|
5/5
|
File System
|
Encrypts content of user files
|
Ransomware
|
|
-
Encrypts the content of multiple user files. This is an indicator for ransomware.
|
|
5/5
|
YARA
|
YARA match
|
-
|
|
-
Rule "WiltedTulip_Tools_clrlg" from ruleset "APTs" has matched for "C:\windows\clerlog.bat"
|
|
-
Rule "Shellcode_GetPC_fstenv" from ruleset "Generic" has matched for "\\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe ID NL5VaVIIqOZA.BadNews"
|
|
-
Rule "Shellcode_GetPC_fstenv" from ruleset "Generic" has matched for "\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe ID NL5VaVIIqOZA.BadNews"
|
|
4/5
|
File System
|
Known malicious file
|
Trojan
|
|
-
File "C:\Users\CIiHmnxMn6Ps\Desktop\1c2bdfa5e30cbf8eb92c3764de9b106aa722a81b50641698d2620a49b530b0b4.exe" is a known malicious file.
|
|
3/5
|
OS
|
Modifies system security configuration
|
-
|
|
-
Disables UAC notifications.
|
|
2/5
|
Anti Analysis
|
Delays execution
|
-
|
|
-
One thread sleeps more than 5 minutes.
|
|
1/5
|
Persistence
|
Installs system startup script or application
|
-
|
|
-
Adds ""c:\How To Decode Files.hta"" to Windows startup via registry.
|
|
-
Adds "C:\windows\searchfiles.exe" to Windows startup via registry.
|
|
1/5
|
File System
|
Modifies operating system directory
|
-
|
|
-
Creates file "C:\windows\searchfiles.exe" in the OS directory.
|
|
-
Creates file "C:\windows\clerlog.bat" in the OS directory.
|
|
1/5
|
Hide Tracks
|
Writes an unually large amount of data to the registry
|
-
|
|
-
Hides 1280 byte in "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\\rsa".
|
|
1/5
|
Process
|
Creates process with hidden window
|
-
|
|
-
The process "C:\Windows\system32\cmd.exe" starts with hidden window.
|
|
-
The process "C:\windows\clerlog.bat" starts with hidden window.
|
|
1/5
|
File System
|
Modifies application directory
|
-
|
|
-
Modifies "c:\program files\how to decode files.hta".
|
|
-
Modifies "c:\program files\desktop.ini id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\desktop.ini id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\adobe\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\adobe\lib-nice-selections.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\common files\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\common files\christopher_pro_recruiting.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\internet explorer\how to decode files.hta".
|
|
-
Modifies "c:\program files\internet explorer\highlight.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\java\how to decode files.hta".
|
|
-
Modifies "c:\program files\java\nigeriareached.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\how to decode files.hta".
|
|
-
Modifies "c:\program files\microsoft office\appxmanifest.xml id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\filesystemmetadata.xml id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office 15\how to decode files.hta".
|
|
-
Modifies "c:\program files\microsoft office 15\debate gs response.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office 15\italianbreakfastinstructors.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office 15\teach.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\uninstall information\how to decode files.hta".
|
|
-
Modifies "c:\program files\uninstall information\admit-marvel.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\uninstall information\broadwaychildrenvocational.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\uninstall information\product-fears-seafood.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\windows journal\how to decode files.hta".
|
|
-
Modifies "c:\program files\windows journal\family-parliamentary.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\windows mail\how to decode files.hta".
|
|
-
Modifies "c:\program files\windows mail\definitionselectionsea.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\windows media player\how to decode files.hta".
|
|
-
Modifies "c:\program files\windows multimedia platform\how to decode files.hta".
|
|
-
Modifies "c:\program files\windows portable devices\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\google\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\google\hydrocodone against.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\google\reprinttruepressing.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\microsoft.net\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\microsoft.net\slovenia.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\microsoft.net\tactics.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\mozilla maintenance service\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\windows media player\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\windows multimedia platform\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\windows nt\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\windows nt\demand_sony.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\windows photo viewer\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\windows photo viewer\biotechnology.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\common files\designer\how to decode files.hta".
|
|
-
Modifies "c:\program files\common files\services\how to decode files.hta".
|
|
-
Modifies "c:\program files\common files\system\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\how to decode files.hta".
|
|
-
Modifies "c:\program files\msbuild\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\windows mail\how to decode files.hta".
|
|
-
Modifies "c:\program files\msbuild\delivered-sapphire-divisions.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\internet explorer\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\windows portable devices\advantageknowledgestormdaddy.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\common files\designer\msaddndr.olb id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\reference assemblies\how to decode files.hta".
|
|
-
Modifies "c:\program files\reference assemblies\rely.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\readme.htm id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\common files\services\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\common files\system\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\mozilla firefox\how to decode files.hta".
|
|
-
Modifies "c:\program files\windows journal\style_percent.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\mozilla firefox\accessible.tlb id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\windows mail\en-us\how to decode files.hta".
|
|
-
Modifies "c:\program files\java\jre1.8.0_131\how to decode files.hta".
|
|
-
Modifies "c:\program files\windows nt\accessories\how to decode files.hta".
|
|
-
Modifies "c:\program files\windows media player\media renderer\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\mozilla firefox\accessiblemarshal.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office 15\clientx64\how to decode files.hta".
|
|
-
Modifies "c:\program files\windows nt\tabletextservice\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\mozilla firefox\api-ms-win-core-console-l1-1-0.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\java\jre1.8.0_131\copyright id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\mozilla maintenance service\updater.ini id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\java\jre1.8.0_131\license id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\common files\microsoft shared\msinfo\how to decode files.hta".
|
|
-
Modifies "c:\program files\common files\microsoft shared\office16\how to decode files.hta".
|
|
-
Modifies "c:\program files\common files\system\ado\how to decode files.hta".
|
|
-
Modifies "c:\program files\common files\system\ole db\how to decode files.hta".
|
|
-
Modifies "c:\program files\common files\microsoft shared\vgx\how to decode files.hta".
|
|
-
Modifies "c:\program files\common files\system\en-us\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\common files\java\java update\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\internet explorer\en-us\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\mozilla firefox\api-ms-win-core-datetime-l1-1-0.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office 15\clientx64\integratedoffice.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\common files\system\ado\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\windows nt\tabletextservice\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\windows nt\accessories\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\mozilla maintenance service\logs\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\microsoft.net\redistlist\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\how to decode files.hta".
|
|
-
Modifies "c:\program files\windows media player\skins\how to decode files.hta".
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\how to decode files.hta".
|
|
-
Modifies "c:\program files\internet explorer\signup\install.ins id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\.lnk id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\windows defender\en-us\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\resource\how to decode files.hta".
|
|
-
Modifies "c:\program files\common files\microsoft shared\source engine\ose.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\office15\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\microsoft.net\primary interop assemblies\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\common files\microsoft shared\vsta\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\common files\microsoft shared\dao\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\common files\microsoft shared\stationery\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\internet explorer\signup\how to decode files.hta".
|
|
-
Modifies "c:\program files\windows nt\tabletextservice\en-us\how to decode files.hta".
|
|
-
Modifies "c:\program files\common files\microsoft shared\msinfo\en-us\how to decode files.hta".
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-file-l1-2-0.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-file-l2-1-0.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-localization-l1-2-0.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\internet explorer\signup\install.ins id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\windows media player\media renderer\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\setup files\{ac76ba86-7ad7-1033-7b44-ac0f074e4100}\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\mozilla firefox\api-ms-win-core-debug-l1-1-0.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\common files\microsoft shared\msinfo\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\common files\microsoft shared\ink\how to decode files.hta".
|
|
-
Modifies "c:\program files\windowspowershell\modules\powershellget\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\common files\microsoft shared\vgx\how to decode files.hta".
|
|
-
Modifies "c:\program files\common files\system\msadc\how to decode files.hta".
|
|
-
Modifies "c:\program files\windows media player\network sharing\how to decode files.hta".
|
|
-
Modifies "c:\program files\common files\microsoft shared\vc\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\common files\microsoft shared\msenv\publicassemblies\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\common files\adobe\helpcfg\en_us\how to decode files.hta".
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\msbuild\microsoft\windows workflow foundation\v3.5\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\common files\microsoft shared\stationery\desktop.ini id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\common files\microsoft shared\vc\how to decode files.hta".
|
|
-
Modifies "c:\program files\java\jre1.8.0_131\lib\how to decode files.hta".
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-processthreads-l1-1-1.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\common files\microsoft shared\vsta\pipeline.v10.0\how to decode files.hta".
|
|
-
Modifies "c:\program files\windows nt\accessories\en-us\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\common files\adobe\helpcfg\en_us\reader_dc.helpcfg id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\common files\microsoft shared\vsta\appinfodocument\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\common files\microsoft shared\msenv\publicassemblies\extensibility.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\licenses\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\common files\adobe\arm\1.0\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\msbuild\microsoft\windows workflow foundation\v3.0\how to decode files.hta".
|
|
-
Modifies "c:\program files\reference assemblies\microsoft\framework\v3.0\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\windowspowershell\modules\packagemanagement\1.0.0.0\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\windowspowershell\modules\pester\3.3.5\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\reference assemblies\microsoft\framework\v3.5\how to decode files.hta".
|
|
-
Modifies "c:\program files\reference assemblies\microsoft\framework\v3.5\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\google\chrome\application\58.0.3029.110\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\windowspowershell\modules\packagemanagement\1.0.0.0\en\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\google\chrome\application\58.0.3029.110\58.0.3029.110.manifest id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\mozilla maintenance service\logs\maintenanceservice-install.log id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\windowspowershell\modules\powershellget\powershellget.psd1 id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\common files\microsoft shared\stationery\desktop.ini id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\windowspowershell\modules\powershellget\powershellget.psd1 id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\msbuild\microsoft\windows workflow foundation\v3.0\workflow.targets id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\resource\enutxt.pdf id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\1494870c-9912-c184-4cc9-b401-a53f4d8de290.pdf id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\windowspowershell\modules\powershellget\psget.format.ps1xml id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\windowspowershell\modules\powershellget\psget.format.ps1xml id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\msbuild\microsoft\windows workflow foundation\v3.0\workflow.visualbasic.targets id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\mozilla firefox\api-ms-win-core-errorhandling-l1-1-0.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\reference assemblies\microsoft\framework\v3.0\winfxlist.xml id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\windowspowershell\modules\powershellget\psget.psm1 id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\a3dutils.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\windowspowershell\modules\powershellget\psget.psm1 id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\rsod\access.x-none.msi.16.x-none.boot.tree.dat id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\common files\microsoft shared\vsto\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\common files\microsoft shared\vc\msdia100.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\mozilla firefox\api-ms-win-core-file-l1-1-0.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\mozilla firefox\api-ms-win-core-file-l1-2-0.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\windowspowershell\modules\powershellget\psget.resource.psd1 id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\mozilla firefox\api-ms-win-core-file-l2-1-0.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\mozilla firefox\api-ms-win-core-handle-l1-1-0.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\rsod\access.x-none.msi.16.x-none.tree.dat id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\rsod\accessmui.msi.16.en-us.boot.tree.dat id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\rsod\accessmui.msi.16.en-us.tree.dat id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\common files\microsoft shared\vsto\vstoee.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\rsod\accessmuiset.msi.16.en-us.boot.tree.dat id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\mozilla firefox\api-ms-win-core-heap-l1-1-0.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\mozilla firefox\api-ms-win-core-interlocked-l1-1-0.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\common files\microsoft shared\vsto\10.0\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\mozilla firefox\api-ms-win-core-libraryloader-l1-1-0.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\rsod\accessmuiset.msi.16.en-us.tree.dat id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\common files\microsoft shared\vsto\vstoee100.tlb id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\en-us\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\common files\adobe\arm\1.0\adobearmhelper.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\common files\microsoft shared\vsto\vstoee90.tlb id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\rsod\dcf.x-none.msi.16.x-none.boot.tree.dat id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\rsod\dcf.x-none.msi.16.x-none.tree.dat id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\ace.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\rsod\dcfmui.msi.16.en-us.boot.tree.dat id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\rsod\dcfmui.msi.16.en-us.tree.dat id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\et-ee\how to decode files.hta".
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fi-fi\how to decode files.hta".
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\el-gr\how to decode files.hta".
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\de-de\how to decode files.hta".
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\da-dk\how to decode files.hta".
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\bg-bg\how to decode files.hta".
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\ar-sa\how to decode files.hta".
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\es-es\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\acrobroker.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\mozilla firefox\api-ms-win-core-memory-l1-1-0.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\help\how to decode files.hta".
|
|
-
Modifies "c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\source engine\how to decode files.hta".
|
|
-
Modifies "c:\program files\microsoft office\root\mcxml\how to decode files.hta".
|
|
-
Modifies "c:\program files\common files\microsoft shared\vsto\10.0\vstoinstaller.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\common files\microsoft shared\vc\amd64\msdia80.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\common files\microsoft shared\vsta\vstofiles.cat id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\reference assemblies\microsoft\framework\v3.0\how to decode files.hta".
|
|
-
Modifies "c:\program files\common files\microsoft shared\vc\msdia100.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\msclientdatamgr\how to decode files.hta".
|
|
-
Modifies "c:\program files\microsoft office\root\vfs\systemx86\how to decode files.hta".
|
|
-
Modifies "c:\program files\microsoft office\office16\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\common files\system\ole db\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\common files\adobe\reader\dc\linguistics\languagenames2\how to decode files.hta".
|
|
-
Modifies "c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\grphflt\how to decode files.hta".
|
|
-
Modifies "c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\dw\how to decode files.hta".
|
|
-
Modifies "c:\program files\microsoft office\updates\detection\version\how to decode files.hta".
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fr-ca\how to decode files.hta".
|
|
-
Modifies "c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\smart tag\fbiblio.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\equation\api-ms-win-core-file-l1-2-0.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\euro\msoeuro.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\equation\api-ms-win-core-file-l2-1-0.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\updates\detection\version\v64.hash id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\document themes 16\how to decode files.hta".
|
|
-
Modifies "c:\program files\windowspowershell\modules\powershellget\en-us\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\common files\microsoft shared\msinfo\en-us\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\windows media player\en-us\how to decode files.hta".
|
|
-
Modifies "c:\program files\windows journal\templates\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\common files\system\msadc\how to decode files.hta".
|
|
-
Modifies "c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\dw\dbghelp.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\smart tag\fdate.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\equation\api-ms-win-core-localization-l1-2-0.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office 15\clientx64\officeclicktorun.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\java\jre1.8.0_131\readme.txt id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\windowspowershell\modules\psreadline\1.1\how to decode files.hta".
|
|
-
Modifies "c:\program files\windowspowershell\modules\packagemanagement\1.0.0.0\how to decode files.hta".
|
|
-
Modifies "c:\program files\windowspowershell\modules\psreadline\1.1\microsoft.powershell.psreadline.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\he-il\how to decode files.hta".
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\ja-jp\how to decode files.hta".
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\it-it\how to decode files.hta".
|
|
-
Modifies "c:\program files\microsoft office\root\flattener\how to decode files.hta".
|
|
-
Modifies "c:\program files\common files\microsoft shared\office16\liclua.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\vfs\fonts\private\agencyb.ttf id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\windowspowershell\modules\psreadline\1.1\psreadline.format.ps1xml id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\common files\adobe\reader\dc\linguistics\languagenames2\displaylanguagenames.en_ca.txt id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\windowspowershell\modules\pester\3.3.5\how to decode files.hta".
|
|
-
Modifies "c:\program files\msbuild\microsoft\windows workflow foundation\v3.0\workflow.targets id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\grphflt\epsimp32.flt id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\proof\mslid.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\windowspowershell\modules\psreadline\1.1\psreadline.psd1 id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\common files\adobe\reader\dc\linguistics\languagenames2\displaylanguagenames.en_gb.txt id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\windowspowershell\modules\psreadline\1.1\psreadline.psm1 id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\common files\adobe\reader\dc\linguistics\languagenames2\displaylanguagenames.en_gb_euro.txt id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\source engine\ose.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\help\hx.hxc id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\templates\presentation designs\maple.gif id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\loc\appxmanifestloc.16.en-us.xml id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\help\hx.hxt id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\themes16\how to decode files.hta".
|
|
-
Modifies "c:\program files\microsoft office\root\mcxml\appvisvsubsystems32.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\windowspowershell\modules\psreadline\1.1\en\how to decode files.hta".
|
|
-
Modifies "c:\program files\microsoft office\root\client\api-ms-win-core-file-l1-2-0.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\common files\adobe\reader\dc\linguistics\languagenames2\displaylanguagenames.en_us.txt id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\proof\mswds_en.lex id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\msbuild\microsoft\windows workflow foundation\v3.0\workflow.visualbasic.targets id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\reference assemblies\microsoft\framework\v3.0\winfxlist.xml id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\windowspowershell\modules\psreadline\1.1\en\microsoft.powershell.psreadline.resources.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\common files\adobe\reader\dc\linguistics\languagenames2\displaylanguagenames.en_us_posix.txt id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\acecore.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\windowspowershell\modules\pester\3.3.5\snippets\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\common files\microsoft shared\vsta\pipeline.v10.0\addinsideadapters\how to decode files.hta".
|
|
-
Modifies "c:\program files\microsoft office\root\office16\accicons.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\mozilla firefox\api-ms-win-core-namedpipe-l1-1-0.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\updates\detection\version\versiondescriptor.xml id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\common files\microsoft shared\vsta\pipeline.v10.0\addinviews\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\common files\microsoft shared\vsta\pipeline.v10.0\hostsideadapters\how to decode files.hta".
|
|
-
Modifies "c:\program files\microsoft office\root\licenses16\how to decode files.hta".
|
|
-
Modifies "c:\program files\java\jre1.8.0_131\lib\accessibility.properties id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\common files\microsoft shared\vsta\pipeline.v10.0\addinsideadapters\microsoft.visualstudio.tools.applications.addinadapter.v10.0.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\dw\dw20.exe id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\common files\microsoft shared\vsta\pipeline.v10.0\addinsideadapters\microsoft.visualstudio.tools.applications.addinadapter.v9.0.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\client\api-ms-win-core-file-l2-1-0.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\languagemodel\how to decode files.hta".
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\lt-lt\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\common files\microsoft shared\vsta\pipeline.v10.0\addinsideadapters\microsoft.visualstudio.tools.office.addinadapter.v9.0.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\filters\msgfilt.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\vfs\fonts\private\agencyr.ttf id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\licenses\c2rpridslicensefiles_auto.xml id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\vfs\system\atl100.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\windowspowershell\modules\powershellget\en-us\psget.resource.psd1 id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\mozilla firefox\api-ms-win-core-processenvironment-l1-1-0.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\microsoft.net\primary interop assemblies\microsoft.stdformat.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\common files\microsoft shared\vsta\pipeline.v10.0\contracts\microsoft.visualstudio.tools.applications.contract.v10.0.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\vfs\common programs\access.lnk id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\common files\microsoft shared\vsta\appinfodocument\addins.store id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-synch-l1-2-0.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\windowspowershell\modules\pester\3.3.5\bin\how to decode files.hta".
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\how to decode files.hta".
|
|
-
Modifies "c:\program files\microsoft office\root\integration\how to decode files.hta".
|
|
-
Modifies "c:\program files (x86)\common files\microsoft shared\vsta\pipeline.v10.0\hostsideadapters\microsoft.visualstudio.tools.applications.hostadapter.v10.0.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\grphflt\gifimp32.flt id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\acrofx32.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\templates\1033\adjacencyletter.dotx id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\common files\microsoft shared\vsta\pipeline.v10.0\addinviews\microsoft.office.tools.v9.0.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files (x86)\common files\microsoft shared\vsta\pipeline.v10.0\pipelinesegments.store id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\vfs\systemx86\concrt140.dll id nl5vaviiqoza.badnews".
|
|
-
Modifies "c:\program files\microsoft office\root\mcxml\appvisvsubsystems64.dll id nl5vaviiqoza.badnews".
|
|
1/5
|
Masquerade
|
Changes folder appearance
|
Riskware
|
|
-
Folder "c:\program files" has a changed appearance.
|
|
-
Folder "c:\users" has a changed appearance.
|
|
-
Folder "c:\program files (x86)" has a changed appearance.
|
|
-
Folder "c:\users\public" has a changed appearance.
|
|
-
Folder "c:\$recycle.bin\s-1-5-21-1462094071-1423818996-289466292-1000" has a changed appearance.
|
|
-
Folder "c:\$recycle.bin\s-1-5-18" has a changed appearance.
|
|
-
Folder "c:\users\ciihmnxmn6ps\links" has a changed appearance.
|
|
-
Folder "c:\users\ciihmnxmn6ps\music" has a changed appearance.
|
|
-
Folder "c:\users\ciihmnxmn6ps\onedrive" has a changed appearance.
|
|
-
Folder "c:\users\ciihmnxmn6ps\pictures" has a changed appearance.
|
|
-
Folder "c:\users\ciihmnxmn6ps\desktop" has a changed appearance.
|
|
-
Folder "c:\users\ciihmnxmn6ps\favorites" has a changed appearance.
|
|
-
Folder "c:\users\ciihmnxmn6ps\saved games" has a changed appearance.
|
|
-
Folder "c:\users\ciihmnxmn6ps\searches" has a changed appearance.
|
|
-
Folder "c:\users\ciihmnxmn6ps\downloads" has a changed appearance.
|
|
-
Folder "c:\users\public\libraries" has a changed appearance.
|
|
-
Folder "c:\users\ciihmnxmn6ps\contacts" has a changed appearance.
|
|
-
Folder "c:\users\ciihmnxmn6ps\pictures\camera roll" has a changed appearance.
|
|
-
Folder "c:\users\public\downloads" has a changed appearance.
|
|
-
Folder "c:\program files (x86)\common files\microsoft shared\stationery" has a changed appearance.
|
|
-
Folder "c:\users\ciihmnxmn6ps\documents" has a changed appearance.
|
|
-
Folder "c:\users\public\music" has a changed appearance.
|
|
-
Folder "c:\users\public\pictures" has a changed appearance.
|
|
-
Folder "c:\users\public\videos" has a changed appearance.
|
|
-
Folder "c:\users\ciihmnxmn6ps\favorites\links" has a changed appearance.
|
|
-
Folder "c:\program files\common files\microsoft shared\stationery" has a changed appearance.
|
|
-
Folder "c:\users\public\documents" has a changed appearance.
|
|
-
Folder "c:\users\ciihmnxmn6ps\pictures\saved pictures" has a changed appearance.
|
|
-
Folder "c:\users\public\accountpictures" has a changed appearance.
|
|
-
Folder "c:\users\ciihmnxmn6ps\videos" has a changed appearance.
|
|
-
Folder "c:\users\public\desktop" has a changed appearance.
|
|
1/5
|
File System
|
Creates an unusually large number of files
|
-
|
|
-
Creates an unusually large number of files.
|