Ransomware
Mal/Generic-S
Created on 2023-01-24T20:30:11+00:00
34c1121937c35b39b654428cf3fc6b16e3e2eed03c1ccbcfc77183d1749ebadc.exe
Remarks (2/3)
(0x02000046): The maximum binlog size was reached. The analysis was terminated prematurely.
(0x0200000E): The overall sleep time of all monitored processes was truncated from "31 seconds" to "31.0 milliseconds" to reveal dormant functionality.
Remarks
(0x0200001E): The maximum size of extracted files was exceeded. Some files may be missing in the report.
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
File Name | Category | Type | Verdict | Actions |
---|
C:\Users\kEecfMwgj\Desktop\34c1121937c35b39b654428cf3fc6b16e3e2eed03c1ccbcfc77183d1749ebadc.exe | Sample File | Binary |
Malicious
|
...
|
Verdict |
Malicious
|
Names | Mal/Generic-S |
Image Base | 0x00400000 |
Entry Point | 0x00406652 |
Size Of Code | 0x00009C00 |
Size Of Initialized Data | 0x00004600 |
File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Machine Type | IMAGE_FILE_MACHINE_I386 |
Compile Timestamp | 2019-05-14 12:57 (UTC+2) |
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x00401000 | 0x00009A08 | 0x00009C00 | 0x00000400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.51 |
.rdata | 0x0040B000 | 0x000025E0 | 0x00002600 | 0x0000A000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.9 |
.data | 0x0040E000 | 0x00001E44 | 0x00001200 | 0x0000C600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.22 |
.rsrc | 0x00410000 | 0x000001B4 | 0x00000200 | 0x0000D800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.09 |
.reloc | 0x00411000 | 0x00000A8E | 0x00000C00 | 0x0000DA00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 5.23 |
.cdata | 0x00412000 | 0x00002EBC | 0x00003000 | 0x0000E600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 7.87 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
WNetOpenEnumW | - | 0x0040B1B8 | 0x0000CD40 | 0x0000BD40 | 0x0000003D |
WNetEnumResourceW | - | 0x0040B1BC | 0x0000CD44 | 0x0000BD44 | 0x0000001C |
WNetCloseEnum | - | 0x0040B1C0 | 0x0000CD48 | 0x0000BD48 | 0x00000010 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
htonl | 0x00000008 | 0x0040B1DC | 0x0000CD64 | 0x0000BD64 | - |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
WaitForMultipleObjects | - | 0x0040B03C | 0x0000CBC4 | 0x0000BBC4 | 0x000004F7 |
CloseHandle | - | 0x0040B040 | 0x0000CBC8 | 0x0000BBC8 | 0x00000052 |
CreateThread | - | 0x0040B044 | 0x0000CBCC | 0x0000BBCC | 0x000000B5 |
SetEvent | - | 0x0040B048 | 0x0000CBD0 | 0x0000BBD0 | 0x00000459 |
InitializeCriticalSectionAndSpinCount | - | 0x0040B04C | 0x0000CBD4 | 0x0000BBD4 | 0x000002E3 |
LeaveCriticalSection | - | 0x0040B050 | 0x0000CBD8 | 0x0000BBD8 | 0x00000339 |
EnterCriticalSection | - | 0x0040B054 | 0x0000CBDC | 0x0000BBDC | 0x000000EE |
ResetEvent | - | 0x0040B058 | 0x0000CBE0 | 0x0000BBE0 | 0x0000040F |
CreateEventW | - | 0x0040B05C | 0x0000CBE4 | 0x0000BBE4 | 0x00000085 |
DeleteCriticalSection | - | 0x0040B060 | 0x0000CBE8 | 0x0000BBE8 | 0x000000D1 |
CreateMutexW | - | 0x0040B064 | 0x0000CBEC | 0x0000BBEC | 0x0000009E |
CreateProcessW | - | 0x0040B068 | 0x0000CBF0 | 0x0000BBF0 | 0x000000A8 |
GetCurrentProcess | - | 0x0040B06C | 0x0000CBF4 | 0x0000BBF4 | 0x000001C0 |
SetHandleInformation | - | 0x0040B070 | 0x0000CBF8 | 0x0000BBF8 | 0x00000470 |
OpenProcess | - | 0x0040B074 | 0x0000CBFC | 0x0000BBFC | 0x00000380 |
GetLocaleInfoW | - | 0x0040B078 | 0x0000CC00 | 0x0000BC00 | 0x00000206 |
TerminateProcess | - | 0x0040B07C | 0x0000CC04 | 0x0000BC04 | 0x000004C0 |
OpenMutexW | - | 0x0040B080 | 0x0000CC08 | 0x0000BC08 | 0x0000037D |
GetProcAddress | - | 0x0040B084 | 0x0000CC0C | 0x0000BC0C | 0x00000245 |
Process32FirstW | - | 0x0040B088 | 0x0000CC10 | 0x0000BC10 | 0x00000396 |
GetExitCodeThread | - | 0x0040B08C | 0x0000CC14 | 0x0000BC14 | 0x000001E0 |
CreatePipe | - | 0x0040B090 | 0x0000CC18 | 0x0000BC18 | 0x000000A1 |
CreateFileW | - | 0x0040B094 | 0x0000CC1C | 0x0000BC1C | 0x0000008F |
GetModuleHandleA | - | 0x0040B098 | 0x0000CC20 | 0x0000BC20 | 0x00000215 |
CreateToolhelp32Snapshot | - | 0x0040B09C | 0x0000CC24 | 0x0000BC24 | 0x000000BE |
ReleaseMutex | - | 0x0040B0A0 | 0x0000CC28 | 0x0000BC28 | 0x000003FA |
GetVersion | - | 0x0040B0A4 | 0x0000CC2C | 0x0000BC2C | 0x000002A2 |
GetVolumeInformationW | - | 0x0040B0A8 | 0x0000CC30 | 0x0000BC30 | 0x000002A7 |
ExpandEnvironmentStringsW | - | 0x0040B0AC | 0x0000CC34 | 0x0000BC34 | 0x0000011D |
GetModuleFileNameW | - | 0x0040B0B0 | 0x0000CC38 | 0x0000BC38 | 0x00000214 |
FindClose | - | 0x0040B0B4 | 0x0000CC3C | 0x0000BC3C | 0x0000012E |
FindNextFileW | - | 0x0040B0B8 | 0x0000CC40 | 0x0000BC40 | 0x00000145 |
FindFirstFileW | - | 0x0040B0BC | 0x0000CC44 | 0x0000BC44 | 0x00000139 |
SetEndOfFile | - | 0x0040B0C0 | 0x0000CC48 | 0x0000BC48 | 0x00000453 |
SetFilePointerEx | - | 0x0040B0C4 | 0x0000CC4C | 0x0000BC4C | 0x00000467 |
GetFileAttributesW | - | 0x0040B0C8 | 0x0000CC50 | 0x0000BC50 | 0x000001EA |
ReadFile | - | 0x0040B0CC | 0x0000CC54 | 0x0000BC54 | 0x000003C0 |
GetFileSizeEx | - | 0x0040B0D0 | 0x0000CC58 | 0x0000BC58 | 0x000001F1 |
MoveFileW | - | 0x0040B0D4 | 0x0000CC5C | 0x0000BC5C | 0x00000363 |
DeleteFileW | - | 0x0040B0D8 | 0x0000CC60 | 0x0000BC60 | 0x000000D6 |
SetFileAttributesW | - | 0x0040B0DC | 0x0000CC64 | 0x0000BC64 | 0x00000461 |
IsDebuggerPresent | - | 0x0040B0E0 | 0x0000CC68 | 0x0000BC68 | 0x00000300 |
CopyFileW | - | 0x0040B0E4 | 0x0000CC6C | 0x0000BC6C | 0x00000075 |
Sleep | - | 0x0040B0E8 | 0x0000CC70 | 0x0000BC70 | 0x000004B2 |
TerminateThread | - | 0x0040B0EC | 0x0000CC74 | 0x0000BC74 | 0x000004C1 |
HeapSize | - | 0x0040B0F0 | 0x0000CC78 | 0x0000BC78 | 0x000002D4 |
WriteFile | - | 0x0040B0F4 | 0x0000CC7C | 0x0000BC7C | 0x00000525 |
GetTickCount | - | 0x0040B0F8 | 0x0000CC80 | 0x0000BC80 | 0x00000293 |
GetLogicalDrives | - | 0x0040B0FC | 0x0000CC84 | 0x0000BC84 | 0x00000209 |
GetComputerNameW | - | 0x0040B100 | 0x0000CC88 | 0x0000BC88 | 0x0000018F |
WaitForSingleObject | - | 0x0040B104 | 0x0000CC8C | 0x0000BC8C | 0x000004F9 |
LoadLibraryW | - | 0x0040B108 | 0x0000CC90 | 0x0000BC90 | 0x0000033F |
MultiByteToWideChar | - | 0x0040B10C | 0x0000CC94 | 0x0000BC94 | 0x00000367 |
RtlUnwind | - | 0x0040B110 | 0x0000CC98 | 0x0000BC98 | 0x00000418 |
Process32NextW | - | 0x0040B114 | 0x0000CC9C | 0x0000BC9C | 0x00000398 |
UnhandledExceptionFilter | - | 0x0040B118 | 0x0000CCA0 | 0x0000BCA0 | 0x000004D3 |
GetSystemTimeAsFileTime | - | 0x0040B11C | 0x0000CCA4 | 0x0000BCA4 | 0x00000279 |
GetLastError | - | 0x0040B120 | 0x0000CCA8 | 0x0000BCA8 | 0x00000202 |
HeapFree | - | 0x0040B124 | 0x0000CCAC | 0x0000BCAC | 0x000002CF |
HeapAlloc | - | 0x0040B128 | 0x0000CCB0 | 0x0000BCB0 | 0x000002CB |
HeapReAlloc | - | 0x0040B12C | 0x0000CCB4 | 0x0000BCB4 | 0x000002D2 |
GetCommandLineA | - | 0x0040B130 | 0x0000CCB8 | 0x0000BCB8 | 0x00000186 |
HeapSetInformation | - | 0x0040B134 | 0x0000CCBC | 0x0000BCBC | 0x000002D3 |
GetStartupInfoW | - | 0x0040B138 | 0x0000CCC0 | 0x0000BCC0 | 0x00000263 |
HeapCreate | - | 0x0040B13C | 0x0000CCC4 | 0x0000BCC4 | 0x000002CD |
GetModuleHandleW | - | 0x0040B140 | 0x0000CCC8 | 0x0000BCC8 | 0x00000218 |
ExitProcess | - | 0x0040B144 | 0x0000CCCC | 0x0000BCCC | 0x00000119 |
DecodePointer | - | 0x0040B148 | 0x0000CCD0 | 0x0000BCD0 | 0x000000CA |
GetStdHandle | - | 0x0040B14C | 0x0000CCD4 | 0x0000BCD4 | 0x00000264 |
EncodePointer | - | 0x0040B150 | 0x0000CCD8 | 0x0000BCD8 | 0x000000EA |
TlsAlloc | - | 0x0040B154 | 0x0000CCDC | 0x0000BCDC | 0x000004C5 |
TlsGetValue | - | 0x0040B158 | 0x0000CCE0 | 0x0000BCE0 | 0x000004C7 |
TlsSetValue | - | 0x0040B15C | 0x0000CCE4 | 0x0000BCE4 | 0x000004C8 |
TlsFree | - | 0x0040B160 | 0x0000CCE8 | 0x0000BCE8 | 0x000004C6 |
InterlockedIncrement | - | 0x0040B164 | 0x0000CCEC | 0x0000BCEC | 0x000002EF |
SetLastError | - | 0x0040B168 | 0x0000CCF0 | 0x0000BCF0 | 0x00000473 |
GetCurrentThreadId | - | 0x0040B16C | 0x0000CCF4 | 0x0000BCF4 | 0x000001C5 |
InterlockedDecrement | - | 0x0040B170 | 0x0000CCF8 | 0x0000BCF8 | 0x000002EB |
IsProcessorFeaturePresent | - | 0x0040B174 | 0x0000CCFC | 0x0000BCFC | 0x00000304 |
GetCPInfo | - | 0x0040B178 | 0x0000CD00 | 0x0000BD00 | 0x00000172 |
GetACP | - | 0x0040B17C | 0x0000CD04 | 0x0000BD04 | 0x00000168 |
GetOEMCP | - | 0x0040B180 | 0x0000CD08 | 0x0000BD08 | 0x00000237 |
IsValidCodePage | - | 0x0040B184 | 0x0000CD0C | 0x0000BD0C | 0x0000030A |
LCMapStringW | - | 0x0040B188 | 0x0000CD10 | 0x0000BD10 | 0x0000032D |
GetStringTypeW | - | 0x0040B18C | 0x0000CD14 | 0x0000BD14 | 0x00000269 |
SetUnhandledExceptionFilter | - | 0x0040B190 | 0x0000CD18 | 0x0000BD18 | 0x000004A5 |
GetModuleFileNameA | - | 0x0040B194 | 0x0000CD1C | 0x0000BD1C | 0x00000213 |
FreeEnvironmentStringsW | - | 0x0040B198 | 0x0000CD20 | 0x0000BD20 | 0x00000161 |
WideCharToMultiByte | - | 0x0040B19C | 0x0000CD24 | 0x0000BD24 | 0x00000511 |
GetEnvironmentStringsW | - | 0x0040B1A0 | 0x0000CD28 | 0x0000BD28 | 0x000001DA |
SetHandleCount | - | 0x0040B1A4 | 0x0000CD2C | 0x0000BD2C | 0x0000046F |
GetFileType | - | 0x0040B1A8 | 0x0000CD30 | 0x0000BD30 | 0x000001F3 |
QueryPerformanceCounter | - | 0x0040B1AC | 0x0000CD34 | 0x0000BD34 | 0x000003A7 |
GetCurrentProcessId | - | 0x0040B1B0 | 0x0000CD38 | 0x0000BD38 | 0x000001C1 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetShellWindow | - | 0x0040B1D0 | 0x0000CD58 | 0x0000BD58 | 0x00000179 |
GetWindowThreadProcessId | - | 0x0040B1D4 | 0x0000CD5C | 0x0000BD5C | 0x000001A4 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
DuplicateTokenEx | - | 0x0040B000 | 0x0000CB88 | 0x0000BB88 | 0x000000DF |
CryptDecrypt | - | 0x0040B004 | 0x0000CB8C | 0x0000BB8C | 0x000000B4 |
CryptDestroyKey | - | 0x0040B008 | 0x0000CB90 | 0x0000BB90 | 0x000000B7 |
CryptEncrypt | - | 0x0040B00C | 0x0000CB94 | 0x0000BB94 | 0x000000BA |
CryptImportKey | - | 0x0040B010 | 0x0000CB98 | 0x0000BB98 | 0x000000CA |
CryptGenRandom | - | 0x0040B014 | 0x0000CB9C | 0x0000BB9C | 0x000000C1 |
CryptSetKeyParam | - | 0x0040B018 | 0x0000CBA0 | 0x0000BBA0 | 0x000000CD |
CryptAcquireContextW | - | 0x0040B01C | 0x0000CBA4 | 0x0000BBA4 | 0x000000B1 |
RegSetValueExW | - | 0x0040B020 | 0x0000CBA8 | 0x0000BBA8 | 0x0000027E |
RegCloseKey | - | 0x0040B024 | 0x0000CBAC | 0x0000BBAC | 0x00000230 |
RegOpenKeyExW | - | 0x0040B028 | 0x0000CBB0 | 0x0000BBB0 | 0x00000261 |
RegQueryValueExW | - | 0x0040B02C | 0x0000CBB4 | 0x0000BBB4 | 0x0000026E |
GetTokenInformation | - | 0x0040B030 | 0x0000CBB8 | 0x0000BBB8 | 0x0000015A |
OpenProcessToken | - | 0x0040B034 | 0x0000CBBC | 0x0000BBBC | 0x000001F7 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
ShellExecuteExW | - | 0x0040B1C8 | 0x0000CD50 | 0x0000BD50 | 0x00000121 |
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|
34c1121937c35b39b654428cf3fc6b16e3e2eed03c1ccbcfc77183d1749ebadc.exe | 1 | 0x00B80000 | 0x00B94FFF | Relevant Image | 32-bit | 0x00B87445 |
...
|
||
34c1121937c35b39b654428cf3fc6b16e3e2eed03c1ccbcfc77183d1749ebadc.exe | 2 | 0x00B80000 | 0x00B94FFF | Relevant Image | 32-bit | - |
...
|
||
34c1121937c35b39b654428cf3fc6b16e3e2eed03c1ccbcfc77183d1749ebadc.exe | 1 | 0x00B80000 | 0x00B94FFF | Final Dump | 32-bit | 0x00B85165 |
...
|
||
34c1121937c35b39b654428cf3fc6b16e3e2eed03c1ccbcfc77183d1749ebadc.exe | 2 | 0x00B80000 | 0x00B94FFF | Final Dump | 32-bit | 0x00B88174 |
...
|
||
34c1121937c35b39b654428cf3fc6b16e3e2eed03c1ccbcfc77183d1749ebadc.exe | 12 | 0x01150000 | 0x01164FFF | Relevant Image | 32-bit | 0x01157445 |
...
|
||
34c1121937c35b39b654428cf3fc6b16e3e2eed03c1ccbcfc77183d1749ebadc.exe | 11 | 0x00AD0000 | 0x00AE4FFF | Relevant Image | 32-bit | 0x00AD7445 |
...
|
||
34c1121937c35b39b654428cf3fc6b16e3e2eed03c1ccbcfc77183d1749ebadc.exe | 10 | 0x00AD0000 | 0x00AE4FFF | Relevant Image | 32-bit | 0x00AD1FFE |
...
|
||
34c1121937c35b39b654428cf3fc6b16e3e2eed03c1ccbcfc77183d1749ebadc.exe | 13 | 0x003B0000 | 0x003C4FFF | Relevant Image | 32-bit | 0x003B7445 |
...
|
||
34c1121937c35b39b654428cf3fc6b16e3e2eed03c1ccbcfc77183d1749ebadc.exe | 12 | 0x01150000 | 0x01164FFF | Process Termination | 32-bit | - |
...
|
||
34c1121937c35b39b654428cf3fc6b16e3e2eed03c1ccbcfc77183d1749ebadc.exe | 13 | 0x003B0000 | 0x003C4FFF | Process Termination | 32-bit | - |
...
|
||
34c1121937c35b39b654428cf3fc6b16e3e2eed03c1ccbcfc77183d1749ebadc.exe | 11 | 0x00AD0000 | 0x00AE4FFF | Process Termination | 32-bit | - |
...
|
||
34c1121937c35b39b654428cf3fc6b16e3e2eed03c1ccbcfc77183d1749ebadc.exe | 14 | 0x00AD0000 | 0x00AE4FFF | Relevant Image | 32-bit | 0x00AD129D |
...
|
||
34c1121937c35b39b654428cf3fc6b16e3e2eed03c1ccbcfc77183d1749ebadc.exe | 10 | 0x00AD0000 | 0x00AE4FFF | Final Dump | 32-bit | - |
...
|
||
34c1121937c35b39b654428cf3fc6b16e3e2eed03c1ccbcfc77183d1749ebadc.exe | 14 | 0x00AD0000 | 0x00AE4FFF | Final Dump | 32-bit | - |
...
|
\\?\C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\osetup.dll.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ProPsWW.cab.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ProPsWW2.cab.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.msi.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
c:\msocache\all users\{90160000-001b-0409-0000-0000000ff1ce}-c\wordlr.cab.id[8443a5af-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0018-0409-0000-0000000FF1CE}-C\PptLR.cab.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
c:\msocache\all users\{90160000-0016-0409-0000-0000000ff1ce}-c\excellr.cab.id[8443a5af-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
c:\msocache\all users\{90160000-001a-0409-0000-0000000ff1ce}-c\outlklr.cab.id[8443a5af-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\Office64WW.msi.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
c:\msocache\all users\{90160000-001a-0409-0000-0000000ff1ce}-c\outlookmui.msi.id[8443a5af-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.msi.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
c:\msocache\all users\{90160000-001b-0409-0000-0000000ff1ce}-c\wordmui.msi.id[8443a5af-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.msi.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.msi.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\PidGenX.dll.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.dll.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\branding.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\branding.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ose.exe.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Java\jre1.8.0_171\THIRDPARTYLICENSEREADME.txt.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Java\jre1.8.0_171\THIRDPARTYLICENSEREADME-JAVAFX.txt.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Java\jre1.8.0_171\lib\tzdb.dat.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\setup.chm.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Common Files\EycKgld_uIVGhuCKmRk2.png.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Boot\BOOTSTAT.DAT.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Common Files\o9nleU.bmp.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Common Files\PXzWVbDzjHOIV50.png.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\Setup.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Java\jre1.8.0_171\lib\deploy\splash@2x.gif.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\pss10r.chm.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Java\jre1.8.0_171\lib\deploy\ffjcext.zip.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Java\jre1.8.0_171\lib\deploy\splash_11@2x-lic.gif.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Java\jre1.8.0_171\lib\deploy\splash.gif.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\Setup.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\BOOTSECT.BAK.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Java\jre1.8.0_171\lib\deploy\splash_11-lic.gif.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-002C-0409-0000-0000000FF1CE}-C\Setup.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\OfficeMUI.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Java\jre1.8.0_171\lib\jvm.hprof.txt.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-001A-0409-0000-0000000FF1CE}-C\Setup.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Microsoft Office\Office16\1033\officeinventoryagentfallback.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Microsoft Office\Office16\1033\officeinventoryagentlogon.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0116-0409-1000-0000000FF1CE}-C\Setup.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-001A-0409-0000-0000000FF1CE}-C\OutlookMUI.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-001B-0409-0000-0000000FF1CE}-C\Setup.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0117-0409-0000-0000000FF1CE}-C\Setup.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0016-0409-0000-0000000FF1CE}-C\Setup.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-00E2-0409-0000-0000000FF1CE}-C\Setup.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-00A1-0409-0000-0000000FF1CE}-C\Setup.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-001B-0409-0000-0000000FF1CE}-C\WordMUI.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0018-0409-0000-0000000FF1CE}-C\Setup.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-00E1-0409-0000-0000000FF1CE}-C\Setup.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0116-0409-1000-0000000FF1CE}-C\Office64MUI.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0090-0409-0000-0000000FF1CE}-C\Setup.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-00A1-0409-0000-0000000FF1CE}-C\OneNoteMUI.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0019-0409-0000-0000000FF1CE}-C\Setup.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0044-0409-0000-0000000FF1CE}-C\Setup.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-012B-0409-0000-0000000FF1CE}-C\Setup.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-00BA-0409-0000-0000000FF1CE}-C\Setup.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-00E2-0409-0000-0000000FF1CE}-C\OSMUXMUI.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Java\jre1.8.0_171\bin\server\Xusage.txt.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0044-0409-0000-0000000FF1CE}-C\InfoPathMUI.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-012B-0409-0000-0000000FF1CE}-C\LyncMUI.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0090-0409-0000-0000000FF1CE}-C\DCFMUI.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-00BA-0409-0000-0000000FF1CE}-C\GrooveMUI.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-00E1-0409-0000-0000000FF1CE}-C\OSMMUI.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0116-0409-1000-0000000FF1CE}-C\Office64MUISet.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\OfficeMUISet.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-0117-0409-0000-0000000FF1CE}-C\AccessMUISet.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\MSOCache\All Users\{90160000-002C-0409-0000-0000000FF1CE}-C\Proofing.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Java\jre1.8.0_171\Welcome.html.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Microsoft Office\Office16\OneNote\SendToOneNote-PipelineConfig.xml.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Microsoft Office\Office16\OneNote\SendToOneNote-manifest.ini.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Java\jre1.8.0_171\lib\images\cursors\win32_LinkDrop32x32.gif.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Java\jre1.8.0_171\lib\images\cursors\win32_CopyNoDrop32x32.gif.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Java\jre1.8.0_171\lib\images\cursors\win32_LinkNoDrop32x32.gif.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Java\jre1.8.0_171\lib\images\cursors\win32_CopyDrop32x32.gif.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Java\jre1.8.0_171\lib\images\cursors\win32_MoveNoDrop32x32.gif.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Java\jre1.8.0_171\lib\images\cursors\win32_MoveDrop32x32.gif.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Java\jre1.8.0_171\lib\images\cursors\invalid32x32.gif.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\desktop.ini.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Microsoft Office\Office16\1033\Mso Example Intl Setup File A.txt.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Microsoft Office\Office16\1033\Mso Example Intl Setup File B.txt.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\$Recycle.Bin\S-1-5-21-4219442223-4223814209-3835049652-1000\desktop.ini.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Microsoft Office\Office16\OneNote\SendToOneNote.ini.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Microsoft Office\Office16\Mso Example Setup File A.txt.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Java\jre1.8.0_171\README.txt.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Stream |
Clean
|
...
|
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE16\Cultures\OFFICE.ODF.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Empty |
Clean
|
...
|
c:\wkssvc | Dropped File | Empty |
Clean
|
...
|
\\?\C:\Program Files\Common Files\Microsoft Shared\OFFICE16\Cultures\OFFICE.ODF | Dropped File | Empty |
Clean
|
...
|
\\?\C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\DataModel\Cartridges\orcl7.xsl.id[8443A5AF-2250].[wewillhelpyou@qq.com].adage | Dropped File | Empty |
Clean
|
...
|