnQ/mfjkPduQHfl3VMSvN:6VxqYIbvfKAKYluqQduivMC
False
\\?\C:\Users\CIiHmnxMn6Ps\Desktop\jTCAfcL.odt ID NL5VaVIIqOZA.BadNews 93.63 KB MD5: f6ce9c15d8716f990a9d23f7e6ac7ee5
SHA1: d7053c988005830ec5227db071f8aea9a9f61a02
SHA256: cda270dceafbae5d91831fa0ff97fd7246c19df21c14639fa5129dfd1fc3ca87
SSDeep: 1536:+GqFKkpOubG1Obyv0yoA6MWjBas5cgQuRKBlXUXBGHqOfz5p6iCaSvN:+GqfOuK1O5tpblfcgQOKTXKOfNZC
False
\\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.018.etl ID NL5VaVIIqOZA.BadNews 9.50 KB MD5: aa627f4e352ed0faf8ca94d934488d7e
SHA1: 530b01b953a192efee80f37e9af038a8d33b0697
SHA256: 07b474884dba7e5229cece7cfcc6ae8e6be17b423ad678888d85a4de7ed271ec
SSDeep: 192:JHS9fY0JHPBOxnPFM8CG9CbXDjL3d0wxxSwOpJcrU4FhH4H8Ky/VImOL9hTV:JEJ5odM8CGUDjLaG0jpJcA4FZ88K4SmQ
False
\\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\IconCache.db ID NL5VaVIIqOZA.BadNews 120.05 KB MD5: 23d9dea2b40bebd80aebb4891c8996dc
SHA1: 92880bfd7308b9e42eda5966ea10c26255ee396d
SHA256: 80a925ed6993f3a7e6c5f2f0d87c3348cb36b17880dc658c79e03ee8694e972b
SSDeep: 3072:ITJnVNFzg6SXFMDkCpi8uZQ0Cy0egvYjQ3izAC:I1nhzsXFMNpi8AK4dcyzAC
False
\\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets ID NL5VaVIIqOZA.BadNews 6.56 KB MD5: e526a99d27d80d107e822fff5617b32d
SHA1: a85af014e1842332783f9361e9b50b7b7640ae1f
SHA256: b4e35f20f67f449621b614fbeeba29a1dda627ca9ba87a055f75a7ab26a16255
SSDeep: 192:v7PT3WZY3uS2c1uA2QEU+md2Bm/E/DRLzVRkmA41VImOL9hTV:T0Y3rvYIHnIBmsrRvVRkV41SmOL9h5
False
\\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\l6EWU.mp3 ID NL5VaVIIqOZA.BadNews 97.18 KB MD5: 14bcb773d966e844a649616eb307e5fe
SHA1: 7b80b51f69312a5764fa219739047225abf72845
SHA256: dfa0bc0e25dfd6e5a1adf473f8734f3e593c1ab0eea1ba0400c6e1ba387dc1f5
SSDeep: 3072:fY6XS3OGqnOPLjgQ1J/7j8/9Dhq4fdENC:fY6XfTGL7jWFhq9NC
False
\\?\C:\Program Files (x86)\Google\hydrocodone against.exe ID NL5VaVIIqOZA.BadNews 75.00 KB MD5: dce6155ab1da4bf6fa8e1437696f155d
SHA1: 7bd097d4a49250cbdbc2beee0194cf506173fdaf
SHA256: 1fef0f9f04dbfd5425766585483291abfd7217c314932bf33e79dca9c6a5c36d
SSDeep: 1536:yrILfVBSvGG0tSzVejxlrvxa77Ago/WWJVqVCfIwBJffxmREeNolzjuJIaAP9SvN:yIVgwtSJK95anAZUCvJfJmREeelz7dVC
False
\\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\CFjEQ bOBiRCfbhCuV.flv ID NL5VaVIIqOZA.BadNews 53.53 KB MD5: f412a3c17c5a04fa5ff99ee58c3fe804
SHA1: 2c0d3499dab1e0ac32882bb6b2cf583cdb88614d
SHA256: 957ec0979545527a9d567489e920eb21236897ebcd3310596b7044fd0345f7ca
SSDeep: 1536:9jdqWDPEFdh+H58X2nlu5iOfJCuVMkHHW9uDOKhCSvN:9jdt+ha8Xul78wkndVoC
False
\\?\C:\Program Files (x86)\Internet Explorer\SIGNUP\install.ins ID NL5VaVIIqOZA.BadNews 1.96 KB MD5: 04e1164fd5c3cccd0fdb7bd5e01e74eb
SHA1: 81c289dd0638ec866800009563e36b125ddc0825
SHA256: 61441a7283acd2c444581f9ab8cbad8f9f7f229354d06b18c5c1878a98b5fa22
SSDeep: 48:ZATRor4OenioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:iTar4O3oVCFwIApr0L9hTMIb
False
\\?\C:\Users\Public\Libraries\RecordedTV.library-ms ID NL5VaVIIqOZA.BadNews 2.48 KB MD5: 2c664f6e68018ffb3d8c2a22920c1b3e
SHA1: 9d889abd169fc65853e2117d7073e7479598efe8
SHA256: fb034e4bcd5dd83aa999928842b1c70197bc1fd1b6d33f3e66df4857acd7f979
SSDeep: 48:SU2WD9/pnnAR0Zk0wbGzbnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:JJpnRZkpbGeoVCFwIApr0L9hTMIb
False
\\?\C:\Users\CIiHmnxMn6Ps\Pictures\OgQN5HkjveTjh\MfY1knry.png ID NL5VaVIIqOZA.BadNews 29.50 KB MD5: 44d530a263c1e491302aa75a848966df
SHA1: 23e40007b2a911ffce707b62074cce5e05dc449c
SHA256: 563bc1a5f97172025b55afdad89f6c25c0b4feb1f66135dd21f2450b07f83741
SSDeep: 768:/7y4h1rzleDEwvW5e+22u36t89NbeJ7tumJgLgezhiSrL9D:/7jh13lO+5722989NbeJ4fg6iSvN
False
\\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.009.etl ID NL5VaVIIqOZA.BadNews 17.50 KB MD5: 6bccc1aea5b0a55c3ff0c40a4b345183
SHA1: 1b0d4e11bd578402f4d853ea96fe39faab67d49e
SHA256: e60344df5a27dc8ffc35fcd6f8791a21ba508cf14a32a681893907e446ffbfff
SSDeep: 384:Bpx0GfGIvHvfqno+dOX5vZhPnXHFPb9jl9PW8fDyAjvCcjyAVSmOL9h5:1hfGInyno5pPfXlpdfDz2AVSrL9D
False
\\?\C:\Program Files (x86)\Mozilla Firefox\Accessible.tlb ID NL5VaVIIqOZA.BadNews 4.44 KB MD5: 64080b0f1378fc14a3701be1d6e646d6
SHA1: 209caac88eaaa807b5f648994e5823e9cee7edb7
SHA256: c3970fef01a85b3e13d6b8447edcfeb2070b067a24f8356847c2ba47a98c3a98
SSDeep: 96:qZFsmFWItRhcM8p3ZziF0YXYq5FpWcsoVCFwIApr0L9hTMIb:qT0IfhhLF0DqjI0VImOL9hTV
False
\\?\C:\Users\CIiHmnxMn6Ps\Pictures\Camera Roll\desktop.ini ID NL5VaVIIqOZA.BadNews 1.69 KB MD5: 13dd12fb03888f5bdc1e1b60d33879a0
SHA1: f64082f2bc6d8c1e2497555622f07028692f07e7
SHA256: 79e483f3f0b073c603dbc222eaac0f1ede3e7cc99beb4fc7add1e6dad2f9a542
SSDeep: 48:8m/T6hxnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:rra4oVCFwIApr0L9hTMIb
False
\\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini ID NL5VaVIIqOZA.BadNews 1.63 KB MD5: b7025d47dd189d3fe669ed95187121aa
SHA1: 71e9b940058b5ed37e396959bb6a8e340032571e
SHA256: 2d98ae328b8f969a772f09ac39c90342f150e9c8b872455950a014340a731d23
SSDeep: 48:0wNnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:0foVCFwIApr0L9hTMIb
False
\\?\C:\Users\CIiHmnxMn6Ps\Links\OneDrive.lnk ID NL5VaVIIqOZA.BadNews 2.52 KB MD5: a2f4ee56187ceb98a1b5143413ab57a6
SHA1: eafde1747eed4a00c66127a901593adb4ae90414
SHA256: 112b350257d0ec2a224858e69d0223dd84148bbb7ad73225aae85915e0ed774b
SSDeep: 48:3sgRyytbKkVDXDApqZnsafnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:3PRXt5Z8IZn76oVCFwIApr0L9hTMIb
False
\\?\C:\Users\CIiHmnxMn6Ps\Desktop\NyyvnPP1BI6PgL4VR.mp3 ID NL5VaVIIqOZA.BadNews 70.02 KB MD5: 6d8027f73bac75c722876994ebbf895c
SHA1: 1c3aaaf379e70286204b167c0acb9f8f9b38660c
SHA256: 85d4c6f8762be58356b7fcb61b1e94337735e7585a5a8b56f456e6b922d6aedb
SSDeep: 1536:jeEBQ+UFyVzvkh0jAKkh61P/5g33SdjC+3K2d/f2iSvN:8UVC0EthGCHSlCDiC
False
\\?\C:\Users\CIiHmnxMn6Ps\Videos\3UjFJ6JLsAT.flv ID NL5VaVIIqOZA.BadNews 91.15 KB MD5: a8b93af9a40e6de6d700b4a9aa76f1bd
SHA1: 9a844a353489fcc0357c9a02919d96b35fa03e8e
SHA256: 458fd9a44bab50ad5a25999b0a416ac4ea59dbfed65e293d44f378ea4cadfb2a
SSDeep: 1536:zkRiV3nTgzOvuof0xb7Sz8jEAh+HpWd3Oh+6v+21ImSvN:oWDCo1zT/Hpo3Ow0+21ImC
False
\\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\6q_eLYz.jpg ID NL5VaVIIqOZA.BadNews 48.65 KB MD5: df4bae1138305aae8784b6bbc6c6bb1b
SHA1: 5938aea5b9161ccef5bf65feeaa918ce4252998c
SHA256: f00756f71ab2e6b636c743fec17f65f78e80ce335c4861112bd9d97b7bbb8974
SSDeep: 768:Q8wxzFoVxS6JN76bwqktBGnKXyx0WJF272ZB7rJ8aFXVoF/ESrL9D:RwNQFt6dktcKXyx037SJSvN
False
\\?\C:\Users\CIiHmnxMn6Ps\Downloads\ChromeSetup.exe ID NL5VaVIIqOZA.BadNews 1.08 MB MD5: 200851d2bd837d37ae5ceaebf0a85d4e
SHA1: 80ddc1eda91dcb4ed322b44b94e4855087634f1a
SHA256: bb7a22f45dc8b6f3559c19237e45bc6d5891ec371ae6326c6512eedbcb1cddcd
SSDeep: 24576:G+qKrsdSOok1mDfHh5OGmxzJcFWtLcx2w7oQ8rhgrbITCjGagZ37BBBni:ZrsdS8Q2QFmw7oQ8NgrETCiLB7ni
False
\\?\C:\Users\CIiHmnxMn6Ps\Desktop\Apw7UW24n2 BSd.swf ID NL5VaVIIqOZA.BadNews 79.59 KB MD5: 58907ac5763d838271f6edc682b1ef60
SHA1: 3e5084ab7ad084e9d39a2004e8984a10939b161f
SHA256: 98fef715fd882a7148698c73597b28661e5957e94269a9896b520f70d831cebf
SSDeep: 1536:s0zIzLZ66ndJoFcTvvdhwW/FDRnlRdbi808XaBuHX3qtiSvN:sWsLZtJF08fnJCe3MiC
False
\\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\iBXyNeSQbG8k2j2VxRd.rtf ID NL5VaVIIqOZA.BadNews 14.43 KB MD5: 58d2e3ab3ca66cb5d1746f88b8feed7b
SHA1: ec946eb052b03fd76f8b9a817f916656505fc0da
SHA256: 3f3c86c9e7714ef15a56750b5efedef50802505595b98feb1ff8029523d58f7b
SSDeep: 384:0gs3TYXP9HG0zpbek968LLW5Tkw2OvB96hx+AnnuYE+OSmOL9h5:0tkXUIiQLAkw2OZ9++KuZSrL9D
False
\\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp ID NL5VaVIIqOZA.BadNews 785.55 KB MD5: dd626c32d6580aa17541f260f678c891
SHA1: 0ead8b76cddf883da7c156de621a0cf2603ea920
SHA256: 45bafdb3af57d6f7eadbf109fbf496a9800d5e925fc09710d61b34b20acd6b83
SSDeep: 12288:Nf989PPnzj4iem+47RfkguusxExTKGc8dbw4AujZFm43O6zMsF+xg9mWdUg16O:x98Nzjvz7KwpFbrAMFtZs+8WSbO
False
\\?\C:\Users\CIiHmnxMn6Ps\Desktop\ALtT7KM4YXT5j.mp4 ID NL5VaVIIqOZA.BadNews 54.68 KB MD5: b37a6e02f9dcf84288e19997350c969a
SHA1: b70afa971ccab073a10b9301f542430963db1927
SHA256: ab4c4706580e8b4a75e862cd2b1ead807c88dc14b655e303c52ad1e87dc04c87
SSDeep: 1536:nNkYMoJb5f4nbK/CJtX5K659Sx3iLPokESvN:nNP7WbwCJ/4cokEC
False
\\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm ID NL5VaVIIqOZA.BadNews 2.13 KB MD5: fcdaaca03bbe5a859cc154f656f87768
SHA1: 2a5f61e35f76b8013271708964b5bd29499dab77
SHA256: e082bcd57378be09b43ddab9cb435ca3686828eae4b59297f8a15bcf6561a01f
SSDeep: 48:7RG9g56EcNAv4H1RnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:Kbav4VYoVCFwIApr0L9hTMIb
False
\\?\C:\Users\CIiHmnxMn6Ps\Desktop\hWmuV_qSmeO41umFIVp.png ID NL5VaVIIqOZA.BadNews 77.25 KB MD5: 53938acf48cab89363bbe21cfd4a5ea8
SHA1: d9868d525a197f0c287bcfa26d4dc298aeadd972
SHA256: f5fe93869af7d63d629e5ab6767d7d91bf2a646c7727d2dff2d089a8bfbb4dcb
SSDeep: 1536:MrROz4GvfsJEnYboJu+9mqltt4lgtWVfhAxs0IoSwVkIMqdHBolV2SvN:MVOz4GvdngoJzJt4+tWV+x/E4C
False
\\?\C:\Program Files\Java\nigeriareached.exe ID NL5VaVIIqOZA.BadNews 75.00 KB MD5: df8ff703d28e2510f49bbd62276fb100
SHA1: cf50c4aac14a046848c647e0ded2e4dd76681f57
SHA256: 90a77120927aae28ca0883fec05065374892e2e4e08ce0cf6116d1cfaff73e4a
SSDeep: 1536:vA1AjB20rLMsnZXap4/9PKq8TcBzkd1WTwXi+kXDPng9yfyuzgSvN:o1AM0nMKZqpOKq8IBwa0S+kTZxgC
False
\\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\CjE8McLdEkgi.mp3 ID NL5VaVIIqOZA.BadNews 20.39 KB MD5: 35be3e5aafe9f4d3b490e86aeeac3a6b
SHA1: 5d5b6760d2015eb95c08b71f41e23bdfb91d844b
SHA256: 6df6c281d2ec1e841e50de0c477bb2c833a7854d0bc4c71052b3179d96763a8c
SSDeep: 384:gPOgYL9p3dRTYH0Ug/csFnbYoW0U1u4xioW2JcRBSmOL9h5:9tjttImnbFW0srjK/SrL9D
False
\\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-datetime-l1-1-0.dll ID NL5VaVIIqOZA.BadNews 18.69 KB MD5: 2378db26669b2c2330ff9ecb426619c2
SHA1: 644283fae3c2a9e13351b01f84602fe592215c0f
SHA256: a2a44ed6fa4ca51bb293e670ed34e2805fb6289b464416b35c930f5d78f87ecf
SSDeep: 384:uumky24XkgxA9h/AMbTvuL10+d8FCQunCDlCAhH/Iq50SmOL9h5:uumkQXk+A9h/NbTk10+SZ8A5IpSrL9D
False
\\?\C:\Program Files (x86)\Google\reprinttruepressing.exe ID NL5VaVIIqOZA.BadNews 75.00 KB MD5: 76f1804ddabcdf8dd886055692edd81d
SHA1: a7c7373e871c50ab5c3d9d21ab606d1b98ec5dbf
SHA256: 9fea5d7a0b29fd02fae70bfabe45010754afe4685090730d22f5ec4982740e15
SSDeep: 1536:wCKx24iYqe3pqCx5yRNy+IfJDyNqAoHmgQYlBggxEU4SvN:Mx2napqJbIRWAAoGdW+C
False
\\?\C:\Users\CIiHmnxMn6Ps\Music\desktop.ini ID NL5VaVIIqOZA.BadNews 1.99 KB MD5: 877f6921ae70e22b2e08b86786fa08bc
SHA1: e8d3f2ed689ae31d3e7c8edb6606dce944ba043f
SHA256: 735de7754ebedefaa97677c324dca48ea9a781d744a6a7338315cad6d4465c88
SSDeep: 48:fI2GsQcUQwFAMIeDUnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:zGsnmATURoVCFwIApr0L9hTMIb
False
\\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml ID NL5VaVIIqOZA.BadNews 2.85 KB MD5: b41f06751f9944e111b3e4372e9fc6aa
SHA1: 6d79f17d7b5edc5078a33b707c46952a8caf2455
SHA256: 19a647091d5735426b7661670f6c82adcf878be8f87506e92ba66c55d224bb2a
SSDeep: 48:6T9fXqsTSyVPdJvGSZgQfgd5C1OwayjnzPO5PnioTO2XErnghmQfIgFB4RjEJr0p:6T9fXqsT3/70U1Xjna5qoVCFwIApr0LN
False
\\?\C:\Users\CIiHmnxMn6Ps\Pictures\nKHtrkHwLM.bmp ID NL5VaVIIqOZA.BadNews 4.98 KB MD5: 90373f2ebdae5cad3898aab26d20807d
SHA1: 48f1a04fe49ceebe21b722ed68a4ee0350906b9b
SHA256: 3c059a8e8a832f58385f4a263b21d2452e38b21c11b3f843aceb4b53dbc8e9ea
SSDeep: 96:5YtZMG0Ff/zr52qM6+nB7tmgxIRH7BuXzacts8V6C3JdoVCFwIApr0L9hTMIb:+OFfbrE6+B7tmr17QXzxrV6C3AVImOLN
False
\\?\C:\Users\CIiHmnxMn6Ps\Desktop\86vGSbXUZ0qa-T9SqPfh.csv ID NL5VaVIIqOZA.BadNews 87.53 KB MD5: 75c85828471ba614626650c8aaf14284
SHA1: 8a67e8c9039bab04c8b07600918508e58d27366c
SHA256: 420011d4c9f39e6b970ff6ea8b09df02641dfd68a49ab4c2a36a564904826172
SSDeep: 1536:72lmEDzk+FFreU1dJk5EU27U8pGcj0uykDGcGF0kD55jq8xg6x7qfsBXRgtzSvN:ymE3v6B5OQDA01kScG1DrW8xg6hqYXRn
False
\\?\C:\ProgramData\Microsoft\Windows Live\WLive48x48.png ID NL5VaVIIqOZA.BadNews 6.05 KB MD5: 98d19a1759ef679845ca231c6ce412f5
SHA1: 77f2ef58ce0bbf0574b31f89a070654066e77ca9
SHA256: e3dca25b2a8aa82da76be65124a8989084a22e101de9c43b4d0f1e669ee26d66
SSDeep: 192:KKGdAw6T6JtId8yypbJns2U7jmTVImOL9hTV:7mAQDtpNU7jYSmOL9h5
False
\\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dll ID NL5VaVIIqOZA.BadNews 782.33 KB MD5: e96eff37ee8e329e8e5a06ed29e4ceb1
SHA1: c2a8b833f518270f5b265f072660fc58405fad08
SHA256: 7fcb2af16f23f983e5f3674f0093468ce9d06d9f8eadf3e9141ad6cc3ecab4dd
SSDeep: 12288:1CAF/aSSHahW8/K/CZhMoWPXVQDY1as66j719sM4C8+vaMROKXCI1RgSd5rUR:0Apdjo7Q81aOj7/2+va9lI1RF5rW
False
\\?\C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\extensibility.dll ID NL5VaVIIqOZA.BadNews 14.06 KB MD5: e7081e7abcda203a799e9b4e9affbdfb
SHA1: 231a9320cba9702906746dbfc09213e69ade39bf
SHA256: 81710a1038da8ad4147202231c740f2fbf5ad6f703c10d370ca42176a45d7429
SSDeep: 384:h86jkkYCWs9+e4rNGyiKNDd+ft1k1traea2SmOL9h5:J4CWs9+HNU2Ufk1trPa2SrL9D
False
\\?\C:\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000\desktop.ini ID NL5VaVIIqOZA.BadNews 1.63 KB MD5: cddaac8632bb194b55923d02f060baaf
SHA1: a3bcccb0c46d672959ed0202a084509ee2cf342b
SHA256: c3dbee7bdc1923dcc4e81643ede00664d4357ae5661285906c15e44480389685
SSDeep: 48:8oKcBRn5mnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:8oLnNoVCFwIApr0L9hTMIb
False
\\?\C:\Program Files\Java\jre1.8.0_131\LICENSE ID NL5VaVIIqOZA.BadNews 1.54 KB MD5: f855ada8e7ed427e50a04e0ed892b10c
SHA1: 6739aac7c5e07ae73b508e50536c02a97229a738
SHA256: 40d6cf139651b97da981cef58d8fd1102ae54a603a55a1f86050c713bc2d57ba
SSDeep: 48:DzXoVFunioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:DzXoVFHoVCFwIApr0L9hTMIb
False
\\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\BVppIdoXOn97lDi7t.mp3 ID NL5VaVIIqOZA.BadNews 21.03 KB MD5: ade9eacb6eadec3671c74a030e6a036b
SHA1: 57237b61988b7c8958648d1ec12b8df96f4a2eb0
SHA256: 2be35a9b63b6647265a061580333c9309a9377c76633aecbe91dbd3eaea3f73b
SSDeep: 384:DM9oFTIipJ/GYl6MyLnRNfezHB0li2kG3SOiX8I+RzYwF132wYoa8dgi5/XJU/ui:ISFkipJ/flLyLR0h0liFG39iXizYGxru
False
\\?\C:\Users\CIiHmnxMn6Ps\Videos\cZv6LGehH1hnz1Esk.mp4 ID NL5VaVIIqOZA.BadNews 81.06 KB MD5: a23bea34aaa2a1c2dc903f5102adaba3
SHA1: 21c82ef6694a204a0884d1ca13d039e4fdea0b28
SHA256: 8436870e070c4704bbbce2602ae061b31af7fbfbcedf4fb187a0e7ace4e63d2a
SSDeep: 1536:dMqY0t/G2v9JzqR2n0HSk46n0XF8J2Q72TLcB4HCzngR0e7aSFRkXLreJz5Vjos8:JY0VGxTPF8eJXmo4irgR0e2URV3os3tC
False
\\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\3F3q Hjy8bvd.pps ID NL5VaVIIqOZA.BadNews 79.61 KB MD5: 1a57f3c788aa30adaaff5994bdf20edb
SHA1: ac852c2a82544828907064ba192a44dd9b543402
SHA256: 586540e7e1a63ca5d256b355d1cfad37900ad0f6de72f4cf0ac88950fa3bf846
SSDeep: 1536:fSGbg16P5p7nFQAw4t1KVhUiZz54aFIuBIjud7Pf10hDz+d8eLk/dXYraBH9LBSF:iONoVOaFVdd7R7Lk/doraBdLBC
False
\\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi ID NL5VaVIIqOZA.BadNews 141.50 KB MD5: 3a8e3245ad64ab5ee121418b745b5342
SHA1: f4cb5fda618d7774897b3c4df4974e7ac89b2984
SHA256: d815a0f709575120371eadd0b51ba07de87263670a8e1956d10f94cfa7d0660d
SSDeep: 3072:8f96MEfsVxlBAkYXslrJLriAkdJhcMhjclhjEEngNa6OYC:nMEfUaQdLG/hck4r0I6OYC
False
\\?\C:\Recovery\WindowsRE\Winre.wim ID NL5VaVIIqOZA.BadNews 10.00 MB MD5: 6307bf107a0385200de23238e3c1fec5
SHA1: 750877991ded7af6592c4406371fedd4dd055229
SHA256: 032a6649307e1713d88e8f4343b3316938590d791b56f4384f25a1dc5a4f50c8
SSDeep: 196608:0sLnBlQP0NugCFllvMJMyRRW1pcfF2Q4U0DLgywFXBnHtykX6:0ylo0OlGJ5A1pcf0QF0PXwFRnHtM
False
\\?\C:\Users\CIiHmnxMn6Ps\Desktop\Jnx1y.png ID NL5VaVIIqOZA.BadNews 9.35 KB MD5: 2c6c2e494ca6bc4692c664e8f96fa608
SHA1: 150a0aaaf5db6d63c2e87f02cae3e61b2bdbc98a
SHA256: aaeb75c3c4fb92b7eb6b54f320609ff1efd280b3f3b51282e2759f9d5fe257f0
SSDeep: 192:G0IWlIgPZI0tqaMhxFAQXhpo+KLU0rB9JzlxgGWVmKBw9QAja5VImOL9hTV:dIWlIgiOqtvToTU0rBBFGBOQAjsSmOLN
False
\\?\C:\ProgramData\Microsoft\MF\Active.GRL ID NL5VaVIIqOZA.BadNews 16.12 KB MD5: d8116be637eee0f4744611f7eba7571e
SHA1: 066425be0817e8f4aada90c55debd101829deb87
SHA256: 957e36b2e469a79b043f46383a1a76a2cd230b64132c3852f2115c59df8e821c
SSDeep: 384:miSnftT4BaMWjLf/hCYWzE959FTZ8SmOL9h5:miOVYWjThCYaEjKSrL9D
False
\\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml ID NL5VaVIIqOZA.BadNews 3.43 KB MD5: 26b88085e41738a48dee736b54a0fb0d
SHA1: 9d21e1fb0c6ab3fac103fa421dc8436fc3f91412
SHA256: 9a14d66d64ddef59ff8c0d1280fd7428b721fbe76c33d0656e9ae5a87fa703f5
SSDeep: 96:FqNKisu1FEllszoZvw1B0e8aLooVCFwIApr0L9hTMIb:FSsQWS8aLPVImOL9hTV
False
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll ID NL5VaVIIqOZA.BadNews 19.69 KB MD5: d6b77a08965de3718a68f7d53f3c0975
SHA1: 99a4bce0dd4449bd29bd89a9858811f461f7513b
SHA256: 760fedac4a8bb3835d5038cc011620646427210ac69c8c6caa749582fe11da34
SSDeep: 384:Src62+opER//iIF5Jwmng/U1737rbr5q0f6ztK103QgWwTV8MSmOL9h5:Sr22niKA81r7rJ5eK0Q7wJ8MSrL9D
False
\\?\C:\Program Files (x86)\Adobe\lib-nice-selections.exe ID NL5VaVIIqOZA.BadNews 75.00 KB MD5: 02693a56562133df4379b7d9bfa04cf5
SHA1: 3c9b32aa5056ba15659f710d10863ca163a5253e
SHA256: f7e7dcef19a137f569ba02ce03fcf8c22b5790959e8de814a5b142b7cc53f385
SSDeep: 1536:vfSTQKkmKX2S4ccE/VcBB6lNZWfC+dwgA3EqwHy8Xq6twQSvN:vftxDP4ZSXb+EEqeyyq6twQC
False
\\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag ID NL5VaVIIqOZA.BadNews 2.55 KB MD5: 1afb0c4c59db028a0d314ea7c3d63e54
SHA1: 882b6402f5a929ca6d3dd550cab50bf0eba8ce43
SHA256: d25b29cec48ac2c8c47afd22682dd967dbca043f74bb767fefcf33d101576c63
SSDeep: 48:mh0P7CzXtlcX8XGzbqnX5vIiPnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:msGRllXJ6iqoVCFwIApr0L9hTMIb
False
\\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.008.etl ID NL5VaVIIqOZA.BadNews 17.50 KB MD5: b50ef55e37e473a99c8183d7dfbef4b2
SHA1: 667474d83f6d3772f1df5bd3095fa577ae39de32
SHA256: c0770c51651a64a39701cb72802b299371c604fa5bec6f1a621da8001a830b17
SSDeep: 384:GKZBWBKPgVuvGmytJE/tT7lz+N9PCPTy+QDIMtE2DqRgTSmOL9h5:lRYVc/F9+N9qPTy+EDRSrL9D
False
\\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\adodb.dll ID NL5VaVIIqOZA.BadNews 117.56 KB MD5: 0b8cfe083ad46322a18f91b08b04af7b
SHA1: b578278b4f762d2ee8ccc6dcd90a96199caa7f08
SHA256: aedf0c058d39079a73169b79edc20af4c1163fbd73693f99c6e2643604d90ca9
SSDeep: 3072:g56xujD+cRLcDnNtcxi2TiPw7AaNzn3uz4VSlP+aC:g5oujDnRLcExiIiPw7Ao3uEVSlPDC
False
\\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.002.etl ID NL5VaVIIqOZA.BadNews 17.50 KB MD5: f5ff547ada958574fe7443bec3a82f5a
SHA1: b8411ccf3eabfea09b806235902c36b1d0c2ee2a
SHA256: f939e472fc7ed95d95b01bcf6ff1f1bdee9750ca88bb8452802077c2195b432d
SSDeep: 384:IyzPenAWIW39oCkNwone1Sl6fN2wtGA33HILHUwSQzkROWNASmOL9h5:Yn1JVkGCP8fRUU9SksWNASrL9D
False
\\?\C:\Users\CIiHmnxMn6Ps\Downloads\jre-8u131-windows-x64.exe ID NL5VaVIIqOZA.BadNews 10.00 MB MD5: 6f6d586cd886674ab3b92bedeb004283
SHA1: 59dcaa43fc7098259f35936ffc2e09c173ee07b3
SHA256: 3fea81c078f00c97ddce84b6af935cc11c79087fbd94ecedb6d70387bc81d897
SSDeep: 196608:8wqJsfjr7B95qkmGL5M+bpbNiob8lH3XfY8HsAR9JzLpW2ioku9JDcpYLMZ:gJsfHX5qkm25jUoIlH3XfY4LR7zLpti/
False
\\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-debug-l1-1-0.dll ID NL5VaVIIqOZA.BadNews 18.69 KB MD5: 2018d622ea56e94b883008d358084675
SHA1: 9c05d80ee26ddc327617f49347aff3ef6a04195d
SHA256: 524e54bdf4ef1f9f29e93692d080e949d93a6ba7aa7793c25f1421d26b467e48
SSDeep: 384:JGHtcx5CLnLKj1XazIJE/gCST0k22fxZxCGTdMDnlYp22ANtHmvRWSmOL9h5:JGNc5szIq/L60ODxDTdMTl422ANtHoR1
False
\\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.006.etl ID NL5VaVIIqOZA.BadNews 17.50 KB MD5: d457d98bc7785b74e1a6219302673605
SHA1: 1afe5562e11163ae6ee684b970c06e328e4c5103
SHA256: 46725ffd1184347434a9ad9e3bde89656d77dccdb09b11b902c47c7f1b3d8768
SSDeep: 384:k1zneYsRo2wAQO3Fya+DJDrDOsuk/VVSmOL9h5:YreY+UBmFZDsu4vSrL9D
False
\\?\C:\Users\CIiHmnxMn6Ps\Pictures\3VA2_ n7PHo9aZ3-odx\F_Sh.bmp ID NL5VaVIIqOZA.BadNews 42.95 KB MD5: 6e88e5fffb2f85491aa98fc60739a77e
SHA1: 3c8c8eeb6fe7708c8c7cd64527700475529b32bc
SHA256: f94a64a5c7856dc0d53ec21b6ea034892e81c00844335d2bbdf2cbaa61a469af
SSDeep: 768:9HPVgj5UgAJ5Obdg/T/3nD+SbHvcKlgFCM7WsNBrZPWQSrL9D:9HPcL0ObdoffbKFCMrNtZSvN
False
\\?\C:\Program Files\desktop.ini ID NL5VaVIIqOZA.BadNews 1.67 KB MD5: 9ee66e03c4bf9d943e774ade54860df1
SHA1: 0687d50877b3c1592a96cb7d8c530ac63ec94187
SHA256: 5061b416e5cce816aec808aff7d52de96cc5d739ebc3880afc530119ca97f2ef
SSDeep: 48:k1HSalSR6VipnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:khSh6XoVCFwIApr0L9hTMIb
False
\\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\8UCpExLC7l2W3oQ.m4a ID NL5VaVIIqOZA.BadNews 6.57 KB MD5: 0aaa6b1ad3aaf5aeaa0cffdeb8b5486a
SHA1: 8f460c09c77fba6e9f0a91dee807175d4f8ac027
SHA256: d35b47ccd3073199b637260cd1ddef72bebfb5760c2ac0d979a0058f2ae7a2f5
SSDeep: 192:PDrfgmU6OtQrrsN3dhqKlTAW/VImOL9hTV:nTOtQrWpsW/SmOL9h5
False
\\?\C:\Users\CIiHmnxMn6Ps\Contacts\asdlfk poopvy.contact ID NL5VaVIIqOZA.BadNews 2.64 KB MD5: ff80d87efa8eaaffb60ddc1571bcd4ac
SHA1: e204720fc356585cab203ef1810fd7014b809016
SHA256: ee7cb9b2ab2c65830ef9110674079853c508415f184fb972929d42602b5e56d2
SSDeep: 48:CA9yr2fSaahzRvd3/ujJd69zPAQkO3/43HlxK9mM/bynioTO2XErnghmQfIgFB4F:b/8hzRlGjH6EOv43HlyxXoVCFwIApr0p
False
\\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\oesk.xls ID NL5VaVIIqOZA.BadNews 56.79 KB MD5: 616ad92e9d48770beb00206e41af05ce
SHA1: edac869fb2156ddd9845274c71983e1f8bbce73e
SHA256: 6a31dff10cfc8af00702f069a810d210460f76d8a81f774fa763b159c80008c1
SSDeep: 1536:wTH/b8mHVet7kH52myBNS6TzaUbV51Wi2zNbYJluJh5FSvN:Ggm14oZ2mqJqI51OzNUbWh5FC
False
\\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.005.etl ID NL5VaVIIqOZA.BadNews 17.50 KB MD5: cebf571cfecd02659eefdcd0493a2616
SHA1: d670026dcda839cf83aa661e0249b79cb8196138
SHA256: b1597059e3dbc4996a6f451fd2b376c2bc481bb23b1e4e3c773619b971b12eea
SSDeep: 384:QmAzzFodSniQbqQgH+Luo9KqXeI2tgN9f0wV42lmtDzj2hYSmOL9h5:QdzFod4iQuQgeioFXKgN9f0SlqPj2hYC
False
\\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\CE_872L.m4a ID NL5VaVIIqOZA.BadNews 65.04 KB MD5: a9ca795e4ec54f166eaf537692986f54
SHA1: e06cbbf362681e8a7ff824d5b78d2391e26c1a87
SHA256: 3bbbf5722299d6a6dfcfcacb8161ebf9489abe97605000ffe91b2a46c0205509
SSDeep: 1536:0pWXK+lUlLw5j36AvWX6O7YgwaVQWsLf8GVGwkLDYt4IYuP7TRgWcFSvN:g15pwV3t9O7YgwaCLf8G+3Yt4IYuzTw0
False
\\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1yqOOzLcsJ3FR.m4a ID NL5VaVIIqOZA.BadNews 67.71 KB MD5: fe2d721efb7051c3ea4027d496cd7a50
SHA1: a6023708278ea481709ac92b39979e7901c4ef6e
SHA256: 18cb9b88a85e4fb16d1f1e951aa440951af86954af4d2e15929e3bfdaabdc3d8
SSDeep: 1536:uVZ5PgmiaHIAetSjgHnsVhlLE3Ljsjdw8bJklQmgqankiVgSSvN:uVjYmiaoAAMhy3vGw3lxgFkDSC
False
\\?\C:\Users\CIiHmnxMn6Ps\Music\sspHkttho.wav ID NL5VaVIIqOZA.BadNews 12.96 KB MD5: 905153da133a804ab9ec79ee29ac6da4
SHA1: 1dc2c732a2c43afa1812b36fa8ef2e111e607b9d
SHA256: 2158945c7126e0075476b96f5f214eaa1f754cb420896207ef49f0a45497079f
SSDeep: 384:HJzDD22eh+8t+S0j/yfyOUs5nURR4oKxmNSmOL9h5:HZX22eh+8t+SwaaOUs5nURFK8NSrL9D
False
\\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\-QpA4lkxEM8e.png ID NL5VaVIIqOZA.BadNews 13.00 KB MD5: ad725ca8e65158dd8b1738926fb1d260
SHA1: bff67f9f6faf114e04c1565dc09cad7ba62c503f
SHA256: 2a8c920d2a6c0c9b2a6834e2defc10b9995e686f05ab78adb3f539878ea7ed1c
SSDeep: 384:b+JYIw0hDQ7oZmJOVUDJ+OLhZuo/Q6RjH7SmOL9h5:b+SIwsDgvJlDNtZP/pRSrL9D
False
\\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll ID NL5VaVIIqOZA.BadNews 19.69 KB MD5: 1521264444e0b5e9f5ff32df68ff5710
SHA1: 94bee3b6a13d888b7e239b398e3377e25550742a
SHA256: bba8a3d5d78c1987e76f35693ba3310d342f0db2f3e3e6e01285e6f950d76e7b
SSDeep: 384:eo4GgDZ1/oEUg18tB7Sd2fJpNp3Aw1uYP7e28Cq8Ujs6IMK3z6rqtmIKBlSmOL9D:vsw3goBXJpNd3MY4jsrH3erqtOBlSrLN
False
\\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm ID NL5VaVIIqOZA.BadNews 2.25 KB MD5: 11c9ed91f9c44c3039df0a9e6fd0cf41
SHA1: 66e90d399f51dcb33f17e0040a21d4b12aebc171
SHA256: a0c9590d192b7153ac10a59bf31cdf70cf80387b81b0bfcc2e6424cf5ebe121c
SSDeep: 48:saaU06wgxC5VnNCCgzAY3/nioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:TT9xCXnNCb3aoVCFwIApr0L9hTMIb
False
\\?\C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini ID NL5VaVIIqOZA.BadNews 2.13 KB MD5: 2c691079bb2d64610ba78e8408a3ec51
SHA1: 0ec05bf0d9d5aad8f1257a004c23912e78cb3b62
SHA256: 479e53338e836859349e71abe67d0c720d9c531a54f47385bd3ed40dbf47dd8a
SSDeep: 48:FB77UNpRH/rXk4VnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:fINrfrKoVCFwIApr0L9hTMIb
False
\\?\C:\Users\desktop.ini ID NL5VaVIIqOZA.BadNews 1.67 KB MD5: 3813c1a64d052e2bc5477801b1e07fa2
SHA1: 88d20dbc7ad5a89a390d3b2c800c76739fe4f0ed
SHA256: 8a50ca8d728b5fc818d8da0437ee8be0ada2606290b7800f4b77ea58e5288d95
SSDeep: 48:U96hVx4OOsTHGnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:UCOIfoVCFwIApr0L9hTMIb
False
\\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Desktop.ini ID NL5VaVIIqOZA.BadNews 2.13 KB MD5: 2e207429bd83bb84543807b7cc9f16a7
SHA1: 1f12a12b8ba93501cb185c2c21025dedf2099cd6
SHA256: de43b7c21478ca459b96fbeed7d03ecfc80602c11c90df2affcee57cead7b71d
SSDeep: 48:YJILKabnsKVAJMXu/r1Y3nioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:MILdrAJMI1YyoVCFwIApr0L9hTMIb
False
\\?\C:\Users\CIiHmnxMn6Ps\Pictures\3VA2_ n7PHo9aZ3-odx\wPaLCxLVEk8sPBNTFG7.jpg ID NL5VaVIIqOZA.BadNews 3.21 KB MD5: caf96cd98997127733c9676c871747b6
SHA1: 42b3aee98041a02c5e1ef2501720e816a66c5f16
SHA256: 62a4b55d426a603b4140f106baf63acbc47979803ab3adb47eac6836a10ccbb5
SSDeep: 96:lUExk9CqP2V576nr/YIKMaDPkuNoVCFwIApr0L9hTMIb:G3P2VojGbkdVImOL9hTV
False
\\?\C:\Program Files\Microsoft Office\FileSystemMetadata.xml ID NL5VaVIIqOZA.BadNews 1.77 KB MD5: 67b1e4109a93e88fecaba41142704f82
SHA1: ff0e67f3741e84207f27e1957296b01f2aaca3f8
SHA256: 46829472de0038a8bbd5d859968b002e738cd590040e0173f22c752539903f39
SSDeep: 48:8y2SXD6KDnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:8yRcoVCFwIApr0L9hTMIb
False
\\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\chy2jv8x1kFmLn3.mp4 ID NL5VaVIIqOZA.BadNews 20.56 KB MD5: f29d8d6bb7addf359d5f0849e6c67017
SHA1: 72db4734fc949291d1163aa94cf832ecf9a9b1d5
SHA256: 06c46dfc863671f7155c475a51cdd9714373298fd03e8a5ba6426622424ade34
SSDeep: 384:dyIVoexiy+oHfjICi11xycY+iQmVDfnKKYsf7PqTSmOL9h5:d3oexiyrHf8CC1AN+ixPHbOSrL9D
False
\\?\C:\Users\Public\AccountPictures\desktop.ini ID NL5VaVIIqOZA.BadNews 1.69 KB MD5: 70916c96358ce3165bf0816ceca7454d
SHA1: d1dc8b75132236355ef864a574f285e3f1b1e889
SHA256: 51adb6c72d1fa1b7a7151c051d7fa3084e93334f471373c2f6f029615ca45a18
SSDeep: 48:nVLPkxr1DJBOt7nioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:nVL8tBroVCFwIApr0L9hTMIb
False
\\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm ID NL5VaVIIqOZA.BadNews 2.13 KB MD5: 729acde4fc040770d792d8780d274900
SHA1: 6224b74eb59f961b056cf000a1d7943cf77d01b7
SHA256: ec6e25da297ad03f31cf300b19f8e06230f8589f5decbea625d4202b2355890a
SSDeep: 48:MqJhkMTkqxPnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:MqjgqxqoVCFwIApr0L9hTMIb
False
\\?\C:\Users\CIiHmnxMn6Ps\Desktop\fdRbj2oK_nU-_WAAnwEH.wav ID NL5VaVIIqOZA.BadNews 62.37 KB MD5: 46ff5439c373ea81691c739111851f53
SHA1: 104d9740fdec4cbb31565f79af80dcef14f95c68
SHA256: 32f18b5c66d3fba38f2e906fa74eec9346bca6c20f76b94d0fc9582f12300be6
SSDeep: 1536:dgK0aznFk4huuqZanPB2yONqI7Jpukcrqa4oSvN:maznFk4ouqZMPcyONN7JpuLZJC
False
\\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.psd1 ID NL5VaVIIqOZA.BadNews 23.15 KB MD5: 647aab353536fe3a425a0e8c11171ad1
SHA1: 751f56bbe9e0c90e7b34dffa91b6d784ba4b339e
SHA256: f3a174ded914ac6e6ca9adfd7495a869cba468c4d350970f03814f02456a375d
SSDeep: 384:9l8y4zvoURyTMVF8VuDze7fjqy0V7euOJO4wcaggRi+yppe297tShSmOL9h5:z8yUPHVFcuDze7fjqLesjcaj7yXpcSrp
False
\\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\dqAisKMgdCnXXjVAB.mp3 ID NL5VaVIIqOZA.BadNews 93.56 KB MD5: fac4025bbd4c987dc0ad9990bd1daa6b
SHA1: f3ec4e704182669a0d7fa31ed1e1c4740720263a
SHA256: 46ee4f60d29125a7c95734abc5d688390549c2ebd439c9dd97bab3c5b72f5919
SSDeep: 1536:vdXDlwJt6gOpZCpQqgUo6wURpmvoaqpuyoLAUQqkywtRsoR71LXHTz6eUkyCrbeH:vVmtNYEQ8I1AUQhy6RFRlH36t12bbC
False
\\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\72oUps5XOa844yewySkH.wav ID NL5VaVIIqOZA.BadNews 76.24 KB MD5: cfbbbd32e645ed41594f8af5c91667b7
SHA1: 3c458ee9795d5d63f0aed37906326521e94d2023
SHA256: 8092aba3f742a63d7254b05c494327da4fac3a8028df966031ab421f74ca6a4c
SSDeep: 1536:3mtHWj6u9IEi3tdK1XI3wgQGrBFc6vYMg/mOCd/cwR3CCLJlHNz98Pc+SvN:iu99i33K1YKCDYkOicwR3vJll9kc+C
False
\\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB ID NL5VaVIIqOZA.BadNews 25.17 KB MD5: 99513c724759e15ee16ab9e01ec905b3
SHA1: 2ce0fdc4323043686ad70b1793611a2e6250112c
SHA256: 9bc047b5328b631726024ba04276a0706b8a29bb552d447b034bf6ee6efbca4e
SSDeep: 768:UV9En64IG+zzKoZlkPXlx+8mPiPM2zl8auEdNm2SrL9D:UV9y1xdi2PV0TcMzazNm2SvN
False
\\?\C:\Program Files (x86)\Microsoft.NET\tactics.exe ID NL5VaVIIqOZA.BadNews 75.00 KB MD5: ba6ba299628f7e7974570550a3df1cf7
SHA1: 0b68da115482f65c4c74dfb17619ab3b50632db8
SHA256: 98402fa0049ef7a29276de8b8f3ca7f5bdeea9a7429e63e36d240a8be1bfaaca
SSDeep: 1536:HBTmTv6TjD74/T7J0lTtP0fnb68pEh1o+1NhlDkdcr4SvN:hTqSY7JNnm8pEHNN/kdc0C
False
\\?\C:\ProgramData\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml ID NL5VaVIIqOZA.BadNews 2.32 KB MD5: 614e3062ab1296d7870bcfda99e0c2a3
SHA1: eadb7faf6ab2549cb9ed89e5fe63de00fa83c329
SHA256: 8f6572b2063104024fcf8aac3a33e9409250e238209299572c4d61df076413fe
SSDeep: 48:6BRpj9I7/rs0Bx0enioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:6RJILrs043oVCFwIApr0L9hTMIb
False
\\?\C:\Program Files\Windows Journal\style_percent.exe ID NL5VaVIIqOZA.BadNews 75.00 KB MD5: 73f093a1ed5d4992cab18742834d0747
SHA1: 4382242465b2ab7f75a0ada57a7ceb125bd4519d
SHA256: ff3c6979b77f86ff1b39da7fb74043c4c45291abfacfb8856502923fdbcd0d53
SSDeep: 1536:iEXouuWlDQ0kCCHUVzIjFg/0b52UafjLRXuSKiFwNXHqcLQiVvQr7x3SGGFlBwbB:pjlyhHozmk0bXaph72N3qcLQiO3ilIXR
False
\\?\C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-install.log ID NL5VaVIIqOZA.BadNews 1.66 KB MD5: 2ae0942e09fab9b32ab0588a56c7e912
SHA1: 0440bd17962c28bf8e7b6d963cf67fcdce5738ba
SHA256: 7424ef2f2911f38a877fb98b2e1e9c9e28a433b30a61873f570fd6797ba12ff7
SSDeep: 48:1/FffzayltnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:Pzxl8oVCFwIApr0L9hTMIb
False
\\?\C:\Program Files\Windows Mail\definitionselectionsea.exe ID NL5VaVIIqOZA.BadNews 75.00 KB MD5: 13c29c6e4d5b0a80a740d57c723ef90f
SHA1: 88bf3f4dc0403c9509668d8723227303667eb13b
SHA256: 38a78adf2592a9cefd9d21ca078ab2cbf37eda3ff5b87eb8d30605728b29c5a1
SSDeep: 1536:ViCu67RqvpJz+IEeg6rFyDrJOCEpMfuM8/3rSBP072W3MHbbg2skG/SvN:QlaRqxrEN652cCqeuM8zSBPEB3MHbbKq
False
\\?\C:\Users\Public\Downloads\desktop.ini ID NL5VaVIIqOZA.BadNews 1.67 KB MD5: 0044a4c7e3136386d7dca0b70c755e18
SHA1: f7d0fa3e75becc2559e1f166f1b3f28218e5897b
SHA256: 9a3c76aab9ec78dbc6081666c286b2027bc75c72aefd8c9414ab2ddcd1398a66
SSDeep: 48:xojCR+KnxnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:xPRr4oVCFwIApr0L9hTMIb
False
\\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\_u6 QD_8eem.rtf ID NL5VaVIIqOZA.BadNews 41.15 KB MD5: c1e4c9628fad9a071e864c4633d6f0b9
SHA1: ac3b19cf01da9acd6f16d7f39fba4600fbbdb4d3
SHA256: f3a1b4f8693246034df4911baa6d2cfff831b76db65a3476bbc4a859e2460df2
SSDeep: 768:uFxN0GT+2+VQm+6DXxQDVxAq57Aq6LChDwni8UTPdgWpicgIYr4q0poCezSrL9D:axuGanym+6rcxV9m+Dd8W1bq4q0p8SvN
False
\\?\C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm ID NL5VaVIIqOZA.BadNews 2.24 KB MD5: b325c7e7b22e9c25948e6af9b8da888a
SHA1: 28f29eaf85d0a71971c9cb0c6ed2c49240684104
SHA256: 5b02b7c1e418bde0849f40e2f219b7bfd485212c43e5b8d6f80bea25983d4b43
SSDeep: 48:+fjPscISl+dSs57Q8GsRnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:+fjkHSkJ+vHoVCFwIApr0L9hTMIb
False
\\?\C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch ID NL5VaVIIqOZA.BadNews 1.65 KB MD5: 23f475cffe89156ccb4a1839e59fa7bd
SHA1: bea8aaaf794a10fd5171ce025e044e5405ae32f0
SHA256: 9bbdeda62f8fb1fb8a0b9aecb8dbb9e1dee995b66292f5de37f5c5aabcef14d1
SSDeep: 48:RDrnxz+4FmnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:Jxz+WoVCFwIApr0L9hTMIb
False
\\?\C:\Users\CIiHmnxMn6Ps\Documents\5FiXE7dIdDZr.docx ID NL5VaVIIqOZA.BadNews 99.81 KB MD5: df3edc10906a900864e21000ed9e8e9f
SHA1: 84e5e27a70d3b33a0de32972f8f03909f14b60af
SHA256: 450416d626aa16801eb83994fd19a0fcba2a7d17f255bdc4b69c352811d4c2a1
SSDeep: 1536:pUtf+fUzHLoS/ky8wZfD9fdAAAXgTVaLeHp1PKKd8Ezzko8FcZunb1Nrz1SvN:k28LowZpveLeLh3do1b1NrRC
False
\\?\C:\Users\CIiHmnxMn6Ps\Documents\OMivT7VX5I.ods ID NL5VaVIIqOZA.BadNews 4.19 KB MD5: 0b5051b31de31696b193e2b7a3bf600e
SHA1: dd4ef31ff1105fdc15303026b0bf7921f3d5c627
SHA256: 1dd55bc61292103e004c91eb40e2031e802576cf13a3da9d7bdfd31d1e3e3fc3
SSDeep: 96:fMQyJYm4jWrRdI1k5lQTJ9P4FAWAoVCFwIApr0L9hTMIb:UQyJ0WrI1k5iTJZ4FAWHVImOL9hTV
False
\\?\C:\Users\CIiHmnxMn6Ps\Contacts\sikvnb huvuib.contact ID NL5VaVIIqOZA.BadNews 2.78 KB MD5: 6997d1e6231de229e5d550f4d07de59d
SHA1: f83d0f8bdbad76dbff1deeb6b498fb34fc351cd3
SHA256: 62cc3cfdea0cc7a6507fc5e69e670cd7966d970f1ffe8d95f781ec37168716d2
SSDeep: 48:m3Pj4Az8GvozUBiTWsaiYPgCPTiXnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:m37IGv8UBS8j7uSoVCFwIApr0L9hTMIb
False
\\?\C:\Users\CIiHmnxMn6Ps\Desktop\np6OUKpYp7Ul0SvY.xlsx ID NL5VaVIIqOZA.BadNews 7.51 KB MD5: e6c138879cc2ec303c429c0adab81317
SHA1: bf4139dece869c6fff7bc8225ff1be9ada5ff83e
SHA256: fa66b739cea096075aba522e47abaaed8fe5699415512dc7ad19cd8289ff7c58
SSDeep: 192:HUJNRtaQOPGw3MKzOMq0ApiqAJzrgJoiw/uBVImOL9hTV:HcRsOw3ghzpi3JzrgiiBSmOL9h5
False
\\?\C:\Users\CIiHmnxMn6Ps\Desktop\desktop.ini ID NL5VaVIIqOZA.BadNews 1.78 KB MD5: 1192c162637a6a6c3619c5b0fe3e7246
SHA1: 265fd29da7f098f47fb1c1daf5b757e9c354605f
SHA256: 12fd921a27a20f5af7321a5620807451e4acda32e28fce183f5eab053b1d1395
SSDeep: 48:D02+YvX28nioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:DOY+oVCFwIApr0L9hTMIb
False
\\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\Reader_DC.helpcfg ID NL5VaVIIqOZA.BadNews 2.20 KB MD5: f3d22b8b347c515e692dc109f5372afe
SHA1: 4576c1b88f90161326e9edab74d207b970a1ed3d
SHA256: e0f06389be560ed0ede30c3b6af09c47fd1d03c944d55024038daf1b88af8c9a
SSDeep: 48:285HiyxNgl6095TB8vJvMnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:2/Gg1HcJvpoVCFwIApr0L9hTMIb
False
\\?\C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe ID NL5VaVIIqOZA.BadNews 4.26 MB MD5: 744d1b69043a6ef795c71824db9e5a62
SHA1: 2e3ab597c55d8ca7c669ac05c1a36e3c3e8b77f8
SHA256: 478a7ff6358c741fcb7488c8fcbb0c3366c8b470c963211d503b09ccfb1af753
SSDeep: 49152:H1nq1vaauDtUIV+BF5R1fG2+6ntEL7EVvv89Djbhb+u18Ed3IUdTqQ55wT5029Iu:N5a6tUIkvlfj7ntdaPeQ4hbd
False
\\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe ID NL5VaVIIqOZA.BadNews 765.05 KB MD5: 5a918ff7ffe1cec3135d7e8e87a8eb20
SHA1: f602f4583fe910a0caec6ebb5a365862c6ec6927
SHA256: 08e9af4126b7618f44b52e3153992d614be53088a0462889ba278bff1c4b6bbe
SSDeep: 12288:crlLWW2dGqPOQ0QC5wJABAU4lM7e0AjLN0nwTYOOobCxcFwodNZ/uvp2D+3Kygg3:w5QOsklGM7uN0wTYMIyH28edgS4JI
False
\\?\C:\Users\Default\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TM.blf ID NL5VaVIIqOZA.BadNews 65.50 KB MD5: 06b5b9fa1ac2e1810ba0aefb1c1c6e5b
SHA1: 35de182755631e2b2999bc56cea3b1cba2ed88c4
SHA256: 96561badb38c2a5a4c493b60ca8b8cce86e86c79956ea2df0909e88c0dea6372
SSDeep: 1536:IK0UKaYIgM95Hcp2Tofd1c4d/VdrNhyvcbsdZ/16cBmSvN:OUKBIgMP5Qd1RtLrdgdZ/16coC
False
\\?\C:\Users\CIiHmnxMn6Ps\Documents\Qf3SxHIN vDvfU.docx ID NL5VaVIIqOZA.BadNews 71.01 KB MD5: 043e71aa974fa141e4d18d347bfc67b4
SHA1: 754da309608da0143239305541fc72693ef1ce45
SHA256: 8c885f8f37291e8070071276a221e2c3c5aacba29152f5744ec6d0e9d36b8fef
SSDeep: 1536:Z9F6iXdCcTn3dZZ0boX+K6NeV5P0nQfY0K4sf/hbe8nqCrLSvN:Z+iXMcb3F94endfufZbNT/C
False
\\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll ID NL5VaVIIqOZA.BadNews 317.98 KB MD5: c8a81eee9651b1ac587d7f5cf245bb60
SHA1: 7a3d74dba45c4142c706f644d539f27f093fdcfd
SHA256: d57827023676642b645351c7beaf92ef22326826894f9b432d1fa01a4e967d20
SSDeep: 6144:UDjITn+3iIZFioe9CQMDBsBvvFj8ky0e53IifmTP60JhmC:QETn+yYioeoQeBmnWd0nTCm
False
\\?\C:\Program Files\Internet Explorer\highlight.exe ID NL5VaVIIqOZA.BadNews 75.00 KB MD5: 77a6e480c5d2edaa75cba7a2515536bd
SHA1: e16a23850159b7994672d2bb324ea4837253eb28
SHA256: f47f82ee62eac36fee7e86e8ed7f721289e2b39111d92e9aca025aa8e6e51b58
SSDeep: 1536:dmcilKjIe7PSebO4/oglR037qq/yuwWOm/ZSvN:tCq7aebO4llc/rOmRC
False
\\?\C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\VC_redist.x86.exe ID NL5VaVIIqOZA.BadNews 519.48 KB MD5: 2cbf92becbb7ddac3c6926f47b3f1ecb
SHA1: 4dfbbc1827aff6513bd80b05d971b30d4aab6b9b
SHA256: 683238ffafd88ed531fc6a72d529ef69a401f1c33927924a9beb2446e6ff049a
SSDeep: 12288:kx2eYI94pfRXjkh36Yb6ZhnDXzACllS98iCBI:kxTYI94pVjkh36YWZhnDXzNq8iCBI
False
\\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\store.vol ID NL5VaVIIqOZA.BadNews 6.00 MB MD5: 6430a8954551a0b68e6f569f86857514
SHA1: a334673db11b42f034f1ee542d4abe1d5a505a38
SHA256: 83f26447eb95b8c53b1d1e9dcaab514f30fb7ff00de5f9fc82676802a8020c01
SSDeep: 24576:I9NlaNPGe8/wHmwksgKGHBmqJ5aFgT/hQBLv7iuec/6l:I9NlaEefmBrbvaghO7Bil
False
\\?\C:\Program Files (x86)\Common Files\christopher_pro_recruiting.exe ID NL5VaVIIqOZA.BadNews 75.00 KB MD5: ce8cde917027282cf047a3bc5864f21a
SHA1: 7d8996ab2fe2819d8d1f082d72be7a03f30ba7bd
SHA256: 70f57b9647ec0c71dfcca8cb396ef6a1f1b7e998c0f24f28480bb35d704ffcea
SSDeep: 1536:YGDTFv25+4iRXDZgT9yI86Y7OzHTZYT0dKx3RkHTzPqzSvN:flkRsZgTwIF/bTi4sx3UTCC
False
\\?\C:\Users\CIiHmnxMn6Ps\Downloads\desktop.ini ID NL5VaVIIqOZA.BadNews 1.78 KB MD5: 5310919c8ca8c886165a69c652544ce1
SHA1: fe115e90449f36ffb7c52c1f5956de21d11d4706
SHA256: 5127e88be8f44d87226620c99c45aa4c608bc93cafd91561857e37472861aa93
SSDeep: 48:5JvnuNBACmpEbBNonioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:58NNmMBoVCFwIApr0L9hTMIb
False
\\?\C:\ProgramData\Microsoft\IdentityCRL\INT\ppcrlconfig600.dll ID NL5VaVIIqOZA.BadNews 25.21 KB MD5: ba4a62fa5c108724106128c0cd981296
SHA1: 1fd33265933f5ab114d38eb5ccbfaf6ab2386565
SHA256: 00f21305a481dadfa3f824299d5f9671608bc6c0bed09acd834edae6d990428f
SSDeep: 384:Nhng++8n9cEnsioZIiQhswf3UuMAOHBDafyxYcPNoYZoI0ziVyO6f9ue+88BSmOp:ln9ce8SfhscUuM1pifcPFVT6fABSrL9D
False
\\?\C:\Users\CIiHmnxMn6Ps\Documents\iNW77vJzgdGc.xlsx ID NL5VaVIIqOZA.BadNews 43.31 KB MD5: 7128a452e10302a3b6df9566c7116f0c
SHA1: 50e36c3fc29e02c0999ad5ebf5453828a90b27fd
SHA256: df735891b99a71b7553b958cc0234bdea6c89b73ca82976b8ad9c7653b60f48e
SSDeep: 768:ri8dEJWecDw/G6h5EBLt1MxjTSVUz8nKnSnkn0y4roCA7gn1/C4SrL9D:rlnaL5EBPMxjTKUAn3nkn0y4sCSgn5Cz
False
\\?\C:\Users\CIiHmnxMn6Ps\Music\geAKxrY-UH.mp3 ID NL5VaVIIqOZA.BadNews 18.19 KB MD5: 440657ec8ae26eb8b39388a1585d6ef9
SHA1: 87d32657d60247e70f2ec7cbfbabaddf5e8a5e16
SHA256: 51cd79a9e6a7c5cfed997eebc0e9591d38477dd795697ff13715d6857586cc3d
SSDeep: 384:fw/+XGEwvPXT/c2Kv4eYu7vbdUE7r0IcaOTBgPTSmOL9h5:42XG9dKvHBp7r0IKTaPTSrL9D
False
\\?\C:\Program Files (x86)\Windows NT\demand_sony.exe ID NL5VaVIIqOZA.BadNews 75.00 KB MD5: 23aa76cd7e01c36c119a741629f68f44
SHA1: 94e9824dedb9c8a1aecf1d14e773ed7364ff4b7e
SHA256: ba0b438252762e38c68cd2850c9ad259a5a12a522db53e3a9468dfbddc354770
SSDeep: 1536:SnqxlagmEd48tkS6yionvvdysIzC5Na7TKHpiu1h4QhYOM2YdGSJKGrSvN:WqagmEicr60vv6O5Na72piuz4QCO01Jo
False
\\?\C:\Users\CIiHmnxMn6Ps\OneDrive\desktop.ini ID NL5VaVIIqOZA.BadNews 1.60 KB MD5: 480943ffe883b9a2f8f6da40e9b758fa
SHA1: 51778d7ceedbea603617f81baba02ede08770b73
SHA256: 9efba8c4b102f8dd851014eef12a12c99e28c674cdd41d8964ac36fba33f2186
SSDeep: 48:1+jylunioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:Uj2oVCFwIApr0L9hTMIb
False
\\?\C:\Users\CIiHmnxMn6Ps\Documents\txRbXrt.pptx ID NL5VaVIIqOZA.BadNews 36.44 KB MD5: 5bdbb4cb9a49cc7d9e3f1c550fc4cb5a
SHA1: 08cb0c728d9815bf2bbb5fa2d442657270b8ebbc
SHA256: 64d2e4af934fa7b6572b0581d57a55a82f3b4b272e8de0e1ecdfe454b9141c78
SSDeep: 768:9T/jMcHFxyMIGHaCD3vQEDDYqNZBuN64cYEeLeSCd5SrL9D:5jTHFVHPvRcwZSN5/L+SvN
False
\\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews 1.76 KB MD5: d63b19267528c60e783b1445c7aa81a2
SHA1: 1d688711a6affce6bacd080176ecb2aae287548e
SHA256: 6f2483530ccaa56c75daedeadb2e6ad06bc9f32a3850e3077cd3b137bee895de
SSDeep: 48:Yeib4tCmPmQd/nioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:Yeib6f/daoVCFwIApr0L9hTMIb
False
\\?\C:\Users\CIiHmnxMn6Ps\Pictures\Saved Pictures\desktop.ini ID NL5VaVIIqOZA.BadNews 1.69 KB MD5: 4bc43de703f2d4349e996218260e1ac1
SHA1: 0cd744bf534c15f12d8099452a24cb30095851d5
SHA256: 04d1898b45c36a6e0e388648861d6f0629f4af07b0ed40b8bca9626da31e5a84
SSDeep: 48:e+ZA9ZQKvnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:e+ZqmoVCFwIApr0L9hTMIb
False
\\?\C:\Users\CIiHmnxMn6Ps\Pictures\8cto6DsS0Tc56.png ID NL5VaVIIqOZA.BadNews 33.47 KB MD5: 8bed5dc08eeb7ba149550b9d1e0eff6c
SHA1: f7a41eaeb579ee90c522b99a2c4394324bdaa9ee
SHA256: fdef4eda4958e23643faac250319575819663b14e3d23df7c91282ebfc0b316a
SSDeep: 768:QSnmFPCwbY7V0hWqj2y20g8zH9yNQiIVpLJ4t1YBhvjdFZjYSrL9D:QGmTIV/hcEyvN4t1Uhv/1YSvN
False
\\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe ID NL5VaVIIqOZA.BadNews 453.66 KB MD5: e6fcc5bbe74c611e3be783e4979b10e5
SHA1: 1c93c6d30b4782ea8404283e9626ec15293b8dd3
SHA256: 00fdf0d3b55b99662fecc7bcaa11e1e0c5fb184a1a3b114d33f72b8a0b8e22e7
SSDeep: 12288:OHZ7xv4LDqWd87WylrxDoKo1iGVYlKjCyEPkZUjbPv:S7xviqC8yylrVoGpljbPv
False
\\?\C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe ID NL5VaVIIqOZA.BadNews 170.95 KB MD5: a754b5108a6335b398963e31ca83056a
SHA1: 6c8ccca544ec2d27700cdd0e3b8344a646a23d28
SHA256: 0c544a5aa5f6b045adb52d097b508725d00a7bae65c4c9dccb6fcfcae03f0eb6
SSDeep: 3072:w8sRx7hzA5DEn2egR67gCH+RWmDo4S38ZZH1YqHDzgmQjIO+JTXaEC:wJphKAYVimDo4OqNWaDcGgEC
False
\\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins ID NL5VaVIIqOZA.BadNews 1.96 KB MD5: bf6bb1291d6783f446cd43ed8c0d519f
SHA1: 87afff5b426b1115040b4c770c57b69f90f74b25
SHA256: 2b45f3870e4150e8c706c32c4074ddf3a0cd4e89f1a9fb041d136c03c83ce4d8
SSDeep: 48:dLd4v2BMjaMc9elRIjay2/nioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:j42DpelqjayoVCFwIApr0L9hTMIb
False
\\?\C:\Users\CIiHmnxMn6Ps\Documents\TlHV7.odt ID NL5VaVIIqOZA.BadNews 8.05 KB MD5: 092d9c9a4177674f8f6fd22259633fc3
SHA1: c7238279edf805604a236b633d9b14378781289c
SHA256: 087ee09d0eccb5dd1c7aaffecaf39d7fd5d1faf8e65f3444acf3c1c08bee17fb
SSDeep: 192:j3ky1j6my/IGc0vC4h3qY8wKQWdT6+/W62RBy9NXotQVImOL9hTV:TJuj1v3VqTwKQW262RKNXWQSmOL9h5
False
\\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets ID NL5VaVIIqOZA.BadNews 6.12 KB MD5: e95eadb27570bfd26b2ab30b61a6013b
SHA1: 3a6ab4bdfd6a17c50572d6b7b07a411137aaa075
SHA256: dbb7df6dcc74aa394114eadd4d6467d50817fa421bcb1273d0e7fd509ce387e2
SSDeep: 192:OYsv+jm1Okmgz6J+IK7Gl83jWbgqVImOL9hTV:c+OzmUGKv3SbfSmOL9h5
False
\\?\C:\Users\CIiHmnxMn6Ps\Pictures\3VA2_ n7PHo9aZ3-odx\N1DLcW3msNrt.png ID NL5VaVIIqOZA.BadNews 36.04 KB MD5: 3d7402297fc3adbfd9c1fadefa517078
SHA1: 82b9217e7cd0b6d2d36a4b86541e1c41333821bb
SHA256: d8fa62ce33f237990119253e4d73aa96c3fd564b4af63aeeb2ba4b0589acc2aa
SSDeep: 768:+wW6n90CE8/RBEKro/0D9gXswQUUDgHQYcLTEv0FxfHUpdmLLqlIjR3/dYqAbxNC:e690T4ZoOgXswQUudYc/Ev0FNHUpUphT
False
\\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.013.etl ID NL5VaVIIqOZA.BadNews 17.50 KB MD5: 1de2579bd7a2c2db27e907cbd1b522b9
SHA1: 7fd6d89b49d1905110516c4449d8f4017a144b68
SHA256: 7847458e29a327d12891dc31240af631703175c574d710e11ec74bd27ded60dc
SSDeep: 384:Ouw83V/VtytOR/JA+VVI6IevG5O5Df8uwMOepqHqgAtPiSmOL9h5:OuwERBAkIevGif8uwVepqKgxSrL9D
False
\\?\C:\Users\CIiHmnxMn6Ps\Videos\desktop.ini ID NL5VaVIIqOZA.BadNews 1.99 KB MD5: b199a5b39590f827057278b1083c27d9
SHA1: a987078f7069f6c6a7f2844d7a2d5245cbd3bb79
SHA256: 965a59e94fc6e352c490cbdc4a38473c7d38b76b3dd096773a118124c700c8f2
SSDeep: 48:KRoq37Ki95Cr16nioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:jq37KiMoVCFwIApr0L9hTMIb
False
\\?\C:\Users\CIiHmnxMn6Ps\Links\Desktop.lnk ID NL5VaVIIqOZA.BadNews 2.01 KB MD5: b34fcdf7331d9c611053a115ac871e38
SHA1: 27c0732580cb7c5e6ad47642ee28d33db861fce1
SHA256: 49453c95cdee25f136a0ac1ce30e5497dd491241f4f6246d0c6007b901a5ef64
SSDeep: 48:0pY8erS24OPnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:0ppVOqoVCFwIApr0L9hTMIb
False
\\?\C:\Users\CIiHmnxMn6Ps\Contacts\lulcit amkdfe.contact ID NL5VaVIIqOZA.BadNews 2.65 KB MD5: 9969683abf35e0744e8ce295f7210196
SHA1: b535b6ed39065856ad396df41699bc2e9f0fcb26
SHA256: 9b54322b0977b643e2e44a078510fb041b6e64f57d8e8583e506d83e23752673
SSDeep: 48:n5rdwy5pdCqe9/IYZqiFnDdURL8eVklEKwnioTO2XErnghmQfIgFB4RjEJr0L9h5:n5rdwy5pdzcgKDCweVQLoVCFwIApr0LN
False
\\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm ID NL5VaVIIqOZA.BadNews 17.74 KB MD5: 91ce8ae64809310b08a761af1cf5db07
SHA1: 73e6053406843fdbf85e8cfd1ad14fbd12d6c6e6
SHA256: cd51829898c4b4c716f950b0797147c97ed2a4fc827941a743c1ac0b5372f123
SSDeep: 384:3Ycy62BGqYC0M0segA0SrpJCUmEtuFQRpcCuSmOL9h5:3BBC0MdGFCpVkpcCuSrL9D
False
\\?\C:\Users\CIiHmnxMn6Ps\Saved Games\desktop.ini ID NL5VaVIIqOZA.BadNews 1.78 KB MD5: ecbfa270e1019579ada09fa6c6a8e2d0
SHA1: ad144fe8c5f82b3117d67418cb48b9cb7c8a669b
SHA256: 579b5e599a76e23a46d262edebe6844bd76b5feba5eda091e00e48455ead1822
SSDeep: 48:GqHgDJ95nioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:G2EgoVCFwIApr0L9hTMIb
False
\\?\C:\Users\Public\Libraries\desktop.ini ID NL5VaVIIqOZA.BadNews 1.67 KB MD5: 183b52672a77ed5d5153cdef1a215ee1
SHA1: 3c358ab0652015da6de70cccf7cca42ddeb7048a
SHA256: 974b1ecfd8d88c23835e03f295421c914bf7c4caa69132aadcbf723c5f59c6ef
SSDeep: 48:FlM8/VzpvQB/HgxnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:FlM8ZpOHBoVCFwIApr0L9hTMIb
False
\\?\C:\Program Files (x86)\Windows Photo Viewer\biotechnology.exe ID NL5VaVIIqOZA.BadNews 75.00 KB MD5: 0a6c1b46849f0fb77d2fa8c30acfd823
SHA1: 5df7b9695e68bfcb1663da5a596545cf4bb49d84
SHA256: 5d7f0af58970c85f3ef9cd93d732b3a737ef10f66caa3ddcce3e8fee98cfe4a2
SSDeep: 1536:csUL/uN30IrqBS09lh4/8J3IWIiZswPW+gP19HMkBpIaS5ickxgr9Hq6hKSvN:VUDK0N9lh4USWITeWdLskBmJkc/9HkC
False
\\?\C:\Users\CIiHmnxMn6Ps\Desktop\i3m1GJbjrf1Ucd.doc ID NL5VaVIIqOZA.BadNews 33.42 KB MD5: 498e8f8b12dc0c509a6b7c766f9b447b
SHA1: 6a4b8d0057249be7f0c37ac9e582af3663fc33bc
SHA256: d12166b0cccef201be462ec7c091519419d281c0e92c6df3be1906fb3039afbb
SSDeep: 768:lB0KTm7XsYCedKY4d1g/dtbgD5u7mi+oum4HiP465IzAbSrL9D:DyIYvcd1gPgDriM6VCzAbSvN
False
\\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adq 0VvG-dOZN4Cm.swf ID NL5VaVIIqOZA.BadNews 21.31 KB MD5: 4475388beba89905865d4169331c6ab5
SHA1: b5b5c7324337fc54c62e398cbbd9de35573dec10
SHA256: d95e1c634d8a1c51c2fb44f427b665ff4a93e7e7671dc516735c3122aa5b937f
SSDeep: 384:ekrxitwPdDma6JBRqtPkmtlhg77PlIrDDITlMeBvvlWbpI9109kESmOL9h5:/rwtwPdDmtVmD69IfIlMQYIL099SrL9D
False
\\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm ID NL5VaVIIqOZA.BadNews 2.14 KB MD5: 3f10e7bb4dbac466156495cc1d6c388f
SHA1: ece2f0626d498b4239017113a365aaffc178c761
SHA256: 5ddf53064cbe0ca78ecb9afb370d17cd6d948278f5220cf88eaf33e4ddcc85d9
SSDeep: 48:615piyCwXdmvm133q7nioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:0pDxAvn+oVCFwIApr0L9hTMIb
False
\\?\C:\Program Files\Reference Assemblies\rely.exe ID NL5VaVIIqOZA.BadNews 75.00 KB MD5: a6deaee3b754f7d91cff31e467d6fd86
SHA1: c72665acd05d87659e552c2310e7aea97b055ce5
SHA256: f77c8d0c0d2b38730051e9a278f1a051624ba9b56c1c903a669d8666da5d53ba
SSDeep: 1536:cXZsg5EF1ZIcLxfJOgy3WXvHt32m+NYzOwrpqJTKw+n1Wq2h2rU/NKwmL1tPZ/sC:uITIcLxfwJ3W/HtrqJO7noq2muNTm5dt
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-1462094071-1423818996-289466292-1000\46a78fa46b43fb180b4fa21773f8ff3e_427a1946-e0ff-4097-8c9e-ca2c1e22780b 2.17 KB MD5: 00fefc56a3523a41b4bf02a2bfb69021
SHA1: 3fd8ca164b762716d83946e57c65892212328f7e
SHA256: 7ec806e35e946e5205f2b0ea8d732d4086630c7be20ddb3e0a6543be7395374a
SSDeep: 48:yNW9FUJH/q6ll66IGB/DyNtIDsEobVN807vu8lDsSX:yNW9FEHPlo0ryz+sEov807vuGsSX
False
\\?\C:\Users\CIiHmnxMn6Ps\Desktop\qwlvWbcYpxVH bnTQ.wav ID NL5VaVIIqOZA.BadNews 8.17 KB MD5: a8700ed997c73859334a43a874fdc92b
SHA1: c49dc6f41ad2115dbd59114ad16ab3533314ce68
SHA256: 14377497b40b5331674446ea16fce9e46ff5ec28d6842e154c69e7a9834ef087
SSDeep: 192:0Vv9L+kIY0MAx38/HEYcvzBEfG0r+orkX3cm1HxfRBv/b/yI+VImOL9hTV:0V1LpIV/x38/HEYszBEtbq3cQxfRBvWk
False
\\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\IwOfL2HaN.pdf ID NL5VaVIIqOZA.BadNews 22.95 KB MD5: 4e5e0e163a03680b2adb1acfddd914dd
SHA1: 71030b6a6d33e5a18679625421ef33e9e5bb0806
SHA256: 654048d56c07d473441dbeacf5d66b4584751e719dc9df73e6c5a4747c40bd3a
SSDeep: 384:zTccbwvuyAS6hdLiiW4xQKOk0auFLRvUfGLGrQV2BkSCCZeRIaB4+Ex4DWQSmOLN:zTcc0vcS6hd+ihCKOLVhRvQUV2uSte38
False
Modified Files
»
Filename File Size Hash Values YARA Match Actions
\\?\C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll ID NL5VaVIIqOZA.BadNews 25.72 KB MD5: 1f59aafc37f2f1eb4690a6ce5da9354e
SHA1: 4a602778dc1c92b0d944f4cde6e1d0aa8c3d9d7d
SHA256: f006fa949c0ec52e400d268ef160a77aa6a818cc04920f622e4b45f72c1f639e
SSDeep: 768:6wtWQsKKj4esgyVNdONKXaHPgmWc7SrL9D:xtfKUHHLw4iPzSvN
False
\\?\C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab ID NL5VaVIIqOZA.BadNews 5.33 MB MD5: bcd0a7dd221492fcbe4efc6c70378c4b
SHA1: afe2d142d536328146af7eb55a4ae9762142360b
SHA256: 9c5d2f4848bb7b374ae7ea25097945f72570493cc8fd778fe68b5bdba854f7ce
SSDeep: 98304:9tI6HgNgSGo1d/0jHDSSBEnOEEYiCh36RawfXnZGZ+O/nBymG6YvO3ukHkEV6xhC:zI6HkgSdp0CKCLE7ChqRawcZ+Ensf6Om
False
\\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml ID NL5VaVIIqOZA.BadNews 4.91 KB MD5: 1d2277ba4ebf7ec731f739952f9444b6
SHA1: 64a5640e0a77fd4cefd7fbc05d9423c652b8fa80
SHA256: e8cc34bfce6269e49d7f4ae582160f17b968a4ee05b123df8dfff11ea26a45a0
SSDeep: 96:eKXgEsgAp7Qr1vDyG9p5tgq14EizH2sOUnoVCFwIApr0L9hTMIb:e05AFQrFyGz7gq+5SPVImOL9hTV
False
\\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml ID NL5VaVIIqOZA.BadNews 7.88 KB MD5: 1f0781225666913c705b66bb6bcb5fd9
SHA1: 6df8653fde9149374e71b89d5512aee508fed6f3
SHA256: f6ec21d53370a554bd1f62a7ecdb5391429017a3aa4437f286d7f0124dc47917
SSDeep: 192:mzmNZC6ZRyWSqbiGva+u/E7w1O4EhYvVVImOL9hTV:mzmTyubiBDA1h+SmOL9h5
False
\\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml ID NL5VaVIIqOZA.BadNews 2.73 KB MD5: bba384d4bef54303025460e41164fe33
SHA1: cdf3052093092e034b7ed0ac7c45d05f20341054
SHA256: 73ba0d34c27735ba04fb10a87e58dd5a3d399a386b3ba3314a1d97b6753b664d
SSDeep: 48:+cELT0W9+dHZFQcSSN2u9fFVvdIp+SKE0/YnPnioTO2XErnghmQfIgFB4RjEJr0p:JEL3cHZFtrN5dVVM90/YnqoVCFwIApry
False
\\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b ID NL5VaVIIqOZA.BadNews 1.55 KB MD5: a1efaea820af9284c3a3d0f60b45a179
SHA1: 4c6f38e133e16c33f090660482cdf546178c6dcb
SHA256: 613d300e824d87b12e49ae4e18036a20389820cf047ce0529721aec8bd4965fb
SSDeep: 48:EOOJIQAnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:EOEIKoVCFwIApr0L9hTMIb
False
\\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml ID NL5VaVIIqOZA.BadNews 8.67 KB MD5: 7a9ce9d3caabe7df7e0d896cbb4a86c9
SHA1: 29dd40f1e776bd65a7e6980dc165d0d40fe9a28b
SHA256: 5a4279a95fa38e6cc3eb2e6cb9b2567b72546b755475530cb20652a4a91320bb
SSDeep: 192:yG6xwDHxrvSrVVhSHkb4Ktg6j19vJTLlVImOL9hTV:FXSrVLykEKtgs9LlSmOL9h5
False
\\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.019.etl ID NL5VaVIIqOZA.BadNews 9.50 KB MD5: c83b02375a9ce0907487088e0839c954
SHA1: 82e6e8b59087739cf96d827201c79be05793bce7
SHA256: cb027288c337c835cf5d580c7e558bb2a54d79e1337ddaa0dc6bd65900c6d272
SSDeep: 192:gC1+NoTFvBK/mAMddo68iKdJOLLloqVnk9LGm6KX7OzwXSC7VImOL9hTV:N4NoTWuAMjJ8pdJuny9LGm5LbSuSmOLN
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-1462094071-1423818996-289466292-1000\46a78fa46b43fb180b4fa21773f8ff3e_427a1946-e0ff-4097-8c9e-ca2c1e22780b 0.05 KB MD5: eca0470178275ac94e5de381969ed232
SHA1: d6de27e734eec57d1dda73489b4a6d6eecae3038
SHA256: 353fd628b7f6e7d426e5d6a27d1bc3ac22fa7f812e7594cf2ec5ca1175785b50
SSDeep: 3::
False
\\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml ID NL5VaVIIqOZA.BadNews 2.45 KB MD5: 43d94bcd79e4150b324ed41c5fce86d5
SHA1: cb27aa249a05d19e19f37c3cb4bd351dde4b0951
SHA256: a4fd209ce85ae59c3489e76a47a221849f7d9f9b2eee004443a61bbcf553c3d7
SSDeep: 48:z4nqiEdrmcRmuCKdONnioTO2XErnghmQfIgFB4RjEJr0L9hTX8IbyE:z1FdvRK8oVCFwIApr0L9hTMIb
False
Host Behavior
File (7553)
»
Operation Filename Additional Information Success Count Logfile
Create \\?\C:\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\bootmgr ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\BOOTSECT.BAK ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\desktop.ini ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\desktop.ini ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\desktop.ini ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Boot\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\BOOTSTAT.DAT ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Adobe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Adobe\lib-nice-selections.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\christopher_pro_recruiting.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Recovery\WindowsRE\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Recovery\WindowsRE\boot.sdi ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Internet Explorer\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Internet Explorer\highlight.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Java\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Java\nigeriareached.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\AppXManifest.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\FileSystemMetadata.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office 15\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Microsoft Office 15\debate gs response.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office 15\italianbreakfastinstructors.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office 15\teach.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\MSBuild\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Reference Assemblies\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Uninstall Information\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Uninstall Information\admit-marvel.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Uninstall Information\broadwaychildrenvocational.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Uninstall Information\product-fears-seafood.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Windows Defender\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 36
Fn
Create \\?\C:\Program Files\Windows Journal\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Windows Journal\family-parliamentary.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Windows Mail\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Windows Mail\definitionselectionsea.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Windows Media Player\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Windows Multimedia Platform\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Windows Portable Devices\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\Public\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\Public\desktop.ini ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Google\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Google\hydrocodone against.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Google\reprinttruepressing.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Microsoft.NET\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Microsoft.NET\slovenia.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Microsoft.NET\tactics.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Mozilla Maintenance Service\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Windows Defender\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 6
Fn
Create \\?\C:\Program Files (x86)\Windows Media Player\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Windows Multimedia Platform\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Windows NT\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Windows NT\demand_sony.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Windows Photo Viewer\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Windows Photo Viewer\biotechnology.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Windows Portable Devices\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\DESIGNER\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\Services\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\System\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Boot\lv-LV\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Windows Mail\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\Default\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\$Recycle.Bin\S-1-5-18\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Internet Explorer\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Windows Photo Viewer\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\regid.1991-06.com.microsoft\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\USOPrivate\UpdateStore\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\USOShared\Logs\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\nl-NL\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\lt-LT\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\ko-KR\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\ja-JP\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\it-IT\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\hu-HU\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\hr-HR\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\fr-FR\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\fr-CA\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\fi-FI\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\et-EE\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\es-MX\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\es-ES\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\en-US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\en-GB\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\el-GR\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\de-DE\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\da-DK\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\cs-CZ\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\bg-BG\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\MSBuild\delivered-sapphire-divisions.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000\desktop.ini ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\Default\NTUSER.DAT ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Windows Portable Devices\advantageknowledgestormdaddy.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.002.etl ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Reference Assemblies\rely.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\Default\NTUSER.DAT.LOG1 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Common Files\Services\verisign.bmp ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Services\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Services\verisign.bmp ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Boot\Fonts\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\Default\NTUSER.DAT.LOG2 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\System\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.003.etl ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.004.etl ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Mozilla Firefox\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Windows Journal\style_percent.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.005.etl ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Mozilla Firefox\Accessible.tlb ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.006.etl ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.007.etl ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\MF\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\MF\Active.GRL ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\MF\Pending.GRL ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.008.etl ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.009.etl ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.010.etl ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\Default\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TM.blf ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.011.etl ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create C:\windows\clerlog.bat desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.012.etl ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.013.etl ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.014.etl ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\Default\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TMContainer00000000000000000001.regtrans-ms ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.015.etl ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows Live\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\pl-PL\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\pt-BR\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\pt-PT\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\qps-ploc\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\Resources\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\ro-RO\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\ru-RU\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\sk-SK\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\sl-SI\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\sr-Latn-CS\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\sr-Latn-RS\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\sv-SE\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\tr-TR\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\uk-UA\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\zh-CN\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\zh-HK\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\nb-NO\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\zh-TW\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Internet Explorer\en-US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Java\jre1.8.0_131\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Microsoft Office 15\ClientX64\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Windows Journal\en-US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Windows Mail\en-US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Windows Media Player\en-US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Windows NT\Accessories\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows Live\WLive48x48.png ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.016.etl ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Java\jre1.8.0_131\COPYRIGHT ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Recovery\WindowsRE\ReAgent.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Windows Media Player\Media Renderer\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\VC_redist.x86.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-console-l1-1-0.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Contacts\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Contacts\Aclviho ASldjfl.contact ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Desktop\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\5FiXE7dIdDZr.docx ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\8EXUdg A.pptx ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\8i3uwnGFbhZjcDNzr5.docx ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\AQyW3K.docx ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\Database1.accdb ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Downloads\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Downloads\ChromeSetup.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Favorites\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Favorites\Bing.url ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Links\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Links\desktop.ini ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Music\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Music\2F5ig6v.mp3 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Music\5rnBuaW9.wav ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Music\desktop.ini ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\OneDrive\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\OneDrive\desktop.ini ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Pictures\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Pictures\8cto6DsS0Tc56.png ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Pictures\desktop.ini ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Windows NT\TableTextService\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.017.etl ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-datetime-l1-1-0.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Saved Games\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Searches\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Videos\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\Public\AccountPictures\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\Public\Desktop\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Microsoft.NET\RedistList\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Mozilla Maintenance Service\logs\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Windows Defender\en-US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Windows Photo Viewer\en-US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Desktop\2Gnkxda mKIU4zQx0C6.bmp ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Desktop\3lc6q9_bWuznu2v.jpg ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Desktop\86vGSbXUZ0qa-T9SqPfh.csv ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Desktop\ALtT7KM4YXT5j.mp4 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Desktop\Apw7UW24n2 BSd.swf ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Desktop\Cya8Law.jpg ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Desktop\desktop.ini ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Recovery\WindowsRE\Winre.wim ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Favorites\desktop.ini ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\Default\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TMContainer00000000000000000002.regtrans-ms ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Pictures\FTCT.png ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Pictures\nKHtrkHwLM.bmp ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Music\geAKxrY-UH.mp3 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Music\sspHkttho.wav ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Links\Desktop.lnk ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Contacts\asdlfk poopvy.contact ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Java\jre1.8.0_131\LICENSE ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Saved Games\desktop.ini ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Videos\3UjFJ6JLsAT.flv ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Videos\7mLe.flv ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Videos\aP-_O_tjBmfT6a OG.mkv ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\MSInfo\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\System\ado\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\Source Engine\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Java\Java Update\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Internet Explorer\images\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Internet Explorer\SIGNUP\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Windows Mail\en-US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Windows Media Player\Skins\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\VGX\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Internet Explorer\en-US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Windows Photo Viewer\en-US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Network\Downloader\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\VC\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Oracle\Java\javapath_target_5923062\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\Public\Downloads\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\Public\Libraries\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\Public\Music\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\Public\Pictures\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\Public\Videos\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Windows Defender\en-US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\System\en-US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\System\Ole DB\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.3DBuilder_10.0.0.0_x64__8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 6
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\VSTO\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.BingFinance_4.3.193.0_x86__8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 15
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.BingNews_4.3.193.0_x86__8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 15
Fn
Create \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\System\msadc\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.BingWeather_4.3.193.0_x86__8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 16
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.4218.23751.0_x64__8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 15
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.1.6103.0_x64__8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 10
Fn
Create \\?\C:\ProgramData\Microsoft\IdentityCRL\INT\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Windows Media Player\Skins\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\IdentityCRL\production\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\Office16\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Oracle\Java\installcache_x64\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Windows Media Player\Network Sharing\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Crypto\SystemKeys\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VC\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.BingSports_4.3.193.0_x86__8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 15
Fn
Create \\?\C:\Users\Public\Documents\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\System\ado\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\Stationery\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Windows Media Player\en-US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 12
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 17
Fn
Create \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 39
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1506.15100.0_x64__8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 12
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.7.1.0_x64__8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 8
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.XboxApp_5.6.17000.0_x64__8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 16
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.10841.0_neutral_resources.scale-140_8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 4
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.10811.0_neutral_resources.scale-140_8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 4
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.10841.0_x64__8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 21
Fn
Create \\?\C:\ProgramData\Oracle\Java\.oracle_jre_usage\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Adobe\ARM\Reader_17.012.20098\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Searches\desktop.ini ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Windows NT\Accessories\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Internet Explorer\SIGNUP\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Windows NT\TableTextService\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Downloads\desktop.ini ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\Public\Libraries\desktop.ini ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Searches\Everywhere.search-ms ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\Public\Libraries\RecordedTV.library-ms ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Searches\Indexed Locations.search-ms ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\System\en-US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Windows NT\Accessories\en-US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\IdentityCRL\INT\ppcrlconfig600.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Java\jre1.8.0_131\bin\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows NT\MSScan\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Boot\Resources\en-US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Pictures\3VA2_ n7PHo9aZ3-odx\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Windows NT\TableTextService\en-US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Google\Chrome\Application\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-debug-l1-1-0.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Contacts\chucu jadnvk.contact ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Pictures\OgQN5HkjveTjh\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Pictures\YZAivOG1xExfHd6\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Pictures\Camera Roll\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Java\jre1.8.0_131\lib\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\All Users\USOShared\Logs\UpdateSessionOrchestration.019.etl ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Pictures\Saved Pictures\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\.LNK ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.10811.0_neutral_resources.scale-140_8wekyb3d8bbwe\Assets\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.BingSports_4.3.193.0_x86__8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.BingSports_4.3.193.0_x86__8wekyb3d8bbwe\Assets\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.4218.23751.0_x64__8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.4218.23751.0_x64__8wekyb3d8bbwe\en-gb\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 3
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.4218.23751.0_x64__8wekyb3d8bbwe\en-us\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 4
Fn
Create \\?\C:\Program Files (x86)\Windows NT\Accessories\en-US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Windows NT\TableTextService\en-US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\System\ado\en-US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Pictures\OgQN5HkjveTjh\DEgCXYOGoIw\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\rsod\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\Office15\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Contacts\desktop.ini ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Pictures\Camera Roll\desktop.ini ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Internet Explorer\SIGNUP\install.ins ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\Windows Defender\Scans\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Windows Journal\Templates\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\System\msadc\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.10811.0_x64__8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 40
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2019.6.10811.0_neutral_~_8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2019.6.10841.0_neutral_~_8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.XboxApp_2015.617.130.0_neutral_~_8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.701.14.0_neutral_~_8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_2015.615.1606.0_neutral_~_8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.WindowsPhone_2015.620.10.0_neutral_~_8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1506.20010.0_x64__8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 14
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.WindowsMaps_4.1505.50619.0_x64__8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 14
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.WindowsMaps_2015.619.213.0_neutral_~_8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_2015.6002.42251.0_neutral_~_8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2015.612.1501.0_neutral_~_8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_2015.619.10.0_neutral_~_8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 6
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_2015.619.10.0_neutral_~_8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1506.19010.0_x64__8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 9
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2015.618.1921.0_neutral_~_8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 10
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 10
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 9
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_x86__kzf8qxf38zg5c\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 6
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_neutral_~_kzf8qxf38zg5c\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.People_2015.627.626.0_neutral_~_8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.People_1.10159.0.0_neutral_split.scale-150_8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 4
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_2015.4201.10091.0_neutral_~_8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.0_1.0.22929.0_x86__8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 7
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.0_1.0.22929.0_x64__8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 7
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x86__8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 5
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x64__8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 5
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.1.6103.0_neutral_~_8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_2015.4218.23751.0_neutral_~_8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.Getstarted_2015.622.1108.0_neutral_~_8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.Getstarted_2.1.9.0_x64__8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.BingWeather_10004.3.193.0_neutral_~_8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.BingSports_10004.3.193.0_neutral_~_8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.BingNews_10004.3.193.0_neutral_~_8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.BingFinance_10004.3.193.0_neutral_~_8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.Appconnector_2015.707.550.0_neutral_~_8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 5
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.3DBuilder_2015.624.2254.0_neutral_~_8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.1.6103.0_x64__8wekyb3d8bbwe\Assets\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 16
Fn
Create \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsPowerShell\Modules\Pester\3.3.5\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.1\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\System\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\en-US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\en-US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\en-US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\Public\Downloads\desktop.ini ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\loc\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\Licenses\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Pictures\YZAivOG1xExfHd6\ijOxx.png ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Pictures\YZAivOG1xExfHd6\SChpKyqP63Wc3Ifl.jpg ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Pictures\OgQN5HkjveTjh\MfY1knry.png ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\extensibility.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\Reader_DC.helpcfg ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.7.1.0_x64__8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.BingSports_4.3.193.0_x86__8wekyb3d8bbwe\Microsoft.Advertising\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.1.6103.0_x64__8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.BingSports_4.3.193.0_x86__8wekyb3d8bbwe\MSAdvertisingJS\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.1.6103.0_x64__8wekyb3d8bbwe\MSAdvertisingJS\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.1.6103.0_x64__8wekyb3d8bbwe\Microsoft.CasualGames\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.1.6103.0_x64__8wekyb3d8bbwe\Microsoft.Advertising\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.BingSports_4.3.193.0_x86__8wekyb3d8bbwe\Configuration\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.1.6103.0_x64__8wekyb3d8bbwe\_Resources\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 3
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.BingSports_4.3.193.0_x86__8wekyb3d8bbwe\_Resources\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 4
Fn
Create \\?\C:\Users\All Users\Microsoft\Windows Defender\Network Inspection System\Support\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.People_1.10159.0.0_x64__8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 21
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 22
Fn
Create \\?\C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\VSTOFiles.cat ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\adodb.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Desktop.ini ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Downloads\jre-8u131-windows-x64.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\desktop.ini ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Contacts\lulcit amkdfe.contact ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Contacts\sikvnb huvuib.contact ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\EnKHxADYKnu.csv ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\iNW77vJzgdGc.xlsx ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\L9ZzdDugiqj.pptx ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Links\Downloads.lnk ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.BingFinance_4.3.193.0_x86__8wekyb3d8bbwe\Configuration\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.BingFinance_4.3.193.0_x86__8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.BingFinance_4.3.193.0_x86__8wekyb3d8bbwe\Microsoft.Advertising\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.BingFinance_4.3.193.0_x86__8wekyb3d8bbwe\JsonResources\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 10
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Favorites\Links\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.4218.23751.0_x64__8wekyb3d8bbwe\images\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 31
Fn
Create \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Adobe\Acrobat\DC\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VC\amd64\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Java\jre1.8.0_131\README.txt ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-errorhandling-l1-1-0.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\rsod\access.x-none.msi.16.x-none.boot.tree.dat ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Oracle\Java\installcache_x64\baseimagefam8 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.png ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Users\All Users\Microsoft\User Account Pictures\guest.png ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Users\Public\Music\desktop.ini ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\Public\Pictures\desktop.ini ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\Public\Videos\desktop.ini ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Videos\crv__X6D-6VzmL-1hsmr.swf ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\USOShared\Logs\UpdateUx.001.etl ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.018.etl ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\ACECache11.lst ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Microsoft.mshtml.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.psd1 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VC\amd64\msdia80.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Favorites\Links\desktop.ini ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.BingSports_4.3.193.0_x86__8wekyb3d8bbwe\Assets\AppTiles\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 17
Fn
Create \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\Public\Documents\desktop.ini ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Pictures\Saved Pictures\desktop.ini ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Pictures\3VA2_ n7PHo9aZ3-odx\F_Sh.bmp ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\IconCache.db ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\3hWv.wav ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\-QpA4lkxEM8e.png ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\ENUtxt.pdf ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.psd1 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\Public\AccountPictures\desktop.ini ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_client.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_extended.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-install.log ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\fonts\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\en-us\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\IdentityCRL\production\ppcrlconfig600.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\store.vol ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\58.0.3029.110.manifest ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.XboxApp_5.6.17000.0_x64__8wekyb3d8bbwe\Microsoft.Xbox.SmartGlass.Controls\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.XboxApp_5.6.17000.0_x64__8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.XboxApp_5.6.17000.0_x64__8wekyb3d8bbwe\XboxApp.Model\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Users\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\en-US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\bin\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\en\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\en-US\PSGet.Resource.psd1 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.3DBuilder_2015.624.2254.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\3F3q Hjy8bvd.pps ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.People_2015.627.626.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2019.6.10841.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.0_1.0.22929.0_x86__8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x64__8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_neutral_~_kzf8qxf38zg5c\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.XboxApp_2015.617.130.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.1.6103.0_x64__8wekyb3d8bbwe\Arkadium.Win10.Xaml.Toolkit\Assets\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.1.6103.0_x64__8wekyb3d8bbwe\Arkadium.Win10.Upsell\Default\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.BingSports_4.3.193.0_x86__8wekyb3d8bbwe\Microsoft.Advertising\Themes\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.BingSports_4.3.193.0_x86__8wekyb3d8bbwe\Themes\Fonts\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\TEXTCONV\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Pictures\OgQN5HkjveTjh\DEgCXYOGoIw\2An4F5UkE42NKunbAyO.gif ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Desktop\fdRbj2oK_nU-_WAAnwEH.wav ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Desktop\gru-RJpD1yp7Z.mp4 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Desktop\hWmuV_qSmeO41umFIVp.png ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Desktop\i3m1GJbjrf1Ucd.doc ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\iBXyNeSQbG8k2j2VxRd.rtf ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\IwOfL2HaN.pdf ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\N83zhof_RAlqZS5ui.csv ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\Oao-IUQTyvQHV.ppt ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\oesk.xls ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\opDlC6QUcl.doc ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\qfKkMd0PO54RLkUoc.ppt ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\zKc7RH_1b.rtf ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\_u6 QD_8eem.rtf ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Desktop\IqG7uC.pdf ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Desktop\Jnx1y.png ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Desktop\jTCAfcL.odt ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Desktop\M5-6yrLRIKeVPVkftsA.avi ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Desktop\MqqaQUIOXt.avi ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Desktop\NIIxcls.doc ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Desktop\np6OUKpYp7Ul0SvY.xlsx ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Desktop\NyyvnPP1BI6PgL4VR.mp3 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Desktop\qwlvWbcYpxVH bnTQ.wav ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PSGet.Format.ps1xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Pictures\3VA2_ n7PHo9aZ3-odx\m4dkHJVzpeWkT.png ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Pictures\3VA2_ n7PHo9aZ3-odx\N1DLcW3msNrt.png ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Pictures\3VA2_ n7PHo9aZ3-odx\wPaLCxLVEk8sPBNTFG7.jpg ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\72oUps5XOa844yewySkH.wav ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\BVppIdoXOn97lDi7t.mp3 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\CjE8McLdEkgi.mp3 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\dqAisKMgdCnXXjVAB.mp3 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\l6EWU.mp3 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\q4 MB-.wav ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1pUvjwM8UwKSFGy.gif ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1XisO9.avi ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1yqOOzLcsJ3FR.m4a ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\2 u0.xlsx ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\3H9CRbT.m4a ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\5VlZfX9.wav ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\6q_eLYz.jpg ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\8UCpExLC7l2W3oQ.m4a ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\9RHfa dbtHtO.docx ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\a80ysSR.flv ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\aclfz Zg378Y6_qpE5.gif ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adq 0VvG-dOZN4Cm.swf ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\CE_872L.m4a ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\CFjEQ bOBiRCfbhCuV.flv ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\chy2jv8x1kFmLn3.mp4 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\E4QHvvf4Dyciz.jpg ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Links\OneDrive.lnk ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PSGet.Format.ps1xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Users\All Users\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\A3DUtils.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PSGet.psm1 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PSGet.psm1 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Videos\cZv6LGehH1hnz1Esk.mp4 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Videos\desktop.ini ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\NK_VOcd7S.pptx ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\OMivT7VX5I.ods ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\ptRBp.docx ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\Qf3SxHIN vDvfU.docx ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\SoPLA--zPj.pptx ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\TlHV7.odt ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\txRbXrt.pptx ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.1.6103.0_x64__8wekyb3d8bbwe\Arkadium.Win10.DailyChallenges\Assets\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 14
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.1.6103.0_x64__8wekyb3d8bbwe\Arkadium.Win10.News\Assets\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 9
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.1.6103.0_x64__8wekyb3d8bbwe\Arkadium.Win10.StarClub\Assets\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 20
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_2015.615.1606.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\UFS0Q.xlsx ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-file-l1-1-0.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia80.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PSGet.Resource.psd1 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ACE.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PSGet.Resource.psd1 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Videos\plt q.avi ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Videos\qtPKs7OEH6x6JBRCpV.mp4 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Videos\S2EcOng-O_.swf ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Videos\uFiNOqJKmcw-g.avi ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Videos\xfQwDxyJhGlhiznaP9I.flv ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\rsod\access.x-none.msi.16.x-none.tree.dat ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\XX69qhI5.xlsx ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\y54rjw.xlsx ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\Y5ITqx4a4_t5.xlsx ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\YOaaTWvR.rtf ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Documents\ZXXQCBXG.docx ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-handle-l1-1-0.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-heap-l1-1-0.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\rsod\accessmui.msi.16.en-us.boot.tree.dat ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\rsod\accessmui.msi.16.en-us.tree.dat ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\rsod\accessmuiset.msi.16.en-us.boot.tree.dat ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\Assets\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 55
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2015.618.1921.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Users\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\Users\All Users\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-interlocked-l1-1-0.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\rsod\accessmuiset.msi.16.en-us.tree.dat ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-libraryloader-l1-1-0.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-localization-l1-2-0.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\F6 A6G4a8kg.swf ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\g65ZnLK.mp3 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Iq38LxwxOX.xls ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\JOCqraobRVrncZzatS.jpg ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\lIAzv-e5FUZPA9BSj.flv ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\MMj6yFut.wav ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\N5H6YX23-bA7QxcQw.mp3 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\o4wr.mp4 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Oe4rqt.mp4 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\oz2TX _Mtd0jcrNE.mp3 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\pAjXrKM3BQth.wav ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\PEPL.mkv ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\rsod\dcf.x-none.msi.16.x-none.boot.tree.dat ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\ps15JJKbzd.xls ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Q62g_C4VXGmIcmbe.ppt ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\q_uwVn_N y Ija13jm5.flv ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\s7s5QZZ4JI12 CC3w4py.pdf ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\TKO6WmSiZz.jpg ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Desktop\sPw Q.mp4 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Desktop\TL3lZJb1i.ods ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Desktop\UFA2_-t.bmp ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\rsod\dcf.x-none.msi.16.x-none.tree.dat ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.701.14.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_2015.619.10.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2015.612.1501.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.10841.0_x64__8wekyb3d8bbwe\animations\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 9
Fn
Create \\?\C:\Users\All Users\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\rsod\dcfmui.msi.16.en-us.boot.tree.dat ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\rsod\dcfmui.msi.16.en-us.tree.dat ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\rsod\excel.x-none.msi.16.x-none.boot.tree.dat ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\settings.ini ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\V3gYCGp24 4Fj3wq9Zd.avi ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\V7Or16fAU.csv ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\y0fUoePUL.m4a ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\ZU28fmc479PrlurgjZ.mp3 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\zXTUdb8ezBJp0g.mp4 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\_4S533T SI1bio.flv ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\USS.chk ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.1.6103.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Desktop\UoG_vKBvf1xi-Dxjb6-t.flv ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Desktop\uXC5xHlQXY.mp3 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Desktop\x6Wxe-.mp3 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Desktop\ydLb_HxLik.gif ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Desktop\YmjEwIdb4.gif ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Desktop\Za7Sm.mkv ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Source Engine\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_2015.4218.23751.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_2015.6002.42251.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2019.6.10811.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\USS.log ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-memory-l1-1-0.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\ink\es-ES\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\ink\es-MX\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\ink\et-EE\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\ink\fi-FI\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\ink\en-GB\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\ink\el-GR\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\ink\de-DE\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\ink\da-DK\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\ink\bg-BG\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\ink\ar-SA\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\PROOF\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\EURO\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\MSClientDataMgr\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\EQUATION\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\Fonts\private\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\Common Programs\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\Office16\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\Templates\1033\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\Templates\Presentation Designs\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\client\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\System\Ole DB\en-US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\System\ado\en-US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Pictures\YZAivOG1xExfHd6\tzb1FnaO1agujvxN9_Z\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Pictures\OgQN5HkjveTjh\uG YIUtTQQwxzAdMk1\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\Document Themes 16\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\fre\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\SystemX86\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.7.1.0_x64__8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1506.15100.0_x64__8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\mcxml\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Help\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.3DBuilder_10.0.0.0_x64__8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.3DBuilder_10.0.0.0_x64__8wekyb3d8bbwe\Assets\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 14
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.BingWeather_4.3.193.0_x86__8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.BingWeather_4.3.193.0_x86__8wekyb3d8bbwe\Configuration\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.BingWeather_4.3.193.0_x86__8wekyb3d8bbwe\Images\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.3DBuilder_10.0.0.0_x64__8wekyb3d8bbwe\Common\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.BingNews_4.3.193.0_x86__8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\ink\fr-CA\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.BingFinance_4.3.193.0_x86__8wekyb3d8bbwe\Microsoft.Advertising\Themes\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\DW\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\Updates\Detection\Version\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.BingWeather_4.3.193.0_x86__8wekyb3d8bbwe\Microsoft.Advertising\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\Stationery\1033\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.10841.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1506.15100.0_x64__8wekyb3d8bbwe\Assets\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 38
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.7.1.0_x64__8wekyb3d8bbwe\Assets\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 23
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.XboxApp_5.6.17000.0_x64__8wekyb3d8bbwe\Assets\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 25
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Assets\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 14
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.BingNews_4.3.193.0_x86__8wekyb3d8bbwe\Microsoft.Advertising\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.BingNews_4.3.193.0_x86__8wekyb3d8bbwe\Configuration\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.BingNews_4.3.193.0_x86__8wekyb3d8bbwe\MSAdvertisingJS\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\js\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\DESIGNER\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\en-gb\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRdrDC1500720033_en_US.msi ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Pictures\OgQN5HkjveTjh\DEgCXYOGoIw\IOFhWBrSVDk yR7.jpg ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\Pictures\OgQN5HkjveTjh\v7_H4FZt.bmp ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\THEMES16\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\PackageManifests\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.BingNews_10004.3.193.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\images\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 15
Fn
Create \\?\C:\Program Files\Microsoft Office\root\Flattener\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.BingFinance_10004.3.193.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Local State ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\EURO\MSOEURO.DLL ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\FBIBLIO.DLL ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\EPSIMP32.FLT ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-file-l1-2-0.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\PROOF\MSLID.DLL ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\DW\DBGHELP.DLL ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\FDATE.DLL ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\ink\he-IL\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\Updates\Detection\Version\v64.hash ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-file-l2-1-0.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-localization-l1-2-0.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\ink\hr-HR\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Functions\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\ink\hu-HU\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\ink\ko-KR\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\ink\ja-JP\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\ink\it-IT\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\ink\lv-LV\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\ink\lt-LT\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\System\Ole DB\en-US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.1\en\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\All Users\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Oracle\Java\javapath_target_5923062\javaw.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Oracle\Java\javapath\javaws.exe ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-192.png ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.1\Microsoft.PowerShell.PSReadline.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_CA.txt ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\MasterDescriptor.x-none.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ False 1
Fn
Create \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\s640.hash ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\System\atl100.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\Integration\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Snippets\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.People_1.10159.0.0_neutral_split.scale-150_8wekyb3d8bbwe\Assets\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 5
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.People_1.10159.0.0_x64__8wekyb3d8bbwe\DesignCoreStyles\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\Fonts\private\AGENCYB.TTF ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.1\PSReadline.Format.ps1xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\User Account Pictures\user-32.png ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\font\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.10811.0_x64__8wekyb3d8bbwe\Images\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsPowerShell\Modules\Pester\3.3.5\bin\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\en\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\en-us.16\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1506.20010.0_x64__8wekyb3d8bbwe\_Resources\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\models\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 2
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1506.19010.0_x64__8wekyb3d8bbwe\AppxMetadata\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.1.6103.0_x64__8wekyb3d8bbwe\Assets\MainPage\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.People_1.10159.0.0_x64__8wekyb3d8bbwe\Controls\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia90.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\User Account Pictures\user-40.png ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Source Engine\OSE.EXE ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.1\PSReadline.psd1 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.1\PSReadline.psm1 ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Help\Hx.HxC ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US.txt ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\loc\AppXManifestLoc.16.en-us.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\Templates\Presentation Designs\Maple.gif ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyLetter.dotx ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\mcxml\AppVIsvSubsystems32.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\client\api-ms-win-core-file-l1-2-0.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\Office16\ACCICONS.EXE ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\Fonts\private\AGENCYR.TTF ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACECORE.DLL ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\PROOF\MSWDS_EN.LEX ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Help\Hx.HxT ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\GIFIMP32.FLT ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\Office15\pidgenx.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\SystemX86\concrt140.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Help\hxds.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\stream.Platform.x-none.man.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\Updates\Detection\Version\VersionDescriptor.xml ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\msgfilt.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.1\en\Microsoft.PowerShell.PSReadline.Resources.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\USSres00001.jrs ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\Microsoft Office\root\mcxml\AppVIsvSubsystems64.dll ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1506.19010.0_x64__8wekyb3d8bbwe\Assets\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.10841.0_x64__8wekyb3d8bbwe\controls\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE False 1
Fn
Create \\?\C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\How To Decode Files.hta desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE True 1
Fn
Create \\?\C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin ID NL5VaVIIqOZA.BadNews desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Copy C:\windows\searchfiles.exe source_filename = C:\Users\CIiHmnxMn6Ps\Desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe True 1
Fn
Move \\?\C:\Users\CIiHmnxMn6Ps\Videos\crv__X6D-6VzmL-1hsmr.swf ID NL5VaVIIqOZA.BadNews source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\crv__X6D-6VzmL-1hsmr.swf True 1
Fn
Write \\?\C:\Program Files\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\desktop.ini ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\desktop.ini ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Users\desktop.ini ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Users\desktop.ini ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\desktop.ini ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\desktop.ini ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Adobe\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Adobe\lib-nice-selections.exe ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Adobe\lib-nice-selections.exe ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\christopher_pro_recruiting.exe ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\christopher_pro_recruiting.exe ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Internet Explorer\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Internet Explorer\highlight.exe ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Internet Explorer\highlight.exe ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Java\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Java\nigeriareached.exe ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Java\nigeriareached.exe ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\AppXManifest.xml ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\AppXManifest.xml ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\FileSystemMetadata.xml ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office 15\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office 15\debate gs response.exe ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office 15\debate gs response.exe ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office 15\italianbreakfastinstructors.exe ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office 15\italianbreakfastinstructors.exe ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office 15\teach.exe ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office 15\teach.exe ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Uninstall Information\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Uninstall Information\admit-marvel.exe ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Uninstall Information\admit-marvel.exe ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Uninstall Information\broadwaychildrenvocational.exe ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Uninstall Information\broadwaychildrenvocational.exe ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Uninstall Information\product-fears-seafood.exe ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Uninstall Information\product-fears-seafood.exe ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Windows Journal\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Windows Journal\family-parliamentary.exe ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Windows Journal\family-parliamentary.exe ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Windows Mail\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Windows Mail\definitionselectionsea.exe ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Windows Mail\definitionselectionsea.exe ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Windows Media Player\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Windows Multimedia Platform\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Windows Portable Devices\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Users\Public\desktop.ini ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Users\Public\desktop.ini ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Google\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Google\hydrocodone against.exe ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Google\hydrocodone against.exe ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Google\reprinttruepressing.exe ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Google\reprinttruepressing.exe ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Microsoft.NET\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Microsoft.NET\slovenia.exe ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Microsoft.NET\slovenia.exe ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Microsoft.NET\tactics.exe ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Microsoft.NET\tactics.exe ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Maintenance Service\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Windows Media Player\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Windows Multimedia Platform\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Windows NT\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Windows NT\demand_sony.exe ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Windows NT\demand_sony.exe ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Windows Photo Viewer\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Windows Photo Viewer\biotechnology.exe ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Windows Photo Viewer\biotechnology.exe ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\DESIGNER\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\Services\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\System\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\MSBuild\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Windows Mail\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\MSBuild\delivered-sapphire-divisions.exe ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\MSBuild\delivered-sapphire-divisions.exe ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000\desktop.ini ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000\desktop.ini ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Internet Explorer\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Windows Portable Devices\advantageknowledgestormdaddy.exe ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Windows Portable Devices\advantageknowledgestormdaddy.exe ID NL5VaVIIqOZA.BadNews size = 1280 True 2
Fn
Data
Write \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Reference Assemblies\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Reference Assemblies\rely.exe ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Reference Assemblies\rely.exe ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\Services\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\FileSystemMetadata.xml ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\System\How To Decode Files.hta size = 1280 True 2
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Firefox\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Windows Journal\style_percent.exe ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Windows Journal\style_percent.exe ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Firefox\Accessible.tlb ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Firefox\Accessible.tlb ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Windows Mail\en-US\How To Decode Files.hta size = 1280 True 3
Fn
Data
Write \\?\C:\Program Files\Java\jre1.8.0_131\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Windows NT\Accessories\How To Decode Files.hta size = 1280 True 2
Fn
Data
Write \\?\C:\Program Files\Windows Media Player\Media Renderer\How To Decode Files.hta size = 1280 True 2
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office 15\ClientX64\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Users\CIiHmnxMn6Ps\Links\desktop.ini ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Users\CIiHmnxMn6Ps\Music\desktop.ini ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Users\CIiHmnxMn6Ps\OneDrive\desktop.ini ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Users\CIiHmnxMn6Ps\OneDrive\desktop.ini ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Users\CIiHmnxMn6Ps\Pictures\desktop.ini ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Windows NT\TableTextService\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-console-l1-1-0.dll ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-console-l1-1-0.dll ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Java\jre1.8.0_131\COPYRIGHT ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Java\jre1.8.0_131\COPYRIGHT ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Users\CIiHmnxMn6Ps\Desktop\desktop.ini ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Users\CIiHmnxMn6Ps\Desktop\desktop.ini ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Users\CIiHmnxMn6Ps\Favorites\desktop.ini ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Users\CIiHmnxMn6Ps\Links\desktop.ini ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Users\CIiHmnxMn6Ps\Pictures\desktop.ini ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Users\CIiHmnxMn6Ps\Music\desktop.ini ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Java\jre1.8.0_131\LICENSE ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Java\jre1.8.0_131\LICENSE ID NL5VaVIIqOZA.BadNews size = 1280 True 2
Fn
Data
Write \\?\C:\Users\CIiHmnxMn6Ps\Saved Games\desktop.ini ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Users\CIiHmnxMn6Ps\Saved Games\desktop.ini ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\MSInfo\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\System\ado\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\System\Ole DB\How To Decode Files.hta size = 1280 True 3
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\VGX\How To Decode Files.hta size = 1280 True 2
Fn
Data
Write \\?\C:\Program Files\Common Files\System\en-US\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\Java\Java Update\How To Decode Files.hta size = 1280 True 2
Fn
Data
Write \\?\C:\Users\CIiHmnxMn6Ps\Favorites\desktop.ini ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Internet Explorer\en-US\How To Decode Files.hta size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Internet Explorer\en-US\How To Decode Files.hta size = 1280 True 2
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-datetime-l1-1-0.dll ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-datetime-l1-1-0.dll ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Users\CIiHmnxMn6Ps\Searches\desktop.ini ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\System\ado\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Users\CIiHmnxMn6Ps\Searches\desktop.ini ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Users\CIiHmnxMn6Ps\Downloads\desktop.ini ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Users\CIiHmnxMn6Ps\Downloads\desktop.ini ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Windows NT\TableTextService\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Windows NT\Accessories\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Users\Public\Libraries\desktop.ini ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Users\Public\Libraries\desktop.ini ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Maintenance Service\logs\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Microsoft.NET\RedistList\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Windows Media Player\Skins\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\.LNK ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Windows Defender\en-US\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\.LNK ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\Office15\How To Decode Files.hta size = 1280 True 2
Fn
Data
Write \\?\C:\Users\CIiHmnxMn6Ps\Contacts\desktop.ini ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Internet Explorer\SIGNUP\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Windows NT\TableTextService\en-US\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Users\CIiHmnxMn6Ps\Pictures\Camera Roll\desktop.ini ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Users\CIiHmnxMn6Ps\Pictures\Camera Roll\desktop.ini ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Internet Explorer\SIGNUP\install.ins ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Windows Media Player\Media Renderer\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\How To Decode Files.hta size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-debug-l1-1-0.dll ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\System\msadc\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Windows Media Player\Network Sharing\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\VC\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-debug-l1-1-0.dll ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\How To Decode Files.hta size = 1280 True 2
Fn
Data
Write \\?\C:\Users\Public\Downloads\desktop.ini ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Users\Public\Downloads\desktop.ini ID NL5VaVIIqOZA.BadNews size = 1280 True 3
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\How To Decode Files.hta size = 1280 True 2
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\How To Decode Files.hta size = 1280 True 3
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Users\CIiHmnxMn6Ps\Contacts\desktop.ini ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Desktop.ini ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Users\CIiHmnxMn6Ps\Documents\desktop.ini ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Users\CIiHmnxMn6Ps\Documents\desktop.ini ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Desktop.ini ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VC\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Java\jre1.8.0_131\lib\How To Decode Files.hta size = 1280 True 3
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Windows NT\Accessories\en-US\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\Reader_DC.helpcfg ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\Reader_DC.helpcfg ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\extensibility.dll ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\extensibility.dll ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\Licenses\How To Decode Files.hta size = 1280 True 3
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\How To Decode Files.hta size = 1280 True 8
Fn
Data
Write \\?\C:\Program Files (x86)\Internet Explorer\SIGNUP\install.ins ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\How To Decode Files.hta size = 1280 True 2
Fn
Data
Write \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\How To Decode Files.hta size = 1280 True 4
Fn
Data
Write \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\How To Decode Files.hta size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\How To Decode Files.hta size = 1280 True 2
Fn
Data
Write \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\How To Decode Files.hta size = 1280 True 2
Fn
Data
Write \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\en\How To Decode Files.hta size = 1280 True 3
Fn
Data
Write \\?\C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\58.0.3029.110.manifest ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-install.log ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Users\Public\AccountPictures\desktop.ini ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.psd1 ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Users\CIiHmnxMn6Ps\Pictures\Saved Pictures\desktop.ini ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Users\Public\Documents\desktop.ini ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-install.log ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Users\Public\AccountPictures\desktop.ini ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\58.0.3029.110.manifest ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.psd1 ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Users\CIiHmnxMn6Ps\Pictures\Saved Pictures\desktop.ini ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Users\Public\Documents\desktop.ini ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.psd1 ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\ENUtxt.pdf ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.psd1 ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\ENUtxt.pdf ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PSGet.Format.ps1xml ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PSGet.Format.ps1xml ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PSGet.Format.ps1xml ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PSGet.Format.ps1xml ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets ID NL5VaVIIqOZA.BadNews size = 1280 True 2
Fn
Data
Write \\?\C:\Users\CIiHmnxMn6Ps\Videos\desktop.ini ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Users\Public\Videos\desktop.ini ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Users\Public\Pictures\desktop.ini ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Users\Public\Music\desktop.ini ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Users\CIiHmnxMn6Ps\Favorites\Links\desktop.ini ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-errorhandling-l1-1-0.dll ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Users\Public\Videos\desktop.ini ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PSGet.psm1 ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\A3DUtils.dll ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PSGet.psm1 ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Users\Public\Pictures\desktop.ini ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Users\Public\Music\desktop.ini ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Users\CIiHmnxMn6Ps\Videos\desktop.ini ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\rsod\access.x-none.msi.16.x-none.boot.tree.dat ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\VSTO\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-errorhandling-l1-1-0.dll ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PSGet.psm1 ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\A3DUtils.dll ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PSGet.psm1 ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Users\CIiHmnxMn6Ps\Favorites\Links\desktop.ini ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dll ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dll ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\rsod\access.x-none.msi.16.x-none.boot.tree.dat ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-file-l1-1-0.dll ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-file-l1-1-0.dll ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PSGet.Resource.psd1 ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PSGet.Resource.psd1 ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-handle-l1-1-0.dll ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-handle-l1-1-0.dll ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\rsod\access.x-none.msi.16.x-none.tree.dat ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\rsod\access.x-none.msi.16.x-none.tree.dat ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\rsod\accessmui.msi.16.en-us.boot.tree.dat ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\rsod\accessmui.msi.16.en-us.boot.tree.dat ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\rsod\accessmui.msi.16.en-us.tree.dat ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\rsod\accessmui.msi.16.en-us.tree.dat ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\rsod\accessmuiset.msi.16.en-us.boot.tree.dat ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\rsod\accessmuiset.msi.16.en-us.boot.tree.dat ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-heap-l1-1-0.dll ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-heap-l1-1-0.dll ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-interlocked-l1-1-0.dll ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-interlocked-l1-1-0.dll ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-libraryloader-l1-1-0.dll ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-libraryloader-l1-1-0.dll ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\rsod\accessmuiset.msi.16.en-us.tree.dat ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\rsod\accessmuiset.msi.16.en-us.tree.dat ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\How To Decode Files.hta size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\rsod\dcf.x-none.msi.16.x-none.boot.tree.dat ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\rsod\dcf.x-none.msi.16.x-none.boot.tree.dat ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\rsod\dcf.x-none.msi.16.x-none.tree.dat ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\rsod\dcf.x-none.msi.16.x-none.tree.dat ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ACE.dll ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ACE.dll ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\rsod\dcfmui.msi.16.en-us.boot.tree.dat ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\rsod\dcfmui.msi.16.en-us.boot.tree.dat ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\rsod\dcfmui.msi.16.en-us.tree.dat ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\rsod\dcfmui.msi.16.en-us.tree.dat ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-localization-l1-2-0.dll ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-localization-l1-2-0.dll ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\ink\et-EE\How To Decode Files.hta size = 1280 True 2
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\ink\fi-FI\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\ink\el-GR\How To Decode Files.hta size = 1280 True 2
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\ink\de-DE\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\ink\da-DK\How To Decode Files.hta size = 1280 True 2
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\ink\bg-BG\How To Decode Files.hta size = 1280 True 3
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\ink\ar-SA\How To Decode Files.hta size = 1280 True 2
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\ink\es-ES\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-memory-l1-1-0.dll ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Help\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Source Engine\How To Decode Files.hta size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\mcxml\How To Decode Files.hta size = 1280 True 4
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VC\amd64\msdia80.dll ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\VSTOFiles.cat ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\How To Decode Files.hta size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\MSClientDataMgr\How To Decode Files.hta size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\VFS\SystemX86\How To Decode Files.hta size = 256 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-memory-l1-1-0.dll ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\VFS\SystemX86\How To Decode Files.hta size = 1280 True 2
Fn
Data
Write \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\How To Decode Files.hta size = 1280 True 2
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Source Engine\How To Decode Files.hta size = 1280 True 2
Fn
Data
Write \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\VSTOFiles.cat ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VC\amd64\msdia80.dll ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\Office16\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\MSClientDataMgr\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\How To Decode Files.hta size = 1280 True 3
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\DW\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\Updates\Detection\Version\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Common Files\microsoft shared\ink\fr-CA\How To Decode Files.hta size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\FBIBLIO.DLL ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\FBIBLIO.DLL ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-file-l1-2-0.dll ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-file-l1-2-0.dll ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\EURO\MSOEURO.DLL ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\EURO\MSOEURO.DLL ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-file-l2-1-0.dll ID NL5VaVIIqOZA.BadNews size = 256 True 1
Fn
Data
Write \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-file-l2-1-0.dll ID NL5VaVIIqOZA.BadNews size = 1280 True 1
Fn
Data
For performance reasons, the remaining 2807 entries are omitted.
The remaining entries can be found in glog.xml.
Registry (11)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\ - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\ value_name = orsa False 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ value_name = unlock, data = "c:\How To Decode Files.hta", size = 28, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ value_name = searchfiles, data = C:\windows\searchfiles.exe, size = 26, type = REG_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\ value_name = orsa, size = 276, type = REG_BINARY True 1
Fn
Data
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\ value_name = rsa, size = 1280, type = REG_BINARY True 1
Fn
Data
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ value_name = PromptOnSecureDesktop, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ value_name = EnableLUA, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ value_name = ConsentPromptBehaviorAdmin, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Process (88)
»
Operation Process Additional Information Success Count Logfile
Create C:\Windows\system32\cmd.exe show_window = SW_HIDE True 1
Fn
Create C:\windows\clerlog.bat show_window = SW_HIDE True 1
Fn
Open c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\windows\system32\taskhostw.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\windows\system32\runtimebroker.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files\java\nigeriareached.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files\windows journal\style_percent.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files\microsoft office 15\italianbreakfastinstructors.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files\internet explorer\highlight.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files (x86)\adobe\lib-nice-selections.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files\windows journal\family-parliamentary.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files (x86)\common files\christopher_pro_recruiting.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files\microsoft office 15\teach.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files\uninstall information\admit-marvel.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files\reference assemblies\rely.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files\microsoft office 15\debate gs response.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files\uninstall information\product-fears-seafood.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files (x86)\windows photo viewer\biotechnology.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files\windows mail\definitionselectionsea.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files (x86)\google\reprinttruepressing.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files (x86)\microsoft.net\slovenia.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files (x86)\microsoft.net\tactics.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files\uninstall information\broadwaychildrenvocational.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files\microsoft office\root\office16\msoia.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files (x86)\google\hydrocodone against.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files\msbuild\delivered-sapphire-divisions.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files (x86)\windows portable devices\advantageknowledgestormdaddy.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\windows\system32\audiodg.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\windows\syswow64\vssadmin.exe desired_access = PROCESS_TERMINATE True 1
Fn
Open c:\windows\syswow64\vssadmin.exe desired_access = PROCESS_TERMINATE True 1
Fn
Terminate c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe exit_code = 0 True 1
Fn
Terminate c:\windows\system32\taskhostw.exe exit_code = 0 True 1
Fn
Terminate c:\windows\system32\runtimebroker.exe exit_code = 0 True 1
Fn
Terminate c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe exit_code = 0 True 1
Fn
Terminate c:\program files\java\nigeriareached.exe exit_code = 0 True 1
Fn
Terminate c:\program files\windows journal\style_percent.exe exit_code = 0 True 1
Fn
Terminate c:\program files\microsoft office 15\italianbreakfastinstructors.exe exit_code = 0 True 1
Fn
Terminate c:\program files\internet explorer\highlight.exe exit_code = 0 True 1
Fn
Terminate c:\program files (x86)\adobe\lib-nice-selections.exe exit_code = 0 True 1
Fn
Terminate c:\program files\windows journal\family-parliamentary.exe exit_code = 0 True 1
Fn
Terminate c:\program files (x86)\common files\christopher_pro_recruiting.exe exit_code = 0 True 1
Fn
Terminate c:\program files\microsoft office 15\teach.exe exit_code = 0 True 1
Fn
Terminate c:\program files\uninstall information\admit-marvel.exe exit_code = 0 True 1
Fn
Terminate c:\program files\reference assemblies\rely.exe exit_code = 0 True 1
Fn
Terminate c:\program files\microsoft office 15\debate gs response.exe exit_code = 0 True 1
Fn
Terminate c:\program files\uninstall information\product-fears-seafood.exe exit_code = 0 True 1
Fn
Terminate c:\program files (x86)\windows photo viewer\biotechnology.exe exit_code = 0 True 1
Fn
Terminate c:\program files\windows mail\definitionselectionsea.exe exit_code = 0 True 1
Fn
Terminate c:\program files (x86)\google\reprinttruepressing.exe exit_code = 0 True 1
Fn
Terminate c:\program files (x86)\microsoft.net\slovenia.exe exit_code = 0 True 1
Fn
Terminate c:\program files (x86)\microsoft.net\tactics.exe exit_code = 0 True 1
Fn
Terminate c:\program files\uninstall information\broadwaychildrenvocational.exe exit_code = 0 True 1
Fn
Terminate c:\program files\microsoft office\root\office16\msoia.exe exit_code = 0 True 1
Fn
Terminate c:\program files (x86)\google\hydrocodone against.exe exit_code = 0 True 1
Fn
Terminate c:\program files\msbuild\delivered-sapphire-divisions.exe exit_code = 0 True 1
Fn
Terminate c:\program files (x86)\windows portable devices\advantageknowledgestormdaddy.exe exit_code = 0 True 1
Fn
Terminate c:\windows\system32\audiodg.exe exit_code = 0 True 1
Fn
Terminate c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe exit_code = 0 False 1
Fn
Terminate c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe exit_code = 0 True 1
Fn
Terminate c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe exit_code = 0 False 1
Fn
Terminate c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe exit_code = 0 False 1
Fn
Terminate c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe exit_code = 0 False 1
Fn
Terminate c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe exit_code = 0 False 1
Fn
Terminate c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe exit_code = 0 False 1
Fn
Terminate c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe exit_code = 0 False 1
Fn
Terminate c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe exit_code = 0 False 1
Fn
Terminate c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe exit_code = 0 False 1
Fn
Terminate c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe exit_code = 0 False 1
Fn
Terminate c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe exit_code = 0 False 1
Fn
Terminate c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe exit_code = 0 False 1
Fn
Terminate c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe exit_code = 0 False 1
Fn
Terminate c:\windows\syswow64\vssadmin.exe exit_code = 0 True 1
Fn
Terminate c:\windows\syswow64\vssadmin.exe exit_code = 0 False 1
Fn
Module (1020)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe base_address = 0x400000 True 1
Fn
Get Filename - process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\Desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, size = 32768 True 1
Fn
Create Mapping \\?\C:\BOOTSECT.BAK ID NL5VaVIIqOZA.BadNews filename = \\?\C:\BOOTSECT.BAK ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\desktop.ini ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\desktop.ini ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\desktop.ini ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\desktop.ini ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\desktop.ini ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\desktop.ini ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Boot\BOOTSTAT.DAT ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Boot\BOOTSTAT.DAT ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Adobe\lib-nice-selections.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Adobe\lib-nice-selections.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Common Files\christopher_pro_recruiting.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Common Files\christopher_pro_recruiting.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Recovery\WindowsRE\boot.sdi ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Recovery\WindowsRE\boot.sdi ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Internet Explorer\highlight.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Internet Explorer\highlight.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Java\nigeriareached.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Java\nigeriareached.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\AppXManifest.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\AppXManifest.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\FileSystemMetadata.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\FileSystemMetadata.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office 15\debate gs response.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office 15\debate gs response.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office 15\italianbreakfastinstructors.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office 15\italianbreakfastinstructors.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office 15\teach.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office 15\teach.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Uninstall Information\admit-marvel.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Uninstall Information\admit-marvel.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Uninstall Information\broadwaychildrenvocational.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Uninstall Information\broadwaychildrenvocational.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Uninstall Information\product-fears-seafood.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Uninstall Information\product-fears-seafood.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Windows Journal\family-parliamentary.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Windows Journal\family-parliamentary.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Windows Mail\definitionselectionsea.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Windows Mail\definitionselectionsea.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\Public\desktop.ini ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\Public\desktop.ini ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Google\hydrocodone against.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Google\hydrocodone against.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Google\reprinttruepressing.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Google\reprinttruepressing.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Microsoft.NET\slovenia.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Microsoft.NET\slovenia.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Microsoft.NET\tactics.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Microsoft.NET\tactics.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Windows NT\demand_sony.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Windows NT\demand_sony.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Windows Photo Viewer\biotechnology.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\biotechnology.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\MSBuild\delivered-sapphire-divisions.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\MSBuild\delivered-sapphire-divisions.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000\desktop.ini ID NL5VaVIIqOZA.BadNews filename = \\?\C:\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000\desktop.ini ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\Default\NTUSER.DAT ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\Default\NTUSER.DAT ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Windows Portable Devices\advantageknowledgestormdaddy.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Windows Portable Devices\advantageknowledgestormdaddy.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini ID NL5VaVIIqOZA.BadNews filename = \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.002.etl ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.002.etl ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Reference Assemblies\rely.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Reference Assemblies\rely.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\Default\NTUSER.DAT.LOG1 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\Default\NTUSER.DAT.LOG1 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\Default\NTUSER.DAT.LOG2 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\Default\NTUSER.DAT.LOG2 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.003.etl ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.003.etl ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.004.etl ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.004.etl ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Windows Journal\style_percent.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Windows Journal\style_percent.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.005.etl ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.005.etl ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Mozilla Firefox\Accessible.tlb ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Mozilla Firefox\Accessible.tlb ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.006.etl ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.006.etl ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.007.etl ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.007.etl ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Microsoft\MF\Active.GRL ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Microsoft\MF\Active.GRL ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Microsoft\MF\Pending.GRL ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Microsoft\MF\Pending.GRL ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.008.etl ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.008.etl ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.009.etl ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.009.etl ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.010.etl ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.010.etl ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\Default\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TM.blf ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\Default\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TM.blf ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.011.etl ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.011.etl ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.012.etl ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.012.etl ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.013.etl ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.013.etl ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.014.etl ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.014.etl ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\Default\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TMContainer00000000000000000001.regtrans-ms ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\Default\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TMContainer00000000000000000001.regtrans-ms ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.015.etl ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.015.etl ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Microsoft\Windows Live\WLive48x48.png ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Microsoft\Windows Live\WLive48x48.png ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.016.etl ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.016.etl ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Java\jre1.8.0_131\COPYRIGHT ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Java\jre1.8.0_131\COPYRIGHT ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Recovery\WindowsRE\ReAgent.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Recovery\WindowsRE\ReAgent.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\VC_redist.x86.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\VC_redist.x86.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-console-l1-1-0.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-console-l1-1-0.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Contacts\Aclviho ASldjfl.contact ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\Aclviho ASldjfl.contact ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Documents\5FiXE7dIdDZr.docx ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\5FiXE7dIdDZr.docx ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Documents\8EXUdg A.pptx ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\8EXUdg A.pptx ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Documents\8i3uwnGFbhZjcDNzr5.docx ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\8i3uwnGFbhZjcDNzr5.docx ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Documents\AQyW3K.docx ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\AQyW3K.docx ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Documents\Database1.accdb ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\Database1.accdb ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Downloads\ChromeSetup.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Downloads\ChromeSetup.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Favorites\Bing.url ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Favorites\Bing.url ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Links\desktop.ini ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Links\desktop.ini ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Music\2F5ig6v.mp3 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\2F5ig6v.mp3 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Music\5rnBuaW9.wav ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\5rnBuaW9.wav ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Music\desktop.ini ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\desktop.ini ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\OneDrive\desktop.ini ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\OneDrive\desktop.ini ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Pictures\8cto6DsS0Tc56.png ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\8cto6DsS0Tc56.png ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Pictures\desktop.ini ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\desktop.ini ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.017.etl ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.017.etl ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-datetime-l1-1-0.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-datetime-l1-1-0.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Desktop\2Gnkxda mKIU4zQx0C6.bmp ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\2Gnkxda mKIU4zQx0C6.bmp ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Desktop\3lc6q9_bWuznu2v.jpg ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\3lc6q9_bWuznu2v.jpg ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Desktop\86vGSbXUZ0qa-T9SqPfh.csv ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\86vGSbXUZ0qa-T9SqPfh.csv ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Desktop\ALtT7KM4YXT5j.mp4 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\ALtT7KM4YXT5j.mp4 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Desktop\Apw7UW24n2 BSd.swf ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\Apw7UW24n2 BSd.swf ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Desktop\Cya8Law.jpg ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\Cya8Law.jpg ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Desktop\desktop.ini ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\desktop.ini ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Recovery\WindowsRE\Winre.wim ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Recovery\WindowsRE\Winre.wim ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Favorites\desktop.ini ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Favorites\desktop.ini ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\Default\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TMContainer00000000000000000002.regtrans-ms ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\Default\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TMContainer00000000000000000002.regtrans-ms ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Pictures\FTCT.png ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\FTCT.png ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Pictures\nKHtrkHwLM.bmp ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\nKHtrkHwLM.bmp ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Music\geAKxrY-UH.mp3 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\geAKxrY-UH.mp3 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Music\sspHkttho.wav ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\sspHkttho.wav ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Links\Desktop.lnk ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Links\Desktop.lnk ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Contacts\asdlfk poopvy.contact ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\asdlfk poopvy.contact ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Java\jre1.8.0_131\LICENSE ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Java\jre1.8.0_131\LICENSE ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Saved Games\desktop.ini ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Saved Games\desktop.ini ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Videos\3UjFJ6JLsAT.flv ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\3UjFJ6JLsAT.flv ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Videos\7mLe.flv ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\7mLe.flv ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Videos\aP-_O_tjBmfT6a OG.mkv ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\aP-_O_tjBmfT6a OG.mkv ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Searches\desktop.ini ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Searches\desktop.ini ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Downloads\desktop.ini ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Downloads\desktop.ini ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\Public\Libraries\desktop.ini ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\Public\Libraries\desktop.ini ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Searches\Everywhere.search-ms ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Searches\Everywhere.search-ms ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\Public\Libraries\RecordedTV.library-ms ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\Public\Libraries\RecordedTV.library-ms ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Searches\Indexed Locations.search-ms ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Searches\Indexed Locations.search-ms ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Microsoft\IdentityCRL\INT\ppcrlconfig600.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\INT\ppcrlconfig600.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-debug-l1-1-0.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-debug-l1-1-0.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Contacts\chucu jadnvk.contact ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\chucu jadnvk.contact ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\.LNK ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\.LNK ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\USOShared\Logs\UpdateSessionOrchestration.019.etl ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\USOShared\Logs\UpdateSessionOrchestration.019.etl ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Contacts\desktop.ini ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\desktop.ini ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Pictures\Camera Roll\desktop.ini ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\Camera Roll\desktop.ini ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Internet Explorer\SIGNUP\install.ins ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Internet Explorer\SIGNUP\install.ins ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\Public\Downloads\desktop.ini ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\Public\Downloads\desktop.ini ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Pictures\YZAivOG1xExfHd6\ijOxx.png ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\YZAivOG1xExfHd6\ijOxx.png ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Pictures\YZAivOG1xExfHd6\SChpKyqP63Wc3Ifl.jpg ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\YZAivOG1xExfHd6\SChpKyqP63Wc3Ifl.jpg ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Pictures\OgQN5HkjveTjh\MfY1knry.png ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\OgQN5HkjveTjh\MfY1knry.png ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\extensibility.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\extensibility.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\Reader_DC.helpcfg ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\Reader_DC.helpcfg ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\VSTOFiles.cat ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\VSTOFiles.cat ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\adodb.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\adodb.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Desktop.ini ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Desktop.ini ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Downloads\jre-8u131-windows-x64.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Downloads\jre-8u131-windows-x64.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Documents\desktop.ini ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\desktop.ini ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Contacts\lulcit amkdfe.contact ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\lulcit amkdfe.contact ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Contacts\sikvnb huvuib.contact ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\sikvnb huvuib.contact ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Documents\EnKHxADYKnu.csv ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\EnKHxADYKnu.csv ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Documents\iNW77vJzgdGc.xlsx ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\iNW77vJzgdGc.xlsx ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Documents\L9ZzdDugiqj.pptx ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\L9ZzdDugiqj.pptx ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Links\Downloads.lnk ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Links\Downloads.lnk ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-errorhandling-l1-1-0.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-errorhandling-l1-1-0.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\rsod\access.x-none.msi.16.x-none.boot.tree.dat ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\rsod\access.x-none.msi.16.x-none.boot.tree.dat ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Oracle\Java\installcache_x64\baseimagefam8 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Oracle\Java\installcache_x64\baseimagefam8 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\Public\Music\desktop.ini ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\Public\Music\desktop.ini ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\Public\Pictures\desktop.ini ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\Public\Pictures\desktop.ini ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\Public\Videos\desktop.ini ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\Public\Videos\desktop.ini ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Videos\crv__X6D-6VzmL-1hsmr.swf ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\crv__X6D-6VzmL-1hsmr.swf ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\USOShared\Logs\UpdateUx.001.etl ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\USOShared\Logs\UpdateUx.001.etl ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.018.etl ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.018.etl ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\ACECache11.lst ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\ACECache11.lst ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Microsoft.mshtml.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Microsoft.mshtml.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.psd1 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.psd1 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VC\amd64\msdia80.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VC\amd64\msdia80.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Favorites\Links\desktop.ini ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Favorites\Links\desktop.ini ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\Public\Documents\desktop.ini ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\Public\Documents\desktop.ini ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Pictures\Saved Pictures\desktop.ini ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\Saved Pictures\desktop.ini ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Pictures\3VA2_ n7PHo9aZ3-odx\F_Sh.bmp ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\3VA2_ n7PHo9aZ3-odx\F_Sh.bmp ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\IconCache.db ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\IconCache.db ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\3hWv.wav ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\3hWv.wav ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\-QpA4lkxEM8e.png ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\-QpA4lkxEM8e.png ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\ENUtxt.pdf ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\ENUtxt.pdf ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.psd1 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.psd1 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\Public\AccountPictures\desktop.ini ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\Public\AccountPictures\desktop.ini ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-install.log ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-install.log ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\IdentityCRL\production\ppcrlconfig600.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\IdentityCRL\production\ppcrlconfig600.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\store.vol ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\store.vol ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\58.0.3029.110.manifest ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\58.0.3029.110.manifest ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\3F3q Hjy8bvd.pps ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\3F3q Hjy8bvd.pps ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Pictures\OgQN5HkjveTjh\DEgCXYOGoIw\2An4F5UkE42NKunbAyO.gif ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\OgQN5HkjveTjh\DEgCXYOGoIw\2An4F5UkE42NKunbAyO.gif ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Desktop\fdRbj2oK_nU-_WAAnwEH.wav ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\fdRbj2oK_nU-_WAAnwEH.wav ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Desktop\gru-RJpD1yp7Z.mp4 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\gru-RJpD1yp7Z.mp4 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Desktop\hWmuV_qSmeO41umFIVp.png ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\hWmuV_qSmeO41umFIVp.png ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Desktop\i3m1GJbjrf1Ucd.doc ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\i3m1GJbjrf1Ucd.doc ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\iBXyNeSQbG8k2j2VxRd.rtf ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\iBXyNeSQbG8k2j2VxRd.rtf ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\IwOfL2HaN.pdf ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\IwOfL2HaN.pdf ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\N83zhof_RAlqZS5ui.csv ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\N83zhof_RAlqZS5ui.csv ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\Oao-IUQTyvQHV.ppt ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\Oao-IUQTyvQHV.ppt ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\oesk.xls ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\oesk.xls ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\opDlC6QUcl.doc ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\opDlC6QUcl.doc ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\qfKkMd0PO54RLkUoc.ppt ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\qfKkMd0PO54RLkUoc.ppt ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\zKc7RH_1b.rtf ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\zKc7RH_1b.rtf ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\_u6 QD_8eem.rtf ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\_u6 QD_8eem.rtf ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Desktop\IqG7uC.pdf ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\IqG7uC.pdf ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Desktop\Jnx1y.png ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\Jnx1y.png ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Desktop\jTCAfcL.odt ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\jTCAfcL.odt ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Desktop\M5-6yrLRIKeVPVkftsA.avi ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\M5-6yrLRIKeVPVkftsA.avi ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Desktop\MqqaQUIOXt.avi ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\MqqaQUIOXt.avi ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Desktop\NIIxcls.doc ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\NIIxcls.doc ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Desktop\np6OUKpYp7Ul0SvY.xlsx ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\np6OUKpYp7Ul0SvY.xlsx ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Desktop\NyyvnPP1BI6PgL4VR.mp3 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\NyyvnPP1BI6PgL4VR.mp3 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Desktop\qwlvWbcYpxVH bnTQ.wav ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\qwlvWbcYpxVH bnTQ.wav ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PSGet.Format.ps1xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PSGet.Format.ps1xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Pictures\3VA2_ n7PHo9aZ3-odx\m4dkHJVzpeWkT.png ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\3VA2_ n7PHo9aZ3-odx\m4dkHJVzpeWkT.png ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Pictures\3VA2_ n7PHo9aZ3-odx\N1DLcW3msNrt.png ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\3VA2_ n7PHo9aZ3-odx\N1DLcW3msNrt.png ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Pictures\3VA2_ n7PHo9aZ3-odx\wPaLCxLVEk8sPBNTFG7.jpg ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\3VA2_ n7PHo9aZ3-odx\wPaLCxLVEk8sPBNTFG7.jpg ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\72oUps5XOa844yewySkH.wav ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\72oUps5XOa844yewySkH.wav ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\BVppIdoXOn97lDi7t.mp3 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\BVppIdoXOn97lDi7t.mp3 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\CjE8McLdEkgi.mp3 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\CjE8McLdEkgi.mp3 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\dqAisKMgdCnXXjVAB.mp3 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\dqAisKMgdCnXXjVAB.mp3 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\l6EWU.mp3 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\l6EWU.mp3 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\q4 MB-.wav ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\q4 MB-.wav ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1pUvjwM8UwKSFGy.gif ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1pUvjwM8UwKSFGy.gif ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1XisO9.avi ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1XisO9.avi ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1yqOOzLcsJ3FR.m4a ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1yqOOzLcsJ3FR.m4a ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\2 u0.xlsx ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\2 u0.xlsx ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\3H9CRbT.m4a ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\3H9CRbT.m4a ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\5VlZfX9.wav ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\5VlZfX9.wav ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\6q_eLYz.jpg ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\6q_eLYz.jpg ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\8UCpExLC7l2W3oQ.m4a ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\8UCpExLC7l2W3oQ.m4a ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\9RHfa dbtHtO.docx ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\9RHfa dbtHtO.docx ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\a80ysSR.flv ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\a80ysSR.flv ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\aclfz Zg378Y6_qpE5.gif ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\aclfz Zg378Y6_qpE5.gif ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adq 0VvG-dOZN4Cm.swf ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adq 0VvG-dOZN4Cm.swf ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\CE_872L.m4a ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\CE_872L.m4a ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\CFjEQ bOBiRCfbhCuV.flv ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\CFjEQ bOBiRCfbhCuV.flv ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\chy2jv8x1kFmLn3.mp4 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\chy2jv8x1kFmLn3.mp4 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\E4QHvvf4Dyciz.jpg ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\E4QHvvf4Dyciz.jpg ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Links\OneDrive.lnk ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Links\OneDrive.lnk ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PSGet.Format.ps1xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PSGet.Format.ps1xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\A3DUtils.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\A3DUtils.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PSGet.psm1 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PSGet.psm1 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PSGet.psm1 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PSGet.psm1 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Videos\cZv6LGehH1hnz1Esk.mp4 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\cZv6LGehH1hnz1Esk.mp4 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Videos\desktop.ini ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\desktop.ini ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Documents\NK_VOcd7S.pptx ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\NK_VOcd7S.pptx ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Documents\OMivT7VX5I.ods ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\OMivT7VX5I.ods ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Documents\ptRBp.docx ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\ptRBp.docx ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Documents\Qf3SxHIN vDvfU.docx ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\Qf3SxHIN vDvfU.docx ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Documents\SoPLA--zPj.pptx ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\SoPLA--zPj.pptx ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Documents\TlHV7.odt ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\TlHV7.odt ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Documents\txRbXrt.pptx ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\txRbXrt.pptx ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Documents\UFS0Q.xlsx ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\UFS0Q.xlsx ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-file-l1-1-0.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-file-l1-1-0.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia80.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia80.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PSGet.Resource.psd1 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PSGet.Resource.psd1 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ACE.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ACE.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PSGet.Resource.psd1 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PSGet.Resource.psd1 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Videos\plt q.avi ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\plt q.avi ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Videos\qtPKs7OEH6x6JBRCpV.mp4 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\qtPKs7OEH6x6JBRCpV.mp4 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Videos\S2EcOng-O_.swf ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\S2EcOng-O_.swf ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Videos\uFiNOqJKmcw-g.avi ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\uFiNOqJKmcw-g.avi ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Videos\xfQwDxyJhGlhiznaP9I.flv ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\xfQwDxyJhGlhiznaP9I.flv ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\rsod\access.x-none.msi.16.x-none.tree.dat ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\rsod\access.x-none.msi.16.x-none.tree.dat ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Documents\XX69qhI5.xlsx ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\XX69qhI5.xlsx ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Documents\y54rjw.xlsx ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\y54rjw.xlsx ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Documents\Y5ITqx4a4_t5.xlsx ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\Y5ITqx4a4_t5.xlsx ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Documents\YOaaTWvR.rtf ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\YOaaTWvR.rtf ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Documents\ZXXQCBXG.docx ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\ZXXQCBXG.docx ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-handle-l1-1-0.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-handle-l1-1-0.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-heap-l1-1-0.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-heap-l1-1-0.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\rsod\accessmui.msi.16.en-us.boot.tree.dat ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\rsod\accessmui.msi.16.en-us.boot.tree.dat ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\rsod\accessmui.msi.16.en-us.tree.dat ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\rsod\accessmui.msi.16.en-us.tree.dat ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\rsod\accessmuiset.msi.16.en-us.boot.tree.dat ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\rsod\accessmuiset.msi.16.en-us.boot.tree.dat ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-interlocked-l1-1-0.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-interlocked-l1-1-0.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\rsod\accessmuiset.msi.16.en-us.tree.dat ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\rsod\accessmuiset.msi.16.en-us.tree.dat ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-libraryloader-l1-1-0.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-libraryloader-l1-1-0.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-localization-l1-2-0.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-localization-l1-2-0.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\F6 A6G4a8kg.swf ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\F6 A6G4a8kg.swf ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\g65ZnLK.mp3 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\g65ZnLK.mp3 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Iq38LxwxOX.xls ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Iq38LxwxOX.xls ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\JOCqraobRVrncZzatS.jpg ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\JOCqraobRVrncZzatS.jpg ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\lIAzv-e5FUZPA9BSj.flv ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\lIAzv-e5FUZPA9BSj.flv ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\MMj6yFut.wav ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\MMj6yFut.wav ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\N5H6YX23-bA7QxcQw.mp3 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\N5H6YX23-bA7QxcQw.mp3 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\o4wr.mp4 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\o4wr.mp4 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Oe4rqt.mp4 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Oe4rqt.mp4 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\oz2TX _Mtd0jcrNE.mp3 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\oz2TX _Mtd0jcrNE.mp3 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\pAjXrKM3BQth.wav ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\pAjXrKM3BQth.wav ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\PEPL.mkv ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\PEPL.mkv ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\rsod\dcf.x-none.msi.16.x-none.boot.tree.dat ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\rsod\dcf.x-none.msi.16.x-none.boot.tree.dat ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\ps15JJKbzd.xls ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\ps15JJKbzd.xls ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Q62g_C4VXGmIcmbe.ppt ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Q62g_C4VXGmIcmbe.ppt ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\q_uwVn_N y Ija13jm5.flv ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\q_uwVn_N y Ija13jm5.flv ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\s7s5QZZ4JI12 CC3w4py.pdf ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\s7s5QZZ4JI12 CC3w4py.pdf ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\TKO6WmSiZz.jpg ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\TKO6WmSiZz.jpg ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Desktop\sPw Q.mp4 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\sPw Q.mp4 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Desktop\TL3lZJb1i.ods ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\TL3lZJb1i.ods ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Desktop\UFA2_-t.bmp ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\UFA2_-t.bmp ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\rsod\dcf.x-none.msi.16.x-none.tree.dat ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\rsod\dcf.x-none.msi.16.x-none.tree.dat ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\rsod\dcfmui.msi.16.en-us.boot.tree.dat ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\rsod\dcfmui.msi.16.en-us.boot.tree.dat ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\rsod\dcfmui.msi.16.en-us.tree.dat ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\rsod\dcfmui.msi.16.en-us.tree.dat ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\rsod\excel.x-none.msi.16.x-none.boot.tree.dat ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\rsod\excel.x-none.msi.16.x-none.boot.tree.dat ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\settings.ini ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\settings.ini ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\V3gYCGp24 4Fj3wq9Zd.avi ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\V3gYCGp24 4Fj3wq9Zd.avi ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\V7Or16fAU.csv ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\V7Or16fAU.csv ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\y0fUoePUL.m4a ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\y0fUoePUL.m4a ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\ZU28fmc479PrlurgjZ.mp3 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\ZU28fmc479PrlurgjZ.mp3 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\zXTUdb8ezBJp0g.mp4 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\zXTUdb8ezBJp0g.mp4 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\_4S533T SI1bio.flv ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\_4S533T SI1bio.flv ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\USS.chk ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\USS.chk ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Desktop\UoG_vKBvf1xi-Dxjb6-t.flv ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\UoG_vKBvf1xi-Dxjb6-t.flv ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Desktop\uXC5xHlQXY.mp3 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\uXC5xHlQXY.mp3 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Desktop\x6Wxe-.mp3 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\x6Wxe-.mp3 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Desktop\ydLb_HxLik.gif ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\ydLb_HxLik.gif ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Desktop\YmjEwIdb4.gif ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\YmjEwIdb4.gif ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Desktop\Za7Sm.mkv ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\Za7Sm.mkv ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\USS.log ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\USS.log ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-memory-l1-1-0.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-memory-l1-1-0.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Local State ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Local State ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\EURO\MSOEURO.DLL ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\EURO\MSOEURO.DLL ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\FBIBLIO.DLL ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\FBIBLIO.DLL ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\EPSIMP32.FLT ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\EPSIMP32.FLT ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-file-l1-2-0.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-file-l1-2-0.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\PROOF\MSLID.DLL ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\PROOF\MSLID.DLL ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\DW\DBGHELP.DLL ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\DW\DBGHELP.DLL ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\FDATE.DLL ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\FDATE.DLL ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\Updates\Detection\Version\v64.hash ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\Updates\Detection\Version\v64.hash ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-file-l2-1-0.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-file-l2-1-0.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-localization-l1-2-0.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-localization-l1-2-0.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRdrDC1500720033_en_US.msi ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRdrDC1500720033_en_US.msi ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Pictures\OgQN5HkjveTjh\DEgCXYOGoIw\IOFhWBrSVDk yR7.jpg ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\OgQN5HkjveTjh\DEgCXYOGoIw\IOFhWBrSVDk yR7.jpg ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Pictures\OgQN5HkjveTjh\v7_H4FZt.bmp ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\OgQN5HkjveTjh\v7_H4FZt.bmp ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Java\jre1.8.0_131\README.txt ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Java\jre1.8.0_131\README.txt ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Oracle\Java\javapath_target_5923062\javaw.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Oracle\Java\javapath_target_5923062\javaw.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Oracle\Java\javapath\javaws.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Oracle\Java\javapath\javaws.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.1\Microsoft.PowerShell.PSReadline.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.1\Microsoft.PowerShell.PSReadline.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_CA.txt ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_CA.txt ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\MasterDescriptor.x-none.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\MasterDescriptor.x-none.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\s640.hash ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\s640.hash ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Microsoft\User Account Pictures\user-192.png ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\user-192.png ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\VFS\System\atl100.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\VFS\System\atl100.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\VFS\Fonts\private\AGENCYB.TTF ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\VFS\Fonts\private\AGENCYB.TTF ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.1\PSReadline.Format.ps1xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.1\PSReadline.Format.ps1xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\User Account Pictures\user-32.png ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\user-32.png ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\en-US\PSGet.Resource.psd1 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\en-US\PSGet.Resource.psd1 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia90.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia90.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Microsoft\User Account Pictures\user-40.png ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\user-40.png ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Source Engine\OSE.EXE ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Source Engine\OSE.EXE ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.1\PSReadline.psd1 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.1\PSReadline.psd1 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.1\PSReadline.psm1 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.1\PSReadline.psm1 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Help\Hx.HxC ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Help\Hx.HxC ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US.txt ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US.txt ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\loc\AppXManifestLoc.16.en-us.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\loc\AppXManifestLoc.16.en-us.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\Templates\Presentation Designs\Maple.gif ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\Templates\Presentation Designs\Maple.gif ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyLetter.dotx ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyLetter.dotx ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\mcxml\AppVIsvSubsystems32.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\mcxml\AppVIsvSubsystems32.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\client\api-ms-win-core-file-l1-2-0.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\client\api-ms-win-core-file-l1-2-0.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\Office16\ACCICONS.EXE ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\Office16\ACCICONS.EXE ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\VFS\Fonts\private\AGENCYR.TTF ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\VFS\Fonts\private\AGENCYR.TTF ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACECORE.DLL ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACECORE.DLL ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\PROOF\MSWDS_EN.LEX ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\PROOF\MSWDS_EN.LEX ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Help\Hx.HxT ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Help\Hx.HxT ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\GIFIMP32.FLT ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\GIFIMP32.FLT ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\Office15\pidgenx.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\Office15\pidgenx.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\VFS\SystemX86\concrt140.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\VFS\SystemX86\concrt140.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Help\hxds.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Help\hxds.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\stream.Platform.x-none.man.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\stream.Platform.x-none.man.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\Updates\Detection\Version\VersionDescriptor.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\Updates\Detection\Version\VersionDescriptor.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\msgfilt.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\msgfilt.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.1\en\Microsoft.PowerShell.PSReadline.Resources.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.1\en\Microsoft.PowerShell.PSReadline.Resources.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\USSres00001.jrs ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\USSres00001.jrs ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\mcxml\AppVIsvSubsystems64.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\mcxml\AppVIsvSubsystems64.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-namedpipe-l1-1-0.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-namedpipe-l1-1-0.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Oracle\Java\javapath_target_5923062\java.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Oracle\Java\javapath_target_5923062\java.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\PipelineSegments.store ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\PipelineSegments.store ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Pictures\OgQN5HkjveTjh\uG YIUtTQQwxzAdMk1\ADz0T.bmp ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\OgQN5HkjveTjh\uG YIUtTQQwxzAdMk1\ADz0T.bmp ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Pictures\OgQN5HkjveTjh\uG YIUtTQQwxzAdMk1\C1aMMekmubD.png ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\OgQN5HkjveTjh\uG YIUtTQQwxzAdMk1\C1aMMekmubD.png ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-processenvironment-l1-1-0.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-processenvironment-l1-1-0.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\Public\Desktop\Acrobat Reader DC.lnk ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\Public\Desktop\Acrobat Reader DC.lnk ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\Public\Desktop\desktop.ini ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\Public\Desktop\desktop.ini ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Microsoft.stdformat.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Microsoft.stdformat.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Pictures\OgQN5HkjveTjh\DEgCXYOGoIw\jIdOJRt-45PHyH.jpg ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\OgQN5HkjveTjh\DEgCXYOGoIw\jIdOJRt-45PHyH.jpg ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\User Account Pictures\user-48.png ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\User Account Pictures\user-48.png ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Java\jre1.8.0_131\lib\accessibility.properties ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Java\jre1.8.0_131\lib\accessibility.properties ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Acrofx32.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Acrofx32.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\en-us.16\MasterDescriptor.en-us.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\en-us.16\MasterDescriptor.en-us.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\VFS\Common Programs\Access.lnk ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\VFS\Common Programs\Access.lnk ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Prefix Set ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Prefix Set ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Microsoft Office\root\client\api-ms-win-core-file-l2-1-0.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Microsoft Office\root\client\api-ms-win-core-file-l2-1-0.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Java\jre1.8.0_131\bin\awt.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Java\jre1.8.0_131\bin\awt.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\AddIns.store ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\AddIns.store ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\CIiHmnxMn6Ps\Pictures\YZAivOG1xExfHd6\tzb1FnaO1agujvxN9_Z\3lumM7waH.gif ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\YZAivOG1xExfHd6\tzb1FnaO1agujvxN9_Z\3lumM7waH.gif ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87 ID NL5VaVIIqOZA.BadNews filename = \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87 ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping \\?\C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\en-us.16\s641033.hash ID NL5VaVIIqOZA.BadNews filename = \\?\C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\en-us.16\s641033.hash ID NL5VaVIIqOZA.BadNews, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Map \\?\C:\BOOTSECT.BAK ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\desktop.ini ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\desktop.ini ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\desktop.ini ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Boot\BOOTSTAT.DAT ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Adobe\lib-nice-selections.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Common Files\christopher_pro_recruiting.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Recovery\WindowsRE\boot.sdi ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Internet Explorer\highlight.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Java\nigeriareached.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\AppXManifest.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\FileSystemMetadata.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office 15\debate gs response.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office 15\italianbreakfastinstructors.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office 15\teach.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Uninstall Information\admit-marvel.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Uninstall Information\broadwaychildrenvocational.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Uninstall Information\product-fears-seafood.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Windows Journal\family-parliamentary.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Windows Mail\definitionselectionsea.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\Public\desktop.ini ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Google\hydrocodone against.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Google\reprinttruepressing.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Microsoft.NET\slovenia.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Microsoft.NET\tactics.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Windows NT\demand_sony.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Windows Photo Viewer\biotechnology.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\MSBuild\delivered-sapphire-divisions.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000\desktop.ini ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\Default\NTUSER.DAT ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Windows Portable Devices\advantageknowledgestormdaddy.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.002.etl ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Reference Assemblies\rely.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\Default\NTUSER.DAT.LOG1 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\Default\NTUSER.DAT.LOG2 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.003.etl ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.004.etl ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Windows Journal\style_percent.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.005.etl ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Mozilla Firefox\Accessible.tlb ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.006.etl ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.007.etl ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Microsoft\MF\Active.GRL ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Microsoft\MF\Pending.GRL ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.008.etl ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.009.etl ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.010.etl ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\Default\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TM.blf ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.011.etl ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.012.etl ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.013.etl ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.014.etl ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\Default\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TMContainer00000000000000000001.regtrans-ms ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.015.etl ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Microsoft\Windows Live\WLive48x48.png ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.016.etl ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Recovery\WindowsRE\ReAgent.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Java\jre1.8.0_131\COPYRIGHT ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\VC_redist.x86.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-console-l1-1-0.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Contacts\Aclviho ASldjfl.contact ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Documents\5FiXE7dIdDZr.docx ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Documents\8EXUdg A.pptx ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Documents\8i3uwnGFbhZjcDNzr5.docx ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Documents\AQyW3K.docx ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Documents\Database1.accdb ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Downloads\ChromeSetup.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Favorites\Bing.url ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Links\desktop.ini ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Music\2F5ig6v.mp3 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Music\5rnBuaW9.wav ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Music\desktop.ini ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\OneDrive\desktop.ini ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Pictures\8cto6DsS0Tc56.png ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Pictures\desktop.ini ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.017.etl ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-datetime-l1-1-0.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Desktop\2Gnkxda mKIU4zQx0C6.bmp ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Desktop\3lc6q9_bWuznu2v.jpg ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Desktop\86vGSbXUZ0qa-T9SqPfh.csv ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Desktop\ALtT7KM4YXT5j.mp4 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Desktop\Apw7UW24n2 BSd.swf ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Desktop\Cya8Law.jpg ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Desktop\desktop.ini ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Recovery\WindowsRE\Winre.wim ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Favorites\desktop.ini ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\Default\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TMContainer00000000000000000002.regtrans-ms ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Pictures\FTCT.png ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Pictures\nKHtrkHwLM.bmp ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Music\geAKxrY-UH.mp3 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Music\sspHkttho.wav ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Links\Desktop.lnk ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Contacts\asdlfk poopvy.contact ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Java\jre1.8.0_131\LICENSE ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Saved Games\desktop.ini ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Videos\3UjFJ6JLsAT.flv ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Videos\7mLe.flv ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Videos\aP-_O_tjBmfT6a OG.mkv ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Searches\desktop.ini ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Downloads\desktop.ini ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\Public\Libraries\desktop.ini ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Searches\Everywhere.search-ms ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\Public\Libraries\RecordedTV.library-ms ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Searches\Indexed Locations.search-ms ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Microsoft\IdentityCRL\INT\ppcrlconfig600.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-debug-l1-1-0.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Contacts\chucu jadnvk.contact ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\.LNK ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\USOShared\Logs\UpdateSessionOrchestration.019.etl ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Contacts\desktop.ini ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Pictures\Camera Roll\desktop.ini ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Internet Explorer\SIGNUP\install.ins ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\Public\Downloads\desktop.ini ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Pictures\YZAivOG1xExfHd6\ijOxx.png ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Pictures\YZAivOG1xExfHd6\SChpKyqP63Wc3Ifl.jpg ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Pictures\OgQN5HkjveTjh\MfY1knry.png ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\extensibility.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\Reader_DC.helpcfg ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\VSTOFiles.cat ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\adodb.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Desktop.ini ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Downloads\jre-8u131-windows-x64.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Documents\desktop.ini ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Contacts\lulcit amkdfe.contact ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Contacts\sikvnb huvuib.contact ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Documents\EnKHxADYKnu.csv ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Documents\iNW77vJzgdGc.xlsx ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.psd1 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Desktop\fdRbj2oK_nU-_WAAnwEH.wav ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Desktop\gru-RJpD1yp7Z.mp4 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Desktop\hWmuV_qSmeO41umFIVp.png ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Desktop\i3m1GJbjrf1Ucd.doc ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Pictures\OgQN5HkjveTjh\DEgCXYOGoIw\2An4F5UkE42NKunbAyO.gif ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\3F3q Hjy8bvd.pps ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\iBXyNeSQbG8k2j2VxRd.rtf ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\IwOfL2HaN.pdf ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\N83zhof_RAlqZS5ui.csv ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\Oao-IUQTyvQHV.ppt ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\oesk.xls ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\opDlC6QUcl.doc ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\qfKkMd0PO54RLkUoc.ppt ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\zKc7RH_1b.rtf ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Documents\kD qBQuoHge89T\_u6 QD_8eem.rtf ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\58.0.3029.110.manifest ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\store.vol ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\IdentityCRL\production\ppcrlconfig600.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-install.log ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\Public\AccountPictures\desktop.ini ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.psd1 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\ENUtxt.pdf ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\-QpA4lkxEM8e.png ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\3hWv.wav ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\IconCache.db ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Pictures\3VA2_ n7PHo9aZ3-odx\F_Sh.bmp ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Pictures\Saved Pictures\desktop.ini ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\Public\Documents\desktop.ini ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Links\Downloads.lnk ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.018.etl ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Desktop\IqG7uC.pdf ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Desktop\Jnx1y.png ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Desktop\jTCAfcL.odt ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Desktop\M5-6yrLRIKeVPVkftsA.avi ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Desktop\MqqaQUIOXt.avi ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Desktop\NIIxcls.doc ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Desktop\np6OUKpYp7Ul0SvY.xlsx ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Desktop\NyyvnPP1BI6PgL4VR.mp3 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Desktop\qwlvWbcYpxVH bnTQ.wav ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\USOShared\Logs\UpdateUx.001.etl ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PSGet.Format.ps1xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Pictures\3VA2_ n7PHo9aZ3-odx\m4dkHJVzpeWkT.png ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Pictures\3VA2_ n7PHo9aZ3-odx\N1DLcW3msNrt.png ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Pictures\3VA2_ n7PHo9aZ3-odx\wPaLCxLVEk8sPBNTFG7.jpg ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\72oUps5XOa844yewySkH.wav ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\BVppIdoXOn97lDi7t.mp3 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\CjE8McLdEkgi.mp3 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\dqAisKMgdCnXXjVAB.mp3 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\l6EWU.mp3 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Music\_ s2ts\q4 MB-.wav ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1pUvjwM8UwKSFGy.gif ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1XisO9.avi ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1yqOOzLcsJ3FR.m4a ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\2 u0.xlsx ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\3H9CRbT.m4a ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\5VlZfX9.wav ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\6q_eLYz.jpg ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\8UCpExLC7l2W3oQ.m4a ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\9RHfa dbtHtO.docx ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\a80ysSR.flv ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\aclfz Zg378Y6_qpE5.gif ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adq 0VvG-dOZN4Cm.swf ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\CE_872L.m4a ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\CFjEQ bOBiRCfbhCuV.flv ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\chy2jv8x1kFmLn3.mp4 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\E4QHvvf4Dyciz.jpg ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Links\OneDrive.lnk ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PSGet.Format.ps1xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\A3DUtils.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PSGet.psm1 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PSGet.psm1 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Videos\crv__X6D-6VzmL-1hsmr.swf ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Videos\cZv6LGehH1hnz1Esk.mp4 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Videos\desktop.ini ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\Public\Videos\desktop.ini ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\Public\Pictures\desktop.ini ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\Public\Music\desktop.ini ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Oracle\Java\installcache_x64\baseimagefam8 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\rsod\access.x-none.msi.16.x-none.boot.tree.dat ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-errorhandling-l1-1-0.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Documents\L9ZzdDugiqj.pptx ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Favorites\Links\desktop.ini ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VC\amd64\msdia80.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\ACECache11.lst ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Documents\NK_VOcd7S.pptx ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Documents\OMivT7VX5I.ods ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Documents\ptRBp.docx ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Documents\Qf3SxHIN vDvfU.docx ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Documents\SoPLA--zPj.pptx ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Documents\TlHV7.odt ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Documents\txRbXrt.pptx ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Microsoft.mshtml.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Documents\UFS0Q.xlsx ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-file-l1-1-0.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia80.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PSGet.Resource.psd1 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ACE.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PSGet.Resource.psd1 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Videos\plt q.avi ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Videos\qtPKs7OEH6x6JBRCpV.mp4 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Videos\S2EcOng-O_.swf ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Videos\uFiNOqJKmcw-g.avi ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Videos\xfQwDxyJhGlhiznaP9I.flv ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\rsod\access.x-none.msi.16.x-none.tree.dat ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Documents\XX69qhI5.xlsx ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Documents\y54rjw.xlsx ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Documents\Y5ITqx4a4_t5.xlsx ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Documents\YOaaTWvR.rtf ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Documents\ZXXQCBXG.docx ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-handle-l1-1-0.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-heap-l1-1-0.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\rsod\accessmui.msi.16.en-us.boot.tree.dat ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\rsod\accessmui.msi.16.en-us.tree.dat ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\rsod\accessmuiset.msi.16.en-us.boot.tree.dat ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-interlocked-l1-1-0.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\rsod\accessmuiset.msi.16.en-us.tree.dat ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-libraryloader-l1-1-0.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-localization-l1-2-0.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\F6 A6G4a8kg.swf ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\g65ZnLK.mp3 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Iq38LxwxOX.xls ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\JOCqraobRVrncZzatS.jpg ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\lIAzv-e5FUZPA9BSj.flv ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\MMj6yFut.wav ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\N5H6YX23-bA7QxcQw.mp3 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\o4wr.mp4 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Oe4rqt.mp4 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\oz2TX _Mtd0jcrNE.mp3 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\pAjXrKM3BQth.wav ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\PEPL.mkv ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\rsod\dcf.x-none.msi.16.x-none.boot.tree.dat ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\ps15JJKbzd.xls ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Q62g_C4VXGmIcmbe.ppt ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\q_uwVn_N y Ija13jm5.flv ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\s7s5QZZ4JI12 CC3w4py.pdf ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\TKO6WmSiZz.jpg ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Desktop\sPw Q.mp4 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Desktop\TL3lZJb1i.ods ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\rsod\dcf.x-none.msi.16.x-none.tree.dat ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Desktop\UFA2_-t.bmp ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\rsod\dcfmui.msi.16.en-us.boot.tree.dat ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\rsod\dcfmui.msi.16.en-us.tree.dat ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\rsod\excel.x-none.msi.16.x-none.boot.tree.dat ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\settings.ini ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\V3gYCGp24 4Fj3wq9Zd.avi ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\V7Or16fAU.csv ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\y0fUoePUL.m4a ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\ZU28fmc479PrlurgjZ.mp3 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\zXTUdb8ezBJp0g.mp4 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\_4S533T SI1bio.flv ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\USS.chk ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Desktop\UoG_vKBvf1xi-Dxjb6-t.flv ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Desktop\uXC5xHlQXY.mp3 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Desktop\x6Wxe-.mp3 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Desktop\ydLb_HxLik.gif ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Desktop\YmjEwIdb4.gif ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Desktop\Za7Sm.mkv ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\USS.log ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-memory-l1-1-0.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Local State ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\EURO\MSOEURO.DLL ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\FBIBLIO.DLL ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\EPSIMP32.FLT ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-file-l1-2-0.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\PROOF\MSLID.DLL ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\DW\DBGHELP.DLL ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\FDATE.DLL ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-file-l2-1-0.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\Updates\Detection\Version\v64.hash ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-localization-l1-2-0.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRdrDC1500720033_en_US.msi ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Pictures\OgQN5HkjveTjh\DEgCXYOGoIw\IOFhWBrSVDk yR7.jpg ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Pictures\OgQN5HkjveTjh\v7_H4FZt.bmp ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Java\jre1.8.0_131\README.txt ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Oracle\Java\javapath_target_5923062\javaw.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Oracle\Java\javapath\javaws.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.1\Microsoft.PowerShell.PSReadline.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_CA.txt ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\MasterDescriptor.x-none.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\s640.hash ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Microsoft\User Account Pictures\user-192.png ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\VFS\System\atl100.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\VFS\Fonts\private\AGENCYB.TTF ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.1\PSReadline.Format.ps1xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\User Account Pictures\user-32.png ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\en-US\PSGet.Resource.psd1 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia90.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Microsoft\User Account Pictures\user-40.png ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Source Engine\OSE.EXE ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.1\PSReadline.psd1 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.1\PSReadline.psm1 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Help\Hx.HxC ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US.txt ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\loc\AppXManifestLoc.16.en-us.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\Templates\Presentation Designs\Maple.gif ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyLetter.dotx ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\mcxml\AppVIsvSubsystems32.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\client\api-ms-win-core-file-l1-2-0.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\Office16\ACCICONS.EXE ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\VFS\Fonts\private\AGENCYR.TTF ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACECORE.DLL ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\PROOF\MSWDS_EN.LEX ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Help\Hx.HxT ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\GIFIMP32.FLT ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\Office15\pidgenx.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Help\hxds.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\VFS\SystemX86\concrt140.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\stream.Platform.x-none.man.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\Updates\Detection\Version\VersionDescriptor.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\msgfilt.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.1\en\Microsoft.PowerShell.PSReadline.Resources.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\Comms\UnistoreDB\USSres00001.jrs ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files\Microsoft Office\root\mcxml\AppVIsvSubsystems64.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-namedpipe-l1-1-0.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Oracle\Java\javapath_target_5923062\java.exe ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80 ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\PipelineSegments.store ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Pictures\OgQN5HkjveTjh\uG YIUtTQQwxzAdMk1\ADz0T.bmp ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Pictures\OgQN5HkjveTjh\uG YIUtTQQwxzAdMk1\C1aMMekmubD.png ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Mozilla Firefox\api-ms-win-core-processenvironment-l1-1-0.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\Public\Desktop\Acrobat Reader DC.lnk ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\Public\Desktop\desktop.ini ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Microsoft.stdformat.dll ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\CIiHmnxMn6Ps\Pictures\OgQN5HkjveTjh\DEgCXYOGoIw\jIdOJRt-45PHyH.jpg ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map \\?\C:\Users\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml ID NL5VaVIIqOZA.BadNews process_name = c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe, desired_access = FILE_MAP_WRITE True 1
Fn
For performance reasons, the remaining 20 entries are omitted.
The remaining entries can be found in glog.xml.
User (1)
»
Operation Additional Information Success Count Logfile
Lookup Privilege privilege = SeDebugPrivilege, luid = 20 True 1
Fn
System (21)
»
Operation Additional Information Success Count Logfile
Sleep duration = 1000 milliseconds (1.000 seconds) True 20
Fn
Sleep duration = 600000 milliseconds (600.000 seconds) True 1
Fn
Environment (1)
»
Operation Additional Information Success Count Logfile
Get Environment String name = ComSpec, result_out = C:\Windows\system32\cmd.exe True 1
Fn
Process #2: cmd.exe
48 0
»
Information Value
ID #2
File Name c:\windows\syswow64\cmd.exe
Command Line "C:\Windows\system32\cmd.exe" /c vssadmin delete shadows /all
Initial Working Directory C:\Users\CIiHmnxMn6Ps\Desktop\
Monitor Start Time: 00:01:01, Reason: Child Process
Unmonitor End Time: 00:04:57, Reason: Terminated by Timeout
Monitor Duration 00:03:56
OS Process Information
»
Information Value
PID 0xb44
Parent PID 0xc50 (c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username LHNIWSJ\CIiHmnxMn6Ps
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 1FC
0x 126C
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000470000 0x00470000 0x0048ffff Private Memory rw True False False -
pagefile_0x0000000000470000 0x00470000 0x0047ffff Pagefile Backed Memory rw True False False -
private_0x0000000000480000 0x00480000 0x00483fff Private Memory rw True False False -
private_0x0000000000490000 0x00490000 0x00491fff Private Memory rw True False False -
private_0x0000000000490000 0x00490000 0x00493fff Private Memory rw True False False -
pagefile_0x00000000004a0000 0x004a0000 0x004b3fff Pagefile Backed Memory r True False False -
private_0x00000000004c0000 0x004c0000 0x004fffff Private Memory rw True False False -
private_0x0000000000500000 0x00500000 0x005fffff Private Memory rw True False False -
pagefile_0x0000000000600000 0x00600000 0x00603fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000610000 0x00610000 0x00610fff Pagefile Backed Memory r True False False -
private_0x0000000000620000 0x00620000 0x00621fff Private Memory rw True False False -
locale.nls 0x00630000 0x006edfff Memory Mapped File r False False False -
private_0x00000000006f0000 0x006f0000 0x0072ffff Private Memory rw True False False -
private_0x0000000000770000 0x00770000 0x0077ffff Private Memory rw True False False -
private_0x0000000000780000 0x00780000 0x0087ffff Private Memory rw True False False -
cmd.exe 0x008b0000 0x008fffff Memory Mapped File rwx True False False -
pagefile_0x0000000000900000 0x00900000 0x048fffff Pagefile Backed Memory - True False False -
private_0x00000000049a0000 0x049a0000 0x04a9ffff Private Memory rw True False False -
private_0x0000000004c40000 0x04c40000 0x04c4ffff Private Memory rw True False False -
sortdefault.nls 0x04c50000 0x04f86fff Memory Mapped File r False False False -
wow64cpu.dll 0x73030000 0x73037fff Memory Mapped File rwx False False False -
wow64.dll 0x73040000 0x7308efff Memory Mapped File rwx False False False -
wow64win.dll 0x73090000 0x73102fff Memory Mapped File rwx False False False -
kernelbase.dll 0x74d30000 0x74ea5fff Memory Mapped File rwx False False False -
kernel32.dll 0x75130000 0x7521ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x778d0000 0x7798dfff Memory Mapped File rwx False False False -
ntdll.dll 0x77990000 0x77b08fff Memory Mapped File rwx False False False -
pagefile_0x000000007e320000 0x7e320000 0x7e41ffff Pagefile Backed Memory r True False False -
pagefile_0x000000007e420000 0x7e420000 0x7e442fff Pagefile Backed Memory r True False False -
private_0x000000007e446000 0x7e446000 0x7e446fff Private Memory rw True False False -
private_0x000000007e447000 0x7e447000 0x7e449fff Private Memory rw True False False -
private_0x000000007e44a000 0x7e44a000 0x7e44cfff Private Memory rw True False False -
private_0x000000007e44d000 0x7e44d000 0x7e44dfff Private Memory rw True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7dfaf7a0ffff Private Memory r True False False -
pagefile_0x00007dfaf7a10000 0x7dfaf7a10000 0x7ffaf7a0ffff Pagefile Backed Memory - True False False -
ntdll.dll 0x7ffaf7a10000 0x7ffaf7bd1fff Memory Mapped File rwx False False False -
private_0x00007ffaf7bd2000 0x7ffaf7bd2000 0x7ffffffeffff Private Memory r True False False -
Host Behavior
File (7)
»
Operation Filename Additional Information Success Count Logfile
Get Info C:\Users\CIiHmnxMn6Ps\Desktop type = file_attributes True 2
Fn
Open STD_OUTPUT_HANDLE - True 3
Fn
Open STD_INPUT_HANDLE - True 2
Fn
Registry (17)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Command Processor - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 24, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Process (1)
»
Operation Process Additional Information Success Count Logfile
Create C:\Windows\system32\vssadmin.exe creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL False 1
Fn
Module (8)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\syswow64\cmd.exe base_address = 0x8b0000 True 1
Fn
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x75130000 True 2
Fn
Get Filename - process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetThreadUILanguage, address_out = 0x75172780 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CopyFileExW, address_out = 0x7514fa80 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = IsDebuggerPresent, address_out = 0x7514a790 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetConsoleInputExeNameW, address_out = 0x74e435c0 True 1
Fn
Environment (13)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 4
Fn
Data
Get Environment String name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ True 2
Fn
Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 2
Fn
Get Environment String name = PROMPT False 1
Fn
Get Environment String name = COMSPEC, result_out = C:\Windows\system32\cmd.exe True 1
Fn
Get Environment String name = KEYS False 1
Fn
Set Environment String name = PROMPT, value = $P$G True 1
Fn
Set Environment String name = =C:, value = C:\Users\CIiHmnxMn6Ps\Desktop True 1
Fn
Process #4: cmd.exe
0 0
»
Information Value
ID #4
File Name c:\windows\syswow64\cmd.exe
Command Line C:\Windows\system32\cmd.exe /c ""C:\windows\clerlog.bat" "
Initial Working Directory C:\Users\CIiHmnxMn6Ps\Desktop\
Monitor Start Time: 00:01:21, Reason: Child Process
Unmonitor End Time: 00:04:57, Reason: Terminated by Timeout
Monitor Duration 00:03:36
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x1cd0
Parent PID 0xc50 (c:\users\ciihmnxmn6ps\desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username LHNIWSJ\CIiHmnxMn6Ps
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs -
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000860000 0x00860000 0x0087ffff Private Memory rw True False False -
private_0x0000000000880000 0x00880000 0x00881fff Private Memory rw True False False -
pagefile_0x0000000000890000 0x00890000 0x008a3fff Pagefile Backed Memory r True False False -
cmd.exe 0x008b0000 0x008fffff Memory Mapped File rwx True False False -
pagefile_0x0000000000900000 0x00900000 0x048fffff Pagefile Backed Memory - True False False -
private_0x0000000004900000 0x04900000 0x0493ffff Private Memory rw True False False -
private_0x0000000004940000 0x04940000 0x04a3ffff Private Memory rw True False False -
pagefile_0x0000000004a40000 0x04a40000 0x04a43fff Pagefile Backed Memory r True False False -
pagefile_0x0000000004a50000 0x04a50000 0x04a50fff Pagefile Backed Memory r True False False -
private_0x0000000004a60000 0x04a60000 0x04a61fff Private Memory rw True False False -
ntdll.dll 0x77990000 0x77b08fff Memory Mapped File rwx False False False -
pagefile_0x000000007eb60000 0x7eb60000 0x7eb82fff Pagefile Backed Memory r True False False -
private_0x000000007eb87000 0x7eb87000 0x7eb87fff Private Memory rw True False False -
private_0x000000007eb8c000 0x7eb8c000 0x7eb8cfff Private Memory rw True False False -
private_0x000000007eb8d000 0x7eb8d000 0x7eb8ffff Private Memory rw True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7dfaf7a0ffff Private Memory r True False False -
pagefile_0x00007dfaf7a10000 0x7dfaf7a10000 0x7ffaf7a0ffff Pagefile Backed Memory - True False False -
ntdll.dll 0x7ffaf7a10000 0x7ffaf7bd1fff Memory Mapped File rwx False False False -
private_0x00007ffaf7bd2000 0x7ffaf7bd2000 0x7ffffffeffff Private Memory r True False False -
Process #5: vssadmin.exe
0 0
»
Information Value
ID #5
File Name c:\windows\syswow64\vssadmin.exe
Command Line vssadmin delete shadows /all
Initial Working Directory C:\Users\CIiHmnxMn6Ps\Desktop\
Monitor Start Time: 00:01:25, Reason: Child Process
Unmonitor End Time: 00:04:57, Reason: Terminated by Timeout
Monitor Duration 00:03:32
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x1fa4
Parent PID 0xb44 (c:\windows\syswow64\cmd.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username LHNIWSJ\CIiHmnxMn6Ps
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs -
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image