5373b467...9724 | VMRay Analyzer Report
Try VMRay Analyzer
VTI SCORE: 98/100
Dynamic Analysis Report
Classification: Ransomware

VMRay Threat Indicators (16 rules, 1152 matches)

Severity Category Operation Count Classification
4/5
Masquerade Uses a double file extension 489 -
  • File "c:\program files\java\jre1.8.0_144\bin\server\xusage.txt.exe" has a double file extension.
  • File "c:\program files\java\jre1.8.0_144\lib\jvm.hprof.txt.exe" has a double file extension.
  • File "c:\program files\java\jre1.8.0_144\readme.txt.exe" has a double file extension.
  • File "c:\program files\java\jre1.8.0_144\thirdpartylicensereadme-javafx.txt.exe" has a double file extension.
  • File "c:\program files\java\jre1.8.0_144\thirdpartylicensereadme.txt.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0099145.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0099147.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0099148.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0099150.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0099152.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0099154.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0099155.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0099156.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0099157.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0099160.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0099161.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0099162.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0099165.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0099166.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0099167.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0099168.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0099185.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0099186.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0099187.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0099188.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0099189.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0099190.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0099191.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0144773.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0145168.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0145212.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0145272.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0145361.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0145373.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0145669.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0145707.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0145810.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0145879.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0145895.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0145904.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0146142.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0148309.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0148757.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0148798.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0149018.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0149118.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0164153.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0174952.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0175361.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0175428.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0177257.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0177806.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0178348.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0178459.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0178460.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0178523.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0178632.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0178639.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0178932.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0179963.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0182689.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0202045.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0216112.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0216153.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0227419.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0227558.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0287641.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0287642.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0287643.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0287644.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0287645.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0289430.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0309480.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0309567.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0309585.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0309598.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0309664.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0309705.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0313896.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0313965.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0313970.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0313974.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0314068.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0315580.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0315612.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0321179.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0337280.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0341328.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0341344.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0341439.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0341447.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0341448.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0341455.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0341475.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0341499.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0341534.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0341551.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0341554.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0341557.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0341559.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0341561.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0341634.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0341636.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0341645.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0341653.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0341654.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0341738.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0341742.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0382836.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0382925.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0382926.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0382927.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0382930.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0382931.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0382938.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0382939.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0382942.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0382944.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0382947.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0382948.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0382950.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0382952.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0382954.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0382955.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0382957.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0382958.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0382959.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0382960.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0382961.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0382962.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0382963.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0382965.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0382966.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0382967.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0382968.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0382969.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0382970.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0384862.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0384885.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0384888.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0384895.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0384900.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0386120.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0386267.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0386270.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0386485.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0386764.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0387337.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0387578.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0387591.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0387604.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0387882.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0387895.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\j0390072.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\ph01046j.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\ph01179j.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\ph01213k.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\ph01221k.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\ph01239k.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\ph01931j.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\ph02028k.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\ph02053j.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\ph02069j.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\ph02412k.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\ph02567j.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\ph02759j.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\ph02810j.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\ph02829j.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\ph02897j.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\ph03041i.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\ph03143i.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\ph03205i.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\ph03224i.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\ph03379i.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\ph03380i.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\clipart\pub60cor\ph03425i.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\fre\startmenu_win10.mp4.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\fre\startmenu_win10_rtl.mp4.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\fre\startmenu_win8.mp4.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\fre\startmenu_win8_rtl.mp4.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\1033\prottpln.doc.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\1033\prottplv.doc.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\configuration\card_expiration_terms_dict.txt.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\configuration\card_security_terms_dict.txt.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\configuration\card_terms_dict.txt.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\configuration\ssn_high_group_info.txt.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\toolbmps\datalisticonimages.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\toolbmps\grip.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\toolbmps\informationicon.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\toolbmps\logindialogbackground.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\toolbmps\logintool24x24images.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\toolbmps\messageattachmenticonimages.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\toolbmps\messagehistoryiconimages.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\toolbmps\notifierbackground.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\toolbmps\notifierbackgroundrtl.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\toolbmps\notifierclosebutton.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\toolbmps\notifierdisabledownarrow.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\toolbmps\notifierdisableuparrow.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\toolbmps\notifierdownarrow.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\toolbmps\notifieruparrow.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\toolbmps\outofsynciconimages.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\toolbmps\questionicon.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\toolbmps\shared16x16images.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\toolbmps\shared24x24images.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\toolbmps\stopicon.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\toolbmps\tipsimage.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\toolbmps\verisignlogo.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\tooldata\groove.net\commondata\alertimage_auto.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\tooldata\groove.net\commondata\alertimage_contacthigh.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\tooldata\groove.net\commondata\alertimage_contactlow.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\tooldata\groove.net\commondata\alertimage_filehigh.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\tooldata\groove.net\commondata\alertimage_fileoff.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\tooldata\groove.net\commondata\alertimage_high.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\tooldata\groove.net\commondata\alertimage_medium.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\tooldata\groove.net\commondata\alertimage_off.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\tooldata\groove.net\commondata\commsincomingimage.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\tooldata\groove.net\commondata\commsincomingimagesmall.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\tooldata\groove.net\commondata\commsoutgoingimage.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\tooldata\groove.net\commondata\commsoutgoingimagesmall.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\tooldata\groove.net\commondata\messageboxiconimages.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\tooldata\groove.net\commondata\unreadicon.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\tooldata\groove.net\commondata\unreadiconimages.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\groove\tooldata\groove.net\computers\computericon.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\lync2013_third_party_notices.txt.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\visio content\1033\bldgplan.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\office16\visio content\1033\orgdata.txt.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\stationery\1033\notebook.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\stationery\1033\pinelumb.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\stationery\1033\seamarbl.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\grphflt\ms.jpg.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\smart tag\metconv.txt.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\dcf\accessmessagedismissal.txt.exe" has a double file extension.
  • File "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\dcf\excelmessagedismissal.txt.exe" has a double file extension.
  • File "c:\program files\unp\campaignmanager\campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\content1\resources\picture2_80.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\1494870c-9912-c184-4cc9-b401-a53f4d8de290.pdf.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\acrocef\copying.lgplv2.1.txt.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\acrocef\license.txt.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\click on 'change' to select default pdf handler.pdf.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\idtemplates\enu\adobeid.pdf.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\idtemplates\enu\defaultid.pdf.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\pdfsigqformalrep.pdf.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\plug_ins\annotations\stamps\enu\dynamic.pdf.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\plug_ins\annotations\stamps\enu\signhere.pdf.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\plug_ins\annotations\stamps\enu\standardbusiness.pdf.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\plug_ins\annotations\stamps\words.pdf.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\combine_poster.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\combine_poster2x.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\compare_poster.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\compare_poster2x.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\edit_pdf_poster.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\edit_pdf_poster2x.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\optimize_poster.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\optimize_poster2x.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\organize_poster.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\organize_poster2x-dark.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\organize_poster2x.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\protect_poster.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\protect_poster2x.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\redact_poster.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\redact_poster2x.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\scan_poster.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\scan_poster2x.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\themes\dark\combine_poster.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\themes\dark\combine_poster2x.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\themes\dark\compare_poster.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\themes\dark\compare_poster2x.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\themes\dark\edit_pdf_poster.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\themes\dark\edit_pdf_poster2x.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\themes\dark\optimize_poster.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\themes\dark\optimize_poster2x.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\themes\dark\organize_poster.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\themes\dark\organize_poster2x.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\themes\dark\protect_poster.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\themes\dark\protect_poster2x.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\themes\dark\redact_poster.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\themes\dark\redact_poster2x.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\themes\dark\scan_poster.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\themes\dark\scan_poster2x.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\sample-files\assets\sample files\adobe sign white paper.pdf.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\sample-files\assets\sample files\document cloud for government.pdf.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\sample-files\assets\sample files\travelocity.pdf.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\tracked-send\images\email\dummy\adobe-old-logo.jpg.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\reader\welcome.pdf.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\resource\enutxt.pdf.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\adobe\symbol.txt.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\adobe\zdingbat.txt.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\mac\centeuro.txt.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\mac\corpchar.txt.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\mac\croatian.txt.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\mac\cyrillic.txt.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\mac\greek.txt.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\mac\iceland.txt.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\mac\roman.txt.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\mac\romanian.txt.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\mac\symbol.txt.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\mac\turkish.txt.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\mac\ukraine.txt.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\win\cp1250.txt.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\win\cp1251.txt.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\win\cp1252.txt.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\win\cp1253.txt.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\win\cp1254.txt.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\win\cp1257.txt.exe" has a double file extension.
  • File "c:\program files (x86)\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\win\cp1258.txt.exe" has a double file extension.
  • File "c:\program files (x86)\common files\adobe\reader\dc\linguistics\languagenames2\displaylanguagenames.en_ca.txt.exe" has a double file extension.
  • File "c:\program files (x86)\common files\adobe\reader\dc\linguistics\languagenames2\displaylanguagenames.en_gb.txt.exe" has a double file extension.
  • File "c:\program files (x86)\common files\adobe\reader\dc\linguistics\languagenames2\displaylanguagenames.en_gb_euro.txt.exe" has a double file extension.
  • File "c:\program files (x86)\common files\adobe\reader\dc\linguistics\languagenames2\displaylanguagenames.en_us.txt.exe" has a double file extension.
  • File "c:\program files (x86)\common files\adobe\reader\dc\linguistics\languagenames2\displaylanguagenames.en_us_posix.txt.exe" has a double file extension.
  • File "c:\program files (x86)\common files\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\abbreviations\en_ca\list.txt.exe" has a double file extension.
  • File "c:\program files (x86)\common files\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\abbreviations\en_gb\list.txt.exe" has a double file extension.
  • File "c:\program files (x86)\common files\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\abbreviations\en_us\list.txt.exe" has a double file extension.
  • File "c:\program files (x86)\common files\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\dictionaries\en_ca\readme_en_ca.txt.exe" has a double file extension.
  • File "c:\program files (x86)\common files\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\dictionaries\en_ca\readme_th_en_ca_v2.txt.exe" has a double file extension.
  • File "c:\program files (x86)\common files\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\dictionaries\en_gb\affdescription.txt.exe" has a double file extension.
  • File "c:\program files (x86)\common files\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\dictionaries\en_gb\changelog.txt.exe" has a double file extension.
  • File "c:\program files (x86)\common files\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\dictionaries\en_gb\license.txt.exe" has a double file extension.
  • File "c:\program files (x86)\common files\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\dictionaries\en_gb\readme.txt.exe" has a double file extension.
  • File "c:\program files (x86)\common files\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\dictionaries\en_gb\readme_en_gb.txt.exe" has a double file extension.
  • File "c:\program files (x86)\common files\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\dictionaries\en_gb\wordnet_license.txt.exe" has a double file extension.
  • File "c:\program files (x86)\common files\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\dictionaries\en_us\readme_en_us.txt.exe" has a double file extension.
  • File "c:\program files (x86)\common files\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\supplementaldictionaries\en_ca\added.txt.exe" has a double file extension.
  • File "c:\program files (x86)\common files\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\supplementaldictionaries\en_ca\excluded.txt.exe" has a double file extension.
  • File "c:\program files (x86)\common files\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\supplementaldictionaries\en_gb\added.txt.exe" has a double file extension.
  • File "c:\program files (x86)\common files\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\supplementaldictionaries\en_gb\excluded.txt.exe" has a double file extension.
  • File "c:\program files (x86)\common files\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\supplementaldictionaries\en_us\added.txt.exe" has a double file extension.
  • File "c:\program files (x86)\common files\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\supplementaldictionaries\en_us\excluded.txt.exe" has a double file extension.
  • File "c:\programdata\microsoft\windows defender\network inspection system\support\nislog.txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\microsoft\internet explorer\brndlog.txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\microsoft\onedrive\17.3.6816.0313_1\thirdpartynotices.txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\microsoft\onedrive\17.3.7131.1115\thirdpartynotices.txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\microsoft\onedrive\17.3.7294.0108\thirdpartynotices.txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\microsoft\windows\notifications\wpnidm\353d8595.jpg.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\microsoft\windows\notifications\wpnidm\ca910921.jpg.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.microsoftedge_8wekyb3d8bbwe\ac\#!001\microsoftedge\cookies\fe83wyz0.txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.microsoftedge_8wekyb3d8bbwe\ac\#!001\microsoftedge\cookies\k7rpyyp8.txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.microsoftedge_8wekyb3d8bbwe\ac\#!001\microsoftedge\cookies\la7bup1e.txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.microsoftedge_8wekyb3d8bbwe\ac\#!001\microsoftedge\cookies\nbljvim8.txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.microsoftedge_8wekyb3d8bbwe\ac\#!001\microsoftedge\cookies\odued5iu.txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.microsoftedge_8wekyb3d8bbwe\ac\#!001\microsoftedge\cookies\s7q1eh8y.txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.microsoftedge_8wekyb3d8bbwe\ac\#!001\microsoftedge\cookies\uz3q0402.txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.microsoftedge_8wekyb3d8bbwe\ac\#!002\microsoftedge\cookies\afiogffu.txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\ie77eect\4\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_10[1].txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\ie77eect\4\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_11[1].txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\ie77eect\4\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_12[1].txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\ie77eect\4\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_13[1].txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\ie77eect\4\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_14[1].txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\ie77eect\4\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_15[1].txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\ie77eect\4\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_16[1].txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\ie77eect\4\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_17[1].txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\ie77eect\4\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_18[1].txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\ie77eect\4\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_19[1].txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\ie77eect\4\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_20[1].txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\ie77eect\4\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_2[1].txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\ie77eect\4\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_3[1].txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\ie77eect\4\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_4[1].txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\ie77eect\4\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_5[1].txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\ie77eect\4\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_6[1].txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\ie77eect\4\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_7[1].txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\ie77eect\4\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_8[1].txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\ac\appcache\ie77eect\4\c__windows_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_cache_desktop_9[1].txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\apps_{c688b2f4-b87a-41d7-ad85-f18c82dab793}\0.0.filtertrie.intermediate.txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\apps_{eeadb6e1-358f-425e-ad62-9fd7c271f1c8}\0.0.filtertrie.intermediate.txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\apps_{f1570acd-4e55-4c06-9654-bc576225a4c1}\0.0.filtertrie.intermediate.txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\input_{ecd52277-de32-43d5-8c62-58de1116f72e}\appsconversions.txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\input_{ecd52277-de32-43d5-8c62-58de1116f72e}\appsglobals.txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\input_{ecd52277-de32-43d5-8c62-58de1116f72e}\appssynonyms.txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\input_{ecd52277-de32-43d5-8c62-58de1116f72e}\settingsconversions.txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\input_{ecd52277-de32-43d5-8c62-58de1116f72e}\settingsglobals.txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\input_{ecd52277-de32-43d5-8c62-58de1116f72e}\settingssynonyms.txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\settings_{26159dcd-00b6-4881-a91c-092cd378d482}\0.0.filtertrie.intermediate.txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\0.0.filtertrie.intermediate.txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\devicesearchcache\appcache131509115860744759.txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\devicesearchcache\settingscache.txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\temp\-_kcri.mp3.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\temp\1e5_oxjuxe_ea1.mkv.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\temp\3kcmvy.mp4.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\temp\6k6kmloo.mp3.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\temp\6q71_loyqr4k7_.jpg.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\temp\afyfn_kjxunwa3.mp3.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\temp\c4kfxh.mp3.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\temp\clwwwad1s24qm4.jpg.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\temp\diinym-ij6gv.mp3.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\local\temp\gedk3uyglax.jpg.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\roaming\9uyv4y.mkv.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\roaming\9xms3i0qdrq_zlbj0.mp4.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\roaming\ewejnzd.mp3.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\roaming\ewselzc.jpg.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\roaming\juzjvbgrnrynhlib6kj0.mp4.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\roaming\knu66e4ps.mp4.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\roaming\lviopc6trry.jpg.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\roaming\microsoft\windows\powershell\psreadline\consolehost_history.txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\roaming\microsoft\windows\themes\cachedfiles\cachedimage_1440_900_pos4.jpg.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\roaming\mozilla\firefox\profiles\w7cr0hor.default\gmp-widevinecdm\1.4.8.903\license.txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\roaming\mozilla\firefox\profiles\w7cr0hor.default\sitesecurityservicestate.txt.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\roaming\reuxuvqbw-mt.mp3.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\roaming\rwn3ah.mkv.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\roaming\vbub.mp3.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\roaming\xp3bosg.doc.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\roaming\y47wkbjpf pm.mkv.exe" has a double file extension.
  • File "c:\users\fd1hvy\appdata\roaming\yfjke_hsralrx4ns.mp4.exe" has a double file extension.
  • File "c:\users\fd1hvy\desktop\3r6uauwh.doc.exe" has a double file extension.
  • File "c:\users\fd1hvy\desktop\6acx.jpg.exe" has a double file extension.
  • File "c:\users\fd1hvy\desktop\btbl\jofil.docx.exe" has a double file extension.
  • File "c:\users\fd1hvy\desktop\df2qngky77_f-tgqq_md.mp4.exe" has a double file extension.
  • File "c:\users\fd1hvy\desktop\hy2xz39.jpg.exe" has a double file extension.
  • File "c:\users\fd1hvy\desktop\rowlu7iplb1ovghutp-y.jpg.exe" has a double file extension.
  • File "c:\users\fd1hvy\desktop\t rxzyxicupwq.docx.exe" has a double file extension.
  • File "c:\users\fd1hvy\desktop\wtb_gtmorp6jli.mp3.exe" has a double file extension.
  • File "c:\users\fd1hvy\desktop\zqeanlgtx-l-frczsl0.pdf.exe" has a double file extension.
  • File "c:\users\fd1hvy\documents\8s0qxa fr.doc.exe" has a double file extension.
  • File "c:\users\fd1hvy\documents\bj5lap_jflplceloebpz.docx.exe" has a double file extension.
  • File "c:\users\fd1hvy\documents\fwr 8bkk.docx.exe" has a double file extension.
  • File "c:\users\fd1hvy\documents\ihfersxvwi9oz.docx.exe" has a double file extension.
  • File "c:\users\fd1hvy\documents\kwaavgn.docx.exe" has a double file extension.
  • File "c:\users\fd1hvy\documents\ooy2udpovdhwl7.doc.exe" has a double file extension.
  • File "c:\users\fd1hvy\documents\pgomyt8t.docx.exe" has a double file extension.
  • File "c:\users\fd1hvy\documents\qpizcmo4jw5wvjmvbpxm.docx.exe" has a double file extension.
  • File "c:\users\fd1hvy\documents\vypxfmv5yhixx\gbene4jh75orzb.pdf.exe" has a double file extension.
  • File "c:\users\fd1hvy\documents\vypxfmv5yhixx\gczgdx7uicsd5.pdf.exe" has a double file extension.
  • File "c:\users\fd1hvy\documents\vypxfmv5yhixx\h64l1qh5qcmfr\xgfx9ymiajhx.doc.exe" has a double file extension.
  • File "c:\users\fd1hvy\documents\vypxfmv5yhixx\iht5qwf\attm7\bk34qyv22.docx.exe" has a double file extension.
  • File "c:\users\fd1hvy\documents\vypxfmv5yhixx\iht5qwf\attm7\hhxww_.docx.exe" has a double file extension.
  • File "c:\users\fd1hvy\documents\vypxfmv5yhixx\iht5qwf\uznm2xfet igose\4pzum3e9fk3ku9v.pdf.exe" has a double file extension.
  • File "c:\users\fd1hvy\documents\zytnatjd-bn8\8cfetdc_9v.docx.exe" has a double file extension.
  • File "c:\users\fd1hvy\documents\zytnatjd-bn8\v-aprqmkiyoz77f2xkd.docx.exe" has a double file extension.
  • File "c:\users\fd1hvy\music\hi_g ubibbkjtun\6rbihn\cxfyh86mjhv.mp3.exe" has a double file extension.
  • File "c:\users\fd1hvy\music\hi_g ubibbkjtun\6rbihn\iki1h4n.mp3.exe" has a double file extension.
  • File "c:\users\fd1hvy\music\hi_g ubibbkjtun\atfjccbxw9fwwxl.mp3.exe" has a double file extension.
  • File "c:\users\fd1hvy\music\hi_g ubibbkjtun\kpfqz\a5zvqwsnbnnbrazsk7f.mp3.exe" has a double file extension.
  • File "c:\users\fd1hvy\music\hi_g ubibbkjtun\kpfqz\l_y2qnb bnu\1tr1f0d.mp3.exe" has a double file extension.
  • File "c:\users\fd1hvy\music\hi_g ubibbkjtun\kpfqz\l_y2qnb bnu\crw40m8cla9-zahf4.mp3.exe" has a double file extension.
  • File "c:\users\fd1hvy\music\hi_g ubibbkjtun\kpfqz\l_y2qnb bnu\h2ccq3i510tjh.mp3.exe" has a double file extension.
  • File "c:\users\fd1hvy\music\hi_g ubibbkjtun\o9aiejfo6wjhyd3.mp3.exe" has a double file extension.
  • File "c:\users\fd1hvy\music\hi_g ubibbkjtun\xnechqbxwen0mja7ol.mp3.exe" has a double file extension.
  • File "c:\users\fd1hvy\music\q1uiw\o7e663suph6npdoilib\m11_tz0zsxbeatjo.mp3.exe" has a double file extension.
  • File "c:\users\fd1hvy\music\q1uiw\o7e663suph6npdoilib\qi2uz.mp3.exe" has a double file extension.
  • File "c:\users\fd1hvy\music\q1uiw\o7e663suph6npdoilib\qnrzp0ve\4-5qzenba.mp3.exe" has a double file extension.
  • File "c:\users\fd1hvy\music\q1uiw\o7e663suph6npdoilib\qnrzp0ve\xmn yr.mp3.exe" has a double file extension.
  • File "c:\users\fd1hvy\music\qwy-xtto.mp3.exe" has a double file extension.
  • File "c:\users\fd1hvy\pictures\8ohl_6.jpg.exe" has a double file extension.
  • File "c:\users\fd1hvy\pictures\9w6liecl.jpg.exe" has a double file extension.
  • File "c:\users\fd1hvy\pictures\cofmpoe6epauu.jpg.exe" has a double file extension.
  • File "c:\users\fd1hvy\pictures\dcy2ydal.jpg.exe" has a double file extension.
  • File "c:\users\fd1hvy\pictures\fwoit zvw.jpg.exe" has a double file extension.
  • File "c:\users\fd1hvy\pictures\gkxakza.jpg.exe" has a double file extension.
  • File "c:\users\fd1hvy\pictures\lexzmgb.jpg.exe" has a double file extension.
  • File "c:\users\fd1hvy\pictures\oqnitw9zaccsfr.jpg.exe" has a double file extension.
  • File "c:\users\fd1hvy\pictures\oxu1omwwmsivsh.jpg.exe" has a double file extension.
  • File "c:\users\fd1hvy\pictures\pmupj.jpg.exe" has a double file extension.
  • File "c:\users\fd1hvy\pictures\s pkp9uyqrdf0s3wlpx.jpg.exe" has a double file extension.
  • File "c:\users\fd1hvy\pictures\tm7x0zwsrnwhit.jpg.exe" has a double file extension.
  • File "c:\users\fd1hvy\pictures\umcvkil7.jpg.exe" has a double file extension.
  • File "c:\users\fd1hvy\videos\8ufcg-haitpskjzq\gdjs6tvn1vcfeq\nrn-gwg -l94.mp4.exe" has a double file extension.
  • File "c:\users\fd1hvy\videos\8ufcg-haitpskjzq\gdjs6tvn1vcfeq\x6zlfcxo6nge6pp.mkv.exe" has a double file extension.
  • File "c:\users\fd1hvy\videos\8ufcg-haitpskjzq\gdjs6tvn1vcfeq\zxtcheoyb4wnbapqxi.mp4.exe" has a double file extension.
  • File "c:\users\fd1hvy\videos\8ufcg-haitpskjzq\vxbxx0\eistck.mp4.exe" has a double file extension.
  • File "c:\users\fd1hvy\videos\8ufcg-haitpskjzq\vxbxx0\et0hgnacrwv\tuk9lttchnjt.mp4.exe" has a double file extension.
  • File "c:\users\fd1hvy\videos\8ufcg-haitpskjzq\vxbxx0\f-diy.mp4.exe" has a double file extension.
  • File "c:\users\fd1hvy\videos\8ufcg-haitpskjzq\vxbxx0\sazdzm-q7tza.mp4.exe" has a double file extension.
  • File "c:\users\fd1hvy\videos\enlrxss klpa\38rwbzbr0qck1.mkv.exe" has a double file extension.
  • File "c:\users\fd1hvy\videos\enlrxss klpa\if_jicrh47quwf3u 6ml.mkv.exe" has a double file extension.
  • File "c:\users\fd1hvy\videos\enlrxss klpa\pz7n.mp4.exe" has a double file extension.
  • File "c:\users\fd1hvy\videos\ljbiz.mkv.exe" has a double file extension.
  • File "c:\windows\microsoft.net\framework\v2.0.50727\asp.netwebadminfiles\images\aspdotnet_logo.jpg.exe" has a double file extension.
  • File "c:\windows\microsoft.net\framework\v2.0.50727\asp.netwebadminfiles\images\darkblue_grad.jpg.exe" has a double file extension.
  • File "c:\windows\microsoft.net\framework\v2.0.50727\asp.netwebadminfiles\images\help.jpg.exe" has a double file extension.
  • File "c:\windows\microsoft.net\framework\v2.0.50727\asp.netwebadminfiles\images\security_watermark.jpg.exe" has a double file extension.
  • File "c:\windows\microsoft.net\framework\v2.0.50727\asp.netwebadminfiles\images\topgradrepeat.jpg.exe" has a double file extension.
  • File "c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\aspdotnet_logo.jpg.exe" has a double file extension.
  • File "c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\darkblue_grad.jpg.exe" has a double file extension.
  • File "c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\help.jpg.exe" has a double file extension.
  • File "c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\security_watermark.jpg.exe" has a double file extension.
  • File "c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\topgradrepeat.jpg.exe" has a double file extension.
  • File "c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\images\aspdotnet_logo.jpg.exe" has a double file extension.
  • File "c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\images\darkblue_grad.jpg.exe" has a double file extension.
  • File "c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\images\help.jpg.exe" has a double file extension.
  • File "c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\images\security_watermark.jpg.exe" has a double file extension.
  • File "c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\images\topgradrepeat.jpg.exe" has a double file extension.
  • File "c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\images\aspdotnet_logo.jpg.exe" has a double file extension.
  • File "c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\images\darkblue_grad.jpg.exe" has a double file extension.
  • File "c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\images\help.jpg.exe" has a double file extension.
  • File "c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\images\security_watermark.jpg.exe" has a double file extension.
  • File "c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\images\topgradrepeat.jpg.exe" has a double file extension.
  • File "c:\windows10upgrade\resources\amd64\hwcompat.txt.exe" has a double file extension.
  • File "c:\windows10upgrade\resources\amd64\hwexclude.txt.exe" has a double file extension.
  • File "c:\windows10upgrade\resources\hwcompatshared.txt.exe" has a double file extension.
  • File "c:\windows10upgrade\resources\i386\hwcompat.txt.exe" has a double file extension.
  • File "c:\windows10upgrade\resources\i386\hwexclude.txt.exe" has a double file extension.
4/5
File System Renames user files 1 Ransomware
  • Renames multiple user files. This is an indicator for an encryption attempt.
4/5
File System Modifies content of user files 1 Ransomware
  • Modifies the content of multiple user files. This is an indicator for an encryption attempt.
3/5
Hide Tracks Creates file(s) in the .NET assembly directory to hide them from Windows Explorer 19 -
  • Hides file "how-to-decrypt-files.htm" in "c:\windows\assembly\gac\adodb\7.0.3300.0__b03f5f7f11d50a3a".
  • Hides file "how-to-decrypt-files.htm" in "c:\windows\assembly\gac\extensibility\7.0.3300.0__b03f5f7f11d50a3a".
  • Hides file "how-to-decrypt-files.htm" in "c:\windows\assembly\gac\microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a".
  • Hides file "how-to-decrypt-files.htm" in "c:\windows\assembly\gac\microsoft.stdformat\7.0.3300.0__b03f5f7f11d50a3a".
  • Hides file "how-to-decrypt-files.htm" in "c:\windows\assembly\gac\mscomctl\10.0.4504.0__31bf3856ad364e35".
  • Hides file "how-to-decrypt-files.htm" in "c:\windows\assembly\gac\msdatasrc\7.0.3300.0__b03f5f7f11d50a3a".
  • Hides file "how-to-decrypt-files.htm" in "c:\windows\assembly\gac\stdole\7.0.3300.0__b03f5f7f11d50a3a".
  • Hides file "how-to-decrypt-files.htm" in "c:\windows\assembly\gac_32\custommarshalers\2.0.0.0__b03f5f7f11d50a3a".
  • Hides file "how-to-decrypt-files.htm" in "c:\windows\assembly\gac_32\isymwrapper\2.0.0.0__b03f5f7f11d50a3a".
  • Hides file "how-to-decrypt-files.htm" in "c:\windows\assembly\gac_32\microsoft.ink\6.1.0.0__31bf3856ad364e35".
  • Hides file "how-to-decrypt-files.htm" in "c:\windows\assembly\gac_32\microsoft.interop.security.azroles\2.0.0.0__31bf3856ad364e35".
  • Hides file "how-to-decrypt-files.htm" in "c:\windows\assembly\gac_32\microsoft.transactions.bridge.dtc\3.0.0.0__b03f5f7f11d50a3a".
  • Hides file "how-to-decrypt-files.htm" in "c:\windows\assembly\gac_32\msbuild\3.5.0.0__b03f5f7f11d50a3a".
  • Hides file "how-to-decrypt-files.htm" in "c:\windows\assembly\gac_32\mscorlib\2.0.0.0__b77a5c561934e089".
  • Hides file "how-to-decrypt-files.htm" in "c:\windows\assembly\gac_32\presentationcore\3.0.0.0__31bf3856ad364e35".
  • Hides file "how-to-decrypt-files.htm" in "c:\windows\assembly\gac_32\srmlib\1.0.0.0__31bf3856ad364e35".
  • Hides file "how-to-decrypt-files.htm" in "c:\windows\assembly\gac_32\system.data\2.0.0.0__b77a5c561934e089".
  • Hides file "how-to-decrypt-files.htm" in "c:\windows\assembly\gac_32\system.data.oracleclient\2.0.0.0__b77a5c561934e089".
  • Hides file "how-to-decrypt-files.htm" in "c:\windows\assembly\gac_32\system.enterpriseservices\2.0.0.0__b03f5f7f11d50a3a".
3/5
File System Possibly drops ransom note files 1 Ransomware
  • Possibly drops ransom note files (creates 77 instances of the file "HOW-TO-DECRYPT-FILES.HTM" in different locations).
2/5
Anti Analysis Resolves APIs dynamically to possibly evade static detection 1 -
2/5
Information Stealing Reads sensitive browser data 3 -
  • Trying to read sensitive data of web browser "Google Chrome" by file.
  • Trying to read sensitive data of web browser "Internet Explorer / Edge" by file.
  • Trying to read sensitive data of web browser "Mozilla Firefox" by file.
2/5
OS Changes the desktop wallpaper. 1 -
  • Sets the desktop wallpaper to the file "c:\users\fd1hvy\appdata\local\temp\jpflbhmcioekpflb.bmp".
1/5
Persistence Installs system startup script or application 2 -
  • Adds "C:\Users\FD1HVy\AppData\Local\Temp\Bho61CXU8if3yfw.exe" to Windows startup via registry.
  • Adds "c:\users\fd1hvy\appdata\roaming\microsoft\windows\start menu\programs\startup\how-to-decrypt-files.htm" to Windows startup folder.
1/5
File System Modifies application directory 335 -
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ph02746g.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ph02746u.bmp".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ph02748g.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ph02748u.bmp".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ph02749g.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ph02749u.bmp".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ph02750g.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ph02750u.bmp".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ph02752g.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ph02752u.bmp".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ph02753u.bmp".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ph02754u.bmp".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ph02755u.bmp".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ph02756u.bmp".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ph02757u.bmp".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ph02758u.bmp".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ph02759j.jpg".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ph02810j.jpg".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ph02829j.jpg".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ph02845g.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ph02897j.jpg".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ph03011u.bmp".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ph03012u.bmp".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ph03014_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ph03041i.jpg".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ph03143i.jpg".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ph03205i.jpg".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ph03224i.jpg".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ph03379i.jpg".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ph03380i.jpg".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ph03425i.jpg".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01219_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01237_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01238_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01239_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01240_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01241_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01242_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01243_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01244_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01245_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01246_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01253_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01268_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01292_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01293_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01294_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01295_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01296_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01297_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01298_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01299_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01300_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01301_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01304g.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01330_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01734_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01740_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01742_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01743_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01744_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01745_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01746_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01747_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01748_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01749_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01750_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01751_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01770_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01838_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01839_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01840_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01842_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb01843_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\pub60cor\wb02229_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\how-to-decrypt-files.htm".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\j0143743.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\j0143745.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\j0143746.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\j0143748.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\j0143749.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\j0143750.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\j0143752.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\j0143753.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\j0143754.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\j0143758.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\wb00516l.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\wb00531l.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\wb00673l.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\wb00703l.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\wb00760l.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\wb00780l.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\wb01741l.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\wb02039_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\wb02055_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\wb02073_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\wb02074_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\wb02077_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\wb02082_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\wb02085_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\wb02097_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\wb02106_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\wb02116_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\wb02134_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\wb02187_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\wb02198_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\wb02201_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\wb02214_.gif".
  • Modifies "c:\program files\microsoft office\root\clipart\publisher\backgrounds\wb02218_.gif".
  • Modifies "c:\program files\microsoft office\root\document themes 16\how-to-decrypt-files.htm".
  • Modifies "c:\program files\microsoft office\root\document themes 16\theme colors\how-to-decrypt-files.htm".
  • Modifies "c:\program files\microsoft office\root\document themes 16\theme effects\how-to-decrypt-files.htm".
  • Modifies "c:\program files\microsoft office\root\document themes 16\theme fonts\how-to-decrypt-files.htm".
  • Modifies "c:\program files\microsoft office\root\flattener\how-to-decrypt-files.htm".
  • Modifies "c:\program files\microsoft office\root\flattener\appvopcservices.dll.manifest".
  • Modifies "c:\program files\microsoft office\root\flattener\appvpackaging.dll.manifest".
  • Modifies "c:\program files\microsoft office\root\fre\how-to-decrypt-files.htm".
  • Modifies "c:\program files\microsoft office\root\fre\startmenu_win10.mp4".
  • Modifies "c:\program files\microsoft office\root\fre\startmenu_win10_rtl.mp4".
  • Modifies "c:\program files\microsoft office\root\fre\startmenu_win7.wmv".
  • Modifies "c:\program files\microsoft office\root\fre\startmenu_win7_rtl.wmv".
  • Modifies "c:\program files\microsoft office\root\fre\startmenu_win8.mp4".
  • Modifies "c:\program files\microsoft office\root\fre\startmenu_win8_rtl.mp4".
  • Modifies "c:\program files\microsoft office\root\integration\how-to-decrypt-files.htm".
  • Modifies "c:\program files\microsoft office\root\licenses16\how-to-decrypt-files.htm".
1/5
Information Stealing Possibly does reconnaissance 2 -
  • Possibly trying to gather information about application "Mozilla Firefox" by file.
  • Possibly trying to gather information about application "Skype" by file.
1/5
File System Modifies operating system directory 293 -
  • Creates file "C:\Windows\addins\HOW-TO-DECRYPT-FILES.HTM" in the OS directory.
  • Creates file "C:\Windows\appcompat\appraiser\HOW-TO-DECRYPT-FILES.HTM" in the OS directory.
  • Creates file "C:\Windows\appcompat\Programs\HOW-TO-DECRYPT-FILES.HTM" in the OS directory.
  • Creates file "C:\Windows\appcompat\UA\HOW-TO-DECRYPT-FILES.HTM" in the OS directory.
  • Modifies file "C:\Windows\appcompat\UA\GenericApp.png" in the OS directory.
  • Creates file "C:\Windows\appcompat\UA\GenericApp.png.exe" in the OS directory.
  • Modifies file "C:\Windows\appcompat\UA\GenericError.png" in the OS directory.
  • Creates file "C:\Windows\appcompat\UA\GenericError.png.exe" in the OS directory.
  • Creates file "C:\Windows\AppPatch\HOW-TO-DECRYPT-FILES.HTM" in the OS directory.
  • Creates file "C:\Windows\AppPatch\apppatch64\HOW-TO-DECRYPT-FILES.HTM" in the OS directory.
  • Creates file "C:\Windows\AppPatch\en-US\HOW-TO-DECRYPT-FILES.HTM" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\App_Code\ApplicationConfigurationPage.cs.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\App_Code\NavigationBar.cs.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\App_Code\PasswordValueTextBox.cs.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\App_Code\ProvidersPage.cs.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\App_Code\SecurityPage.cs.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\App_Code\WebAdminPage.cs.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\App_Code\WizardPage.cs.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_1x1.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_Code\ApplicationConfigurationPage.cs.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_Code\NavigationBar.cs.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_Code\PasswordValueTextBox.cs.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_Code\ProvidersPage.cs.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_Code\SecurityPage.cs.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_Code\WebAdminPage.cs.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_Code\WizardPage.cs.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_1x1.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\App_Code\ApplicationConfigurationPage.cs.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\App_Code\NavigationBar.cs.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\App_Code\PasswordValueTextBox.cs.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\App_Code\ProvidersPage.cs.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\App_Code\SecurityPage.cs.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\App_Code\WebAdminPage.cs.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\App_Code\WizardPage.cs.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_sml.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_1x1.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_Code\ApplicationConfigurationPage.cs.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_Code\NavigationBar.cs.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_Code\PasswordValueTextBox.cs.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_Code\ProvidersPage.cs.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_Code\SecurityPage.cs.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_Code\WebAdminPage.cs.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_Code\WizardPage.cs.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_sml.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_1x1.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif.exe" in the OS directory.
  • Creates file "C:\Windows\Prefetch\AgAppLaunch.db.exe" in the OS directory.
  • Creates file "C:\Windows\Prefetch\AgCx_SC4.db.exe" in the OS directory.
  • Creates file "C:\Windows\Prefetch\AgCx_SC5.db.exe" in the OS directory.
  • Creates file "C:\Windows\Prefetch\AgGlFaultHistory.db.exe" in the OS directory.
  • Creates file "C:\Windows\Prefetch\AgGlFgAppHistory.db.exe" in the OS directory.
  • Creates file "C:\Windows\Prefetch\AgGlGlobalHistory.db.exe" in the OS directory.
  • Creates file "C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1051304884-625712362-2192934891-1000.db.exe" in the OS directory.
  • Creates file "C:\Windows\Prefetch\AgGlUAD_S-1-5-21-1051304884-625712362-2192934891-1000.db.exe" in the OS directory.
  • Creates file "C:\Windows\Prefetch\AgRobust.db.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\Setup\Scripts\setupcomplete.cmd.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_eventviewersettings_31bf3856ad364e35_10.0.15063.0_none_060bb1403c81dd6a\Event Viewer.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-a..roblemstepsrecorder_31bf3856ad364e35_10.0.15063.0_none_ec056a6583c87c56\Steps Recorder.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.15063.0_none_bffab419244e0aae\Task Manager.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-c..s-admin-compsvclink_31bf3856ad364e35_10.0.15063.0_none_e3a62b031347d52f\Component Services.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-c..termanagementsnapin_31bf3856ad364e35_10.0.15063.0_none_5c29f964af25b39d\Computer Management.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-c..termanagementsnapin_31bf3856ad364e35_10.0.15063.608_none_e05ae487dc8303b1\Computer Management.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-charmap_31bf3856ad364e35_10.0.15063.0_none_036d9697dd29e050\Character Map.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_10.0.15063.0_none_7e580f9a965a8a9b\Disk Cleanup.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-commandprompt-shortcut_31bf3856ad364e35_10.0.15063.0_none_4ad22eda27de7766\Command Prompt.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-defrag-adminui_31bf3856ad364e35_10.0.15063.0_none_aa29e7f7c913acd1\dfrgui.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\01 - Command Prompt.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\01 - File Explorer.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\01a - Windows PowerShell.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\02 - Command Prompt.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\02a - Windows PowerShell.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\03 - Computer Management.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\03 - Documents.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\04 - Disk Management.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\04 - Downloads.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\04-1 - NetworkStatus.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\05 - Device Manager.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\05 - Music.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\06 - Pictures.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\06 - SystemAbout.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\07 - Event Viewer.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\07 - Videos.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\08 - Homegroup.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\08 - PowerAndSleep.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\09 - Mobility Center.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\09 - Network.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\1 - Desktop.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\1 - Run.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\10 - AppsAndFeatures.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\10 - UserProfile.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\2 - Search.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\3 - Windows Explorer.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\4 - Control Panel.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\5 - Task Manager.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\computer.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\Control Panel.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\File Explorer.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\Run.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\Shows Desktop.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.15063.0_none_c8cbc32f49bac819\Window Switcher.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_10.0.15063.0_none_8a0d85a061351e49\Fax Recipient.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_10.0.15063.0_none_8a0d85a061351e49\Windows Fax and Scan.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-iscsi_initiator_ui_31bf3856ad364e35_10.0.15063.0_none_e8ff03ea94e0988c\iSCSI Initiator.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_10.0.15063.0_none_5563c0977685c595\ODBC Data Sources (64-bit).lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-m..diagnostic-schedule_31bf3856ad364e35_10.0.15063.0_none_a4ea7575b2863db1\Memory Diagnostics Tool.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.15063.0_none_7f41b0a5d17e992b\Magnify.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-shortcut_31bf3856ad364e35_10.0.15063.0_none_bfe54b7d868416ee\Windows Media Player.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.15063.0_none_eb8e17bcd68ec9f9\System Configuration.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.15063.0_none_bcf04010327d02a0\System Information.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.15063.483_none_40c5a695601fb93b\System Information.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-mspaint_31bf3856ad364e35_10.0.15063.0_none_9f315fde27607282\Paint.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-mspaint_31bf3856ad364e35_10.0.15063.413_none_235275d754ca6586\Paint.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.15063.0_none_cf31b229dc87b1a1\Narrator.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.15063.447_none_533659870a065dd4\Narrator.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.15063.0_none_802e66b4a8ce74db\Notepad.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-osk_31bf3856ad364e35_10.0.15063.0_none_bbd0aca592bd6ae9\On-Screen Keyboard.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-p..erandprintui-pmcppc_31bf3856ad364e35_10.0.15063.0_none_1c7c1b25b9805ef0\Print Management.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.15063.0_none_ad1d9764d9c2a978\Performance Monitor.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.15063.0_none_ad1d9764d9c2a978\Resource Monitor.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.15063.483_none_30f2fdea07656013\Performance Monitor.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.15063.483_none_30f2fdea07656013\Resource Monitor.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-powershell-ise_31bf3856ad364e35_10.0.15063.0_none_79f996cb3b264dfd\Windows PowerShell ISE (x86).lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-powershell-ise_31bf3856ad364e35_10.0.15063.0_none_79f996cb3b264dfd\Windows PowerShell ISE.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.15063.0_none_0f14a5b4a7919f86\Quick Assist.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-s..ment-policytools-ex_31bf3856ad364e35_10.0.15063.0_none_6a732ed779e4583b\Security Configuration Management.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_10.0.15063.0_none_e077bbdd7e899e4b\services.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-snippingtool-app_31bf3856ad364e35_10.0.15063.0_none_aad7db68c271ad4a\Snipping Tool.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-speech-userexperience_31bf3856ad364e35_10.0.15063.0_none_2d1dc944849b5924\Speech Recognition.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-t..etpc-mathinputpanel_31bf3856ad364e35_10.0.15063.0_none_dbb55c5189ba2ad8\Math Input Panel.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_10.0.15063.0_none_5ef026ce59e64966\Remote Desktop Connection.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-wordpad_31bf3856ad364e35_10.0.15063.0_none_3ece526ca5b43e29\Wordpad.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-wordpad_31bf3856ad364e35_10.0.15063.483_none_c2a3b8f1d356f4c4\Wordpad.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_microsoft-windows-xpsreachviewer_31bf3856ad364e35_10.0.15063.0_none_262f2cb987063af6\XPS Viewer.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_networking-mpssvc-shortcut_31bf3856ad364e35_10.0.15063.0_none_966ace434593e6ab\Windows Firewall with Advanced Security.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\amd64_taskschedulersettings_31bf3856ad364e35_10.0.15063.0_none_5bfedd033d2b9dee\Task Scheduler.lnk.exe" in the OS directory.
  • Creates file "C:\Windows\WinSxS\wow64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_10.0.15063.0_none_5fb86ae9aae68790\ODBC Data Sources (32-bit).lnk.exe" in the OS directory.
1/5
File System Creates an unusually large number of files 1 -
1/5
PE The PE file was created with a packer 1 -
  • File "C:\Users\FD1HVy\Desktop\a.exe" is packed with "ASPack v2.12 -> Alexey Solodovnikov".
1/5
Process Process crashed 1 -
  • Unmonitored Process "c:\windows\explorer.exe" crashed.
1/5
Static Unparsable sections in file 1 -
  • Static analyzer was unable to completely parse the analyzed file: C:\Users\FD1HVy\Desktop\a.exe.

Screenshots

Monitored Processes

Sample Information

ID #125624
MD5 f924a13a9a2f5017bbbf2ca46c49ae21 Copy to Clipboard
SHA1 aec78bd5b99e29f3c1af2bd90325f14e5c2f4968 Copy to Clipboard
SHA256 5373b46771d5b1ecb0009517436bd93c00eea0896072f173aa7e1e611edd9724 Copy to Clipboard
SSDeep 3072:GAxKjeLuAl5aFmCUlK3eDjyetArmgPKnmticyIif:jcjQlFhKuDOetArn96Iy Copy to Clipboard
ImpHash 5a498eee87e4d89512a84502f500181f Copy to Clipboard
Filename a.exe
File Size 128.00 KB
Sample Type Windows Exe (x86-32)

Analysis Information

Creation Time 2019-07-26 19:39 (UTC+2)
Analysis Duration 00:04:25
Number of Monitored Processes 1
Execution Successful True
Reputation Enabled True
WHOIS Enabled False
Local AV Enabled True
YARA Enabled True
Number of AV Matches 0
Number of YARA Matches 0
Termination Reason All processes terminated
Tags
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image