7a61684657c789eafc051d7107f6a0917e86f92cecaa108e4ba3f08d631c55ad (SHA256)
CRYPT.EXE
Windows Exe (x86-32)
Created at 2019-01-19 16:50:00
Notifications (2/3)
The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.
The overall sleep time of all monitored processes was truncated from "1 minute, 30 seconds" to "30 seconds" to reveal dormant functionality.
The operating system was rebooted during the analysis.
Monitored Processes
Behavior Information - Sequential View
Process #1: crypt.exe
4228
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\ciihmnxmn6ps\desktop\crypt.exe |
| Command Line | "C:\Users\CIiHmnxMn6Ps\Desktop\CRYPT.EXE" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:57, Reason: Analysis Target |
| Unmonitor | End Time: 00:05:07, Reason: Terminated by Timeout |
| Monitor Duration | 00:04:10 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xfd8 |
| Parent PID | 0x57c (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
FDC
0x
FE8
0x
C14
0x
CE8
0x
CD8
0x
D40
0x
D10
0x
D0C
0x
D9C
0x
D8C
0x
D80
0x
D78
0x
D5C
0x
D68
0x
D64
0x
D60
0x
D58
0x
D98
0x
C24
0x
6B4
0x
D20
0x
5B8
0x
DC0
0x
D34
0x
D30
0x
DB8
0x
D44
0x
D18
0x
D28
0x
D2C
0x
D1C
0x
D14
0x
DE8
0x
788
0x
65C
0x
924
0x
DAC
0x
DB0
0x
DB4
0x
CBC
0x
D04
0x
C68
0x
DA8
0x
C20
0x
ADC
0x
C1C
0x
148
0x
79C
0x
4F8
0x
DE4
0x
DE0
0x
DD0
0x
DD8
0x
DDC
0x
DEC
0x
DD4
0x
DCC
0x
E20
0x
E00
0x
8A4
0x
618
0x
784
0x
E1C
0x
E48
0x
E68
0x
E6C
0x
E70
0x
E74
0x
DF4
0x
518
0x
DF0
0x
DF8
0x
E54
0x
3C0
0x
EB0
0x
EA8
0x
628
0x
E8C
0x
A38
0x
954
0x
858
0x
AD0
0x
A3C
0x
F0
0x
1F4
0x
334
0x
434
0x
70C
0x
418
0x
718
0x
838
0x
AC4
0x
8CC
0x
A84
0x
388
0x
8D0
0x
87C
0x
B80
0x
8A0
0x
264
0x
3A0
0x
60C
0x
CB8
0x
5C0
0x
878
0x
EC8
0x
E5C
0x
114
0x
EF4
0x
DA0
0x
DA4
0x
F94
0x
F98
0x
F9C
0x
ED8
0x
EE4
0x
EEC
0x
EE8
0x
EE0
0x
EF0
0x
F04
0x
EF8
0x
ED4
0x
ED0
0x
EDC
0x
F54
0x
F58
0x
FC8
0x
E88
0x
224
0x
318
0x
34C
0x
338
0x
320
0x
EC4
0x
304
0x
FD4
0x
274
0x
95C
0x
F8C
0x
FCC
0x
ECC
0x
56C
0x
D90
0x
F88
0x
FC4
0x
B74
0x
5E4
0x
580
0x
578
0x
5CC
0x
5D8
0x
B90
0x
BA4
0x
9B4
0x
8E0
0x
B60
0x
9B8
0x
8D4
0x
958
0x
BA8
0x
B70
0x
BAC
0x
F6C
0x
F80
0x
FC0
0x
F84
0x
F70
0x
F68
0x
FB0
0x
FB8
0x
FBC
0x
FD0
0x
FB4
0x
FAC
0x
FFC
0x
C10
0x
FF8
0x
724
0x
720
0x
82C
0x
54C
0x
84
0x
1B4
0x
2F0
0x
2E0
0x
53C
0x
7A4
0x
998
0x
C34
0x
62C
0x
630
0x
568
0x
6CC
0x
6E8
0x
71C
0x
714
0x
640
0x
69C
0x
78C
0x
6F8
0x
5F4
0x
A64
0x
A54
0x
768
0x
4C8
0x
85C
0x
AE8
0x
4C4
0x
C6C
0x
7C4
0x
378
0x
F28
0x
C70
0x
C74
0x
C98
0x
C9C
0x
CA0
0x
CA4
0x
CA8
0x
CAC
0x
CB0
0x
CB4
0x
780
0x
7B4
0x
52C
0x
7B8
0x
AD4
0x
A6C
0x
A70
0x
710
0x
A8C
0x
414
0x
9EC
0x
804
0x
504
0x
454
0x
278
0x
368
0x
270
0x
200
0x
1A4
0x
6D0
0x
EC
0x
AF4
0x
8A8
0x
7D0
0x
7D4
0x
7D8
0x
93C
0x
940
0x
934
0x
A2C
0x
AB0
0x
938
0x
C3C
0x
B7C
0x
F50
0x
F14
0x
F0C
0x
F1C
0x
F24
0x
F38
0x
F20
0x
F48
0x
D88
0x
F10
0x
C90
0x
510
0x
C8C
0x
890
0x
C84
0x
820
0x
C80
0x
620
0x
C7C
0x
548
0x
B68
0x
EC0
0x
11C
0x
83C
0x
A1C
0x
F08
0x
B58
0x
4B8
0x
AD8
0x
888
0x
2EC
0x
8C4
0x
A58
0x
A68
0x
248
0x
15C
0x
AE4
0x
854
0x
A30
0x
B3C
0x
C28
0x
538
0x
C38
0x
C2C
0x
7F8
0x
C30
0x
C94
0x
ACC
0x
808
0x
C88
0x
3DC
0x
88C
0x
798
0x
81C
0x
550
0x
554
0x
77C
0x
9A4
0x
9A8
0x
9AC
0x
994
0x
9A0
0x
9C0
0x
9BC
0x
9C4
0x
9C8
0x
9D0
0x
B0C
0x
B34
0x
B1C
0x
9B0
0x
990
0x
B94
0x
99C
0x
B98
0x
B9C
0x
BB0
0x
BA0
0x
BB4
0x
BB8
0x
BBC
0x
BC0
0x
BC4
0x
BC8
0x
BCC
0x
BD0
0x
BD4
0x
BD8
0x
BDC
0x
BE0
0x
BE4
0x
BE8
0x
BEC
0x
BF0
0x
BF4
0x
BFC
0x
984
0x
980
0x
A7C
0x
A60
0x
A80
0x
A50
0x
2E4
0x
2CC
0x
B20
0x
B18
0x
A44
0x
41C
0x
754
0x
C08
0x
C4C
0x
5BC
0x
7FC
0x
CEC
0x
D08
0x
CF8
0x
CFC
0x
CDC
0x
D00
0x
534
0x
B84
0x
B38
0x
408
0x
F78
0x
524
0x
C0C
0x
C60
0x
900
0x
CC4
0x
2F4
0x
C5C
0x
2E8
0x
D0
0x
A10
0x
648
0x
A34
0x
BF8
0x
564
0x
B24
0x
98C
0x
D7C
0x
F74
0x
DC8
0x
E28
0x
D6C
0x
CE0
0x
CF0
0x
CC8
0x
CCC
0x
D80
0x
D70
0x
150
0x
C24
0x
D20
0x
6B4
0x
D64
0x
D58
0x
D98
0x
D60
0x
DC0
0x
D34
0x
D5C
0x
5B8
0x
DE8
0x
D28
0x
65C
0x
D44
0x
788
0x
D68
0x
C1C
0x
D14
0x
D1C
0x
D2C
0x
148
0x
D18
0x
79C
0x
D30
0x
DD0
0x
D8C
0x
DD8
0x
E20
0x
DCC
0x
DEC
0x
DA8
0x
C68
0x
924
0x
ADC
0x
D78
0x
618
0x
8A4
0x
DAC
0x
DB0
0x
DB4
0x
CBC
0x
D04
0x
C20
0x
DDC
0x
DD4
0x
E00
0x
784
0x
E1C
0x
DB8
0x
DE0
0x
E3C
0x
E04
0x
E48
0x
E68
0x
E74
0x
518
0x
4F8
0x
D94
0x
E6C
0x
860
0x
FF4
0x
CF4
0x
A94
0x
AE0
0x
C04
0x
FF0
0x
114
0x
F94
0x
F98
0x
EE8
0x
F54
0x
EDC
0x
EF0
0x
EE0
0x
ED0
0x
ED4
0x
F04
0x
3C0
0x
DF4
0x
EC8
0x
F0
0x
EB0
0x
FC8
0x
E88
0x
318
0x
34C
0x
338
0x
320
0x
EC4
0x
5C0
0x
E0C
0x
E50
0x
764
0x
790
0x
E14
0x
DE4
0x
DF8
0x
E70
0x
A3C
0x
DF0
0x
1F4
0x
E8C
0x
434
0x
E54
0x
858
0x
954
0x
628
0x
A38
0x
418
0x
AC4
0x
838
0x
8CC
0x
A84
0x
2E0
0x
53C
0x
7A4
0x
C34
0x
568
0x
6CC
0x
8A0
0x
69C
0x
5F4
0x
A64
0x
A54
0x
85C
0x
AE8
0x
C6C
0x
7C4
0x
CA0
0x
CA4
0x
CAC
0x
7B8
0x
6E8
0x
A6C
0x
A70
0x
414
0x
C9C
0x
9EC
0x
454
0x
278
0x
368
0x
78C
0x
998
0x
7D4
0x
710
0x
F24
0x
8D0
0x
3A0
0x
87C
0x
878
0x
388
0x
CB8
0x
B80
0x
EA8
0x
F70
0x
F84
0x
FC0
0x
F80
0x
F6C
0x
BA0
0x
BB4
0x
FD4
0x
ED8
0x
F9C
0x
E5C
0x
EF4
0x
DA0
0x
718
0x
264
0x
60C
0x
F34
0x
F3C
0x
F40
0x
F5C
0x
F60
0x
F44
0x
F4C
0x
1004
0x
1008
0x
100C
0x
1010
0x
1014
0x
1018
0x
101C
0x
1020
0x
1024
0x
1028
0x
102C
0x
1030
0x
1034
0x
1038
0x
103C
0x
1040
0x
1044
0x
1048
0x
104C
0x
1050
0x
1054
0x
1058
0x
105C
0x
1060
0x
1064
0x
1068
0x
106C
0x
1070
0x
1074
0x
1078
0x
107C
0x
1080
0x
108C
0x
1090
0x
1094
0x
1098
0x
109C
0x
10A0
0x
10A4
0x
10A8
0x
10AC
0x
10B0
0x
10B4
0x
10B8
0x
10BC
0x
10C0
0x
10C4
0x
10C8
0x
10CC
0x
10D0
0x
10D4
0x
10D8
0x
10DC
0x
10E0
0x
10E4
0x
10E8
0x
10EC
0x
10F0
0x
10F4
0x
10F8
0x
10FC
0x
1100
0x
1104
0x
1108
0x
110C
0x
1110
0x
1114
0x
1118
0x
111C
0x
1120
0x
1124
0x
1128
0x
112C
0x
1130
0x
1134
0x
1138
0x
113C
0x
1140
0x
1144
0x
1148
0x
114C
0x
1150
0x
1154
0x
1158
0x
115C
0x
1160
0x
1164
0x
1168
0x
116C
0x
1170
0x
1174
0x
1178
0x
117C
0x
1180
0x
1184
0x
1188
0x
118C
0x
1190
0x
1194
0x
1198
0x
119C
0x
11A0
0x
11A4
0x
11A8
0x
11AC
0x
11B0
0x
11B4
0x
11B8
0x
11BC
0x
11C0
0x
11C4
0x
11C8
0x
11CC
0x
11D0
0x
11D4
0x
11D8
0x
11DC
0x
11E0
0x
11E4
0x
11E8
0x
11EC
0x
11F0
0x
11F4
0x
11F8
0x
11FC
0x
1200
0x
1204
0x
1208
0x
120C
0x
1210
0x
1214
0x
1218
0x
121C
0x
1220
0x
1224
0x
1228
0x
122C
0x
1230
0x
1234
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000000a0000 | 0x000a0000 | 0x0019ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000001c0000 | 0x001c0000 | 0x001cffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x001d0000 | 0x0028dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000290000 | 0x00290000 | 0x002cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000002d0000 | 0x002d0000 | 0x003cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000003d0000 | 0x003d0000 | 0x003d0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000003e0000 | 0x003e0000 | 0x003e1fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000003e0000 | 0x003e0000 | 0x003effff | Private Memory | rw |
|
|
|
- |
| private_0x00000000003e0000 | 0x003e0000 | 0x003f5fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000003e0000 | 0x003e0000 | 0x003e7fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000000003e0000 | 0x003e0000 | 0x003e4fff | Pagefile Backed Memory | rw |
|
|
|
- |
| crypt32.dll.mui | 0x003e0000 | 0x003e9fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000003e0000 | 0x003e0000 | 0x003e0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000003f0000 | 0x003f0000 | 0x003f1fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000003f0000 | 0x003f0000 | 0x003f0fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000003f0000 | 0x003f0000 | 0x003f4fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000000003f0000 | 0x003f0000 | 0x003f0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000003f0000 | 0x003f0000 | 0x003fffff | Private Memory | rw |
|
|
|
- |
| mpr.dll.mui | 0x003f0000 | 0x003f0fff | Memory Mapped File | r |
|
|
|
- |
| crypt.exe | 0x00400000 | 0x00407fff | Memory Mapped File | rwx |
|
|
|
|
| private_0x0000000000410000 | 0x00410000 | 0x0044ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000450000 | 0x00450000 | 0x0054ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000550000 | 0x00550000 | 0x0055ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000560000 | 0x00560000 | 0x00567fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000560000 | 0x00560000 | 0x00564fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000560000 | 0x00560000 | 0x00560fff | Pagefile Backed Memory | r |
|
|
|
- |
| cversions.2.db | 0x00570000 | 0x00573fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000580000 | 0x00580000 | 0x0067ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000680000 | 0x00680000 | 0x00807fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000810000 | 0x00810000 | 0x00990fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000009a0000 | 0x009a0000 | 0x01d9ffff | Pagefile Backed Memory | r |
|
|
|
- |
| sortdefault.nls | 0x01da0000 | 0x020d6fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000020e0000 | 0x020e0000 | 0x021dffff | Private Memory | rw |
|
|
|
- |
| crypt32.dll | 0x021e0000 | 0x02354fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000021e0000 | 0x021e0000 | 0x0233ffff | Private Memory | rw |
|
|
|
- |
| oleaut32.dll | 0x021e0000 | 0x02270fff | Memory Mapped File | r |
|
|
|
- |
| {6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000013.db | 0x021e0000 | 0x02222fff | Memory Mapped File | r |
|
|
|
- |
| cversions.2.db | 0x02230000 | 0x02233fff | Memory Mapped File | r |
|
|
|
- |
| {ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db | 0x02240000 | 0x022cafff | Memory Mapped File | r |
|
|
|
- |
| propsys.dll.mui | 0x022d0000 | 0x022e0fff | Memory Mapped File | r |
|
|
|
- |
| cversions.1.db | 0x022f0000 | 0x022f3fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000022f0000 | 0x022f0000 | 0x022fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000022f0000 | 0x022f0000 | 0x022f4fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000000022f0000 | 0x022f0000 | 0x022f0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| bootstat.dat id-br3n0g72wub8cejt.lyas | 0x022f0000 | 0x022fffff | Memory Mapped File | rw |
|
|
|
|
| private_0x0000000002300000 | 0x02300000 | 0x0230ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002300000 | 0x02300000 | 0x02304fff | Pagefile Backed Memory | rw |
|
|
|
- |
| {afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001c.db | 0x02300000 | 0x02312fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000002310000 | 0x02310000 | 0x02314fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000002320000 | 0x02320000 | 0x02320fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000002330000 | 0x02330000 | 0x0233ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002340000 | 0x02340000 | 0x0237ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002380000 | 0x02380000 | 0x0247ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002480000 | 0x02480000 | 0x024bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000024c0000 | 0x024c0000 | 0x025bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000025c0000 | 0x025c0000 | 0x025fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002600000 | 0x02600000 | 0x026fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002700000 | 0x02700000 | 0x0273ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002740000 | 0x02740000 | 0x0283ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002840000 | 0x02840000 | 0x0287ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002880000 | 0x02880000 | 0x0297ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002980000 | 0x02980000 | 0x02984fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000002980000 | 0x02980000 | 0x0298ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002980000 | 0x02980000 | 0x029bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002990000 | 0x02990000 | 0x02994fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000029c0000 | 0x029c0000 | 0x02abffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002ac0000 | 0x02ac0000 | 0x02afffff | Private Memory | rw |
|
|
|
- |
| vc_redist.x64.exe id-br3n0g72wub8cejt.lyas | 0x02ac0000 | 0x02b7efff | Memory Mapped File | rw |
|
|
|
|
| private_0x0000000002b00000 | 0x02b00000 | 0x02bfffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002c00000 | 0x02c00000 | 0x02c3ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002c00000 | 0x02c00000 | 0x02cfffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002c40000 | 0x02c40000 | 0x02d3ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002d00000 | 0x02d00000 | 0x02d3ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002d40000 | 0x02d40000 | 0x02d7ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002d80000 | 0x02d80000 | 0x02e7ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002e80000 | 0x02e80000 | 0x02ebffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002ec0000 | 0x02ec0000 | 0x02fbffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002fc0000 | 0x02fc0000 | 0x02ffffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003000000 | 0x03000000 | 0x030fffff | Private Memory | rw |
|
|
|
- |
| regid.1991-06.com.microsoft office 16 click-to-run extensibility component.swidtag id-br3n0g72wub8cejt.lyas | 0x030c0000 | 0x030c0fff | Memory Mapped File | rw |
|
|
|
|
| regid.1991-06.com.microsoft office 16 click-to-run licensing component.swidtag id-br3n0g72wub8cejt.lyas | 0x030c0000 | 0x030c0fff | Memory Mapped File | rw |
|
|
|
|
| filesystemmetadata.xml id-br3n0g72wub8cejt.lyas | 0x030c0000 | 0x030c0fff | Memory Mapped File | rw |
|
|
|
|
| msaddndr.olb id-br3n0g72wub8cejt.lyas | 0x030c0000 | 0x030c5fff | Memory Mapped File | rw |
|
|
|
|
| pending.grl id-br3n0g72wub8cejt.lyas | 0x030c0000 | 0x030c3fff | Memory Mapped File | rw |
|
|
|
|
| ppcrlconfig600.dll id-br3n0g72wub8cejt.lyas | 0x030c0000 | 0x030c6fff | Memory Mapped File | rw |
|
|
|
|
| private_0x0000000003100000 | 0x03100000 | 0x031fffff | Private Memory | rw |
|
|
|
- |
| desktop.ini id-br3n0g72wub8cejt.lyas | 0x03140000 | 0x03140fff | Memory Mapped File | rw |
|
|
|
|
| desktop.ini id-br3n0g72wub8cejt.lyas | 0x03140000 | 0x03140fff | Memory Mapped File | rw |
|
|
|
|
| readme.htm id-br3n0g72wub8cejt.lyas | 0x031d0000 | 0x031d4fff | Memory Mapped File | rw |
|
|
|
|
| deploymentconfig.1.xml id-br3n0g72wub8cejt.lyas | 0x031d0000 | 0x031d0fff | Memory Mapped File | rw |
|
|
|
|
| deploymentconfig.2.xml id-br3n0g72wub8cejt.lyas | 0x031d0000 | 0x031d0fff | Memory Mapped File | rw |
|
|
|
|
| 1494870c-9912-c184-4cc9-b401-a53f4d8de290.pdf id-br3n0g72wub8cejt.lyas | 0x031d0000 | 0x031fdfff | Memory Mapped File | rw |
|
|
|
|
| deploymentconfig.0.xml id-br3n0g72wub8cejt.lyas | 0x031e0000 | 0x031e0fff | Memory Mapped File | rw |
|
|
|
|
| 6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 id-br3n0g72wub8cejt.lyas | 0x031e0000 | 0x031e0fff | Memory Mapped File | rw |
|
|
|
|
| desktop.ini id-br3n0g72wub8cejt.lyas | 0x031e0000 | 0x031e0fff | Memory Mapped File | rw |
|
|
|
|
| ntuser.dat.log1 id-br3n0g72wub8cejt.lyas | 0x031f0000 | 0x031f5fff | Memory Mapped File | rw |
|
|
|
|
| bing.url id-br3n0g72wub8cejt.lyas | 0x031f0000 | 0x031f0fff | Memory Mapped File | rw |
|
|
|
|
| ppcrlconfig600.dll id-br3n0g72wub8cejt.lyas | 0x031f0000 | 0x031f5fff | Memory Mapped File | rw |
|
|
|
|
| private_0x0000000003200000 | 0x03200000 | 0x0323ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003240000 | 0x03240000 | 0x0333ffff | Private Memory | rw |
|
|
|
- |
| bootsect.bak id-br3n0g72wub8cejt.lyas | 0x046c0000 | 0x046c1fff | Memory Mapped File | rw |
|
|
|
|
| desktop.ini id-br3n0g72wub8cejt.lyas | 0x046d0000 | 0x046d0fff | Memory Mapped File | rw |
|
|
|
|
| maintenanceservice.exe id-br3n0g72wub8cejt.lyas | 0x04dc0000 | 0x04deafff | Memory Mapped File | rw |
|
|
|
|
| desktop.ini id-br3n0g72wub8cejt.lyas | 0x04dc0000 | 0x04dc0fff | Memory Mapped File | rw |
|
|
|
|
| wlive48x48.png id-br3n0g72wub8cejt.lyas | 0x04dc0000 | 0x04dc1fff | Memory Mapped File | rw |
|
|
|
|
| everywhere.search-ms id-br3n0g72wub8cejt.lyas | 0x04dc0000 | 0x04dc0fff | Memory Mapped File | rw |
|
|
|
|
| indexed locations.search-ms id-br3n0g72wub8cejt.lyas | 0x04dc0000 | 0x04dc0fff | Memory Mapped File | rw |
|
|
|
|
| asdlfk poopvy.contact id-br3n0g72wub8cejt.lyas | 0x04dc0000 | 0x04dc0fff | Memory Mapped File | rw |
|
|
|
|
| api-ms-win-core-file-l1-2-0.dll id-br3n0g72wub8cejt.lyas | 0x04dc0000 | 0x04dc4fff | Memory Mapped File | rw |
|
|
|
|
| 17dfc292991c7c24.timestamp id-br3n0g72wub8cejt.lyas | 0x04dd0000 | 0x04dd0fff | Memory Mapped File | rw |
|
|
|
|
| updatesessionorchestration.005.etl id-br3n0g72wub8cejt.lyas | 0x04dd0000 | 0x04dd3fff | Memory Mapped File | rw |
|
|
|
|
| install.ins id-br3n0g72wub8cejt.lyas | 0x04dd0000 | 0x04dd0fff | Memory Mapped File | rw |
|
|
|
|
| enutxt.pdf id-br3n0g72wub8cejt.lyas | 0x04dd0000 | 0x04dd1fff | Memory Mapped File | rw |
|
|
|
|
| thirdpartylicensereadme-javafx.txt id-br3n0g72wub8cejt.lyas | 0x04de0000 | 0x04deffff | Memory Mapped File | rw |
|
|
|
|
| accessible.tlb id-br3n0g72wub8cejt.lyas | 0x04de0000 | 0x04de0fff | Memory Mapped File | rw |
|
|
|
|
| accessiblemarshal.dll id-br3n0g72wub8cejt.lyas | 0x04de0000 | 0x04de6fff | Memory Mapped File | rw |
|
|
|
|
| state.rsm id-br3n0g72wub8cejt.lyas | 0x04e40000 | 0x04e40fff | Memory Mapped File | rw |
|
|
|
|
| integratedoffice.exe id-br3n0g72wub8cejt.lyas | 0x063d0000 | 0x064cffff | Memory Mapped File | rw |
|
|
|
|
| updatesessionorchestration.004.etl id-br3n0g72wub8cejt.lyas | 0x064d0000 | 0x064d3fff | Memory Mapped File | rw |
|
|
|
|
| updatesessionorchestration.002.etl id-br3n0g72wub8cejt.lyas | 0x064e0000 | 0x064e3fff | Memory Mapped File | rw |
|
|
|
|
| readme.txt id-br3n0g72wub8cejt.lyas | 0x064e0000 | 0x064e0fff | Memory Mapped File | rw |
|
|
|
|
| state.rsm id-br3n0g72wub8cejt.lyas | 0x064e0000 | 0x064e0fff | Memory Mapped File | rw |
|
|
|
|
| state.rsm id-br3n0g72wub8cejt.lyas | 0x06630000 | 0x06630fff | Memory Mapped File | rw |
|
|
|
|
| state.rsm id-br3n0g72wub8cejt.lyas | 0x06640000 | 0x06640fff | Memory Mapped File | rw |
|
|
|
|
| state.rsm id-br3n0g72wub8cejt.lyas | 0x06640000 | 0x06640fff | Memory Mapped File | rw |
|
|
|
|
| desktop.ini id-br3n0g72wub8cejt.lyas | 0x06640000 | 0x06640fff | Memory Mapped File | rw |
|
|
|
|
| boot.sdi id-br3n0g72wub8cejt.lyas | 0x0f590000 | 0x0f68ffff | Memory Mapped File | rw |
|
|
|
|
| desktop.ini id-br3n0g72wub8cejt.lyas | 0x0f590000 | 0x0f590fff | Memory Mapped File | rw |
|
|
|
|
| chromesetup.exe id-br3n0g72wub8cejt.lyas | 0x101d0000 | 0x102cffff | Memory Mapped File | rw |
|
|
|
|
| appxmanifest.xml id-br3n0g72wub8cejt.lyas | 0x12960000 | 0x12a5ffff | Memory Mapped File | rw |
|
|
|
|
| ntuser.dat id-br3n0g72wub8cejt.lyas | 0x12960000 | 0x1299ffff | Memory Mapped File | rw |
|
|
|
|
| ose.exe id-br3n0g72wub8cejt.lyas | 0x1a920000 | 0x1a95ffff | Memory Mapped File | rw |
|
|
|
|
| vcredist_x86.exe id-br3n0g72wub8cejt.lyas | 0x1ce20000 | 0x1ce91fff | Memory Mapped File | rw |
|
|
|
|
| vcredist_x64.exe id-br3n0g72wub8cejt.lyas | 0x1de60000 | 0x1ded1fff | Memory Mapped File | rw |
|
|
|
|
| aiodlite.dll id-br3n0g72wub8cejt.lyas | 0x1de60000 | 0x1deaffff | Memory Mapped File | rw |
|
|
|
|
| vc_redist.x86.exe id-br3n0g72wub8cejt.lyas | 0x1e160000 | 0x1e1e1fff | Memory Mapped File | rw |
|
|
|
|
| vcredist_x86.exe id-br3n0g72wub8cejt.lyas | 0x1e1f0000 | 0x1e25ffff | Memory Mapped File | rw |
|
|
|
|
| jaureg.exe id-br3n0g72wub8cejt.lyas | 0x1e1f0000 | 0x1e258fff | Memory Mapped File | rw |
|
|
|
|
| baseimagefam8 id-br3n0g72wub8cejt.lyas | 0x280f0000 | 0x281effff | Memory Mapped File | rw |
|
|
|
|
| database1.accdb id-br3n0g72wub8cejt.lyas | 0x28130000 | 0x28186fff | Memory Mapped File | rw |
|
|
|
|
| msdia100.dll id-br3n0g72wub8cejt.lyas | 0x281f0000 | 0x282b3fff | Memory Mapped File | rw |
|
|
|
|
| ntuser.dat.log2 id-br3n0g72wub8cejt.lyas | 0x28b00000 | 0x28b7dfff | Memory Mapped File | rw |
|
|
|
|
| thirdpartylicensereadme.txt id-br3n0g72wub8cejt.lyas | 0x28cc0000 | 0x28cebfff | Memory Mapped File | rw |
|
|
|
|
| msdia100.dll id-br3n0g72wub8cejt.lyas | 0x295b0000 | 0x296a1fff | Memory Mapped File | rw |
|
|
|
|
| wow64cpu.dll | 0x5baa0000 | 0x5baa7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x5bab0000 | 0x5bb22fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x5bb30000 | 0x5bb7efff | Memory Mapped File | rwx |
|
|
|
- |
| iertutil.dll | 0x73fd0000 | 0x74290fff | Memory Mapped File | rwx |
|
|
|
- |
| urlmon.dll | 0x742a0000 | 0x743fffff | Memory Mapped File | rwx |
|
|
|
- |
| propsys.dll | 0x74400000 | 0x74541fff | Memory Mapped File | rwx |
|
|
|
- |
| ntmarta.dll | 0x74550000 | 0x74577fff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x74580000 | 0x745aefff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x745b0000 | 0x745cafff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x745d0000 | 0x745e2fff | Memory Mapped File | rwx |
|
|
|
- |
| mpr.dll | 0x745f0000 | 0x74606fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74630000 | 0x746a4fff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x746b0000 | 0x74740fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74750000 | 0x747a8fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x747b0000 | 0x747b9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x747c0000 | 0x747ddfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x74a00000 | 0x74aabfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x74ab0000 | 0x74abbfff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x74da0000 | 0x74de3fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x74df0000 | 0x74f0ffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x74f10000 | 0x74f3afff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x74f40000 | 0x7502ffff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x75030000 | 0x7517cfff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x75180000 | 0x7518efff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x75190000 | 0x75305fff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x75310000 | 0x766cefff | Memory Mapped File | rwx |
|
|
|
- |
| windows.storage.dll | 0x76790000 | 0x76c6cfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x76c70000 | 0x76daffff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x76f20000 | 0x76fddfff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x76fe0000 | 0x77061fff | Memory Mapped File | rwx |
|
|
|
- |
| cfgmgr32.dll | 0x77080000 | 0x770b5fff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x770d0000 | 0x77161fff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x77170000 | 0x77259fff | Memory Mapped File | rwx |
|
|
|
- |
| powrprof.dll | 0x77260000 | 0x772a3fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x772b0000 | 0x772f2fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x77300000 | 0x7738cfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x77390000 | 0x77549fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x77550000 | 0x775cafff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x776b0000 | 0x77828fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007fe8f000 | 0x7fe8f000 | 0x7fe91fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007fe92000 | 0x7fe92000 | 0x7fe94fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007fe95000 | 0x7fe95000 | 0x7fe97fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007fe98000 | 0x7fe98000 | 0x7fe9afff | Private Memory | rw |
|
|
|
- |
| private_0x000000007fe9b000 | 0x7fe9b000 | 0x7fe9dfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007fe9e000 | 0x7fe9e000 | 0x7fea0fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007fea1000 | 0x7fea1000 | 0x7fea3fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007fea4000 | 0x7fea4000 | 0x7fea6fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007fea7000 | 0x7fea7000 | 0x7fea9fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007feaa000 | 0x7feaa000 | 0x7feacfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007fead000 | 0x7fead000 | 0x7feaffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007ffd5000 | 0x7ffd5000 | 0x7ffd7fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ffc57b4ffff | Private Memory | r |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ffc57d12000 | 0x7ffc57d12000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
|
For performance reasons, the remaining 1875 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\CIiHmnxMn6Ps\Desktop\CRYPT.EXE | 12.00 KB |
MD5:
6184d75ab9ac2df542261f166460400b
SHA1: 51fda63da594cfc84931209775185e63bb9afd4b SHA256: 7a61684657c789eafc051d7107f6a0917e86f92cecaa108e4ba3f08d631c55ad SSDeep: 192:vRf4VFgG/7KoX8zyHgND68C6enatK9I45c2PuKAxywCMrpY7S8LqPZo5LdCfuR15:Jf4VFgM+oXCJND683eag9xCqAxyr6+SE |
|
|
| \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dll id-Br3n0G72wUb8CejT.LyaS | 780.83 KB |
MD5:
1fc6060e2b7da45e4e9fb7f3e75adc0a
SHA1: 4cb47eb40457945d2e8f56471192a387c2dd0369 SHA256: 92da58f32e8468c86b830d88914e872558e8a6bc6d430f8cd1cf4236c8a32d51 SSDeep: 12288:Gsqbw+mQAhpsnL8vwCjdLkW0wxxymyYbPvvzEFtqc3KRGwZH:hhQqgLawAdLbfx1hvvgFwHGwZH |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll id-Br3n0G72wUb8CejT.LyaS | 162.64 KB |
MD5:
8caaade246143a3bd3b3b3ba68116b75
SHA1: 536436a0f3eaddbc9195d2e9b3ae7fde172bc85f SHA256: 592e63d9994b528a76e2ac9e84c42b5f42ad284e58fe714ab29d5156313d2ff5 SSDeep: 3072:5/71j9gfwJTxt+TqXBYOmk2qNh0eQxUW3Dj9f9:j5gfQTUKBYxkBYDjP |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Music\M0FRaonJmV.m4a id-Br3n0G72wUb8CejT.LyaS | 87.61 KB |
MD5:
a3cc77d614df663a72810a9ff6fb551b
SHA1: 89955a64fa246554574128e4c48c2cb7ad2ec052 SHA256: 98d9a49b8f0b69b8a2512b43595ae56a5fcf598d78821223ba1d4cce506602f3 SSDeep: 1536:ID3w0D1xbZ9+JlI0CBjYTIWFBYqFdhxLeDqFgZlMsdPXix/vZSeOUeceHIkZVpLA:IDjHbZuvCBjYTlFBbNZeDqFgT5dE/rsm |
|
|
| \\?\C:\Program Files (x86)\desktop.ini id-Br3n0G72wUb8CejT.LyaS | 1.67 KB |
MD5:
993f1ea1fa67d7b0bfb664c157544c34
SHA1: bd9a7bbd1eb695650628fff95a17c0898519b485 SHA256: f1f26b4d3ff43e7189293dead52ee134aad686e3201b4293600fcaddd1e03f23 SSDeep: 48:tf7Ir74tLvT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:F0PIvkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\Program Files (x86)\Mozilla Firefox\Accessible.tlb id-Br3n0G72wUb8CejT.LyaS | 4.44 KB |
MD5:
909974724dfff392f276ef2fcb702e5d
SHA1: 216b4b30f4ea9c6e3f56664f8c737c0483acaafe SHA256: fc1ba0cb7da79e31e83b492571008747ddcaf462010f3435918a588e8cf081a0 SSDeep: 96:CN9a/7HLBKWizZ5MVdmhNtZNlRbBHflvkVYj1Xm6IVJVvlpYx0:CN0/rOz8dYXdflvkejdm7VJVvx |
|
|
| \\?\C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 id-Br3n0G72wUb8CejT.LyaS | 3.03 KB |
MD5:
5b7a4797c9298f451f91cd11e23eda04
SHA1: a41567e05128577c7611e1f75f3aafdb3ce8e348 SHA256: 902507b8800499913c94d3db6df38d7ff94d3623805209b1aff1fdc6a74585cf SSDeep: 96:HrfBVDDwH+83lTvkVYj1Xm6IVJVvlpYx0:HrfBVDDq+6lvkejdm7VJVvx |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Music\rR19YSzpNWbN5JSMbg.mp3 id-Br3n0G72wUb8CejT.LyaS | 9.30 KB |
MD5:
c23ec53969a6a1bb8bab4a1dbd4819c3
SHA1: 534f541f53a10585b062d805115cbce687f2279f SHA256: e534b5da8a7ba890da2a733ce4528eb73b0ef531d199d4ff7dcf2216ca8ae282 SSDeep: 192:D/OIlPqjcV2aK1cw/CzfaZa2jylxnj09Qvkejdm7VJVvx:KBMzK1azy82el3BOVrx |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Documents\9f-BbJpQsNgzH8xy.ots id-Br3n0G72wUb8CejT.LyaS | 29.31 KB |
MD5:
85ff782d50759161fb8dd0d863471237
SHA1: a66f722ed4737d0b5ea7ad09d2c126ebb828ac50 SHA256: aeae953bc8ff7563de181e2238888def17c3f31f71097a529a7247254f011ed9 SSDeep: 768:nNFLAumQ8Ud1my8v0qCwzxSj7k4T6PWMKhe6maWaN06nKjZ8tSwvO+FWgBsl:njLFmQh/8vIwNSj7kacJu2aWaN5nsU5a |
|
|
| \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.006.etl id-Br3n0G72wUb8CejT.LyaS | 17.50 KB |
MD5:
b313a1f81bcbee762eed7301abe804e1
SHA1: 68de728d41619cb21b26dc0e57cdadf03dd0d44e SHA256: 8b632822c4308499bdf3feb340aa99ca15a12d9ded48a034fff514e7ac8f6f2d SSDeep: 384:ceEL20OOJYk1ZR1o2F6O2HKOgV7m0KfO0ww50uZBOVrx:8OOOk1ZRn8OIcF0wE7Bsl |
|
|
| \\?\C:\Users\Default\NTUSER.DAT id-Br3n0G72wUb8CejT.LyaS | 257.50 KB |
MD5:
2c4a1f7a6ec2732dd6ba939aa9ae23fa
SHA1: a3e3b562c3e321e247922459b999d2acbe13525e SHA256: 9c8077d526a771257566b5cf2f1adc7d185abf7ee9265577556403a1be464285 SSDeep: 6144:oxmLtlrVebzxCRkrlxnihfHj6g/b0QwYACEdeWJNfIWm:oxm5lrsekXW/2LYDWNfFm |
|
|
| \\?\C:\Users\Public\Music\desktop.ini id-Br3n0G72wUb8CejT.LyaS | 1.87 KB |
MD5:
167f2f27799f6b68c2c15347e3945138
SHA1: 800de83b8f044eb2d3c5c8b486267bcc8c370362 SHA256: 43d0f516307858b15acc5a6aae5a89b7f7e5c74bf3fda7dd3aa65aabeabf3bf3 SSDeep: 48:Gk35UMRfqd334x9vhWUyvT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:pqv3IxgvkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Music\JjYoZpHYWTU.m4a id-Br3n0G72wUb8CejT.LyaS | 89.24 KB |
MD5:
df11ee51dc6ac99271fd39b7bb672ecf
SHA1: d3ed0638dd08adbc88fb92eb9bce1bc862a65784 SHA256: cf9056ebcd06e8d05be59e2c4169453a6713039f2c80f5971564b2670ea7d686 SSDeep: 1536:AJVVvGUxvdwsnaqyy/o2bjmntfZIc0xE3d6Skwob2jb//13JTMtpWoYlBkgll9CY:KfeUxvasntyfoj0Z04hfnlGzY/1T9J |
|
|
| \\?\C:\ProgramData\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp id-Br3n0G72wUb8CejT.LyaS | 1.55 KB |
MD5:
d0d4cf8f339364e44ba3867eb100db56
SHA1: 996566a3c60698f32d8cc497298d1b91afdb5b59 SHA256: 7f61497538744195c1c3440a6f94ba2969746e8932d50628aa17c0f1027c2f6b SSDeep: 48:EpqNggvT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:EILvkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\Program Files\Microsoft Office\AppXManifest.xml id-Br3n0G72wUb8CejT.LyaS | 5.76 MB |
MD5:
dbebeb399168d2f65dd4b4277184e4ed
SHA1: 10827665c55791a71828e0fe7d426cb61e48130d SHA256: 1611b084b7de06ea516da25fd788fad43c1d7c96a49de752d6316a839b34f989 SSDeep: 49152:HDWuRuv5IJBFg6tzUKspLEC7Z2zC3NI13NIwmX:HCwuv5aBFg0zU/pLEC7UmX |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Searches\Indexed Locations.search-ms id-Br3n0G72wUb8CejT.LyaS | 1.74 KB |
MD5:
550d01b0eee7c5a741277c82b0caf02f
SHA1: 6508f65811b28f2eb6e6040d59e364f48da61ab0 SHA256: 7e240d8ceacf9732df6c68e9b720411fc6928008bdbc67b1adf5f2f209cd3f7f SSDeep: 48:IKHlVnIpxwXKnvT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:nTcw6nvkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\Program Files\Windows NT\lowest forwarding sitemap.exe id-Br3n0G72wUb8CejT.LyaS | 75.00 KB |
MD5:
45e27f5feba10f7cba1f0fdee186aa62
SHA1: 2d69e1be44e2a5c215c1c04b509f64723e932b7c SHA256: 2e20b009c69f84eb4858e4d29e96bae8cadf32035c199085b57cebe9cea1be02 SSDeep: 1536:kNBSGH3KI/1BKBcLhOssUE23fKTg92pzXCNUril46Iq/PLlU0sl:Hs3KI/1KiBAO2pdeAejlUf |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Pictures\LGn3zp_fF2XhsytW9iY.png id-Br3n0G72wUb8CejT.LyaS | 41.89 KB |
MD5:
363e4a3e80569717fe5cc184aed52554
SHA1: 957ab5f4da0c66c1ff90f45de357a726b7f6b337 SHA256: 62515c2827fbe3f55fce46e775262e2e5898c769e809df1e8e95596be1aef56c SSDeep: 768:n3DVXDf3/ZsSX2mXVUO+iS82p1QWGMJ40LEy1XJikYH/U8MM+0PsBsl:5XD3eSGmXVUOORp1HGMJ40LEyFJik+/X |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Music\SlQRk7s3j8.mp3 id-Br3n0G72wUb8CejT.LyaS | 81.39 KB |
MD5:
284219703a3e8e32410893be856dbaa6
SHA1: eeb7943640f1db78ffdea929cd75e139186fceac SHA256: 13582e3092482d2363156aeb3ed95d6039f9f2ae2d71546df9f65f3a378b3da9 SSDeep: 1536:ZgbQ0KBsjAIq0HcUyfmp8UAfh8LpHwevNKneheD+CCUTr+A2t7eKXwwRsl:ZgQz8sWWfmqAjN+l+ChroTXj+ |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Pictures\sm_xgLw3u40OkI.jpg id-Br3n0G72wUb8CejT.LyaS | 92.94 KB |
MD5:
2a91861e0c7169df9e67a7462672898d
SHA1: a4d7584a2e435f2286e5cf23b6de918c0ac948ac SHA256: 4d3493d36468e0507dd879ba69c400ce5b60a85ee42d58b5f2a5f40566aa9460 SSDeep: 1536:a4ad5JUAqADgI9rZgTdCQAfEodLQaFKydxpz4V8Nu0KSCsfiZBSYNYS2IN/SJIYY:aLdeeyxCQAMW3JdTW50XCUIrRzSJIYY |
|
|
| \\?\C:\Program Files\Windows Mail\tr_wireless.exe id-Br3n0G72wUb8CejT.LyaS | 75.00 KB |
MD5:
a8acbf07e92d21636614cb41d86ce31c
SHA1: 73ca6bbc5a88a8b6dbb11d9e6362c9c0aae11d28 SHA256: dd435cb463ed27b615098521b4e6f9c13d6078d61da1dade59f93ad3c464460f SSDeep: 1536:4tMmvjrrQ43ZaNnbTK2HXENicuVkFCrdaDsOxvku8lhfsyVsYMOusl:4tMmrrrQUaboNicNCrdaD/Mu8Ts9q |
|
|
| \\?\C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\VC_redist.x86.exe id-Br3n0G72wUb8CejT.LyaS | 517.98 KB |
MD5:
02ce786c2214475af0af55857762d07e
SHA1: 63ca60153ff1eb393f6c6ed5b43c91e516a00746 SHA256: 29cf2f79b42d4c6743025f1532943d3e09c9cc84887ccf6daa7927d70cfe249c SSDeep: 12288:pAqkoCtQO4Nai3jk/POpKNpWCmA9rSiPjIfj430:pxkoIgNaPIKNpWLGxI0E |
|
|
| \\?\C:\Program Files\desktop.ini id-Br3n0G72wUb8CejT.LyaS | 1.67 KB |
MD5:
714bb3d122630ec71acc738a86d74380
SHA1: 19a734cf246bd55d69e751d53a10ee37aef8ae44 SHA256: 73117d53d9f35cc253287e431072c8dd29d57bce280e96a1f00b6ce7d43b9d13 SSDeep: 48:AB2ogGQEPvT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:ABdgbQvkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\Program Files (x86)\Microsoft.NET\flavor.exe id-Br3n0G72wUb8CejT.LyaS | 75.00 KB |
MD5:
db5e56cd7dd4cfde724ecc05e9412cc7
SHA1: 1f7706aa329cb1fbc74978158dba05135e5c316b SHA256: 0e915f123483bba3b830595ada3943c0c36d5a185217e437f3d2e8063ba2ddc2 SSDeep: 1536:lL8S4U8MrjfK5u147fnl+jhq5jeHYE3ZkR4tracGadGqYCob2sl:lLb4yvsu6l+jhq5jIYECmdGCobF |
|
|
| \\?\C:\ProgramData\Microsoft\MF\Active.GRL id-Br3n0G72wUb8CejT.LyaS | 16.12 KB |
MD5:
a68402e0cd060faafd52e63d046f1dcd
SHA1: d3a9d66a7a437e30df2f2373faaedb4c0ff7349e SHA256: 07ef60520021a9c1a63c5b6910510a4caa1a4aaeaf095915d1aa2454d6edb4c2 SSDeep: 384:xy9PcieVbEL0qUXPgxGyVvRdmVsLxBOVrx:AJZ6E4qUfkGyVZd1xBsl |
|
|
| \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm id-Br3n0G72wUb8CejT.LyaS | 17.74 KB |
MD5:
50517f8f868a7d861282891fa548f1ba
SHA1: bcaf934812b1355550d4d3ea68ff6a7f94cacc68 SHA256: d28aa8d51058e72cda92857a1cb5140588aad08cf122d48a36f0b9f9e0a8f318 SSDeep: 384:F22C+197fM2Oe0gN+gWmJmXg1relj1o3pM4EuehuWBOVrx:F22t3NNd9JvreljW32tuOBsl |
|
|
| \\?\C:\Program Files (x86)\Internet Explorer\reveal_medicare_ebay.exe id-Br3n0G72wUb8CejT.LyaS | 75.00 KB |
MD5:
c75586cc162e0c2220f421195f8ec9fc
SHA1: 814373df66044d6de122cb68e725e5694559a319 SHA256: 06148b452f85867dc8e715986e239e2e0e7c8a1052f9ec93bff7b16c52323eb1 SSDeep: 1536:RRp2k5C9OK9VxlYFpKG4YOCz6R8vamR0mgLMZ5kl+VK/ABvmNo2vsl:RD2hLViXR4s6rDpoZ5iUmNor |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Contacts\Aclviho ASldjfl.contact id-Br3n0G72wUb8CejT.LyaS | 2.65 KB |
MD5:
f78238be699f9c2b2191eb8bfe732e3e
SHA1: a3100b7ceea43d857dfa52136da437446128db66 SHA256: 8dfcf2f8a07249c06bb12f257c18188f5757b184109258448ce7e4bf1388ec84 SSDeep: 48:HeR/OZL9ydhvO0/yk8b7OkKG9RcW5vT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:+ApQdhvB/yPqnGAW5vkVYj1Xm6IVJVvx |
|
|
| \\?\C:\ProgramData\Oracle\Java\javapath_target_5923062\java.exe id-Br3n0G72wUb8CejT.LyaS | 202.06 KB |
MD5:
016b9e588bb39d61e87b91fab3680c31
SHA1: 2c2946abf7dc295b69fea131e652c5692e26a34a SHA256: 7627a01a0ca6eb88611dce8dea0710eca4b4a0d2060d70f8f894059a5dc2f96b SSDeep: 3072:xAivwgV/wTmkrTHjzvBQdT7qKBnusl/Kbi6oyQSHwTBfY62ZX6ZLzjZqMNxwQbl:sgSTmUHvOdT7duCKbi6ozOwTBjR5vGkl |
|
|
| \\?\C:\Program Files (x86)\Windows Portable Devices\slightly.exe id-Br3n0G72wUb8CejT.LyaS | 75.00 KB |
MD5:
4202a7adcdc46a7695819ddd9070eabb
SHA1: 008f3c8c52ef38d2d0d2c834ea610b1ede7aabbc SHA256: b1b2514ae59058e9d60d8eefc0c3ee184859bbb03125f85f21ab3c93d904ec0f SSDeep: 1536:5kggjrHKsc8VPyWIw5lwMr5TEMq/qV1OZCbTwxVgGlkYNOovToTsl:5k5i8VPOOl3OM4cgVzl/k8 |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Music\o61wIO ULs99.m4a id-Br3n0G72wUb8CejT.LyaS | 81.63 KB |
MD5:
a04bb15e2dda5dbc3fe93f845d08cee8
SHA1: 10c3c56e93fd5cbb1376fd6cfc384901c3a9cd8b SHA256: 57bd6c610ed1abe3faa3f0e120012bdabf8dc5d4f2450b9a0fd6ac029923ab22 SSDeep: 1536:a41H/pO0WHs1ehPkE0tXW07dLfgmomtvD6eiq6An9FVITHtZGqtuntpsl:HHhms18km4L0QGm6AVuNZZtR |
|
|
| \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf id-Br3n0G72wUb8CejT.LyaS | 182.46 KB |
MD5:
b515f7b33b9f8cb1cf59dc54253cd98a
SHA1: a7432329843328f53185d79ed9b1fb73991a4e65 SHA256: fcd81262f272add4c9a4aa82031140b8b7658cc5dd3b96209ed3a655a145e831 SSDeep: 3072:bssls1MS60xwZODn/TJTHuX2T/5/dGc4uka2AtSyNLMDTJ5MtvVmbvR:wsls1b60zbJTuXa5McZd2At7mJ5MuzR |
|
|
| \\?\C:\Users\Public\Downloads\desktop.ini id-Br3n0G72wUb8CejT.LyaS | 1.67 KB |
MD5:
3fc791e3387c67fb1b13f21f25a7d9db
SHA1: 3afa0900eea9aa4ea765bbac8b08ad12e67000d1 SHA256: 5df9afdb30470f0e2c29a92c5054f5c8281a7cdb545f91638c668f27e33a81e4 SSDeep: 48:P3THS9evT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:TvkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag id-Br3n0G72wUb8CejT.LyaS | 2.55 KB |
MD5:
d4aa148bf7d65924353d68c72f6006bd
SHA1: 2192273080ecefb062f6e9cdc8fb154f1abc7161 SHA256: c32338ad8d0582b0a7e6270c656e9fd3629b6e55a5339962df6dff0264de3365 SSDeep: 48:JGJmcyIwxVPkGzhV0oz7U5A0szdpfMlL5k2vT4VFCvIA1XmDmIVJVvqc3YanmQ4a:JGJmcWVPk4hfzD0szMo2vkVYj1Xm6IVl |
|
|
| \\?\C:\Program Files\Java\jre1.8.0_131\THIRDPARTYLICENSEREADME.txt id-Br3n0G72wUb8CejT.LyaS | 172.94 KB |
MD5:
745d6db5fc58c63f74ce6a7d4db7e695
SHA1: a816fb5dd09e32d80e1ecf47a458569e3868b975 SHA256: c77ba9f668fee7e9b810f1493e518adf87233ac8793e4b37c9b3d1ed7846f1c0 SSDeep: 3072:Yj33DuJYSqN7amC35q6dNFiG8OH8eowpQcw+4oHHZZvc9HNhJhxe+p/U0UIdKJpi:3qN2p5Jmncw+4o0HMWEyHrNRj |
|
|
| \\?\C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe id-Br3n0G72wUb8CejT.LyaS | 4.13 MB |
MD5:
1ff608ac4430fc041fc1a657f76152df
SHA1: 033085879024b4c342b5f1fd1ca3c75f03ecfbba SHA256: d336fac1110e8b1f00139c02f0b0fba56ed4ee28b57b0b66f2d0f0042569d636 SSDeep: 49152:vMWGj7u4FwHIWjUHFG5X/qKm/v8y8iHcie8BOQZb2jZ4sM7biZyXr3nF1Y852/av:v27u42oiUHFG5jm/dHnk7KrX7PevpW |
|
|
| \\?\C:\Users\Public\AccountPictures\desktop.ini id-Br3n0G72wUb8CejT.LyaS | 1.69 KB |
MD5:
873888c0bb841bb9da0b4114c9d56c2e
SHA1: 8db84d99987df76804135598db0ee95e802fb45d SHA256: 850758e9fe84f30a07708c5ec31a4464d06c39376f922f3e5766102f1b82aed4 SSDeep: 48:7B7J+waWWvcYvT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:Fz5HYvkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\Users\All Users\Microsoft\ClickToRun\DeploymentConfig.2.xml id-Br3n0G72wUb8CejT.LyaS | 1.35 KB |
MD5:
3793544370ec1fddcf5ba6ae099f2538
SHA1: c784c5d8d1c496ab7ba1150782d20cba67b76321 SHA256: 87975551187040cc2505a12ac285c042b8e70921a55808ecf982c7cd37df0ae2 SSDeep: 24:QlLPFdNyWwbEUgMClMJJyBz5n6PEAJrBPE2gQGkWyGkWzRp1BTXSoNwOP:y/NFOWC+68A1B82PGKG7Rp1BTiPs |
|
|
| \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm id-Br3n0G72wUb8CejT.LyaS | 2.13 KB |
MD5:
7c905e57fe11109db0fdb2f7c99fe353
SHA1: 85b1bf8beb4a3fa5fa4a8d214a26e4c9077df8e5 SHA256: 75478e7bb134a63d6fec67a2d4e4d08bd1f4b80c359d2da5346c019c4f441360 SSDeep: 48:AK1mgAh983sAfGGr1aPE40vT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:AWm788Azr1n5vkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\ProgramData\Microsoft\IdentityCRL\INT\ppcrlconfig600.dll id-Br3n0G72wUb8CejT.LyaS | 25.21 KB |
MD5:
166cd787b9c532bc2ff7ff1ad8d52649
SHA1: a5934a7b1748afe09cdd1ecc4097147eeae1f326 SHA256: ebd64f105d41cfd3fbfbd4868d1ad7a216631ba639df614594e1d60b2436034a SSDeep: 384:g54Pr7ZRaXhakl+zJkEpaMl3oWkfAkJKNc8Xv/PFi1BgVwmtIGeAUUvsQkBOVrx:/r7X2To1wWsVcNc8nP9pUU1kBsl |
|
|
| \\?\C:\Users\All Users\Microsoft\ClickToRun\DeploymentConfig.1.xml id-Br3n0G72wUb8CejT.LyaS | 3.43 KB |
MD5:
7d7beff8a0456ae40afd0933de566585
SHA1: 424b7248c2b02fe2027c6e7451b877cbe2656ce4 SHA256: fb7c6c34d9efa679b348609803988da95175a0bcb7b8b5e95b1974e0505be667 SSDeep: 48:y/NFOWC+6fHAPUqfCsJU8/9EPGKGkUqfCRp1BTiw49BTkg:UcW76/Ea0dlZE |
|
|
| \\?\C:\Users\Public\Libraries\desktop.ini id-Br3n0G72wUb8CejT.LyaS | 0.42 KB |
MD5:
e8d021840490d2589ecf53f8636717c5
SHA1: 70dad2c6629d9e08805d834700340f8771df030c SHA256: 60a0126a1bc0406f5ddcc9225e79e9793f707d4f8c24f0049f1c7bd7fdcd6c73 SSDeep: 12:tRwmCtmdtUTfEmr1mnKVp02zUx5XPmXmj046Pd1q:tVCtOtUTMq1mKPNA7X+o0462 |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Music\K5afBvaXQ17XKw.wav id-Br3n0G72wUb8CejT.LyaS | 86.03 KB |
MD5:
f4fda3f9a993f4e205565e5ff2353c97
SHA1: ea78d24db8bb76ef8a12b9d79cced4500811d68b SHA256: d17384ca13f73ed958515a1ae5d7c0c12ff84c484ed838c644c1331760e1811a SSDeep: 1536:ZGkTULeKFMGDrgiGhLc6P8BZMoNkDQ7LCW7pumcxOkJOAjL5gsl:okTEeBGiLB1M7L3l+OkMAjLV |
|
|
| \\?\C:\Users\Public\Desktop\Acrobat Reader DC.lnk id-Br3n0G72wUb8CejT.LyaS | 3.58 KB |
MD5:
7431de4911be108d8d6877adf57ab40e
SHA1: 02cd08b6b095795832f8e973ba974cf88894cd37 SHA256: b60e1bd69b03e1c9040178e1eba24cce5ffa46b76fd845fcb31df7f6962d8246 SSDeep: 96:sN8k9+pd8YsnoQDr4vkVYj1Xm6IVJVvlpYx0:sNeFsopvkejdm7VJVvx |
|
|
| \\?\C:\How To Restore Files.hta | 0.89 KB |
MD5:
5222fe422c92bb4cef7de62af663e889
SHA1: 7bbb12ee8df0709593379bc2edcdb95f019403bd SHA256: 3e77c151f1a9604b68e7e18d3c226d36f0d7884c138131d64f9e13a9b9d4db2c SSDeep: 24:k/bxHNZAlf1sR1iYsFT5RMfvIKNxHHNaHzSRJrkjF:gxtZAlfIeCfnNaHhjF |
|
|
| C:\windows\searchfiles.exe | 0.00 KB |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 SSDeep: 3:: |
|
|
| \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.007.etl id-Br3n0G72wUb8CejT.LyaS | 17.50 KB |
MD5:
fac67d94ce19b41b17eca401e9f50826
SHA1: 2c9680f0e1dd842ffbf5406e47c6299f58a53c26 SHA256: d53822c0daf6b403f35780979391e1049d004551a1eca5967acef0b7c61e5a4e SSDeep: 384:iTRr0gElanOch/HNc9IgG6Z/ypi+yV2lZwBOBOVrx:uTnnOgNc95G64pUzOBsl |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Pictures\desktop.ini id-Br3n0G72wUb8CejT.LyaS | 1.99 KB |
MD5:
72c282b0e122f7453de9b9eb1d841169
SHA1: e8a85f5b41e3bdf1b43b4804efee0d89c2f0dcb1 SHA256: b7b98e0c12acab43b042ffbeca1c7c0e538a6275e43b3fe200a712e8b37679f1 SSDeep: 48:yZbclxjXBNo6RX2BRHh8meNvT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:yZolhBbcBJumeNvkVYj1Xm6IVJVvlpYC |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Music\desktop.ini id-Br3n0G72wUb8CejT.LyaS | 1.99 KB |
MD5:
5f6037f8c98914d4f3d7d9d55bcd8b6d
SHA1: 37481233ef3ea231ddd1ce950f36048012ee1099 SHA256: 20ce655bb14cdca3043f5fc0a1369982399f11b779482be67d62f65064b8b64e SSDeep: 48:q3+Dwl6/rojhvT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:q5l6zQvkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll id-Br3n0G72wUb8CejT.LyaS | 24.22 KB |
MD5:
8a188c747e3f1a8bbabea5bfcbda09f6
SHA1: ca42ac003d793747e42ae579b47eca68587b6c9f SHA256: cca982136eb5f317389f1224c32af46051080e8a98b3261489ecd380ae14d2b3 SSDeep: 384:fWLzrKWArfPnnTM+Z2oI8eZZzm5yKoV0pFq0GftpBj657:w0fQ9m5msHie7 |
|
|
| \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.003.etl id-Br3n0G72wUb8CejT.LyaS | 17.50 KB |
MD5:
d5fcb6e8f9586fdf0db68f6f35d4fe29
SHA1: 6ad413a2c6cf73a15e5c8da55d9f6d4c5707348c SHA256: 61ef383a18d298b8fe45307241443e1891df7445fcb813d61b6e85b7c143ce41 SSDeep: 384:sfHlD9PO2W4hgQdfUDv4EE48kg70UoDYN/woen2ZinIBOVrx:svl5POTygPukgzA21e2ZiIBsl |
|
|
| \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe id-Br3n0G72wUb8CejT.LyaS | 453.62 KB |
MD5:
1665b0b61856cdc24c6cdd0cfd20973f
SHA1: a60c21f90c1da9470b15cf02cfe89c3b419404dc SHA256: 5f807c3bc70e52a89f42c0852eedc061d486342eefb7ed00ec22786cf8a20ae4 SSDeep: 12288:jJkJpnXYiB8N9UxUCAiKMTURoXE0JhsB+H4Ll:IpXYw8IeCAOGF0skH6 |
|
|
| \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini id-Br3n0G72wUb8CejT.LyaS | 1.63 KB |
MD5:
f22f15cbe8908ffc0be51d7f60a03619
SHA1: bd99c472a27115b94f6ec78d213a37618dd2286b SHA256: 62c305c53a1cebcf2d828fcc38f642fa98766ce35e5bd2b4991730a3cf3437b2 SSDeep: 48:04kzQBzuvT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:04ksBivkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Pictures\6VPPhG1IT3F2Zg-.bmp id-Br3n0G72wUb8CejT.LyaS | 81.79 KB |
MD5:
021b3299959519c499dc84c3de52b566
SHA1: ffcd6f8aa6162ef7cd911ef6a9ff6733b57d419a SHA256: 489a8181434207137b65b6f994c0f6f8f4722b2c611b6e55eae6f1f91ef94a80 SSDeep: 1536:9XufZDUCkC/RKRh6WPploF9CZTqpDiq/ROk9iVPKRNTykgL8n8gZNIW7sl:9XufpUCrJO0WPphNqpW0oO7gy8gZNC |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Contacts\chucu jadnvk.contact id-Br3n0G72wUb8CejT.LyaS | 2.65 KB |
MD5:
89eff2e9660b2903005b8709e499ba09
SHA1: ab6322c99fdc1f39f89c9ddfbf34d11bb651530d SHA256: aac0108d6a253d4fbf96d15b5fd772d77458065b472a5ff55eac3e601eef5e4c SSDeep: 48:axT19fbWrfqas7SMU1Xv2Dj3tteBvT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:aF1gK2MeX+Dj3tkvkVYj1Xm6IVJVvlpZ |
|
|
| \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm id-Br3n0G72wUb8CejT.LyaS | 2.13 KB |
MD5:
f5671ef2efadc7e7b109eb314d6c452e
SHA1: 002e48a1eb6c5cdc0c17d63e583c11a78b9a0899 SHA256: 393e3d711351d6616018a14ec71ac163241b1597628b49ec32970cb6a9b12637 SSDeep: 48:W3xpmaIzsh/8vUH0vT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:apmaIzi/Z0vkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\Users\Public\Pictures\desktop.ini id-Br3n0G72wUb8CejT.LyaS | 1.87 KB |
MD5:
9316169bb34fac952be4f0b4ecfcfcb9
SHA1: 679e858f5f67c726365a75a8f023baf5ddb96a85 SHA256: 5bc2fadbff7d306bdb5621e183ab6a00de73c23de1f2706f9df6ee72346ae7b2 SSDeep: 48:MXiOIrjKoXx+8vT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:MXiOwThBvkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\bootmgr | 386.00 KB |
MD5:
cdf075b70e5f612b4399a54b25d55192
SHA1: 3b37308a601665b38dbc02f36359fdebd1abc006 SHA256: a0e54d6b2503139355488bc2fd3204a1ecbe228419e8a5ab234efe5be6fc0289 SSDeep: 12288:3sp8fYyDEFLbv5zG/BUEG+38EdPgoBlma7D:cpGYyiz5zGZdGQtgoTmQD |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Videos\desktop.ini id-Br3n0G72wUb8CejT.LyaS | 1.99 KB |
MD5:
b14d78df896a4fb0e12cc910f8551b3a
SHA1: 9e0297bdd1f7b42be7c3c68b3e192bb796609d81 SHA256: 5cf3ce8147f8450f0e583dac45890cae60a1efa1337ea70c7e02256ff26ca800 SSDeep: 48:S9ymvbhHr7arhB/HAg01vT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:yhHr7MZuvkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\ProgramData\Oracle\Java\installcache_x64\baseimagefam8 id-Br3n0G72wUb8CejT.LyaS | 10.00 MB |
MD5:
0beaef313b020be26a8ac109163f0174
SHA1: 1d24fb94c03f74ae694c1d32ea82df2d857bdb81 SHA256: 83ea532b5ef5907005638e159fdc2a62b0f426dd216e77da6daaf16733574b84 SSDeep: 98304:D/GhkxpdT24N3Szg1x+9W6dwbNj9IF/Dml8ekFXwuPcr:7GudTTzx+9Rq99IFLYoXwdr |
|
|
| \\?\C:\Program Files\Java\jre1.8.0_131\THIRDPARTYLICENSEREADME-JAVAFX.txt id-Br3n0G72wUb8CejT.LyaS | 63.93 KB |
MD5:
a344623714a39a4af8107afbf70d6103
SHA1: 1eb2aa8e571f8eefeafbc640f4401e927112c1e2 SHA256: 8616d6f61bf92561180f9a6fca030507d0beba6ef7df02dff8642c7e16189281 SSDeep: 1536:7yhG6CQO1jVkPow31tvZjyo7PzzEOkJmENWTgJhsl:7ybCQOnmp31txj/7/Zj |
|
|
| \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB id-Br3n0G72wUb8CejT.LyaS | 25.17 KB |
MD5:
6430f9126dc2be7879577372f79995c3
SHA1: 24e8d58c1fde077f51f5f85c8d3847d5d086544a SHA256: 9d8dfb327bea5dbfe73c580deb21e1493a555328212ddae522154cad3528167e SSDeep: 768:ifuaVdndhNDkeNrMCmRLqeMRtYJvGIySeKSc3dBsl:8NdnJkehlmRp20ZyK3Hsl |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Videos\mqFOr.avi id-Br3n0G72wUb8CejT.LyaS | 73.46 KB |
MD5:
072e8b5ba7f8012b9c7e2a81c27d80f8
SHA1: 2f8be4cadcff582c043910f5fa6db6cf3d8f0ac3 SHA256: fd3047e8325e7f4993dae9a1760d7d105e884e0283cd691b1dca78a5047c1e34 SSDeep: 1536:F6Kz5H5BSYX8oZPtLtMC/sGxDMfhYi4PEDk6d9mjFwsl:wU5hModVGJYtvRj5 |
|
|
| \\?\C:\Users\Public\Videos\desktop.ini id-Br3n0G72wUb8CejT.LyaS | 1.87 KB |
MD5:
2bf85f4ec51dd85c34de89f1db1d2580
SHA1: 372b1169576834e4d8edf058bc3aadccc236ac1a SHA256: 87847ff29e4245fac1b12d7dca66e2e607e9869898f901b783d16ca126ced5af SSDeep: 48:hpIELBkcFuKgBZvT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:hpBdJuBZvkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\Program Files\Java\jre1.8.0_131\COPYRIGHT id-Br3n0G72wUb8CejT.LyaS | 4.67 KB |
MD5:
58e253295ea254e4ebd9bfeb9eaa50b2
SHA1: c482c6697c3783dc95e3791a2764156dae5098e2 SHA256: 61954e61ba87ff4ff4c5764db2823540bb7f5c69a592cd3943c15327b4327130 SSDeep: 96:jUCKHk3NcHRj3fN1Vhf5K5HqhjC9xQcWvkVYj1Xm6IVJVvlpYx0:gREdqV3fvlK5HaalWvkejdm7VJVvx |
|
|
| \\?\C:\Program Files (x86)\Windows Portable Devices\semiconductor phys.exe id-Br3n0G72wUb8CejT.LyaS | 75.00 KB |
MD5:
f68719464cb21cd6ce3f56b29edec1b0
SHA1: bd3cd6a48e62fc272879175e3f1de292beb41753 SHA256: 24c0549fd23713a9f6abb895e1fdfc7302be2944d0f9d9694e74a162844db6ad SSDeep: 1536:xImrgG8zi3jpaweTvgTIdFDS3cbUR7WV5yeGYdptVFoMwBVOwzUtsl:xqhiYweDP4MgWVcwA3Oi |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Links\Desktop.lnk id-Br3n0G72wUb8CejT.LyaS | 2.01 KB |
MD5:
57b512551467aab1a1edb0b7bc9e3c0d
SHA1: 9bd52027f8e1cf8caf722563b399bd4a2436aa23 SHA256: c1ef3b32203da05b5cbd5b5dbabd65ecd8af1409e80b35cce236a3930544e623 SSDeep: 48:yXkJ+sW74oJHvT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:pRpoBvkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\Program Files\Uninstall Information\just_instant_bulgaria.exe id-Br3n0G72wUb8CejT.LyaS | 75.00 KB |
MD5:
4f12438545114737db4b88bb0a1afb59
SHA1: a85a5179e99004fc4f66d14a21b341a7cd88cdbc SHA256: b4b4b0d95ed2e53f4af5e519f5dddc28da6effd85817766ec3cb823123fc6ec7 SSDeep: 1536:a77sfnWPa2RZilkMgOCUE45h3WNYSVAlBE+Yx431YO+Lz2PYOaTsl:a3knga2RZi9ZC74Dp9/naOnM8 |
|
|
| \\?\C:\Users\desktop.ini id-Br3n0G72wUb8CejT.LyaS | 1.67 KB |
MD5:
1c1f7836cbb07d7056f77965d700cc38
SHA1: 3912f9667dab7566522469758179ab60bc4e8061 SHA256: fe0f26c3c61881529df430edba2d0fc5492e2245075add3024ef3e3ef736c802 SSDeep: 48:46hyOR4r/vT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:47vkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag id-Br3n0G72wUb8CejT.LyaS | 2.55 KB |
MD5:
8c340ec9307d8363613a180ec8d2d0b2
SHA1: e451eb9c7ee3922d15843c27b023cc9e371a8573 SHA256: 52305b89ba589f6e293bfdb703750ba42db1a6d49b0b2cbb5ab4ae3207b631d0 SSDeep: 48:uscKSeTU7+FE+Z4mapUWviGHSZwpKXmvT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:usc/X7nbcGHgCKXmvkVYj1Xm6IVJVvlX |
|
|
| \\?\C:\Program Files\Windows Photo Viewer\runtime recommendation.exe id-Br3n0G72wUb8CejT.LyaS | 75.00 KB |
MD5:
f947101217bb7181157d2980f63bcb9c
SHA1: 361e351a1d0dd74c5110b34e7371bc6108e7acca SHA256: 8c9f6cbd1cda8695c0884f66c7e59c97eb98e22decf93cf7e170b136395c0aba SSDeep: 1536:9Ob+7KLk4TleloLitGP5+bUgAfBK/0IE9KHhzGK19+/ROsl:4b+mI41uNWBKu9ChGK19+P |
|
|
| \\?\C:\Users\Public\Documents\desktop.ini id-Br3n0G72wUb8CejT.LyaS | 1.77 KB |
MD5:
1ddacbf033e394e41c713fdbc20892bc
SHA1: e118f09fda40a9bd0012d5c8186f2ba74e4449a0 SHA256: 4c279c4ca5513a8a82f28c43db3d47c7cb8649d49e9bf419c60365236d0f50a8 SSDeep: 48:ZAQ9Xx+gPvT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:iEX1vkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Documents\2RMYqU6OwcaNfG5QwG.pptx id-Br3n0G72wUb8CejT.LyaS | 35.46 KB |
MD5:
88f5e548d0023febf5117976eb378b4f
SHA1: a2f63175e680dbcbffe297e4597881f5520a8706 SHA256: 804dcc26cd1b1617bc63cacf3b1da455466febf0897433fe0906f3edfd099d8f SSDeep: 768:pcgkwVvWCsoqtPP/qFggcvUZSGjeEj7i1DhEN0YZzijg1RnnAozGYz+Bsl:nWCsoqtvqFcvUDV7iRhaziE1JZ7Wsl |
|
|
| \\?\C:\Program Files (x86)\Windows Multimedia Platform\pump.exe id-Br3n0G72wUb8CejT.LyaS | 75.00 KB |
MD5:
45a7cde137c77f0be432516bc671605a
SHA1: 1a6af1301577147221b756e55d2fd18522c77eaf SHA256: 088570df5d64fca5929ed98e0c335b1df7de91f2633862b4a4c3e8b926957e24 SSDeep: 1536:DtVhKv9XRmKcWbYvZ0ow5GSvgMr1RpQNUDbKn1W3NaB2mrDJsl:DJKvXbYdw5XgW1DCUKY3NaB2qy |
|
|
| \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe id-Br3n0G72wUb8CejT.LyaS | 453.66 KB |
MD5:
b6409a824001944315f13cec9064cc5e
SHA1: 9235fded33f8395065729df7de82b9e649ad2358 SHA256: 3fec4c36fe0b2d4103e5957874ccb04a61d59d583cf17d9e7e7457774e5cba69 SSDeep: 12288:TT7Q5ZO118pZoDyha3v+UGGbeTem1OO1/ZV4JXWOEfwRySlcT:s5ZO118pq2h1UGGKem1X3V4Jm0u |
|
|
| \\?\C:\Program Files\Microsoft Office 15\charity.exe id-Br3n0G72wUb8CejT.LyaS | 75.00 KB |
MD5:
a97097950fd4e67d5ccc15dee2c89634
SHA1: a55250aec1f8caf6e12317b8a4b17e76a447c500 SHA256: e0989423a0addb2a2dd0f73284d58c7ffe9e85dccffd66f87c1a7d27da796576 SSDeep: 1536:cF9AXhKUkWcQsyZpezoZD9op8YBhth0ylrVXPG4nt8nt5fa91sdgdMsl:Au1kMs8R9o3hthXPBnwY1sdgp |
|
|
| \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml id-Br3n0G72wUb8CejT.LyaS | 3.43 KB |
MD5:
a6b328ae4fc15362efd75db9300039ac
SHA1: 630bd623d03b4877e0da9c7427d0c8784625a7eb SHA256: c74331bf256669653289638d1573832c77195b8dcd4fa415cf4838ecb6d863d3 SSDeep: 96:Sbr+qKkNt0DPZmY9qgzDvkVYj1Xm6IVJVvlpYx0:SWCz0NmIqgzDvkejdm7VJVvx |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Links\desktop.ini id-Br3n0G72wUb8CejT.LyaS | 1.99 KB |
MD5:
73432b167cab0e1c744ea86a7849c980
SHA1: c8a1ae3cc37b6d636f31e06fbf17ea383c54aebe SHA256: e3a88af1d2d5679ad1769c6d1ef3c71d32468db5172fb65e132be6a4e30e2eae SSDeep: 48:PQjQASvHl5UJPey8OSfvT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:PUQ9LUJ+vkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000\desktop.ini id-Br3n0G72wUb8CejT.LyaS | 1.63 KB |
MD5:
838ee97a6e21d1dd5e49f848fb8e3e3c
SHA1: 3a1b145c135f200646397cda3f8ef73f6e84c902 SHA256: fd5308940aff904756a548a87d5f840c4a638036aa1e8c894e1552a9b0fe25d1 SSDeep: 48:mh5idUkIuDvT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:mh5id4uDvkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Documents\Database1.accdb id-Br3n0G72wUb8CejT.LyaS | 348.00 KB |
MD5:
18f4c424310b664ccaeb16cc6628ad5b
SHA1: 780009cced34531d4eff34244d480e4a451e6fa6 SHA256: 978bb09dc0e260186252e9cc86a076074bd9bf7b06772dcd069a2fff316b8a84 SSDeep: 768:cCrlqlHadRcdR4flxVrkJtCzUedRbPdRb0dRb7dRb/:c6lqlHadmdSnAJtCzZdxdmdld9 |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Desktop\1PIfCh65fn7.docx id-Br3n0G72wUb8CejT.LyaS | 92.27 KB |
MD5:
769812fd628b8e691ef76411fc51a01f
SHA1: a4e03db56ef682de196fe00d2ca0816c32d6333a SHA256: 89283b0458f876441f2d61d4411b7ed31202d2abe8c88124e7e2669cb3f5ab30 SSDeep: 3:: |
|
|
| \\?\C:\ProgramData\Microsoft\Windows Live\WLive48x48.png id-Br3n0G72wUb8CejT.LyaS | 6.05 KB |
MD5:
a7c437ac3151d1b6eaff93abf15f2262
SHA1: 3c5f7be207882c25b4ccc9cbb0afa5b54d359993 SHA256: 29080b5efd0f702f554ce57b766404fef9e75b92e3a3cb43fb8d8464029367f1 SSDeep: 96:poRqUm40CeNefjxdlynEFRaspIQW3UTHKLG8NjVos4vkVYj1Xm6IVJVvlpYx0:phUm4f9IUFOUDK5jVivkejdm7VJVvx |
|
|
| \\?\C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm id-Br3n0G72wUb8CejT.LyaS | 2.24 KB |
MD5:
bd303d1a1802917df2792a64f3b96a95
SHA1: 14ef0d433d8b5eccebe776c9433696e8bf5eeda6 SHA256: f1bc1400f683c7c546d9d3beec48b19358f5183a92217d3da912bc1ad5294c21 SSDeep: 48:glkldTCWZXAm30EFTAQxzgyZt0jmRvT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:ll2zQxlZtCMvkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Desktop.ini id-Br3n0G72wUb8CejT.LyaS | 0.63 KB |
MD5:
6bd5fb46283aa48e638bef47510c47da
SHA1: c38d46ec6c9bc8baece4a459b617f44d10af973c SHA256: 44fe5eebd80e46f903d68c07bcf06d187a3698bf3953bc58bb578465e2e0fe6c SSDeep: 12:q9TBN1tbr5XT2iTuRlCKGL+TiTNDODaPi:q9T7DblD2cuDGL4CNDODaq |
|
|
| \\?\C:\Program Files\Windows Multimedia Platform\freeware.exe id-Br3n0G72wUb8CejT.LyaS | 75.00 KB |
MD5:
5abd5d92365cc1e9e249b4052064b7dc
SHA1: 188021d51d566c92dcad60cee3c9cc7a76ea9211 SHA256: 8f0b3a55beee0869e4f692aefda970c9327ee3557082083b6f2d882e51c88545 SSDeep: 1536:PA9BU9IuOukZVzeEqQx7+5gMVEVxC4I9+lxXoWHwtrK3Mp3JnvHc8b9u3sl:PGd9ehriO4IHiwtrK8zHcPo |
|
|
| \\?\C:\Program Files\Common Files\Services\verisign.bmp | 2.64 KB |
MD5:
618aa7be4cd1750b0a5f6247d084392f
SHA1: fe878c289c59f085d8edf73cc634492ce6bb3281 SHA256: 7f79dade5c9f7c6851af225be7d73d88b62259ed251638ba0140c7ea311cf2ed SSDeep: 12:VGSaGRX0BalfJeZqm3I03p21byt71t/rfahott6YYJ7rrluT1Sc8/M1il2lvf:ISrF0BbqWIJbqnLahwwjhrcZSccM1iYV |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Videos\VyW OD.mkv id-Br3n0G72wUb8CejT.LyaS | 66.75 KB |
MD5:
7e99b1f5225c14db8cfb4f03ec7af461
SHA1: 3ea450b5d8125fef1e277489cdf5b79b5cbfcc8c SHA256: 927742ef3254de7493150d17e43ceca42a49fb55ec8d85375d3e608a96d0eb3b SSDeep: 1536:3LMhLbtpSZPGo1EUtoyMeUR68JdTWe9edGc3U0GIwqxTOASe3sl:3LWjmBAyMeC6y5Pc3Udd2+n |
|
|
| \\?\C:\Program Files\Windows Photo Viewer\collecting_vb_les.exe id-Br3n0G72wUb8CejT.LyaS | 75.00 KB |
MD5:
8e94523b84d1fdde169185c1eee0d4e1
SHA1: efc6aa8eecc4c8981f7c71ad6485b175bda6b370 SHA256: 35c3bab4faf2c2c678f073e830a634cdb1a1c711316d5e75f062e84612bfcf5e SSDeep: 1536:M+20DwHV/UMTWKN2rwJvcnhE/U0ehghX4RB+Rk2GdLnr0cctrbq3Fjtxsl:M+20EHiWp2rq0+/U0UmX4P+Ji4hrqte |
|
|
| \\?\C:\Program Files\Java\jre1.8.0_131\README.txt id-Br3n0G72wUb8CejT.LyaS | 1.54 KB |
MD5:
72c8dbf17942f671e6deb04b09f14b23
SHA1: c19f0e5f49139f09d41b08aaf43d4823f4444b5b SHA256: 8c11b67029f89a333b287839f3a6456227643452b39876d1cb7af656a0814c45 SSDeep: 48:rS5RvT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:IRvkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\BOOTSECT.BAK id-Br3n0G72wUb8CejT.LyaS | 9.50 KB |
MD5:
d887e33e371e7750affa600f937fb5fd
SHA1: 83adea9de63ff423a45e261d36924ab958e51fe0 SHA256: bca97bf3d1dd9332d5487b451b01a58b89e4b25c405dc5fa4c2cac14ef3cb658 SSDeep: 192:Vmd8HhJxs1t0SMtpfkTqCNM6Xd2NjT5xOY21uvkejdm7VJVvx:Vmdaf+mSMtpnGtyjn2ABOVrx |
|
|
| \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag id-Br3n0G72wUb8CejT.LyaS | 2.55 KB |
MD5:
b34148c7228fb0d54ad3c34061116bac
SHA1: 71e7e374b29390d184c0602142f5d29133a713c9 SHA256: e70b883e01a3b107a2fd707aa6a1900e6eef6e1730d7b62a6bc9d6a14b83b85f SSDeep: 48:GEWsXLYBUahJCefEYIKtyGUKvT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:ICF5HKtyBKvkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\Users\Default\NTUSER.DAT.LOG1 id-Br3n0G72wUb8CejT.LyaS | 25.50 KB |
MD5:
01d83152a3197ab356e868306a7c439e
SHA1: 1a7f7c43eb7355c03775526b5a5b63fbfb360ce6 SHA256: 9a2433ad5a90b11d43aa9573b38c51a2a920d0a63d9cd268a01c7c64316171d9 SSDeep: 768:5qjinnj0p612ztluWCWuhnUdwUluvKjh5SeBsl:4gnj0y4tlH0OcKFTsl |
|
|
| \\?\C:\Program Files\Reference Assemblies\commands.exe id-Br3n0G72wUb8CejT.LyaS | 75.00 KB |
MD5:
231a0484852814b53c7b342ae081ce2b
SHA1: 6c83c9ac50ad12608e18e50a0e5b990d7764ecb4 SHA256: 1405747c443c3b4c2b0c2b843b2911aef18c71e178d2ffacb4b550a54767e841 SSDeep: 1536:NBOTfGH4K/LBKJzrr9XMa3kFU6kjLGOYRfnhDGTlFJtyH0rhNiPh0uVsfwsl:NsTfGYK/LexX70t2LGZRf4TlFHyH0r4Q |
|
|
| \\?\C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe id-Br3n0G72wUb8CejT.LyaS | 170.95 KB |
MD5:
3e63ac8c23f08d355a00f987b5cb0aa5
SHA1: 02da54a50121213a3baa02c46b8a90c96299784c SHA256: 4289aabc5923aa36aa1385f284e2642f101646d3e9bb5a2f80ab8f9bf4331cfb SSDeep: 3072:hwSNYdLDFHMR3lNN6b3RFcVKz8ApOnK4Fy+k4SzLIKoOYtSmC7g9f6tEDST5PHNl:hLNYbMF23RFCBnw4GIvRjC6i/g/8n |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Searches\Everywhere.search-ms id-Br3n0G72wUb8CejT.LyaS | 1.74 KB |
MD5:
678066b86aa9ab70fc0cdae43ea9ed79
SHA1: af44df3c4d3ad7f3f8dd0c39b3666280e4936855 SHA256: f80d5b7ca88a0a21e57ce79c987c9c2ede1918f2821e05e43f1156389db201a0 SSDeep: 48:BKuZ9Xx9sm1PWvT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:BVBacOvkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Downloads\ChromeSetup.exe id-Br3n0G72wUb8CejT.LyaS | 1.08 MB |
MD5:
cb26a32a1ada813d2aab8bc6422e805c
SHA1: c6a924b3e15374bb27bec56b48d997acb3459ad8 SHA256: e7a349bc71c2b4e728fc0276257ec9165dadebe42aca0de5abbc8ff1d11bd6d6 SSDeep: 24576:8Ej5jDN2+fvw1wh/jSaRjJFS1t/1nCXD8FTI9nZTDReeEYAiBBBny:8iRDN2+HBNRj/inCXDIshZTDRLB7ny |
|
|
| \\?\C:\Boot\BOOTSTAT.DAT id-Br3n0G72wUb8CejT.LyaS | 65.50 KB |
MD5:
44f0eeb2da9a026554a59c9bd14d4008
SHA1: 9d93bc9b4960ec50bd791aca5bc3706db88a681e SHA256: 0035b9688673f53923571675a177f1eaa35f2973d389b015b098705f6f2fe89e SSDeep: 1536:MeXHRsRksOSDQAAzBhELDcKEz6ec8VBY1fdyiGHUsWUzgP8ZmuMsl:FHRBDQQAuEPc9z1c9yiG06ziUmuH |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Saved Games\desktop.ini id-Br3n0G72wUb8CejT.LyaS | 1.78 KB |
MD5:
c649a1b4b240aa654e564f1a1739eaee
SHA1: 4a42c96e85e913768c1084e2130d79878393deea SHA256: fbe55627a32141eb386ba329a9c217130b2216cce6c93c332f61d808cac20b0c SSDeep: 48:Jprh9Nbh31F+MvT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:Jprh97D+MvkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\Program Files (x86)\Common Files\extensiveadvertisement.exe id-Br3n0G72wUb8CejT.LyaS | 75.00 KB |
MD5:
5dcacdf9c32c3f0dcc2f44f8f26d1c78
SHA1: b52931c73c409d953a691f1c86dbf2e5f8da9f90 SHA256: 8378bcd8e3bbc707a394cee4c0ef7ca8dbf9134b7d67d01841e9db5a4b9b6f2f SSDeep: 1536:yqlSa5z0W8yQ/8yxNmeec1b3LeWGJxaA4d+qTPfAfDXN7Tz3Tr6g44fTUC6sl:yqlSSL5Yx3/1b36gzd+qTPfkXNXuMfTD |
|
|
| \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe id-Br3n0G72wUb8CejT.LyaS | 765.05 KB |
MD5:
3cc208cbabe5d38840c82ea78a884fe5
SHA1: 6f6a5f343bef2dd6c0074ec554379b843ee69e11 SHA256: 350d9d310ec1ead64ed5c0e7dc24893aeaa6226d8b2af582eaee470e2227fb2b SSDeep: 12288:Ax+sXi429ja/B4AzjkixpvpYGeyzY13i6qjO+XIlrJplSZ2rVU1XlpYQdqnAs+S2:NO/z7fK5yzQ3LqjO+XgXw2BU1VeAS2 |
|
|
| \\?\C:\Program Files (x86)\Windows Media Player\kg_tools_them.exe id-Br3n0G72wUb8CejT.LyaS | 75.00 KB |
MD5:
7e957b4f36236364fd61fa612111114e
SHA1: d9d147889b3b2c3232651af469641f4958300946 SHA256: ece9199c0aabcbc57ffe9be508bfcc3e0632f07ced2b28637ef4c7206bcfa637 SSDeep: 1536:n7hq2A/Mw0fNnQTapVsawhuwIicfSEU3CPkSVlGs9tzUj0qHbLBzsl:zAUwueaJwofqEUakBs9yj0eZc |
|
|
| \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm id-Br3n0G72wUb8CejT.LyaS | 2.14 KB |
MD5:
73f6913c22c19c586e4bb280baa9b287
SHA1: 6ea0b92162694c61dddae2eb223cc6c2063c4c3c SHA256: 76f324849c92d1f1d080d17a21d4537d21f3bc4df5d6eba1ae8584e27dc8b8de SSDeep: 48:18FvqUuh/0FvT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:svB40FvkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\Program Files\Uninstall Information\lined-tex.exe id-Br3n0G72wUb8CejT.LyaS | 75.00 KB |
MD5:
26b9a06732576ceceb3e6c170a4b8b8d
SHA1: 33dd0d8dfe2cc51524a5108418987c879e879e82 SHA256: ff826292b80989cfa23eb90bfcd9568bb9a0bdd24191bfe7d74c601d039857ab SSDeep: 1536:Pv/Jb9QMizlycNSkKclav+dCXiCYLSRXAilK9SwPIsl:3/JRCMmSk42d7CYeRXAis9Ser |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Documents\ciEYcg BbzFlEAagVLi.pptx id-Br3n0G72wUb8CejT.LyaS | 99.62 KB |
MD5:
c33cbfeb6aac366ac0fec04d69e2af07
SHA1: 62812668acef8fb956fb0585ca30bf6d2d0a8277 SHA256: 0697ed2e5f24c198fc3a4f53b34d94d36dbd6a74f197baacba53c97c295343f4 SSDeep: 1536:a7fEAxNTmGb38vZchZjOeIreZqShUnDNV/f7HGiaFDKvhQVpMkYYXn3aL0sl:a7fEAxNTh38vZWonydh4TG9FDK6HzqL |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Searches\desktop.ini id-Br3n0G72wUb8CejT.LyaS | 2.01 KB |
MD5:
6b16a47b84492bc6cfae0a2851fdab6d
SHA1: f2e2b2c2c7653ea52886f8e68e36f030506c5d49 SHA256: 1303077b65ff7dbb9790999038d363595c70499aa65b55757d635129b042e6c6 SSDeep: 48:TH+If+R5+HC5CR1XvT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:I5TUjvkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Favorites\Bing.url id-Br3n0G72wUb8CejT.LyaS | 1.70 KB |
MD5:
b4b7151b4ebbf434cb3586c2153eaa04
SHA1: 2d539d9064cc8c6bd89992da4a21caf691b17076 SHA256: ecf4a322f203600a2db46ab26a61e7a57f04c4fdc96b0c5f27ad8c5fe2d476e3 SSDeep: 48:DhgsEbWzU3EuE6vT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:DhgsEbWzU3frvkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.008.etl id-Br3n0G72wUb8CejT.LyaS | 17.50 KB |
MD5:
9987ff3fb5d803e653f61f0076829e5d
SHA1: 8ff8238405cafb8d318eefadefa1f07fa9a9ead4 SHA256: bdec3d5e068dc2af1d5165f618a9952d492086b758fd7e6286efcb55225469ae SSDeep: 384:DL1NrfEpc/h4CTGQJxo7MWnsHkf1paKGyghBXmJLmJBOVrx:bdh44Jxr/pmJLmJBsl |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Music\ESp7hzFp.wav id-Br3n0G72wUb8CejT.LyaS | 90.09 KB |
MD5:
461c26dcb1df143f0abe4aa4cb721fe0
SHA1: 5859cca54db22c6fd30c468200359e35cfd747c3 SHA256: acff8707bdf6ecfea17da8cadc1ff4b2fcd68e6a2771a83028898f3aa5af3d1d SSDeep: 1536:OVztdc21L5nb9IjSntn0C2wP2BF4LCDaA+en8Ai5xCIWGMFAtnl7bkTiAJfKIb8z:OFnJb9hnXH2j8CDaGj296Knl7gffKIbi |
|
|
| \\?\C:\Program Files\Java\jre1.8.0_131\LICENSE id-Br3n0G72wUb8CejT.LyaS | 1.54 KB |
MD5:
96a04ab22536f79d90306aa9441e1cd6
SHA1: 495c5b4ed043f0d4efd701a994bf05f9602eb5c5 SHA256: f1016b45b20911c9843f244dc11e73a5563c994c729ed51c9f35e25f466e4a43 SSDeep: 48:d136CicZvT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:3XtZvkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\Users\Default\NTUSER.DAT.LOG2 id-Br3n0G72wUb8CejT.LyaS | 504.00 KB |
MD5:
07bfa37a932ad9e4e5adaa7c083d9b34
SHA1: 02a2d86653552004ba85068ddccb0fe006b5d291 SHA256: dcb3fe6744f478f98ccccd18e019bf0c75c2951c0c839a2045443b65214230b9 SSDeep: 1536:SeXQhXcxfq8Ln1VWax9WaUJlPb9R9xT4QJXmLbBLNRnOjgVNRk0zT11s3sREnSVW:SeAhXcxfqQx6ZT4gAjJpvN |
|
|
| \\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins id-Br3n0G72wUb8CejT.LyaS | 1.96 KB |
MD5:
42723c5407d169427ec68621a1a34630
SHA1: 2d85802c0f7930389d374772b07a7a9e962d1a51 SHA256: b9a1dcc7f7769893a3b4cb52c03c0b281164a1e5c15f18bcb0812e0dd5e83f7f SSDeep: 48:riOKvj26/HjX+zLf6dhVdvT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:ryNbX+H6vVdvkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\Program Files\Windows Journal\orders oxide shift.exe id-Br3n0G72wUb8CejT.LyaS | 75.00 KB |
MD5:
ea4fbb32317d573826d43ed7b1a08853
SHA1: c4e8932e85573907a2219d645cd722d24b5882b6 SHA256: d89ec1ef39c09ce9830e09be229d1dbedf1774268c081784148b243dc98f5117 SSDeep: 1536:Z9Zo9L6KjBTDccxeccG9v6mVpgMKxzQht0+XJeyyQ9vRSgeMKuhGd3yVvKh047sl:Z9Zo9LFgczzVymhMQ95SCKu+3sMU |
|
|
| \\?\C:\Recovery\WindowsRE\boot.sdi id-Br3n0G72wUb8CejT.LyaS | 3.02 MB |
MD5:
875ffcc409850d56fad26ba512785755
SHA1: bc208e4cf2809d9ae31c1d63f3505e8366a15bef SHA256: 23ec8d3ea412c786e55ac982cfef24aa061e9f71955867f6aadf4c2fdbc23ec6 SSDeep: 24576:i+AfssyCsLjvucPr7VRCT4uVbIcmwPGgeKDQl5SzBH/vp:iwsyCsWcPrJRrMbnmw5eKDQlIB/x |
|
|
| \\?\C:\ProgramData\Microsoft\MF\Pending.GRL id-Br3n0G72wUb8CejT.LyaS | 16.12 KB |
MD5:
bdf11c3371f249f6acac32fa6a633cff
SHA1: 24391122d24f012cb2d0f056f7b2d7f0c8c2e2b5 SHA256: bcf332f85cc71481bc68e05f96e1ec76efdd454197c7e2a28739b3a75a78755e SSDeep: 384:tWSlgFjRDr/nsgBNRNe9Naijgn9d+s6oCuCZBOVrx:gW4dsE5e9NaiEdYnBsl |
|
|
| \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.005.etl id-Br3n0G72wUb8CejT.LyaS | 17.50 KB |
MD5:
15e999c7613e93f419360dd2736c6525
SHA1: 0b3f13175b2bf371781b6ed1bedd33584889ea40 SHA256: 0788107ae2b53b237253e5772d24c416b45d81c3327aee95bd71fc4f7585488e SSDeep: 384:N57ddjFXxLJNJ3e0de1An/5T3+/jH/vVpaiBl2tX23YvnO0zBOVrx:N5BdJhV73P/5TurHDaCl2tX2ynpzBsl |
|
|
| \\?\C:\Program Files (x86)\Windows Photo Viewer\limousines.exe id-Br3n0G72wUb8CejT.LyaS | 75.00 KB |
MD5:
dcf375467eb0dbb329b22b789309d01b
SHA1: 2f7eebc2c1f9d4f1eb2de96adc27a80a7900046b SHA256: f1bcfa215673de652a4f0ac914a4adab7900b68156c8ef204311fc29221a9575 SSDeep: 1536:VdklB8bJLgJNSK3U5okVNUo4exeN6XlndL05fxmCTEfquA+WhPGsl:bYSbJLsMEUGkQnC46O5PTXu6PV |
|
|
| \\?\C:\Program Files\Windows Media Player\affected.exe id-Br3n0G72wUb8CejT.LyaS | 75.00 KB |
MD5:
acc41d14efd2c1f1333033ccb4842274
SHA1: efe0098982de221c7522db43e4f0cba6de40b14a SHA256: 1e1ab55c972c0cb95fd385540c8fc7b92154fa61f060431fd8d77006bb3ed70e SSDeep: 1536:X3wlrXp7gEk003mR/uX2JpK6Mu+eQX1FNZNn6tzRj3M8EhM34sDCHS5+sl:HwrOZ003C3K6TLQFz6tVjnEhMTDCyj |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Videos\rWkgzSW.mkv id-Br3n0G72wUb8CejT.LyaS | 85.19 KB |
MD5:
83b794dfda37df6d3c4124ad24b4d50d
SHA1: 2622d6b22d261fa4586632b705fbd23de214278a SHA256: 687b1e07378c33ae087fcd30ddb06bce046d6c7305a86a6f92648677c98e3b28 SSDeep: 1536:8L5uiTELbYksdZbL9y/1WbKV6CvSebyXbVZrtYEAbLZ1ztBkZ2grsl:8cQEYNL4tX6CvSebcbVZx2Z1vF |
|
|
| \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm id-Br3n0G72wUb8CejT.LyaS | 2.14 KB |
MD5:
b572f324e807492f4b370287806ee88a
SHA1: d31267c2d915aebcaa68cc20ec6a22b51c0399da SHA256: d213ee594c524f9d3d108c87bc6d593770fed36e676ba8e0861dbd59635bfe29 SSDeep: 48:gbftp90SirF0wF1vT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:GP95iRRvkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm id-Br3n0G72wUb8CejT.LyaS | 2.25 KB |
MD5:
74c19d1951895604e4eff578c9638717
SHA1: ebd8e0c2e035a89f6f33ac8b09799ca307379f6a SHA256: cd3370eea44ec1c6ea858e7cefb5b1fb046b504645d6322bc50fe330551f4e03 SSDeep: 48:kEkT+/5PN1MMcW7WBPc7QPvT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:kEecMMlZ7QPvkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\Program Files\Java\jre1.8.0_131\release id-Br3n0G72wUb8CejT.LyaS | 2.02 KB |
MD5:
a34de06b8c3aefdc665df7dbe126ccee
SHA1: 422d28cbb6b3194485cc272ad8d69951cc737f5c SHA256: efdc61c265526ac1253e8c307084c67b37bc8200e3b08d8ceebf2ce1d6c05d8b SSDeep: 48:i+TOKnlrxvnJOzvT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:i0Oexv8zvkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe id-Br3n0G72wUb8CejT.LyaS | 446.54 KB |
MD5:
91c7073b1d563bd8b2e1a4d86a126b8c
SHA1: 2ca1aa1c0af57b55752a98522a43f22330144461 SHA256: 4c1f5f2b3e351f086f87cc6a76381261e2f941bd5e7487c2132c67a76de0385e SSDeep: 12288:tWA/NNaRiWpEk5fuWWFpGaUr+ByFOs1wHcxuW1vNN0zvc:tWADaYDkB4kkEw8xuiK0 |
|
|
| \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.002.etl id-Br3n0G72wUb8CejT.LyaS | 17.50 KB |
MD5:
876965eebbb4451eb4e255617a673b4d
SHA1: e1d5dcc25de828652580c50adb0dd273d25d10e3 SHA256: 4172d77bef6d4662b638c7082cc7aca8ff7d7836acc1f718d40bfa31a381d25a SSDeep: 384:D7DlnB2g8ht2qJJKsmM2veAVAFkbCp0tnm7c2xdTnqpxKb5vjqBOVrx:DVB2fLJKE2vehFkOpQm7c2POpxavOBsl |
|
|
| \\?\C:\Program Files\Microsoft Office\FileSystemMetadata.xml id-Br3n0G72wUb8CejT.LyaS | 1.77 KB |
MD5:
9b2dda34c0f2e93cfec30c78206cb024
SHA1: eda89927a36e424c4f4a523a9aa1f6650fc93eb6 SHA256: 09d9fc468bef7aa1b5b30f8e3cd5c8eb2384bc4d65111f8df26452259b9fd9af SSDeep: 48:wRa6VRmC0YyBvT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:w39WvkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Contacts\asdlfk poopvy.contact id-Br3n0G72wUb8CejT.LyaS | 2.64 KB |
MD5:
09b6b6a736d048d1ecb97c01d6fda9d0
SHA1: a8b79dcd826e843bbfe02ab89d38c80b0f9663e6 SHA256: fc5d01fc6e399366db94310163d4c76bedb1c3213fbb4507fc9df8b39b7d2dd7 SSDeep: 48:vEy9vv9IQq+WXZizu5Yu0vT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:vEUvyQq+WJi1u0vkVYj1Xm6IVJVvlpYC |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Videos\60D7E9F.avi id-Br3n0G72wUb8CejT.LyaS | 35.50 KB |
MD5:
178c06aae784264b4ff017d4a2a07278
SHA1: ea436a4c23d9c0b9d1ea80a5bf56ec3a2cb46057 SHA256: f7dad11c686203cfc05deabc0f1423ac940dc52a0fc9c57fc674b283a715feb0 SSDeep: 768:Nb/o6wbIExkjtppRFAgLV6bJKg5dBwinD+MVbqNTwnt/1aiR6Bsl:N6bIExetppRFbVS1bqinD+mbqNTwdIib |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Documents\d43nQxH.docx id-Br3n0G72wUb8CejT.LyaS | 39.54 KB |
MD5:
145bfb891f48ff07acf5725407f10dad
SHA1: c65be5f7a6bfcbc33329b77d4dd20127d9775fc9 SHA256: dc2f4a8b42faac273e885a13ff281fdd8f659b719c8ac75ee45b2b8ef60c19c0 SSDeep: 768:zXP4m1ZlZiitd3OzJRNgGbOtGvrNvC2OMkEFdCOSo/OQ5vrLI38/Dh5Bsl:7PV1ZHiY3OzJvgK562fkEF44FhrLI3ss |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Favorites\desktop.ini id-Br3n0G72wUb8CejT.LyaS | 1.89 KB |
MD5:
504ffe242971a15d1f385c697744fc56
SHA1: 6b3c2b18aa2ca39cc412dfaf1dccee53cd432602 SHA256: b78dad8dd318a23eacc9ca94db0f443ceff3d872e188bb55f2800849b74370c2 SSDeep: 48:nHi8rhGjh9c/eivT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:n4jhC/eivkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll id-Br3n0G72wUb8CejT.LyaS | 966.83 KB |
MD5:
58b80d366d68b524e1b4fbb4c7dbc511
SHA1: c42756154a35923542317fae2376497d0035c51b SHA256: e3893c35187b0dd848758979ebd0d766fc99f918ec9e685297f7d6ca080f122d SSDeep: 12288:tc2YwE7VSxeUMUCcTd8Ht4lYyF2f78oyoMZggTSy:S2DE7oxeUXfaHtkYZjiQg2y |
|
|
| \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll id-Br3n0G72wUb8CejT.LyaS | 316.48 KB |
MD5:
8dbeedb522d3318721767a9bfc6047d0
SHA1: 5b412076783d0ae79dc648071ef8711e36f8cd22 SHA256: 7a863990de8525fb3e5e9c1b7e311f396489ee2a6b6a0821ca70e5fc783bb1a4 SSDeep: 6144:Z5XpZ3OWg8DOnPhwNVx9ghVFb+S9jy1A3FMCpV38:Zti8SKvaVx+ejy1AVF38 |
|
|
| \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.004.etl id-Br3n0G72wUb8CejT.LyaS | 17.50 KB |
MD5:
4acb7c16e396c3cc81fc07b3d2f593a4
SHA1: bb37c50da110c4228ebc5bafb28bb65b843c6a36 SHA256: 3c644554a829c7d065dee33a18648e6a5d3d162bd4c5a90259e5e31520e76a0a SSDeep: 384:gjjXPjf2+09hXQXR3d1SPlQ7Dq5yA9Wgh2bgI9X2v3keNJU++imZog/BOVrx:c/rH0PA1DS9Mul0oydZr+n0Bsl |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE id-Br3n0G72wUb8CejT.LyaS | 597.36 KB |
MD5:
ef2a0911642ecc99ca7c72bbd8a78e0b
SHA1: 2c6c87e8607963848497aec0b7056c45a784f616 SHA256: b3238e1831671a21c255ebe1496d938d1d4eff329675574f4d04cbaabfa00ce4 SSDeep: 12288:JKRFuzHCZ3zUF/97tuXhN7S9uaYFLq3OQ:JKRFECZ3zUF/97tuz7S53R |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Music\uV1Z3 xAZ39J3T.wav id-Br3n0G72wUb8CejT.LyaS | 48.62 KB |
MD5:
9a3f28fe7b2aff3bbc15be69352f4a98
SHA1: 0de5678f333470493839c7d9f41ed7afebe61a89 SHA256: 8283b22b02687bcd78a98313073916a43ce05d2caf2f3f90515a9704081403a8 SSDeep: 1536:kWdltjbSJAD2oSPd/WuKMGirwld2bnasl:kaiJK2V/Gig2DR |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\Music\JhZMle5-3.mp3 id-Br3n0G72wUb8CejT.LyaS | 42.50 KB |
MD5:
d7f637ed1880b126147f9eaab0a50c22
SHA1: fa7f4dae037a49eec5825bdd0f97c42b1677efd1 SHA256: cd2fbdd84dac9ce325b88fafdee6255beed4fe1f4e0c25bbc2249912fbb543e9 SSDeep: 768:wJTyVvEI5UlnKedCK6AbjZcp8Raa1P5uxO6KD/V2k8Zg4sk2AVBsl:wJT+nUYedCK6AbdO2d5uxOdJ2kyg4skc |
|
|
| \\?\C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe id-Br3n0G72wUb8CejT.LyaS | 418.52 KB |
MD5:
c381773ac569461f46579b27d0f26644
SHA1: 10ac0f2819c620ac3d072abfde7853ac1a28ff68 SHA256: e3c03f50b9b0535afc9a6c0472faa038a1a360ce3d55b53246963016c8993aca SSDeep: 12288:MMMAHHiCZvAMt8n25+t/FyjaUmWBNdz7if/GUTsU5YorF:MMMAniCZvAkG77UNx7YGUTNaorF |
|
|
| \\?\C:\Users\Public\desktop.ini id-Br3n0G72wUb8CejT.LyaS | 1.67 KB |
MD5:
7f99956664481dba53284c5743094574
SHA1: 3dce1f456b1ba0da82d9d4670a2874d169b77505 SHA256: cd33ba128000efeaeca36c74d9c737ec8aadee87c229f3105f2b0086e17eadc3 SSDeep: 48:ISqaQaSPvT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:kaSPvkVYj1Xm6IVJVvlpYx0 |
|
|
| \\?\C:\Users\CIiHmnxMn6Ps\OneDrive\desktop.ini id-Br3n0G72wUb8CejT.LyaS | 1.60 KB |
MD5:
96f3532b2e150f61b8c18cccc181f0a8
SHA1: 8e427f9473a7615e23587dbd332a84101f9f6f6d SHA256: cba197211dac0728b7918f1afe156745455f448421c453e4b6d180b3d348aee3 SSDeep: 48:iq5g+wvT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:iquvkVYj1Xm6IVJVvlpYx0 |
|
|
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml id-Br3n0G72wUb8CejT.LyaS | 2.85 KB |
MD5:
13ad07eec40d6af2600597fbb48db91c
SHA1: 949acb60bd2f8b0b77c9df9deaba5e142281ede8 SHA256: e176964e647ebeff20e24ebbda01810dbd1ecbc07b0c1a55248dbd0f1db30d9a SSDeep: 48:kthDfMBcFVBXiFiJn/ph4mHbzEducXUvT4VFCvIA1XmDmIVJVvqc3YanmQ4fx0:yxfScFPiFiJnFbzEdu7vkVYj1Xm6IVJj |
|
|
| \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml id-Br3n0G72wUb8CejT.LyaS | 3.43 KB |
MD5:
a2e8eeda4b6266ce41abe41acce16d91
SHA1: c553ff7a298f2b68f53fd57638164c05b59cdb1c SHA256: a4335480ac48cdec67818208ada975389761769834c54308b5fa7a0c66823617 SSDeep: 96:uVkoS/vYc+VFAoWc5ZI17CKuecvkVYj1Xm6IVJVvlpYx0:uZSIc+bAqqBCVvkejdm7VJVvx |
|
|
Threads
Thread 0xfdc
99
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x74f40000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x74f58b70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x74f58c70 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x74f40000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalFree, address_out = 0x74f63a70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalMemoryStatus, address_out = 0x74f592d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = MapViewOfFile, address_out = 0x74f58c10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = MoveFileW, address_out = 0x74f5a770 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x74f52d60 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x74f592b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address_out = 0x74f5ee30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address_out = 0x74f5c9b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RtlZeroMemory, address_out = 0x7772d040 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x74f58bf0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileAttributesW, address_out = 0x74f66510 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointerEx, address_out = 0x74f66540 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalAlloc, address_out = 0x74f59600 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x74f5fbc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = UnmapViewOfFile, address_out = 0x74f594b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x74f66590 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcatA, address_out = 0x74f5efc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcatW, address_out = 0x74f7d320 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpW, address_out = 0x74f578d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiA, address_out = 0x74f57610 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiW, address_out = 0x74f57540 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpyW, address_out = 0x74f7d410 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenA, address_out = 0x74f63a30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenW, address_out = 0x74f52d80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameA, address_out = 0x74f5a040 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalDrives, address_out = 0x74f5ec30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x74f52db0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileAttributesW, address_out = 0x74f66340 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentVariableA, address_out = 0x74f5a390 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x74f51d90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x74f66290 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileW, address_out = 0x74f66250 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x74f661d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x74f67510 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address_out = 0x74f59700 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x74f66180 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileMappingA, address_out = 0x74f57710 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileA, address_out = 0x74f66170 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileA, address_out = 0x74f5c510 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x74f577b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x74f65f20 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\shell32.dll, base_address = 0x75310000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = SHChangeNotify, address_out = 0x754426d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address_out = 0x75572110 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77550000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExA, address_out = 0x7756f000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x7756efa0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenProcessToken, address_out = 0x7756ee90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = LookupPrivilegeValueA, address_out = 0x77583e70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x77570ad0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptImportKey, address_out = 0x7756f890 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenKey, address_out = 0x77573fd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptExportKey, address_out = 0x7756f8f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x77585bd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyKey, address_out = 0x7756fc10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDecrypt, address_out = 0x775710f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptAcquireContextA, address_out = 0x77570c00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = AdjustTokenPrivileges, address_out = 0x77570680 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExA, address_out = 0x7756ee40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExA, address_out = 0x77570750 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCreateKeyA, address_out = 0x77573150 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\mpr.dll, base_address = 0x745f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\mpr.dll, function = WNetOpenEnumA, address_out = 0x745fd6c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\mpr.dll, function = WNetEnumResourceA, address_out = 0x745fcc80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\mpr.dll, function = WNetCloseEnum, address_out = 0x745f3710 |
|
1 | |
| Module | Get Filename | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\Desktop\CRYPT.EXE, size = 32768 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ |
|
1 | |
| Registry | Write Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\, value_name = unlock, data = "c:\How To Restore Files.hta", size = 29, type = REG_SZ |
|
1 | |
| Registry | Write Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\, value_name = searchfiles, data = C:\windows\searchfiles.exe, size = 26, type = REG_SZ |
|
1 | |
| File | Copy | source_filename = C:\Users\CIiHmnxMn6Ps\Desktop\CRYPT.EXE, destination_filename = C:\windows\searchfiles.exe |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\, value_name = orsa |
|
1 | |
| Registry | Write Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\, value_name = orsa, size = 276, type = REG_BINARY |
|
1 | |
| Registry | Write Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\, value_name = rsa, size = 1280, type = REG_BINARY |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CLASSES_ROOT\.LyaS\shell\open\command |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CLASSES_ROOT\.LyaS\shell\open\command, data = C:\Windows\System32\mshta.exe "c:\How To Restore Files.hta", size = 59, type = REG_SZ |
|
1 | |
| Environment | Get Environment String | name = ComSpec, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Process | Create | process_name = C:\Windows\system32\cmd.exe, show_window = SW_HIDE |
|
1 | |
| User | Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 | |
| User | Lookup Privilege | privilege = SeRestorePrivilege, luid = 18 |
|
1 | |
| System | Sleep | duration = 30000 milliseconds (30.000 seconds) |
|
3 |
Thread 0xc14
82
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| User | Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
4 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
4 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE |
|
1 | |
| Process | Terminate | exit_code = 0 |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 |
Thread 0xd8c
27
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\bootmgr, destination_filename = \\?\C:\bootmgr id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\bootmgr id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Move | source_filename = \\?\C:\bootmgr id-Br3n0G72wUb8CejT.LyaS, destination_filename = \\?\C:\bootmgr |
|
1 | |
| File | Get Info | filename = \\?\C:\How To Restore Files.hta, type = file_attributes |
|
2 | |
| File | Move | source_filename = \\?\C:\BOOTSECT.BAK, destination_filename = \\?\C:\BOOTSECT.BAK id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\BOOTSECT.BAK id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\BOOTSECT.BAK id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\BOOTSECT.BAK id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\BOOTSECT.BAK id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\BOOTSECT.BAK id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\BOOTSECT.BAK id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\hiberfil.sys, destination_filename = \\?\C:\hiberfil.sys id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\pagefile.sys, destination_filename = \\?\C:\pagefile.sys id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\swapfile.sys, destination_filename = \\?\C:\swapfile.sys id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xd78
24
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\BCD, destination_filename = \\?\C:\Boot\BCD id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\BCD.LOG, destination_filename = \\?\C:\Boot\BCD.LOG id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\How To Restore Files.hta, type = file_attributes |
|
3 | |
| File | Move | source_filename = \\?\C:\Boot\BOOTSTAT.DAT, destination_filename = \\?\C:\Boot\BOOTSTAT.DAT id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Boot\BOOTSTAT.DAT id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Boot\BOOTSTAT.DAT id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Boot\BOOTSTAT.DAT id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Boot\BOOTSTAT.DAT id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Boot\BOOTSTAT.DAT id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Boot\BOOTSTAT.DAT id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\bootvhd.dll, destination_filename = \\?\C:\Boot\bootvhd.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\memtest.exe, destination_filename = \\?\C:\Boot\memtest.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xd5c
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\$Recycle.Bin\S-1-5-18\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\$Recycle.Bin\S-1-5-18\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\$Recycle.Bin\S-1-5-18\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini, destination_filename = \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0xd68
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\BOOTSTAT.DAT id-Br3n0G72wUb8CejT.LyaS, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000\desktop.ini, destination_filename = \\?\C:\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000\desktop.ini id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000\desktop.ini id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000\desktop.ini id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000\desktop.ini id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000\desktop.ini id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0xd64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\bg-BG\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\bg-BG\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\bg-BG\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\bg-BG\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\bg-BG\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xd60
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\cs-CZ\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\cs-CZ\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\cs-CZ\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\cs-CZ\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\cs-CZ\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\cs-CZ\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\cs-CZ\memtest.exe.mui, destination_filename = \\?\C:\Boot\cs-CZ\memtest.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xd58
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\da-DK\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\da-DK\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\el-GR\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\da-DK\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\da-DK\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\da-DK\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\da-DK\memtest.exe.mui, destination_filename = \\?\C:\Boot\da-DK\memtest.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xd98
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\de-DE\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\de-DE\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\cs-CZ\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\de-DE\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\de-DE\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\de-DE\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\de-DE\memtest.exe.mui, destination_filename = \\?\C:\Boot\de-DE\memtest.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xc24
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\el-GR\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\el-GR\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\el-GR\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\el-GR\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\el-GR\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\el-GR\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\el-GR\memtest.exe.mui, destination_filename = \\?\C:\Boot\el-GR\memtest.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x6b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\en-GB\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\en-GB\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\en-GB\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\en-GB\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\en-GB\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xd20
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\en-US\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\en-US\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\en-US\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\en-US\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\en-US\memtest.exe.mui, destination_filename = \\?\C:\Boot\en-US\memtest.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x5b8
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\es-ES\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\es-ES\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\es-ES\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\es-ES\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\es-ES\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\es-ES\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\es-ES\memtest.exe.mui, destination_filename = \\?\C:\Boot\es-ES\memtest.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xdc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\es-MX\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\es-MX\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\es-MX\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\es-MX\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\es-MX\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xd34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\et-EE\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\et-EE\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\et-EE\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\et-EE\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\et-EE\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xd30
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\fi-FI\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\fi-FI\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\fi-FI\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\fi-FI\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\fi-FI\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\fi-FI\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\fi-FI\memtest.exe.mui, destination_filename = \\?\C:\Boot\fi-FI\memtest.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xdb8
35
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\Fonts\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\Fonts\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\Fonts\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\chs_boot.ttf, destination_filename = \\?\C:\Boot\Fonts\chs_boot.ttf id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\cht_boot.ttf, destination_filename = \\?\C:\Boot\Fonts\cht_boot.ttf id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\jpn_boot.ttf, destination_filename = \\?\C:\Boot\Fonts\jpn_boot.ttf id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\kor_boot.ttf, destination_filename = \\?\C:\Boot\Fonts\kor_boot.ttf id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\malgunn_boot.ttf, destination_filename = \\?\C:\Boot\Fonts\malgunn_boot.ttf id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\malgun_boot.ttf, destination_filename = \\?\C:\Boot\Fonts\malgun_boot.ttf id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\meiryon_boot.ttf, destination_filename = \\?\C:\Boot\Fonts\meiryon_boot.ttf id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\meiryo_boot.ttf, destination_filename = \\?\C:\Boot\Fonts\meiryo_boot.ttf id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\msjhn_boot.ttf, destination_filename = \\?\C:\Boot\Fonts\msjhn_boot.ttf id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\msjh_boot.ttf, destination_filename = \\?\C:\Boot\Fonts\msjh_boot.ttf id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\msyhn_boot.ttf, destination_filename = \\?\C:\Boot\Fonts\msyhn_boot.ttf id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\msyh_boot.ttf, destination_filename = \\?\C:\Boot\Fonts\msyh_boot.ttf id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\segmono_boot.ttf, destination_filename = \\?\C:\Boot\Fonts\segmono_boot.ttf id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\segoen_slboot.ttf, destination_filename = \\?\C:\Boot\Fonts\segoen_slboot.ttf id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\segoe_slboot.ttf, destination_filename = \\?\C:\Boot\Fonts\segoe_slboot.ttf id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\Fonts\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Fonts\wgl4_boot.ttf, destination_filename = \\?\C:\Boot\Fonts\wgl4_boot.ttf id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xd44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\fr-CA\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\fr-CA\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\fr-CA\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\fr-CA\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\fr-CA\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xd18
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\fr-FR\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\fr-FR\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\fr-FR\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\fr-FR\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\fr-FR\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\fr-FR\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\fr-FR\memtest.exe.mui, destination_filename = \\?\C:\Boot\fr-FR\memtest.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xd28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\hr-HR\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\hr-HR\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\hr-HR\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\hr-HR\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\hr-HR\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xd2c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\hu-HU\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\hu-HU\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\hu-HU\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\hu-HU\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\hu-HU\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\hu-HU\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\hu-HU\memtest.exe.mui, destination_filename = \\?\C:\Boot\hu-HU\memtest.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xd1c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\it-IT\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\it-IT\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\it-IT\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\it-IT\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\it-IT\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\it-IT\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\it-IT\memtest.exe.mui, destination_filename = \\?\C:\Boot\it-IT\memtest.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xd14
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\ja-JP\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\ja-JP\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\ja-JP\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\ja-JP\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\ja-JP\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\ja-JP\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\ja-JP\memtest.exe.mui, destination_filename = \\?\C:\Boot\ja-JP\memtest.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xde8
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\ko-KR\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\ko-KR\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\ko-KR\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\ko-KR\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\ko-KR\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\ko-KR\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\ko-KR\memtest.exe.mui, destination_filename = \\?\C:\Boot\ko-KR\memtest.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x788
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\lt-LT\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\lt-LT\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\lt-LT\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\lt-LT\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\lt-LT\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x65c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\lv-LV\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\lv-LV\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\lv-LV\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\lv-LV\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\lv-LV\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x924
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\nb-NO\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\nb-NO\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\nb-NO\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\nb-NO\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\nb-NO\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\nb-NO\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\nb-NO\memtest.exe.mui, destination_filename = \\?\C:\Boot\nb-NO\memtest.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xdac
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\nl-NL\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\nl-NL\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\nl-NL\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\nl-NL\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\nl-NL\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\nl-NL\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\nl-NL\memtest.exe.mui, destination_filename = \\?\C:\Boot\nl-NL\memtest.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xdb0
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\pl-PL\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\pl-PL\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\pl-PL\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\pl-PL\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\pl-PL\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\pl-PL\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\pl-PL\memtest.exe.mui, destination_filename = \\?\C:\Boot\pl-PL\memtest.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xdb4
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\pt-BR\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\pt-BR\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\pt-BR\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\pt-BR\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\pt-BR\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\pt-BR\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\pt-BR\memtest.exe.mui, destination_filename = \\?\C:\Boot\pt-BR\memtest.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xcbc
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\pt-PT\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\pt-PT\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\pt-PT\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\pt-PT\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\pt-PT\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\pt-PT\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\pt-PT\memtest.exe.mui, destination_filename = \\?\C:\Boot\pt-PT\memtest.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xd04
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\qps-ploc\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\qps-ploc\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\qps-ploc\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\qps-ploc\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\qps-ploc\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\qps-ploc\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\qps-ploc\memtest.exe.mui, destination_filename = \\?\C:\Boot\qps-ploc\memtest.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xc68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\Resources\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\Resources\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\Resources\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Resources\bootres.dll, destination_filename = \\?\C:\Boot\Resources\bootres.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xda8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\ro-RO\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\ro-RO\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\ro-RO\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\ro-RO\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\ro-RO\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xc20
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\ru-RU\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\ru-RU\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\ru-RU\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\ru-RU\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\ru-RU\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\ru-RU\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\ru-RU\memtest.exe.mui, destination_filename = \\?\C:\Boot\ru-RU\memtest.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xadc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\sk-SK\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\sk-SK\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\sk-SK\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\sk-SK\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\sk-SK\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x4f8
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\desktop.ini, destination_filename = \\?\C:\Program Files\desktop.ini id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\desktop.ini id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\desktop.ini id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files\desktop.ini id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\desktop.ini id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0xde4
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\desktop.ini, destination_filename = \\?\C:\Program Files (x86)\desktop.ini id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\desktop.ini id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\desktop.ini id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files (x86)\desktop.ini id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\desktop.ini id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0xdd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\sl-SI\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\sl-SI\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\sl-SI\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\sl-SI\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\sl-SI\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xddc
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\sr-Latn-CS\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\sr-Latn-CS\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\sr-Latn-CS\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\sr-Latn-CS\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\sr-Latn-CS\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\sr-Latn-CS\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\sr-Latn-CS\memtest.exe.mui, destination_filename = \\?\C:\Boot\sr-Latn-CS\memtest.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xdec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\sr-Latn-RS\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\sr-Latn-RS\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\sr-Latn-RS\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\sr-Latn-RS\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\sr-Latn-RS\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xdd4
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\sv-SE\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\sv-SE\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\sv-SE\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\sv-SE\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\sv-SE\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\sv-SE\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\sv-SE\memtest.exe.mui, destination_filename = \\?\C:\Boot\sv-SE\memtest.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xdcc
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\tr-TR\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\tr-TR\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\tr-TR\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\tr-TR\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\tr-TR\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\tr-TR\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\tr-TR\memtest.exe.mui, destination_filename = \\?\C:\Boot\tr-TR\memtest.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xe20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\uk-UA\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\uk-UA\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\uk-UA\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\uk-UA\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\uk-UA\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xe00
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\zh-CN\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\zh-CN\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\zh-CN\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\zh-CN\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\zh-CN\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\zh-CN\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\zh-CN\memtest.exe.mui, destination_filename = \\?\C:\Boot\zh-CN\memtest.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x8a4
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\zh-HK\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\zh-HK\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\zh-HK\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\zh-HK\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\zh-HK\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\zh-HK\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\zh-HK\memtest.exe.mui, destination_filename = \\?\C:\Boot\zh-HK\memtest.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x784
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\desktop.ini, destination_filename = \\?\C:\Users\desktop.ini id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\desktop.ini id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\desktop.ini id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\desktop.ini id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\desktop.ini id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0xe1c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\zh-TW\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\zh-TW\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\zh-TW\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\zh-TW\bootmgr.exe.mui, destination_filename = \\?\C:\Boot\zh-TW\bootmgr.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Boot\zh-TW\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\zh-TW\memtest.exe.mui, destination_filename = \\?\C:\Boot\zh-TW\memtest.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xe6c
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\extensiveadvertisement.exe, destination_filename = \\?\C:\Program Files (x86)\Common Files\extensiveadvertisement.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\extensiveadvertisement.exe id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\extensiveadvertisement.exe id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files (x86)\Common Files\extensiveadvertisement.exe id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\extensiveadvertisement.exe id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\extensiveadvertisement.exe id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\extensiveadvertisement.exe id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0xea8
38
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\regid.1991-06.com.microsoft\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\regid.1991-06.com.microsoft\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\regid.1991-06.com.microsoft\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag, destination_filename = \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows NT\How To Restore Files.hta, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows NT\How To Restore Files.hta, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\regid.1991-06.com.microsoft\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, destination_filename = \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\regid.1991-06.com.microsoft\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag, destination_filename = \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\regid.1991-06.com.microsoft\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, destination_filename = \\?\C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xad0
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Recovery\WindowsRE\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Recovery\WindowsRE\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Recovery\WindowsRE\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Recovery\WindowsRE\boot.sdi, destination_filename = \\?\C:\Recovery\WindowsRE\boot.sdi id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Recovery\WindowsRE\boot.sdi id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Recovery\WindowsRE\boot.sdi id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Recovery\WindowsRE\boot.sdi id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Recovery\WindowsRE\boot.sdi id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Recovery\WindowsRE\boot.sdi id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Recovery\WindowsRE\boot.sdi id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Recovery\WindowsRE\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Recovery\WindowsRE\ReAgent.xml, destination_filename = \\?\C:\Recovery\WindowsRE\ReAgent.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xa3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Boot\Resources\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Boot\Resources\en-US\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Boot\Resources\en-US\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Boot\Resources\en-US\bootres.dll.mui, destination_filename = \\?\C:\Boot\Resources\en-US\bootres.dll.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x1f4
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\NTUSER.DAT, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\NTUSER.DAT id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\ntuser.dat.LOG1, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\ntuser.dat.LOG1 id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\ntuser.dat.LOG2, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\ntuser.dat.LOG2 id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TM.blf, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TM.blf id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TMContainer00000000000000000001.regtrans-ms, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TMContainer00000000000000000001.regtrans-ms id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TMContainer00000000000000000002.regtrans-ms, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TMContainer00000000000000000002.regtrans-ms id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\How To Restore Files.hta, type = file_attributes |
|
1 |
Thread 0x334
32
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\Default\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\Default\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Default\NTUSER.DAT, destination_filename = \\?\C:\Users\Default\NTUSER.DAT id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\Default\NTUSER.DAT id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Default\NTUSER.DAT id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\Default\NTUSER.DAT id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Default\NTUSER.DAT id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\NTUSER.DAT id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\NTUSER.DAT id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\Default\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Default\NTUSER.DAT.LOG1, destination_filename = \\?\C:\Users\Default\NTUSER.DAT.LOG1 id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\Default\NTUSER.DAT.LOG1 id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Default\NTUSER.DAT.LOG1 id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\Default\NTUSER.DAT.LOG1 id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Default\NTUSER.DAT.LOG1 id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\NTUSER.DAT.LOG1 id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\NTUSER.DAT.LOG1 id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\Default\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Default\NTUSER.DAT.LOG2, destination_filename = \\?\C:\Users\Default\NTUSER.DAT.LOG2 id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\Default\NTUSER.DAT.LOG2 id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Default\NTUSER.DAT.LOG2 id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\Default\NTUSER.DAT.LOG2 id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Default\NTUSER.DAT.LOG2 id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x70c
17
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Internet Explorer\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Internet Explorer\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\hmmapi.dll, destination_filename = \\?\C:\Program Files\Internet Explorer\hmmapi.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\iediagcmd.exe, destination_filename = \\?\C:\Program Files\Internet Explorer\iediagcmd.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\ieinstal.exe, destination_filename = \\?\C:\Program Files\Internet Explorer\ieinstal.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\ielowutil.exe, destination_filename = \\?\C:\Program Files\Internet Explorer\ielowutil.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\IEShims.dll, destination_filename = \\?\C:\Program Files\Internet Explorer\IEShims.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\iexplore.exe, destination_filename = \\?\C:\Program Files\Internet Explorer\iexplore.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\sqmapi.dll, destination_filename = \\?\C:\Program Files\Internet Explorer\sqmapi.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x718
25
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\AppXManifest.xml, destination_filename = \\?\C:\Program Files\Microsoft Office\AppXManifest.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\AppXManifest.xml id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\AppXManifest.xml id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files\Microsoft Office\AppXManifest.xml id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\AppXManifest.xml id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\AppXManifest.xml id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\AppXManifest.xml id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\FileSystemMetadata.xml, destination_filename = \\?\C:\Program Files\Microsoft Office\FileSystemMetadata.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\FileSystemMetadata.xml id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\FileSystemMetadata.xml id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files\Microsoft Office\FileSystemMetadata.xml id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\FileSystemMetadata.xml id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\FileSystemMetadata.xml id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\FileSystemMetadata.xml id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0x838
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office 15\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office 15\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\Default\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office 15\charity.exe, destination_filename = \\?\C:\Program Files\Microsoft Office 15\charity.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office 15\charity.exe id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office 15\charity.exe id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files\Microsoft Office 15\charity.exe id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office 15\charity.exe id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office 15\charity.exe id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office 15\charity.exe id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0x8cc
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Reference Assemblies\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Reference Assemblies\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Reference Assemblies\commands.exe, destination_filename = \\?\C:\Program Files\Reference Assemblies\commands.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Reference Assemblies\commands.exe id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Reference Assemblies\commands.exe id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files\Reference Assemblies\commands.exe id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Reference Assemblies\commands.exe id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Reference Assemblies\commands.exe id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Reference Assemblies\commands.exe id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0xa84
25
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Uninstall Information\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Uninstall Information\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Uninstall Information\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Uninstall Information\just_instant_bulgaria.exe, destination_filename = \\?\C:\Program Files\Uninstall Information\just_instant_bulgaria.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Uninstall Information\just_instant_bulgaria.exe id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Uninstall Information\just_instant_bulgaria.exe id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files\Uninstall Information\just_instant_bulgaria.exe id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Uninstall Information\just_instant_bulgaria.exe id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Uninstall Information\just_instant_bulgaria.exe id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Uninstall Information\just_instant_bulgaria.exe id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Uninstall Information\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Uninstall Information\lined-tex.exe, destination_filename = \\?\C:\Program Files\Uninstall Information\lined-tex.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Uninstall Information\lined-tex.exe id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Uninstall Information\lined-tex.exe id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files\Uninstall Information\lined-tex.exe id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Uninstall Information\lined-tex.exe id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Uninstall Information\lined-tex.exe id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Uninstall Information\lined-tex.exe id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0x388
184
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\AmMonitoringInstall.mof, destination_filename = \\?\C:\Program Files\Windows Defender\AmMonitoringInstall.mof id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\AMMonitoringProvider.dll, destination_filename = \\?\C:\Program Files\Windows Defender\AMMonitoringProvider.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\AmStatusInstall.mof, destination_filename = \\?\C:\Program Files\Windows Defender\AmStatusInstall.mof id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\ClientWMIInstall.mof, destination_filename = \\?\C:\Program Files\Windows Defender\ClientWMIInstall.mof id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\ConfigSecurityPolicy.exe, destination_filename = \\?\C:\Program Files\Windows Defender\ConfigSecurityPolicy.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\DataLayer.dll, destination_filename = \\?\C:\Program Files\Windows Defender\DataLayer.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\DbgHelp.dll, destination_filename = \\?\C:\Program Files\Windows Defender\DbgHelp.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\DefenderCSP.dll, destination_filename = \\?\C:\Program Files\Windows Defender\DefenderCSP.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\EppManifest.dll, destination_filename = \\?\C:\Program Files\Windows Defender\EppManifest.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\FepUnregister.mof, destination_filename = \\?\C:\Program Files\Windows Defender\FepUnregister.mof id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\MpAsDesc.dll, destination_filename = \\?\C:\Program Files\Windows Defender\MpAsDesc.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\MpClient.dll, destination_filename = \\?\C:\Program Files\Windows Defender\MpClient.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\MpCmdRun.exe, destination_filename = \\?\C:\Program Files\Windows Defender\MpCmdRun.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\MpCommu.dll, destination_filename = \\?\C:\Program Files\Windows Defender\MpCommu.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\MpEvMsg.dll, destination_filename = \\?\C:\Program Files\Windows Defender\MpEvMsg.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\MpOAV.dll, destination_filename = \\?\C:\Program Files\Windows Defender\MpOAV.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\MpProvider.dll, destination_filename = \\?\C:\Program Files\Windows Defender\MpProvider.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\MpRtp.dll, destination_filename = \\?\C:\Program Files\Windows Defender\MpRtp.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\MpSvc.dll, destination_filename = \\?\C:\Program Files\Windows Defender\MpSvc.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\MpTpmAtt.dll, destination_filename = \\?\C:\Program Files\Windows Defender\MpTpmAtt.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\mpuxhostproxy.dll, destination_filename = \\?\C:\Program Files\Windows Defender\mpuxhostproxy.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\MpUXSrv.exe, destination_filename = \\?\C:\Program Files\Windows Defender\MpUXSrv.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\MSASCui.exe, destination_filename = \\?\C:\Program Files\Windows Defender\MSASCui.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\MsMpCom.dll, destination_filename = \\?\C:\Program Files\Windows Defender\MsMpCom.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\MsMpEng.exe, destination_filename = \\?\C:\Program Files\Windows Defender\MsMpEng.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\MsMpLics.dll, destination_filename = \\?\C:\Program Files\Windows Defender\MsMpLics.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\MsMpRes.dll, destination_filename = \\?\C:\Program Files\Windows Defender\MsMpRes.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\NisIpsPlugin.dll, destination_filename = \\?\C:\Program Files\Windows Defender\NisIpsPlugin.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\NisLog.dll, destination_filename = \\?\C:\Program Files\Windows Defender\NisLog.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\NisSrv.exe, destination_filename = \\?\C:\Program Files\Windows Defender\NisSrv.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\NisWfp.dll, destination_filename = \\?\C:\Program Files\Windows Defender\NisWfp.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\ProtectionManagement.dll, destination_filename = \\?\C:\Program Files\Windows Defender\ProtectionManagement.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\ProtectionManagement.mof, destination_filename = \\?\C:\Program Files\Windows Defender\ProtectionManagement.mof id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\ProtectionManagement_Uninstall.mof, destination_filename = \\?\C:\Program Files\Windows Defender\ProtectionManagement_Uninstall.mof id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\shellext.dll, destination_filename = \\?\C:\Program Files\Windows Defender\shellext.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\SymSrv.dll, destination_filename = \\?\C:\Program Files\Windows Defender\SymSrv.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 |
Thread 0x8d0
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\Public\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Public\desktop.ini, destination_filename = \\?\C:\Users\Public\desktop.ini id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\desktop.ini id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Public\desktop.ini id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\Public\desktop.ini id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Public\desktop.ini id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0x87c
36
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Journal\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Journal\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\InkSeg.dll, destination_filename = \\?\C:\Program Files\Windows Journal\InkSeg.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\JNTFiltr.dll, destination_filename = \\?\C:\Program Files\Windows Journal\JNTFiltr.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\JNWDRV.dll, destination_filename = \\?\C:\Program Files\Windows Journal\JNWDRV.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\jnwdui.dll, destination_filename = \\?\C:\Program Files\Windows Journal\jnwdui.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\jnwmon.dll, destination_filename = \\?\C:\Program Files\Windows Journal\jnwmon.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\jnwppr.dll, destination_filename = \\?\C:\Program Files\Windows Journal\jnwppr.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\Journal.exe, destination_filename = \\?\C:\Program Files\Windows Journal\Journal.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\MSPVWCTL.DLL, destination_filename = \\?\C:\Program Files\Windows Journal\MSPVWCTL.DLL id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\NBDoc.DLL, destination_filename = \\?\C:\Program Files\Windows Journal\NBDoc.DLL id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\NBMapTIP.dll, destination_filename = \\?\C:\Program Files\Windows Journal\NBMapTIP.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\orders oxide shift.exe, destination_filename = \\?\C:\Program Files\Windows Journal\orders oxide shift.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Journal\orders oxide shift.exe id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Windows Journal\orders oxide shift.exe id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files\Windows Journal\orders oxide shift.exe id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Windows Journal\orders oxide shift.exe id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Journal\orders oxide shift.exe id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Journal\orders oxide shift.exe id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\PDIALOG.exe, destination_filename = \\?\C:\Program Files\Windows Journal\PDIALOG.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xb80
28
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Mail\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Mail\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Mail\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Mail\msoe.dll, destination_filename = \\?\C:\Program Files\Windows Mail\msoe.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Mail\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Mail\MSOERES.dll, destination_filename = \\?\C:\Program Files\Windows Mail\MSOERES.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Mail\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Mail\oeimport.dll, destination_filename = \\?\C:\Program Files\Windows Mail\oeimport.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Mail\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Mail\tr_wireless.exe, destination_filename = \\?\C:\Program Files\Windows Mail\tr_wireless.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Mail\tr_wireless.exe id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Windows Mail\tr_wireless.exe id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files\Windows Mail\tr_wireless.exe id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Windows Mail\tr_wireless.exe id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Mail\tr_wireless.exe id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Mail\tr_wireless.exe id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Mail\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Mail\wab.exe, destination_filename = \\?\C:\Program Files\Windows Mail\wab.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Mail\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Mail\wabimp.dll, destination_filename = \\?\C:\Program Files\Windows Mail\wabimp.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Mail\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Mail\wabmig.exe, destination_filename = \\?\C:\Program Files\Windows Mail\wabmig.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Mail\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Mail\WinMail.exe, destination_filename = \\?\C:\Program Files\Windows Mail\WinMail.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x8a0
40
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\affected.exe, destination_filename = \\?\C:\Program Files\Windows Media Player\affected.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Media Player\affected.exe id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Windows Media Player\affected.exe id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files\Windows Media Player\affected.exe id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Windows Media Player\affected.exe id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Media Player\affected.exe id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Media Player\affected.exe id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\mpvis.DLL, destination_filename = \\?\C:\Program Files\Windows Media Player\mpvis.DLL id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\setup_wm.exe, destination_filename = \\?\C:\Program Files\Windows Media Player\setup_wm.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\wmlaunch.exe, destination_filename = \\?\C:\Program Files\Windows Media Player\wmlaunch.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\wmpconfig.exe, destination_filename = \\?\C:\Program Files\Windows Media Player\wmpconfig.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\wmplayer.exe, destination_filename = \\?\C:\Program Files\Windows Media Player\wmplayer.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\WMPMediaSharing.dll, destination_filename = \\?\C:\Program Files\Windows Media Player\WMPMediaSharing.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\wmpnetwk.exe, destination_filename = \\?\C:\Program Files\Windows Media Player\wmpnetwk.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\wmpnscfg.exe, destination_filename = \\?\C:\Program Files\Windows Media Player\wmpnscfg.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\wmpnssci.dll, destination_filename = \\?\C:\Program Files\Windows Media Player\wmpnssci.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\WMPNSSUI.dll, destination_filename = \\?\C:\Program Files\Windows Media Player\WMPNSSUI.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\wmprph.exe, destination_filename = \\?\C:\Program Files\Windows Media Player\wmprph.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\wmpshare.exe, destination_filename = \\?\C:\Program Files\Windows Media Player\wmpshare.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\WMPSideShowGadget.exe, destination_filename = \\?\C:\Program Files\Windows Media Player\WMPSideShowGadget.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x264
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Multimedia Platform\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Multimedia Platform\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Photo Viewer\collecting_vb_les.exe id-Br3n0G72wUb8CejT.LyaS, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Multimedia Platform\freeware.exe, destination_filename = \\?\C:\Program Files\Windows Multimedia Platform\freeware.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Multimedia Platform\freeware.exe id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Windows Multimedia Platform\freeware.exe id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files\Windows Multimedia Platform\freeware.exe id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Windows Multimedia Platform\freeware.exe id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Multimedia Platform\freeware.exe id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Multimedia Platform\freeware.exe id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Multimedia Platform\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Multimedia Platform\sqmapi.dll, destination_filename = \\?\C:\Program Files\Windows Multimedia Platform\sqmapi.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x3a0
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows NT\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows NT\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows NT\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows NT\lowest forwarding sitemap.exe, destination_filename = \\?\C:\Program Files\Windows NT\lowest forwarding sitemap.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows NT\lowest forwarding sitemap.exe id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Windows NT\lowest forwarding sitemap.exe id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files\Windows NT\lowest forwarding sitemap.exe id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Windows NT\lowest forwarding sitemap.exe id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows NT\lowest forwarding sitemap.exe id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows NT\lowest forwarding sitemap.exe id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0x60c
35
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Photo Viewer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Photo Viewer\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Portable Devices\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Photo Viewer\collecting_vb_les.exe, destination_filename = \\?\C:\Program Files\Windows Photo Viewer\collecting_vb_les.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Photo Viewer\collecting_vb_les.exe id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Windows Photo Viewer\collecting_vb_les.exe id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files\Windows Photo Viewer\collecting_vb_les.exe id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Windows Photo Viewer\collecting_vb_les.exe id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Photo Viewer\collecting_vb_les.exe id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Photo Viewer\collecting_vb_les.exe id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Photo Viewer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Photo Viewer\ImagingDevices.exe, destination_filename = \\?\C:\Program Files\Windows Photo Viewer\ImagingDevices.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Photo Viewer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Photo Viewer\ImagingEngine.dll, destination_filename = \\?\C:\Program Files\Windows Photo Viewer\ImagingEngine.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Photo Viewer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Photo Viewer\PhotoAcq.dll, destination_filename = \\?\C:\Program Files\Windows Photo Viewer\PhotoAcq.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Photo Viewer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Photo Viewer\PhotoBase.dll, destination_filename = \\?\C:\Program Files\Windows Photo Viewer\PhotoBase.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Photo Viewer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Photo Viewer\PhotoViewer.dll, destination_filename = \\?\C:\Program Files\Windows Photo Viewer\PhotoViewer.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Photo Viewer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Photo Viewer\runtime recommendation.exe, destination_filename = \\?\C:\Program Files\Windows Photo Viewer\runtime recommendation.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Photo Viewer\runtime recommendation.exe id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Windows Photo Viewer\runtime recommendation.exe id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files\Windows Photo Viewer\runtime recommendation.exe id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Windows Photo Viewer\runtime recommendation.exe id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Photo Viewer\runtime recommendation.exe id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Photo Viewer\runtime recommendation.exe id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0xcb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Portable Devices\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Portable Devices\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Photo Viewer\collecting_vb_les.exe id-Br3n0G72wUb8CejT.LyaS, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Portable Devices\sqmapi.dll, destination_filename = \\?\C:\Program Files\Windows Portable Devices\sqmapi.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xe5c
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\DESIGNER\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\DESIGNER\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\DESIGNER\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB, destination_filename = \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0xef4
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\Services\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Services\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\Services\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Services\verisign.bmp, destination_filename = \\?\C:\Program Files\Common Files\Services\verisign.bmp id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\Services\verisign.bmp id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\Services\verisign.bmp id-Br3n0G72wUb8CejT.LyaS, destination_filename = \\?\C:\Program Files\Common Files\Services\verisign.bmp |
|
1 |
Thread 0xda0
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\System\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\System\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\DirectDB.dll, destination_filename = \\?\C:\Program Files\Common Files\System\DirectDB.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\wab32.dll, destination_filename = \\?\C:\Program Files\Common Files\System\wab32.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\wab32res.dll, destination_filename = \\?\C:\Program Files\Common Files\System\wab32res.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xda4
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm, destination_filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0xed8
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Services\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Services\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Services\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Services\verisign.bmp, destination_filename = \\?\C:\Program Files (x86)\Common Files\Services\verisign.bmp id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Services\verisign.bmp id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Services\verisign.bmp id-Br3n0G72wUb8CejT.LyaS, destination_filename = \\?\C:\Program Files (x86)\Common Files\Services\verisign.bmp |
|
1 |
Thread 0xee4
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\System\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\System\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\DirectDB.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\DirectDB.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\wab32.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\wab32.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\wab32res.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\wab32res.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xeec
18
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\ClickToRun\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\ClickToRun\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\ClickToRun\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml, destination_filename = \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\ClickToRun\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml, destination_filename = \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\ClickToRun\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml, destination_filename = \\?\C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xef8
13
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Diagnosis\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Diagnosis\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Diagnosis\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\events00.rbs, destination_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\events00.rbs id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Diagnosis\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\events01.rbs, destination_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\events01.rbs id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Diagnosis\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\events10.rbs, destination_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\events10.rbs id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Diagnosis\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\events11.rbs, destination_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\events11.rbs id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Diagnosis\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\parse.dat, destination_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\parse.dat id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xf58
25
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\MF\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\MF\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\MF\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\MF\Active.GRL, destination_filename = \\?\C:\ProgramData\Microsoft\MF\Active.GRL id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\MF\Active.GRL id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Microsoft\MF\Active.GRL id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\ProgramData\Microsoft\MF\Active.GRL id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Microsoft\MF\Active.GRL id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\MF\Active.GRL id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\MF\Active.GRL id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\MF\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\MF\Pending.GRL, destination_filename = \\?\C:\ProgramData\Microsoft\MF\Pending.GRL id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\MF\Pending.GRL id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Microsoft\MF\Pending.GRL id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\ProgramData\Microsoft\MF\Pending.GRL id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Microsoft\MF\Pending.GRL id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\MF\Pending.GRL id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\MF\Pending.GRL id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0xfcc
25
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm, destination_filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe, destination_filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0x56c
25
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm, destination_filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe, destination_filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0xd90
23
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm, destination_filename = \\?\C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\VC_redist.x86.exe, destination_filename = \\?\C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\VC_redist.x86.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\VC_redist.x86.exe id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\VC_redist.x86.exe id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\VC_redist.x86.exe id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\VC_redist.x86.exe id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\VC_redist.x86.exe id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 |
Thread 0x578
6
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\regid.1991-06.com.microsoft\How To Restore Files.hta, type = file_attributes |
|
5 | |
| File | Move | source_filename = \\?\C:\Users\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, destination_filename = \\?\C:\Users\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x5d8
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.3DBuilder_10.0.0.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.3DBuilder_10.0.0.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 |
Thread 0xb90
10
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.3DBuilder_2015.624.2254.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.3DBuilder_2015.624.2254.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.3DBuilder_2015.624.2254.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.3DBuilder_2015.624.2254.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.3DBuilder_2015.624.2254.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.3DBuilder_2015.624.2254.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.3DBuilder_2015.624.2254.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.3DBuilder_2015.624.2254.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xba4
25
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\AppxBlockMap.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\AppxBlockMap.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\AppxManifest.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\AppxManifest.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\AppxSignature.p7x, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\AppxSignature.p7x id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\default.html, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\default.html id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\resources.pri, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\resources.pri id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x9b4
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Appconnector_2015.707.550.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Appconnector_2015.707.550.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x8e0
10
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingFinance_10004.3.193.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingFinance_10004.3.193.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingFinance_10004.3.193.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingFinance_10004.3.193.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingFinance_10004.3.193.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingFinance_10004.3.193.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingFinance_10004.3.193.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingFinance_10004.3.193.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xb60
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingFinance_4.3.193.0_x86__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingFinance_4.3.193.0_x86__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 |
Thread 0x9b8
10
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingNews_10004.3.193.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingNews_10004.3.193.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingNews_10004.3.193.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingNews_10004.3.193.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingNews_10004.3.193.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingNews_10004.3.193.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingNews_10004.3.193.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingNews_10004.3.193.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x8d4
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingNews_4.3.193.0_x86__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingNews_4.3.193.0_x86__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 |
Thread 0x958
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingSports_10004.3.193.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingSports_10004.3.193.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingSports_10004.3.193.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingSports_10004.3.193.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xba8
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingSports_4.3.193.0_x86__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingSports_4.3.193.0_x86__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 |
Thread 0xb70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingWeather_10004.3.193.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingWeather_10004.3.193.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingWeather_10004.3.193.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingWeather_10004.3.193.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xfb0
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm, destination_filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.hta, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe, destination_filename = \\?\C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xfd0
25
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm, destination_filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe, destination_filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0xfb4
25
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm, destination_filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe, destination_filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0xffc
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingWeather_4.3.193.0_x86__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingWeather_4.3.193.0_x86__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 |
Thread 0xc10
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Getstarted_2.1.9.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Getstarted_2.1.9.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 |
Thread 0xff8
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Getstarted_2015.622.1108.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Getstarted_2015.622.1108.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x724
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.4218.23751.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.4218.23751.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 |
Thread 0x720
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_2015.4218.23751.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_2015.4218.23751.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 |
Thread 0x82c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.1.6103.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.1.6103.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 |
Thread 0x54c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.1.6103.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.1.6103.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 |
Thread 0x84
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 |
Thread 0x1b4
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x86__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x86__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 |
Thread 0x998
30
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Internet Explorer\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Internet Explorer\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\ExtExport.exe, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\ExtExport.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\hmmapi.dll, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\hmmapi.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\ie9props.propdesc, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\ie9props.propdesc id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\ieinstal.exe, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\ieinstal.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\ielowutil.exe, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\ielowutil.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\IEShims.dll, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\IEShims.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\iexplore.exe, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\iexplore.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\reveal_medicare_ebay.exe, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\reveal_medicare_ebay.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Internet Explorer\reveal_medicare_ebay.exe id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Internet Explorer\reveal_medicare_ebay.exe id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files (x86)\Internet Explorer\reveal_medicare_ebay.exe id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Internet Explorer\reveal_medicare_ebay.exe id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Internet Explorer\reveal_medicare_ebay.exe id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Internet Explorer\reveal_medicare_ebay.exe id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Internet Explorer\sqmapi.dll, destination_filename = \\?\C:\Program Files (x86)\Internet Explorer\sqmapi.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xc34
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft.NET\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft.NET\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft.NET\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Microsoft.NET\flavor.exe, destination_filename = \\?\C:\Program Files (x86)\Microsoft.NET\flavor.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft.NET\flavor.exe id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Microsoft.NET\flavor.exe id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files (x86)\Microsoft.NET\flavor.exe id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Microsoft.NET\flavor.exe id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft.NET\flavor.exe id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Microsoft.NET\flavor.exe id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0x62c
19
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Mozilla Firefox\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Mozilla Firefox\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\microsoft shared\MSInfo\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Mozilla Firefox\Accessible.tlb, destination_filename = \\?\C:\Program Files (x86)\Mozilla Firefox\Accessible.tlb id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Mozilla Firefox\Accessible.tlb id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Mozilla Firefox\Accessible.tlb id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files (x86)\Mozilla Firefox\Accessible.tlb id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Mozilla Firefox\Accessible.tlb id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Mozilla Firefox\Accessible.tlb id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Mozilla Firefox\Accessible.tlb id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Mozilla Firefox\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll, destination_filename = \\?\C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x630
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe, destination_filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\production\How To Restore Files.hta, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\production\How To Restore Files.hta, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe, destination_filename = \\?\C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x6e8
30
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Defender\EppManifest.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Defender\EppManifest.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Defender\MpAsDesc.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Defender\MpAsDesc.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Defender\MpClient.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Defender\MpClient.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Defender\MpOAV.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Defender\MpOAV.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Defender\MsMpLics.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Defender\MsMpLics.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Defender\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Defender\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Defender\shellext.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Defender\shellext.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x71c
17
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Mail\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Mail\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Mail\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Mail\msoe.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Mail\msoe.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Mail\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Mail\MSOERES.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Mail\MSOERES.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Mail\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Mail\oeimport.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Mail\oeimport.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Mail\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Mail\wab.exe, destination_filename = \\?\C:\Program Files (x86)\Windows Mail\wab.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Mail\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Mail\wabimp.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Mail\wabimp.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Mail\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Mail\wabmig.exe, destination_filename = \\?\C:\Program Files (x86)\Windows Mail\wabmig.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Mail\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Mail\WinMail.exe, destination_filename = \\?\C:\Program Files (x86)\Windows Mail\WinMail.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x714
34
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Media Player\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Media Player\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\kg_tools_them.exe, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\kg_tools_them.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Media Player\kg_tools_them.exe id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Windows Media Player\kg_tools_them.exe id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files (x86)\Windows Media Player\kg_tools_them.exe id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Windows Media Player\kg_tools_them.exe id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Media Player\kg_tools_them.exe id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Media Player\kg_tools_them.exe id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\mpvis.DLL, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\mpvis.DLL id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\setup_wm.exe, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\setup_wm.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\wmlaunch.exe, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\wmlaunch.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\wmpconfig.exe, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\wmpconfig.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\wmplayer.exe, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\wmplayer.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\WMPMediaSharing.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\WMPMediaSharing.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\wmpnssci.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\wmpnssci.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\WMPNSSUI.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\WMPNSSUI.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\wmprph.exe, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\wmprph.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Media Player\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Media Player\wmpshare.exe, destination_filename = \\?\C:\Program Files (x86)\Windows Media Player\wmpshare.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x640
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Multimedia Platform\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Multimedia Platform\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Multimedia Platform\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Multimedia Platform\pump.exe, destination_filename = \\?\C:\Program Files (x86)\Windows Multimedia Platform\pump.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Multimedia Platform\pump.exe id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Windows Multimedia Platform\pump.exe id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files (x86)\Windows Multimedia Platform\pump.exe id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Windows Multimedia Platform\pump.exe id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Multimedia Platform\pump.exe id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Multimedia Platform\pump.exe id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Multimedia Platform\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Multimedia Platform\sqmapi.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Multimedia Platform\sqmapi.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x78c
24
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Mail\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe, destination_filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\ImagingEngine.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\ImagingEngine.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\limousines.exe, destination_filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\limousines.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\limousines.exe id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Windows Photo Viewer\limousines.exe id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\limousines.exe id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Windows Photo Viewer\limousines.exe id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\limousines.exe id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\limousines.exe id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\PhotoAcq.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\PhotoAcq.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\PhotoBase.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\PhotoBase.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x6f8
27
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Portable Devices\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Portable Devices\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Portable Devices\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Portable Devices\semiconductor phys.exe, destination_filename = \\?\C:\Program Files (x86)\Windows Portable Devices\semiconductor phys.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Portable Devices\semiconductor phys.exe id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Windows Portable Devices\semiconductor phys.exe id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files (x86)\Windows Portable Devices\semiconductor phys.exe id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Windows Portable Devices\semiconductor phys.exe id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Portable Devices\semiconductor phys.exe id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Portable Devices\semiconductor phys.exe id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Portable Devices\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Portable Devices\slightly.exe, destination_filename = \\?\C:\Program Files (x86)\Windows Portable Devices\slightly.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Portable Devices\slightly.exe id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Windows Portable Devices\slightly.exe id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files (x86)\Windows Portable Devices\slightly.exe id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Windows Portable Devices\slightly.exe id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Portable Devices\slightly.exe id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Portable Devices\slightly.exe id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Portable Devices\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll, destination_filename = \\?\C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x768
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Office\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Office\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Office\How To Restore Files.hta, size = 910 |
|
1 |
Thread 0x4c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Provisioning\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Provisioning\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Provisioning\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Provisioning\countrytable.xml, destination_filename = \\?\C:\ProgramData\Microsoft\Provisioning\countrytable.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x4c4
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\How To Restore Files.hta, type = file_attributes |
|
2 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp, destination_filename = \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xf28
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Windows Live\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows Live\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\AccountPictures\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Windows Live\WLive48x48.png, destination_filename = \\?\C:\ProgramData\Microsoft\Windows Live\WLive48x48.png id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Windows Live\WLive48x48.png id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Microsoft\Windows Live\WLive48x48.png id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\ProgramData\Microsoft\Windows Live\WLive48x48.png id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Microsoft\Windows Live\WLive48x48.png id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows Live\WLive48x48.png id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Windows Live\WLive48x48.png id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0xca8
38
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\Aclviho ASldjfl.contact, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\Aclviho ASldjfl.contact id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\Aclviho ASldjfl.contact id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\Aclviho ASldjfl.contact id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\Aclviho ASldjfl.contact id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Contacts\Aclviho ASldjfl.contact id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\Aclviho ASldjfl.contact id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\Aclviho ASldjfl.contact id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\asdlfk poopvy.contact, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\asdlfk poopvy.contact id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\asdlfk poopvy.contact id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\asdlfk poopvy.contact id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\asdlfk poopvy.contact id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Contacts\asdlfk poopvy.contact id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\asdlfk poopvy.contact id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\asdlfk poopvy.contact id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\chucu jadnvk.contact, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\chucu jadnvk.contact id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\chucu jadnvk.contact id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\chucu jadnvk.contact id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\chucu jadnvk.contact id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Contacts\chucu jadnvk.contact id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\chucu jadnvk.contact id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\chucu jadnvk.contact id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\desktop.ini, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Contacts\desktop.ini id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xcb0
6
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\INT\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\1PIfCh65fn7.docx, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\1PIfCh65fn7.docx id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\1PIfCh65fn7.docx id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 |
Thread 0xcb4
56
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\2RMYqU6OwcaNfG5QwG.pptx, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\2RMYqU6OwcaNfG5QwG.pptx id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\2RMYqU6OwcaNfG5QwG.pptx id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Documents\2RMYqU6OwcaNfG5QwG.pptx id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\2RMYqU6OwcaNfG5QwG.pptx id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Documents\2RMYqU6OwcaNfG5QwG.pptx id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\2RMYqU6OwcaNfG5QwG.pptx id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\2RMYqU6OwcaNfG5QwG.pptx id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\9f-BbJpQsNgzH8xy.ots, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\9f-BbJpQsNgzH8xy.ots id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\9f-BbJpQsNgzH8xy.ots id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Documents\9f-BbJpQsNgzH8xy.ots id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\9f-BbJpQsNgzH8xy.ots id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Documents\9f-BbJpQsNgzH8xy.ots id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\9f-BbJpQsNgzH8xy.ots id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\9f-BbJpQsNgzH8xy.ots id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\ciEYcg BbzFlEAagVLi.pptx, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\ciEYcg BbzFlEAagVLi.pptx id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\ciEYcg BbzFlEAagVLi.pptx id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Documents\ciEYcg BbzFlEAagVLi.pptx id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\ciEYcg BbzFlEAagVLi.pptx id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Documents\ciEYcg BbzFlEAagVLi.pptx id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\ciEYcg BbzFlEAagVLi.pptx id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\ciEYcg BbzFlEAagVLi.pptx id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\d43nQxH.docx, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\d43nQxH.docx id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\d43nQxH.docx id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Documents\d43nQxH.docx id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\d43nQxH.docx id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Documents\d43nQxH.docx id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\d43nQxH.docx id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\d43nQxH.docx id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\Database1.accdb, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\Database1.accdb id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\Database1.accdb id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Documents\Database1.accdb id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\Database1.accdb id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Documents\Database1.accdb id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\Database1.accdb id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 |
Thread 0x780
10
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Downloads\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Downloads\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Downloads\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Downloads\ChromeSetup.exe, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Downloads\ChromeSetup.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Downloads\ChromeSetup.exe id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Downloads\ChromeSetup.exe id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Downloads\ChromeSetup.exe id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Downloads\ChromeSetup.exe id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x7b4
25
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Favorites\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Favorites\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\AccountPictures\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Favorites\Bing.url, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Favorites\Bing.url id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Favorites\Bing.url id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Favorites\Bing.url id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Favorites\Bing.url id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Favorites\Bing.url id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Favorites\Bing.url id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Favorites\Bing.url id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Favorites\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Favorites\desktop.ini, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Favorites\desktop.ini id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Favorites\desktop.ini id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Favorites\desktop.ini id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Favorites\desktop.ini id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Favorites\desktop.ini id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Favorites\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Favorites\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0x52c
27
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Links\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Links\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Links\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Links\desktop.ini, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Links\desktop.ini id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Links\desktop.ini id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Links\desktop.ini id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Links\desktop.ini id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Links\desktop.ini id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Links\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Links\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Links\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Links\Desktop.lnk, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Links\Desktop.lnk id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Links\Desktop.lnk id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Links\Desktop.lnk id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Links\Desktop.lnk id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Links\Desktop.lnk id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Links\Desktop.lnk id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Links\Desktop.lnk id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Links\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Links\Downloads.lnk, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Links\Downloads.lnk id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xad4
113
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\desktop.ini, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\desktop.ini id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\desktop.ini id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Music\desktop.ini id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\desktop.ini id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Music\desktop.ini id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\ESp7hzFp.wav, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\ESp7hzFp.wav id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\ESp7hzFp.wav id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Music\ESp7hzFp.wav id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\ESp7hzFp.wav id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Music\ESp7hzFp.wav id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\ESp7hzFp.wav id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\ESp7hzFp.wav id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\JhZMle5-3.mp3, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\JhZMle5-3.mp3 id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\JhZMle5-3.mp3 id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Music\JhZMle5-3.mp3 id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\JhZMle5-3.mp3 id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Music\JhZMle5-3.mp3 id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\JhZMle5-3.mp3 id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\JhZMle5-3.mp3 id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\JjYoZpHYWTU.m4a, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\JjYoZpHYWTU.m4a id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\JjYoZpHYWTU.m4a id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Music\JjYoZpHYWTU.m4a id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\JjYoZpHYWTU.m4a id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Music\JjYoZpHYWTU.m4a id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\JjYoZpHYWTU.m4a id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\JjYoZpHYWTU.m4a id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\K5afBvaXQ17XKw.wav, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\K5afBvaXQ17XKw.wav id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\K5afBvaXQ17XKw.wav id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Music\K5afBvaXQ17XKw.wav id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\K5afBvaXQ17XKw.wav id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Music\K5afBvaXQ17XKw.wav id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\K5afBvaXQ17XKw.wav id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\K5afBvaXQ17XKw.wav id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\M0FRaonJmV.m4a, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\M0FRaonJmV.m4a id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\M0FRaonJmV.m4a id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Music\M0FRaonJmV.m4a id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\M0FRaonJmV.m4a id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Music\M0FRaonJmV.m4a id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\M0FRaonJmV.m4a id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\M0FRaonJmV.m4a id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\o61wIO ULs99.m4a, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\o61wIO ULs99.m4a id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\o61wIO ULs99.m4a id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Music\o61wIO ULs99.m4a id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\o61wIO ULs99.m4a id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Music\o61wIO ULs99.m4a id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\o61wIO ULs99.m4a id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\o61wIO ULs99.m4a id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\rR19YSzpNWbN5JSMbg.mp3, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\rR19YSzpNWbN5JSMbg.mp3 id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\rR19YSzpNWbN5JSMbg.mp3 id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Music\rR19YSzpNWbN5JSMbg.mp3 id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\rR19YSzpNWbN5JSMbg.mp3 id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Music\rR19YSzpNWbN5JSMbg.mp3 id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\rR19YSzpNWbN5JSMbg.mp3 id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\rR19YSzpNWbN5JSMbg.mp3 id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\SlQRk7s3j8.mp3, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\SlQRk7s3j8.mp3 id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\SlQRk7s3j8.mp3 id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Music\SlQRk7s3j8.mp3 id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\SlQRk7s3j8.mp3 id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Music\SlQRk7s3j8.mp3 id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\SlQRk7s3j8.mp3 id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\SlQRk7s3j8.mp3 id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\uV1Z3 xAZ39J3T.wav, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\uV1Z3 xAZ39J3T.wav id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\uV1Z3 xAZ39J3T.wav id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Music\uV1Z3 xAZ39J3T.wav id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\uV1Z3 xAZ39J3T.wav id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Music\uV1Z3 xAZ39J3T.wav id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\uV1Z3 xAZ39J3T.wav id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\uV1Z3 xAZ39J3T.wav id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0x710
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\OneDrive\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\OneDrive\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\OneDrive\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\OneDrive\desktop.ini, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\OneDrive\desktop.ini id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\OneDrive\desktop.ini id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\OneDrive\desktop.ini id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\OneDrive\desktop.ini id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\OneDrive\desktop.ini id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\OneDrive\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\OneDrive\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0xa8c
47
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\6VPPhG1IT3F2Zg-.bmp, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\6VPPhG1IT3F2Zg-.bmp id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\6VPPhG1IT3F2Zg-.bmp id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\6VPPhG1IT3F2Zg-.bmp id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\6VPPhG1IT3F2Zg-.bmp id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Pictures\6VPPhG1IT3F2Zg-.bmp id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\6VPPhG1IT3F2Zg-.bmp id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\6VPPhG1IT3F2Zg-.bmp id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\desktop.ini, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\desktop.ini id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\desktop.ini id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\desktop.ini id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\desktop.ini id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Pictures\desktop.ini id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\LGn3zp_fF2XhsytW9iY.png, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\LGn3zp_fF2XhsytW9iY.png id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\LGn3zp_fF2XhsytW9iY.png id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\LGn3zp_fF2XhsytW9iY.png id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\LGn3zp_fF2XhsytW9iY.png id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Pictures\LGn3zp_fF2XhsytW9iY.png id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\LGn3zp_fF2XhsytW9iY.png id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\LGn3zp_fF2XhsytW9iY.png id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\sm_xgLw3u40OkI.jpg, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\sm_xgLw3u40OkI.jpg id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\sm_xgLw3u40OkI.jpg id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\sm_xgLw3u40OkI.jpg id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\sm_xgLw3u40OkI.jpg id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Pictures\sm_xgLw3u40OkI.jpg id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\sm_xgLw3u40OkI.jpg id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\sm_xgLw3u40OkI.jpg id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0x804
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Saved Games\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Saved Games\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Saved Games\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Saved Games\desktop.ini, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Saved Games\desktop.ini id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Saved Games\desktop.ini id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Saved Games\desktop.ini id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Saved Games\desktop.ini id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Saved Games\desktop.ini id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Saved Games\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Saved Games\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0x504
38
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Searches\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Searches\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\limousines.exe id-Br3n0G72wUb8CejT.LyaS, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Searches\desktop.ini, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Searches\desktop.ini id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Searches\desktop.ini id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Searches\desktop.ini id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Searches\desktop.ini id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Searches\desktop.ini id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Searches\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Searches\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Searches\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Searches\Everywhere.search-ms, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Searches\Everywhere.search-ms id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Searches\Everywhere.search-ms id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Searches\Everywhere.search-ms id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Searches\Everywhere.search-ms id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Searches\Everywhere.search-ms id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Searches\Everywhere.search-ms id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Searches\Everywhere.search-ms id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Searches\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Searches\Indexed Locations.search-ms, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Searches\Indexed Locations.search-ms id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Searches\Indexed Locations.search-ms id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Searches\Indexed Locations.search-ms id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Searches\Indexed Locations.search-ms id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Searches\Indexed Locations.search-ms id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Searches\Indexed Locations.search-ms id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Searches\Indexed Locations.search-ms id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0x270
58
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\60D7E9F.avi, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\60D7E9F.avi id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\60D7E9F.avi id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Videos\60D7E9F.avi id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\60D7E9F.avi id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Videos\60D7E9F.avi id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\60D7E9F.avi id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\60D7E9F.avi id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\desktop.ini, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\desktop.ini id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\desktop.ini id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Videos\desktop.ini id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\desktop.ini id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Videos\desktop.ini id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\mqFOr.avi, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\mqFOr.avi id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\mqFOr.avi id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Videos\mqFOr.avi id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\mqFOr.avi id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Videos\mqFOr.avi id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\mqFOr.avi id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\mqFOr.avi id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\rWkgzSW.mkv, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\rWkgzSW.mkv id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\rWkgzSW.mkv id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Videos\rWkgzSW.mkv id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\rWkgzSW.mkv id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Videos\rWkgzSW.mkv id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\rWkgzSW.mkv id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\rWkgzSW.mkv id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\VyW OD.mkv, destination_filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\VyW OD.mkv id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\VyW OD.mkv id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\CIiHmnxMn6Ps\Videos\VyW OD.mkv id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\VyW OD.mkv id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\CIiHmnxMn6Ps\Videos\VyW OD.mkv id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\VyW OD.mkv id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Videos\VyW OD.mkv id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0x200
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Internet Explorer\en-US\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Internet Explorer\en-US\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui, destination_filename = \\?\C:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui, destination_filename = \\?\C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui, destination_filename = \\?\C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x1a4
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft OneDrive\setup\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft OneDrive\setup\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft OneDrive\setup\How To Restore Files.hta, size = 910 |
|
1 |
Thread 0x6d0
83
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\USOShared\Logs\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\USOShared\Logs\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\USOShared\Logs\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\USOShared\Logs\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.002.etl, destination_filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.002.etl id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.002.etl id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.002.etl id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.002.etl id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.002.etl id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.002.etl id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.002.etl id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\USOShared\Logs\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.003.etl, destination_filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.003.etl id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.003.etl id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.003.etl id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.003.etl id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.003.etl id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.003.etl id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.003.etl id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\USOShared\Logs\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.004.etl, destination_filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.004.etl id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.004.etl id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.004.etl id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.004.etl id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.004.etl id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.004.etl id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.004.etl id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\USOShared\Logs\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.005.etl, destination_filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.005.etl id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.005.etl id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.005.etl id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.005.etl id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.005.etl id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.005.etl id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.005.etl id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\USOShared\Logs\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.006.etl, destination_filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.006.etl id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.006.etl id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.006.etl id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.006.etl id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.006.etl id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.006.etl id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.006.etl id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\USOShared\Logs\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.007.etl, destination_filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.007.etl id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.007.etl id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.007.etl id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.007.etl id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.007.etl id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.007.etl id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.007.etl id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\USOShared\Logs\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.008.etl, destination_filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.008.etl id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.008.etl id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.008.etl id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.008.etl id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.008.etl id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.008.etl id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.008.etl id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\USOShared\Logs\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.009.etl, destination_filename = \\?\C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.009.etl id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\USOPrivate\UpdateStore\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\USOPrivate\UpdateStore\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\production\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml, destination_filename = \\?\C:\ProgramData\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xaf4
65
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Java\jre1.8.0_131\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Java\jre1.8.0_131\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Links\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Java\jre1.8.0_131\COPYRIGHT, destination_filename = \\?\C:\Program Files\Java\jre1.8.0_131\COPYRIGHT id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Java\jre1.8.0_131\COPYRIGHT id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Java\jre1.8.0_131\COPYRIGHT id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files\Java\jre1.8.0_131\COPYRIGHT id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Java\jre1.8.0_131\COPYRIGHT id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Java\jre1.8.0_131\COPYRIGHT id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Java\jre1.8.0_131\COPYRIGHT id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Java\jre1.8.0_131\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Java\jre1.8.0_131\LICENSE, destination_filename = \\?\C:\Program Files\Java\jre1.8.0_131\LICENSE id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Java\jre1.8.0_131\LICENSE id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Java\jre1.8.0_131\LICENSE id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files\Java\jre1.8.0_131\LICENSE id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Java\jre1.8.0_131\LICENSE id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Java\jre1.8.0_131\LICENSE id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Java\jre1.8.0_131\LICENSE id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Java\jre1.8.0_131\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Java\jre1.8.0_131\README.txt, destination_filename = \\?\C:\Program Files\Java\jre1.8.0_131\README.txt id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Java\jre1.8.0_131\README.txt id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Java\jre1.8.0_131\README.txt id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files\Java\jre1.8.0_131\README.txt id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Java\jre1.8.0_131\README.txt id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Java\jre1.8.0_131\README.txt id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Java\jre1.8.0_131\README.txt id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Java\jre1.8.0_131\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Java\jre1.8.0_131\release, destination_filename = \\?\C:\Program Files\Java\jre1.8.0_131\release id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Java\jre1.8.0_131\release id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Java\jre1.8.0_131\release id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files\Java\jre1.8.0_131\release id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Java\jre1.8.0_131\release id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Java\jre1.8.0_131\release id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Videos\How To Restore Files.hta, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Java\jre1.8.0_131\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Java\jre1.8.0_131\THIRDPARTYLICENSEREADME-JAVAFX.txt, destination_filename = \\?\C:\Program Files\Java\jre1.8.0_131\THIRDPARTYLICENSEREADME-JAVAFX.txt id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Java\jre1.8.0_131\THIRDPARTYLICENSEREADME-JAVAFX.txt id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Java\jre1.8.0_131\THIRDPARTYLICENSEREADME-JAVAFX.txt id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files\Java\jre1.8.0_131\THIRDPARTYLICENSEREADME-JAVAFX.txt id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Java\jre1.8.0_131\THIRDPARTYLICENSEREADME-JAVAFX.txt id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Java\jre1.8.0_131\THIRDPARTYLICENSEREADME-JAVAFX.txt id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Java\jre1.8.0_131\THIRDPARTYLICENSEREADME-JAVAFX.txt id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Java\jre1.8.0_131\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Java\jre1.8.0_131\THIRDPARTYLICENSEREADME.txt, destination_filename = \\?\C:\Program Files\Java\jre1.8.0_131\THIRDPARTYLICENSEREADME.txt id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Java\jre1.8.0_131\THIRDPARTYLICENSEREADME.txt id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Java\jre1.8.0_131\THIRDPARTYLICENSEREADME.txt id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files\Java\jre1.8.0_131\THIRDPARTYLICENSEREADME.txt id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Java\jre1.8.0_131\THIRDPARTYLICENSEREADME.txt id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x8a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\images\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Internet Explorer\images\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Internet Explorer\SIGNUP\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\images\bing.ico, destination_filename = \\?\C:\Program Files\Internet Explorer\images\bing.ico id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x7d0
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Internet Explorer\SIGNUP\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Internet Explorer\SIGNUP\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Internet Explorer\SIGNUP\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins, destination_filename = \\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0xf1c
13
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office 15\ClientX64\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office 15\ClientX64\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\sm_xgLw3u40OkI.jpg id-Br3n0G72wUb8CejT.LyaS, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe, destination_filename = \\?\C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0xf38
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\Public\AccountPictures\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\AccountPictures\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\AccountPictures\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Public\AccountPictures\desktop.ini, destination_filename = \\?\C:\Users\Public\AccountPictures\desktop.ini id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\AccountPictures\desktop.ini id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Public\AccountPictures\desktop.ini id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\Public\AccountPictures\desktop.ini id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Public\AccountPictures\desktop.ini id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\AccountPictures\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\AccountPictures\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0xf20
13
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\Public\Desktop\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Desktop\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows NT\Accessories\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Public\Desktop\Acrobat Reader DC.lnk, destination_filename = \\?\C:\Users\Public\Desktop\Acrobat Reader DC.lnk id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Desktop\Acrobat Reader DC.lnk id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Public\Desktop\Acrobat Reader DC.lnk id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\Public\Desktop\Acrobat Reader DC.lnk id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Public\Desktop\Acrobat Reader DC.lnk id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Desktop\Acrobat Reader DC.lnk id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Desktop\Acrobat Reader DC.lnk id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0xf48
17
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Journal\en-US\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Journal\en-US\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\en-US\JNTFiltr.dll.mui, destination_filename = \\?\C:\Program Files\Windows Journal\en-US\JNTFiltr.dll.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\en-US\jnwdui.dll.mui, destination_filename = \\?\C:\Program Files\Windows Journal\en-US\jnwdui.dll.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\en-US\jnwmon.dll.mui, destination_filename = \\?\C:\Program Files\Windows Journal\en-US\jnwmon.dll.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\en-US\Journal.exe.mui, destination_filename = \\?\C:\Program Files\Windows Journal\en-US\Journal.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\en-US\MSPVWCTL.DLL.mui, destination_filename = \\?\C:\Program Files\Windows Journal\en-US\MSPVWCTL.DLL.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\en-US\NBMapTIP.dll.mui, destination_filename = \\?\C:\Program Files\Windows Journal\en-US\NBMapTIP.dll.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\en-US\PDIALOG.exe.mui, destination_filename = \\?\C:\Program Files\Windows Journal\en-US\PDIALOG.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xd88
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Mail\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Mail\en-US\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Mail\en-US\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Mail\en-US\msoeres.dll.mui, destination_filename = \\?\C:\Program Files\Windows Mail\en-US\msoeres.dll.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Mail\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Mail\en-US\WinMail.exe.mui, destination_filename = \\?\C:\Program Files\Windows Mail\en-US\WinMail.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xf10
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows NT\Accessories\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows NT\Accessories\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows NT\Accessories\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows NT\Accessories\wordpad.exe, destination_filename = \\?\C:\Program Files\Windows NT\Accessories\wordpad.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows NT\Accessories\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows NT\Accessories\WordpadFilter.dll, destination_filename = \\?\C:\Program Files\Windows NT\Accessories\WordpadFilter.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xc90
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.0_1.0.22929.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.0_1.0.22929.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 |
Thread 0x510
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.0_1.0.22929.0_x86__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.0_1.0.22929.0_x86__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 |
Thread 0xc8c
87
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\adalrt.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\adalrt.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\App.xaml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\App.xaml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\AppxManifest.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\AppxManifest.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\AppxSignature.p7x, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\AppxSignature.p7x id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\autstbim.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\autstbim.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\CsiImm.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\CsiImm.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\msipcm.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\msipcm.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\mso0127.acl, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\mso0127.acl id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\mso20imm.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\mso20imm.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\mso30imm.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\mso30imm.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\msoimm.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\msoimm.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\msproof7imm.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\msproof7imm.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\msptlsimm.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\msptlsimm.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\office.odf, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\office.odf id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.OneNote.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.OneNote.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x890
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_2015.4201.10091.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_2015.4201.10091.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 |
Thread 0xc84
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.People_1.10159.0.0_neutral_split.scale-150_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.People_1.10159.0.0_neutral_split.scale-150_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 |
Thread 0x820
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.People_1.10159.0.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.People_1.10159.0.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.People_1.10159.0.0_x64__8wekyb3d8bbwe\App.xbf, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.People_1.10159.0.0_x64__8wekyb3d8bbwe\App.xbf id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xc80
10
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.People_2015.627.626.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.People_2015.627.626.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.People_2015.627.626.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.People_2015.627.626.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.People_2015.627.626.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.People_2015.627.626.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.People_2015.627.626.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.People_2015.627.626.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x620
10
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_neutral_~_kzf8qxf38zg5c\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_neutral_~_kzf8qxf38zg5c\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_neutral_~_kzf8qxf38zg5c\AppxBlockMap.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_neutral_~_kzf8qxf38zg5c\AppxBlockMap.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_neutral_~_kzf8qxf38zg5c\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_neutral_~_kzf8qxf38zg5c\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_neutral_~_kzf8qxf38zg5c\AppxSignature.p7x, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_neutral_~_kzf8qxf38zg5c\AppxSignature.p7x id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xc7c
30
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_x86__kzf8qxf38zg5c\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_x86__kzf8qxf38zg5c\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_x86__kzf8qxf38zg5c\AppxBlockMap.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_x86__kzf8qxf38zg5c\AppxBlockMap.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_x86__kzf8qxf38zg5c\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_x86__kzf8qxf38zg5c\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_x86__kzf8qxf38zg5c\AppxManifest.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_x86__kzf8qxf38zg5c\AppxManifest.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_x86__kzf8qxf38zg5c\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_x86__kzf8qxf38zg5c\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_x86__kzf8qxf38zg5c\AppxSignature.p7x, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_x86__kzf8qxf38zg5c\AppxSignature.p7x id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_x86__kzf8qxf38zg5c\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_x86__kzf8qxf38zg5c\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_x86__kzf8qxf38zg5c\GetSkype.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_x86__kzf8qxf38zg5c\GetSkype.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_x86__kzf8qxf38zg5c\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_x86__kzf8qxf38zg5c\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_x86__kzf8qxf38zg5c\GetSkype.exe, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_x86__kzf8qxf38zg5c\GetSkype.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_x86__kzf8qxf38zg5c\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_x86__kzf8qxf38zg5c\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_x86__kzf8qxf38zg5c\resources.pri, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.2.1.0_x86__kzf8qxf38zg5c\resources.pri id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x548
45
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\AppxBlockMap.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\AppxBlockMap.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\AppxManifest.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\AppxManifest.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\AppxSignature.p7x, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\AppxSignature.p7x id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\logo.png, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\logo.png id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\msvcp120_app.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\msvcp120_app.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\msvcr120_app.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\msvcr120_app.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\vcamp120_app.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\vcamp120_app.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\vccorlib120_app.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\vccorlib120_app.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\vcomp120_app.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\vcomp120_app.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xb68
19
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Defender\en-US\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Defender\en-US\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\en-US\EppManifest.dll.mui, destination_filename = \\?\C:\Program Files\Windows Defender\en-US\EppManifest.dll.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\en-US\MpAsDesc.dll.mui, destination_filename = \\?\C:\Program Files\Windows Defender\en-US\MpAsDesc.dll.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\en-US\MpEvMsg.dll.mui, destination_filename = \\?\C:\Program Files\Windows Defender\en-US\MpEvMsg.dll.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\en-US\MsMpRes.dll.mui, destination_filename = \\?\C:\Program Files\Windows Defender\en-US\MsMpRes.dll.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\en-US\ProtectionManagement.dll.mui, destination_filename = \\?\C:\Program Files\Windows Defender\en-US\ProtectionManagement.dll.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\en-US\ProtectionManagement.mfl, destination_filename = \\?\C:\Program Files\Windows Defender\en-US\ProtectionManagement.mfl id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\en-US\ProtectionManagement_Uninstall.mfl, destination_filename = \\?\C:\Program Files\Windows Defender\en-US\ProtectionManagement_Uninstall.mfl id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Defender\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Defender\en-US\shellext.dll.mui, destination_filename = \\?\C:\Program Files\Windows Defender\en-US\shellext.dll.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xec0
45
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\AppxBlockMap.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\AppxBlockMap.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\AppxManifest.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\AppxManifest.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\AppxSignature.p7x, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\AppxSignature.p7x id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\logo.png, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\logo.png id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\msvcp120_app.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\msvcp120_app.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\msvcr120_app.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\msvcr120_app.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\vcamp120_app.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\vcamp120_app.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\vccorlib120_app.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\vccorlib120_app.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\vcomp120_app.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\vcomp120_app.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x11c
50
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\AppxManifest.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\AppxManifest.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\AppxSignature.p7x, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\AppxSignature.p7x id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\concrt140_app.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\concrt140_app.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\logo.png, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\logo.png id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\msvcp140_app.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\msvcp140_app.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\vcamp140_app.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\vcamp140_app.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\vccorlib140_app.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\vccorlib140_app.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\vcomp140_app.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\vcomp140_app.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\vcruntime140_app.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x64__8wekyb3d8bbwe\vcruntime140_app.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x83c
50
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\AppxBlockMap.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\AppxBlockMap.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\AppxManifest.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\AppxManifest.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\AppxSignature.p7x, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\AppxSignature.p7x id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\concrt140_app.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\concrt140_app.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\logo.png, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\logo.png id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\msvcp140_app.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\msvcp140_app.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\vcamp140_app.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\vcamp140_app.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\vccorlib140_app.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\vccorlib140_app.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\vcomp140_app.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\vcomp140_app.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\vcruntime140_app.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\vcruntime140_app.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xa1c
60
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\AppxManifest.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\AppxManifest.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\AppxSignature.p7x, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\AppxSignature.p7x id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Bing.Immersive.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Bing.Immersive.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\FaceSdkStoreWrapper.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\FaceSdkStoreWrapper.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Lumia.AppTk.SceneGraph.UAP.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Lumia.AppTk.SceneGraph.UAP.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Lumia.Media.Packaging.UAP.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Lumia.Media.Packaging.UAP.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Lumia.ViewerPluginNative.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Lumia.ViewerPluginNative.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xf08
10
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2015.618.1921.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2015.618.1921.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2015.618.1921.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2015.618.1921.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2015.618.1921.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2015.618.1921.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2015.618.1921.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2015.618.1921.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xb58
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1506.19010.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1506.19010.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x4b8
10
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_2015.619.10.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_2015.619.10.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_2015.619.10.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_2015.619.10.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_2015.619.10.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_2015.619.10.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_2015.619.10.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_2015.619.10.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xad8
27
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\AppxManifest.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\AppxManifest.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\AppxSignature.p7x, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\AppxSignature.p7x id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\Calculator.exe, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\Calculator.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\CalculatorApp.winmd, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\CalculatorApp.winmd id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x888
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_2015.619.10.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_2015.619.10.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_2015.619.10.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_2015.619.10.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x2ec
10
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2015.612.1501.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2015.612.1501.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2015.612.1501.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2015.612.1501.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2015.612.1501.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2015.612.1501.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2015.612.1501.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2015.612.1501.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x8c4
60
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\AppxManifest.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\AppxManifest.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\AppxSignature.p7x, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\AppxSignature.p7x id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\Lumia.CameraApp.Native.winmd, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\Lumia.CameraApp.Native.winmd id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\Lumia.CameraApp.Telemetry.winmd, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\Lumia.CameraApp.Telemetry.winmd id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\Lumia.TracingLib.Native.Win.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\Lumia.TracingLib.Native.Win.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\Lumia.TracingLib.Native.winmd, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\Lumia.TracingLib.Native.winmd id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\Microsoft.CameraApp.Native.Win.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\Microsoft.CameraApp.Native.Win.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\Microsoft.CameraApp.Telemetry.Win.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\Microsoft.CameraApp.Telemetry.Win.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\resources.pri, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\resources.pri id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\WindowsCamera.dll, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\WindowsCamera.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\WindowsCamera.exe, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\WindowsCamera.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xa58
37
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\App.xaml, destination_filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\App.xaml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml, destination_filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\AppxManifest.xml, destination_filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\AppxManifest.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\AppxSignature.p7x, destination_filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\AppxSignature.p7x id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\chartim.dll, destination_filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\chartim.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\CsiImm.dll, destination_filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\CsiImm.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\EventInterpreterImm.dll, destination_filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\EventInterpreterImm.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xa68
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_2015.6002.42251.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_2015.6002.42251.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x248
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsMaps_2015.619.213.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsMaps_2015.619.213.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x15c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsMaps_4.1505.50619.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsMaps_4.1505.50619.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsMaps_4.1505.50619.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsMaps_4.1505.50619.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xae4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1506.20010.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1506.20010.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1506.20010.0_x64__8wekyb3d8bbwe\ApplicationInsights.config, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1506.20010.0_x64__8wekyb3d8bbwe\ApplicationInsights.config id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x854
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsPhone_2015.620.10.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsPhone_2015.620.10.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xa30
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1506.15100.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1506.15100.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 |
Thread 0xb3c
10
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_2015.615.1606.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_2015.615.1606.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_2015.615.1606.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_2015.615.1606.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_2015.615.1606.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_2015.615.1606.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_2015.615.1606.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_2015.615.1606.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xc28
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\Public\Documents\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Documents\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Documents\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Public\Documents\desktop.ini, destination_filename = \\?\C:\Users\Public\Documents\desktop.ini id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Documents\desktop.ini id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Public\Documents\desktop.ini id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\Public\Documents\desktop.ini id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Public\Documents\desktop.ini id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Documents\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Documents\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0x538
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\Public\Downloads\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Downloads\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Downloads\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Public\Downloads\desktop.ini, destination_filename = \\?\C:\Users\Public\Downloads\desktop.ini id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Downloads\desktop.ini id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Public\Downloads\desktop.ini id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\Public\Downloads\desktop.ini id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Public\Downloads\desktop.ini id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Downloads\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Downloads\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0xc38
13
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\Public\Libraries\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Libraries\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Public\Libraries\desktop.ini, destination_filename = \\?\C:\Users\Public\Libraries\desktop.ini id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Libraries\desktop.ini id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Public\Libraries\desktop.ini id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\Public\Libraries\desktop.ini id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Public\Libraries\desktop.ini id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Libraries\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Libraries\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0xc2c
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\Public\Music\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Music\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Music\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Public\Music\desktop.ini, destination_filename = \\?\C:\Users\Public\Music\desktop.ini id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Music\desktop.ini id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Public\Music\desktop.ini id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\Public\Music\desktop.ini id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Public\Music\desktop.ini id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Music\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Music\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0x7f8
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\Public\Pictures\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Pictures\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Pictures\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Public\Pictures\desktop.ini, destination_filename = \\?\C:\Users\Public\Pictures\desktop.ini id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Pictures\desktop.ini id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Public\Pictures\desktop.ini id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\Public\Pictures\desktop.ini id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Public\Pictures\desktop.ini id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Pictures\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Pictures\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0xc30
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\Public\Videos\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Videos\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Videos\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\Public\Videos\desktop.ini, destination_filename = \\?\C:\Users\Public\Videos\desktop.ini id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\Public\Videos\desktop.ini id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\Public\Videos\desktop.ini id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\Public\Videos\desktop.ini id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\Public\Videos\desktop.ini id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Videos\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\Videos\desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0xc94
15
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows NT\TableTextService\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows NT\TableTextService\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\System\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows NT\TableTextService\TableTextService.dll, destination_filename = \\?\C:\Program Files\Windows NT\TableTextService\TableTextService.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows NT\TableTextService\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceAmharic.txt, destination_filename = \\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceAmharic.txt id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows NT\TableTextService\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt, destination_filename = \\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows NT\TableTextService\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt, destination_filename = \\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows NT\TableTextService\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceTigrinya.txt, destination_filename = \\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceTigrinya.txt id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows NT\TableTextService\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceYi.txt, destination_filename = \\?\C:\Program Files\Windows NT\TableTextService\TableTextServiceYi.txt id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xacc
25
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\Templates\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Journal\Templates\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\System\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\Templates\blank.jtp, destination_filename = \\?\C:\Program Files\Windows Journal\Templates\blank.jtp id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\Templates\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\Templates\Dotted_Line.jtp, destination_filename = \\?\C:\Program Files\Windows Journal\Templates\Dotted_Line.jtp id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\Templates\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\Templates\Genko_1.jtp, destination_filename = \\?\C:\Program Files\Windows Journal\Templates\Genko_1.jtp id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\Templates\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\Templates\Genko_2.jtp, destination_filename = \\?\C:\Program Files\Windows Journal\Templates\Genko_2.jtp id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\Templates\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\Templates\Graph.jtp, destination_filename = \\?\C:\Program Files\Windows Journal\Templates\Graph.jtp id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\Templates\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\Templates\Memo.jtp, destination_filename = \\?\C:\Program Files\Windows Journal\Templates\Memo.jtp id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\Templates\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\Templates\Month_Calendar.jtp, destination_filename = \\?\C:\Program Files\Windows Journal\Templates\Month_Calendar.jtp id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\Templates\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\Templates\Music.jtp, destination_filename = \\?\C:\Program Files\Windows Journal\Templates\Music.jtp id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\Templates\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\Templates\Seyes.jtp, destination_filename = \\?\C:\Program Files\Windows Journal\Templates\Seyes.jtp id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\Templates\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\Templates\Shorthand.jtp, destination_filename = \\?\C:\Program Files\Windows Journal\Templates\Shorthand.jtp id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Journal\Templates\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Journal\Templates\To_Do_List.jtp, destination_filename = \\?\C:\Program Files\Windows Journal\Templates\To_Do_List.jtp id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x808
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.7.1.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.7.1.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 |
Thread 0xc88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.701.14.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.701.14.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.701.14.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.701.14.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x3dc
10
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.XboxApp_2015.617.130.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.XboxApp_2015.617.130.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.XboxApp_2015.617.130.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.XboxApp_2015.617.130.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.XboxApp_2015.617.130.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.XboxApp_2015.617.130.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.XboxApp_2015.617.130.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.XboxApp_2015.617.130.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x88c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.XboxApp_5.6.17000.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.XboxApp_5.6.17000.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 |
Thread 0x798
10
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2019.6.10841.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2019.6.10841.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2019.6.10841.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2019.6.10841.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2019.6.10841.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2019.6.10841.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2019.6.10841.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2019.6.10841.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x81c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.10841.0_neutral_resources.scale-140_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.10841.0_neutral_resources.scale-140_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 |
Thread 0x550
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.10841.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.10841.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 |
Thread 0x554
10
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2019.6.10811.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2019.6.10811.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2019.6.10811.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2019.6.10811.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2019.6.10811.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2019.6.10811.0_neutral_~_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2019.6.10811.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2019.6.10811.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x77c
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.10811.0_neutral_resources.scale-140_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.10811.0_neutral_resources.scale-140_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.10811.0_neutral_resources.scale-140_8wekyb3d8bbwe\AppxBlockMap.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.10811.0_neutral_resources.scale-140_8wekyb3d8bbwe\AppxBlockMap.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.10811.0_neutral_resources.scale-140_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.10811.0_neutral_resources.scale-140_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.10811.0_neutral_resources.scale-140_8wekyb3d8bbwe\AppxManifest.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.10811.0_neutral_resources.scale-140_8wekyb3d8bbwe\AppxManifest.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.10811.0_neutral_resources.scale-140_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.10811.0_neutral_resources.scale-140_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.10811.0_neutral_resources.scale-140_8wekyb3d8bbwe\AppxSignature.p7x, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.10811.0_neutral_resources.scale-140_8wekyb3d8bbwe\AppxSignature.p7x id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.10811.0_neutral_resources.scale-140_8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.10811.0_neutral_resources.scale-140_8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.10811.0_neutral_resources.scale-140_8wekyb3d8bbwe\resources.pri, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.10811.0_neutral_resources.scale-140_8wekyb3d8bbwe\resources.pri id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x9a4
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.10811.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.10811.0_x64__8wekyb3d8bbwe\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 |
Thread 0x9a8
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Photo Viewer\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Photo Viewer\en-US\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Media Player\en-US\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Photo Viewer\en-US\ImagingDevices.exe.mui, destination_filename = \\?\C:\Program Files\Windows Photo Viewer\en-US\ImagingDevices.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Photo Viewer\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Photo Viewer\en-US\PhotoAcq.dll.mui, destination_filename = \\?\C:\Program Files\Windows Photo Viewer\en-US\PhotoAcq.dll.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Photo Viewer\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui, destination_filename = \\?\C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x9ac
23
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Media Player\en-US\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Media Player\en-US\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\en-US\mpvis.dll.mui, destination_filename = \\?\C:\Program Files\Windows Media Player\en-US\mpvis.dll.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\en-US\setup_wm.exe.mui, destination_filename = \\?\C:\Program Files\Windows Media Player\en-US\setup_wm.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\en-US\wmlaunch.exe.mui, destination_filename = \\?\C:\Program Files\Windows Media Player\en-US\wmlaunch.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\en-US\wmplayer.exe.mui, destination_filename = \\?\C:\Program Files\Windows Media Player\en-US\wmplayer.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\en-US\WMPMediaSharing.dll.mui, destination_filename = \\?\C:\Program Files\Windows Media Player\en-US\WMPMediaSharing.dll.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\en-US\wmpnetwk.exe.mui, destination_filename = \\?\C:\Program Files\Windows Media Player\en-US\wmpnetwk.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\en-US\wmpnscfg.exe.mui, destination_filename = \\?\C:\Program Files\Windows Media Player\en-US\wmpnscfg.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\en-US\wmpnssci.dll.mui, destination_filename = \\?\C:\Program Files\Windows Media Player\en-US\wmpnssci.dll.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\en-US\wmpnssui.dll.mui, destination_filename = \\?\C:\Program Files\Windows Media Player\en-US\wmpnssui.dll.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\en-US\WMPSideShowGadget.exe.mui, destination_filename = \\?\C:\Program Files\Windows Media Player\en-US\WMPSideShowGadget.exe.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x9a0
19
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\avtransport.xml, destination_filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\avtransport.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\connectionmanager_dmr.xml, destination_filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\connectionmanager_dmr.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\DMR_120.jpg, destination_filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\DMR_120.jpg id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\DMR_120.png, destination_filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\DMR_120.png id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\DMR_48.jpg, destination_filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\DMR_48.jpg id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\DMR_48.png, destination_filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\DMR_48.png id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\RenderingControl.xml, destination_filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\RenderingControl.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\RenderingControl_DMP.xml, destination_filename = \\?\C:\Program Files\Windows Media Player\Media Renderer\RenderingControl_DMP.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x9c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\microsoft shared\VSTO\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\.LNK, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\.LNK id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x9bc
69
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\microsoft shared\MSInfo\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\Content.xml, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\Content.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\FlickAnimation.avi, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\FlickAnimation.avi id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\hwrusalm.dat, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\hwrusalm.dat id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\IPSEventLogMsg.dll, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\IPSEventLogMsg.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x9c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\MSInfo\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\microsoft shared\MSInfo\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\microsoft shared\MSInfo\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x9c8
6
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\microsoft shared\MSInfo\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 |
Thread 0xb0c
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\Source Engine\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\microsoft shared\Source Engine\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\microsoft shared\Source Engine\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xb34
18
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\Stationery\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\microsoft shared\Stationery\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\microsoft shared\Stationery\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Bears.htm, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Bears.htm id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\Stationery\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Bears.jpg, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Bears.jpg id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\Stationery\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Blue_Gradient.jpg, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Blue_Gradient.jpg id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\Stationery\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Cave_Drawings.gif, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Cave_Drawings.gif id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\Stationery\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Connectivity.gif, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Connectivity.gif id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\Stationery\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x990
10
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\VC\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\microsoft shared\VC\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\microsoft shared\MSInfo\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xb94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\VGX\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\microsoft shared\VGX\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\microsoft shared\MSInfo\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x99c
6
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\VSTO\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\microsoft shared\VSTO\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\microsoft shared\VSTO\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll, destination_filename = \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 |
Thread 0xb98
39
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\adojavas.inc, destination_filename = \\?\C:\Program Files\Common Files\System\ado\adojavas.inc id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\adovbs.inc, destination_filename = \\?\C:\Program Files\Common Files\System\ado\adovbs.inc id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\msader15.dll, destination_filename = \\?\C:\Program Files\Common Files\System\ado\msader15.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\msado15.dll, destination_filename = \\?\C:\Program Files\Common Files\System\ado\msado15.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\msado20.tlb, destination_filename = \\?\C:\Program Files\Common Files\System\ado\msado20.tlb id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\msado21.tlb, destination_filename = \\?\C:\Program Files\Common Files\System\ado\msado21.tlb id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\msado25.tlb, destination_filename = \\?\C:\Program Files\Common Files\System\ado\msado25.tlb id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\msado26.tlb, destination_filename = \\?\C:\Program Files\Common Files\System\ado\msado26.tlb id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\msado27.tlb, destination_filename = \\?\C:\Program Files\Common Files\System\ado\msado27.tlb id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\msado28.tlb, destination_filename = \\?\C:\Program Files\Common Files\System\ado\msado28.tlb id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\msado60.tlb, destination_filename = \\?\C:\Program Files\Common Files\System\ado\msado60.tlb id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\msadomd.dll, destination_filename = \\?\C:\Program Files\Common Files\System\ado\msadomd.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\msadomd28.tlb, destination_filename = \\?\C:\Program Files\Common Files\System\ado\msadomd28.tlb id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\msador15.dll, destination_filename = \\?\C:\Program Files\Common Files\System\ado\msador15.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\msador28.tlb, destination_filename = \\?\C:\Program Files\Common Files\System\ado\msador28.tlb id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\msadox.dll, destination_filename = \\?\C:\Program Files\Common Files\System\ado\msadox.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\msadox28.tlb, destination_filename = \\?\C:\Program Files\Common Files\System\ado\msadox28.tlb id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Common Files\System\ado\msadrh15.dll, destination_filename = \\?\C:\Program Files\Common Files\System\ado\msadrh15.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xb9c
10
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\microsoft shared\MSInfo\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll, destination_filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xbb0
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\microsoft shared\VSTO\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf, destination_filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xbc0
10
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Java\Java Update\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Java\Java Update\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Java\Java Update\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe, destination_filename = \\?\C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xbc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xbc8
47
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkDiv.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkDiv.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\micaut.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\micaut.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\Microsoft.Ink.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\Microsoft.Ink.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mraut.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mraut.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mshwgst.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mshwgst.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mshwLatin.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mshwLatin.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\penchs.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\penchs.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\pencht.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\pencht.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\penjpn.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\penjpn.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\penkor.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\penkor.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\penusa.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\penusa.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\pipanel.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\pipanel.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\pipanel.exe, destination_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\pipanel.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\pipres.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\pipres.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\rtscom.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\rtscom.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\skchobj.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\skchobj.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\skchui.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\skchui.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe, destination_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\tiptsf.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\tiptsf.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\tpcps.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\tpcps.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xbd0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe, destination_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xbd4
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\microsoft shared\VSTO\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Bears.htm, destination_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Bears.htm id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Bears.jpg, destination_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Bears.jpg id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Desktop.ini, destination_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Desktop.ini id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Desktop.ini id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Desktop.ini id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Desktop.ini id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Desktop.ini id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Desktop.ini id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 |
Thread 0xbe0
10
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VC\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VC\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\microsoft shared\MSInfo\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dll id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dll id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dll id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dll id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0xbe4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\microsoft shared\MSInfo\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x980
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Crypto\SystemKeys\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Crypto\SystemKeys\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\microsoft shared\Source Engine\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848, destination_filename = \\?\C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0xa7c
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\INT\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\INT\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\INT\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\INT\ppcrlconfig600.dll, destination_filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\INT\ppcrlconfig600.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\INT\ppcrlconfig600.dll id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Microsoft\IdentityCRL\INT\ppcrlconfig600.dll id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\INT\ppcrlconfig600.dll id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Microsoft\IdentityCRL\INT\ppcrlconfig600.dll id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\INT\ppcrlconfig600.dll id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\INT\ppcrlconfig600.dll id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0xa60
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\production\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\production\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\production\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll, destination_filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 |
Thread 0xb18
14
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Oracle\Java\.oracle_jre_usage\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Oracle\Java\.oracle_jre_usage\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Users\Public\AccountPictures\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp, destination_filename = \\?\C:\ProgramData\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\ProgramData\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0xa44
13
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Oracle\Java\installcache_x64\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Oracle\Java\installcache_x64\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Oracle\Java\installcache_x64\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Oracle\Java\installcache_x64\baseimagefam8, destination_filename = \\?\C:\ProgramData\Oracle\Java\installcache_x64\baseimagefam8 id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Oracle\Java\installcache_x64\baseimagefam8 id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\ProgramData\Oracle\Java\installcache_x64\baseimagefam8 id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\ProgramData\Oracle\Java\installcache_x64\baseimagefam8 id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\ProgramData\Oracle\Java\installcache_x64\baseimagefam8 id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Oracle\Java\installcache_x64\baseimagefam8 id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Oracle\Java\installcache_x64\baseimagefam8 id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0x41c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Oracle\Java\javapath\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Oracle\Java\javapath\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\ProgramData\Oracle\Java\javapath\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Oracle\Java\javapath\java.exe, destination_filename = \\?\C:\ProgramData\Oracle\Java\javapath\java.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x754
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Oracle\Java\javapath_target_5923062\How To Restore Files.hta, type = file_attributes |
|
2 | |
| File | Move | source_filename = \\?\C:\ProgramData\Oracle\Java\javapath_target_5923062\java.exe, destination_filename = \\?\C:\ProgramData\Oracle\Java\javapath_target_5923062\java.exe id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xc4c
21
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\System\ado\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\WINDOWS.DIAGNOSTICS.xml, destination_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\WINDOWS.DIAGNOSTICS.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\WINDOWS.DIAGNOSTICS.xml.new, destination_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\WINDOWS.DIAGNOSTICS.xml.new id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\WINDOWS.PERFTRACKESCALATIONS.xml, destination_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\WINDOWS.PERFTRACKESCALATIONS.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\WINDOWS.PERFTRACKESCALATIONS.xml.new, destination_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\WINDOWS.PERFTRACKESCALATIONS.xml.new id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\WINDOWS.PERFTRACKPOINTDATA.xml, destination_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\WINDOWS.PERFTRACKPOINTDATA.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\WINDOWS.PERFTRACKPOINTDATA.xml.new, destination_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\WINDOWS.PERFTRACKPOINTDATA.xml.new id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\WINDOWS.SIUF.xml, destination_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\WINDOWS.SIUF.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\WINDOWS.SIUF.xml.new, destination_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\WINDOWS.SIUF.xml.new id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static, destination_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x5bc
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Common Files\microsoft shared\MSInfo\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, destination_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, destination_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk, destination_filename = \\?\C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xcfc
22
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\ClickToRun\How To Restore Files.hta, type = file_attributes |
|
2 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\ClickToRun\DeploymentConfig.1.xml, destination_filename = \\?\C:\Users\All Users\Microsoft\ClickToRun\DeploymentConfig.1.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Microsoft\ClickToRun\DeploymentConfig.1.xml id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Microsoft\ClickToRun\DeploymentConfig.1.xml id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\All Users\Microsoft\ClickToRun\DeploymentConfig.1.xml id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Microsoft\ClickToRun\DeploymentConfig.1.xml id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Microsoft\ClickToRun\DeploymentConfig.1.xml id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Microsoft\ClickToRun\DeploymentConfig.1.xml id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\ClickToRun\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\ClickToRun\DeploymentConfig.2.xml, destination_filename = \\?\C:\Users\All Users\Microsoft\ClickToRun\DeploymentConfig.2.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Microsoft\ClickToRun\DeploymentConfig.2.xml id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Users\All Users\Microsoft\ClickToRun\DeploymentConfig.2.xml id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Users\All Users\Microsoft\ClickToRun\DeploymentConfig.2.xml id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Users\All Users\Microsoft\ClickToRun\DeploymentConfig.2.xml id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Module | Unmap | process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Microsoft\ClickToRun\DeploymentConfig.2.xml id-Br3n0G72wUb8CejT.LyaS, size = 256 |
|
1 | |
| File | Write | filename = \\?\C:\Users\All Users\Microsoft\ClickToRun\DeploymentConfig.2.xml id-Br3n0G72wUb8CejT.LyaS, size = 1280 |
|
1 |
Thread 0xb38
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Diagnosis\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Diagnosis\events00.rbs, destination_filename = \\?\C:\Users\All Users\Microsoft\Diagnosis\events00.rbs id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Diagnosis\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Diagnosis\events01.rbs, destination_filename = \\?\C:\Users\All Users\Microsoft\Diagnosis\events01.rbs id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Diagnosis\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Diagnosis\events10.rbs, destination_filename = \\?\C:\Users\All Users\Microsoft\Diagnosis\events10.rbs id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Diagnosis\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Diagnosis\events11.rbs, destination_filename = \\?\C:\Users\All Users\Microsoft\Diagnosis\events11.rbs id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Diagnosis\How To Restore Files.hta, type = file_attributes |
|
2 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Diagnosis\parse.dat, destination_filename = \\?\C:\Users\All Users\Microsoft\Diagnosis\parse.dat id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xc60
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\MF\How To Restore Files.hta, type = file_attributes |
|
3 |
Thread 0x2f4
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Office\How To Restore Files.hta, type = file_attributes |
|
2 |
Thread 0xc5c
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft OneDrive\setup\How To Restore Files.hta, type = file_attributes |
|
2 |
Thread 0x2e8
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xd0
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xa10
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\System\en-US\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x648
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\msadc\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\System\msadc\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xa34
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\Ole DB\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\System\Ole DB\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xbf8
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\Office16\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\Office16\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x564
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\PackageManifests\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\PackageManifests\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xd7c
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Media Player\Network Sharing\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xf74
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows Media Player\Skins\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows Media Player\Skins\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xcf0
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Internet Explorer\en-US\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xcc8
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xccc
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Microsoft.NET\RedistList\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Microsoft.NET\RedistList\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xc24
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Defender\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Defender\en-US\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xd64
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows NT\Accessories\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows NT\Accessories\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xd58
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows NT\TableTextService\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows NT\TableTextService\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xd98
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Photo Viewer\en-US\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x5b8
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Windows Mail\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Windows Mail\en-US\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xd28
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Network\Downloader\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Network\Downloader\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xd68
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xc1c
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Local\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xd1c
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xd2c
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\0GI1oJfD7KPwXadVyJB\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Desktop\0GI1oJfD7KPwXadVyJB\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x148
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\9HgGbh_jCL6ZmFM\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Music\9HgGbh_jCL6ZmFM\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xe20
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\8qeDlOZ\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Documents\8qeDlOZ\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xdcc
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Java\jre1.8.0_131\bin\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Java\jre1.8.0_131\bin\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xda8
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Internet Explorer\SIGNUP\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Internet Explorer\SIGNUP\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x924
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\Camera Roll\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\Camera Roll\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xd78
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows NT\Accessories\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows NT\Accessories\en-US\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xdac
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Windows NT\TableTextService\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Windows NT\TableTextService\en-US\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xdb0
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF64.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF64.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDFImpl.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDFImpl.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDFImpl64.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDFImpl64.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xdb4
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xd04
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\SKWQ hcEu5\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\SKWQ hcEu5\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xc20
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\u8JA\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\u8JA\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xcf4
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0xdf4
40
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\adojavas.inc, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\adojavas.inc id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\adovbs.inc, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\adovbs.inc id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msader15.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msader15.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msado15.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msado15.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msado20.tlb, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msado20.tlb id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msado21.tlb, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msado21.tlb id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msado25.tlb, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msado25.tlb id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msado26.tlb, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msado26.tlb id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msado27.tlb, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msado27.tlb id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msado28.tlb, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msado28.tlb id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msado60.tlb, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msado60.tlb id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msadomd.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msadomd.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msadomd28.tlb, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msadomd28.tlb id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msador15.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msador15.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msador28.tlb, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msador28.tlb id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msadox.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msadox.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msadox28.tlb, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msadox28.tlb id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msadrh15.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\ado\msadrh15.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.hta, type = file_attributes |
|
1 |
Thread 0xec8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\System\en-US\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\en-US\wab32res.dll.mui, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\en-US\wab32res.dll.mui id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xf0
13
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\adcjavas.inc, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\adcjavas.inc id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\adcvbs.inc, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\adcvbs.inc id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msadce.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msadce.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msadcer.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msadcer.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msadco.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\msadc\msadco.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xeb0
47
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdadc.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdadc.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaenum.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaenum.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaer.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaer.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaora.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaora.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaorar.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaorar.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaosp.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaosp.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaps.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaps.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdasc.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdasc.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdasql.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdasql.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdasqlr.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdasqlr.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdatl3.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdatl3.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdatt.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdatt.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaurl.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msdaurl.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msxactps.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\msxactps.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\oledb32r.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\oledb32r.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\oledbjvs.inc, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\oledbjvs.inc id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\oledbvbs.inc, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\oledbvbs.inc id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\sqloledb.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\sqloledb.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\sqloledb.rll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\sqloledb.rll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\sqlxmlx.dll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\sqlxmlx.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\sqlxmlx.rll, destination_filename = \\?\C:\Program Files (x86)\Common Files\System\Ole DB\sqlxmlx.rll id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0xe88
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\How To Restore Files.hta, type = file_attributes |
|
3 |
Thread 0x34c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\How To Restore Files.hta, type = file_attributes |
|
3 |
Thread 0x338
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\How To Restore Files.hta, type = file_attributes |
|
3 |
Thread 0xe70
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\How To Restore Files.hta, type = file_attributes |
|
3 |
Thread 0xa3c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\How To Restore Files.hta, type = file_attributes |
|
3 |
Thread 0xe8c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Provisioning\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Move | source_filename = \\?\C:\Users\All Users\Microsoft\Provisioning\countrytable.xml, destination_filename = \\?\C:\Users\All Users\Microsoft\Provisioning\countrytable.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Provisioning\How To Restore Files.hta, type = file_attributes |
|
1 |
Thread 0x418
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Windows Live\How To Restore Files.hta, type = file_attributes |
|
2 |
Thread 0xa84
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x2e0
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x6e8
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\IdentityCRL\INT\How To Restore Files.hta, type = file_attributes |
|
2 |
Thread 0xa6c
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\IdentityCRL\production\How To Restore Files.hta, type = file_attributes |
|
2 |
Thread 0x1048
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Favorites\Links\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Favorites\Links\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x105c
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files (x86)\Common Files\System\ado\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\ENUtxt.pdf, destination_filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\ENUtxt.pdf id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\ENUtxt.pdf id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\ENUtxt.pdf id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\ENUtxt.pdf id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\ENUtxt.pdf id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x1068
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_2015.615.1606.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_2015.615.1606.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_2015.615.1606.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_2015.615.1606.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x1070
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingNews_10004.3.193.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingNews_10004.3.193.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingNews_10004.3.193.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingNews_10004.3.193.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x1074
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2019.6.10811.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2019.6.10811.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2019.6.10811.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2019.6.10811.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x108c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2019.6.10841.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2019.6.10841.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2019.6.10841.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2019.6.10841.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x1090
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2015.618.1921.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2015.618.1921.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2015.618.1921.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2015.618.1921.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x1098
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingFinance_10004.3.193.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingFinance_10004.3.193.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingFinance_10004.3.193.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.BingFinance_10004.3.193.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x10ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\AppxMetadata\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\AppxMetadata\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1506.19010.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x10cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.3DBuilder_2015.624.2254.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.3DBuilder_2015.624.2254.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.3DBuilder_2015.624.2254.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.3DBuilder_2015.624.2254.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x10d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\AppxMetadata\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\AppxMetadata\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x10dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\AppxMetadata\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\AppxMetadata\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x10e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\AppxMetadata\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\AppxMetadata\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.WindowsCamera_5.38.3003.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x10e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\AppxMetadata\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\AppxMetadata\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.22810.0_x86__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x10f4
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\System\ado\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\System\ado\en-US\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x10f8
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ar-SA\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\ar-SA\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x10fc
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\bg-BG\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\bg-BG\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x1100
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x1104
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\da-DK\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\da-DK\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x1108
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\de-DE\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\de-DE\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x110c
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\el-GR\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\el-GR\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x1110
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\en-GB\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\en-GB\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x1114
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x1118
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\es-ES\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\es-ES\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x111c
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\es-MX\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\es-MX\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x1120
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\et-EE\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\et-EE\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x1124
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\fi-FI\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Common Files\microsoft shared\ink\fi-FI\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x1140
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\AppxMetadata\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\AppxMetadata\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x1144
25
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Assets\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Assets\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_scale-100.png, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_scale-100.png id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Assets\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Assets\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_targetsize-16.png, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_targetsize-16.png id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Assets\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Assets\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_targetsize-20.png, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_targetsize-20.png id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Assets\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Assets\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_targetsize-24.png, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_targetsize-24.png id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Assets\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Assets\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_targetsize-256.png, destination_filename = \\?\C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_targetsize-256.png id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x114c
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.4201.10091.0_x64__8wekyb3d8bbwe\AppxMetadata\How To Restore Files.hta, type = file_attributes |
|
1 |
Thread 0x1168
35
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\en-gb\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\en-gb\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\en-gb\hxcalendarresim.dll, destination_filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\en-gb\hxcalendarresim.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\en-gb\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\en-gb\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\en-gb\hxcommintl.dll, destination_filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\en-gb\hxcommintl.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\en-gb\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\en-gb\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\en-gb\hxmailintl.dll, destination_filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\en-gb\hxmailintl.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\en-gb\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\en-gb\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\en-gb\msointl30_winrt.dll, destination_filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\en-gb\msointl30_winrt.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\en-gb\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\en-gb\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\en-gb\msointlimm.dll, destination_filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\en-gb\msointlimm.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\en-gb\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\en-gb\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\en-gb\wintlim.dll, destination_filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\en-gb\wintlim.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Get Info | filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\en-gb\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\en-gb\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = System Paging File, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\en-gb\xlsrvintl.dll, destination_filename = \\?\C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe\en-gb\xlsrvintl.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 |
Thread 0x1180
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x118c
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\root\client\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\root\client\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x1194
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\root\Document Themes 16\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\root\Document Themes 16\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x1198
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Microsoft Office\root\Flattener\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\root\Flattener\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = \\?\C:\Program Files\Microsoft Office\root\Flattener\How To Restore Files.hta, size = 910 |
|
1 | |
| File | Move | source_filename = \\?\C:\Program Files\Microsoft Office\root\Flattener\api-ms-win-core-file-l1-2-0.dll, destination_filename = \\?\C:\Program Files\Microsoft Office\root\Flattener\api-ms-win-core-file-l1-2-0.dll id-Br3n0G72wUb8CejT.LyaS |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Microsoft Office\root\Flattener\api-ms-win-core-file-l1-2-0.dll id-Br3n0G72wUb8CejT.LyaS, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Module | Create Mapping | module_name = \\?\C:\Program Files\Microsoft Office\root\Flattener\api-ms-win-core-file-l1-2-0.dll id-Br3n0G72wUb8CejT.LyaS, filename = \\?\C:\Program Files\Microsoft Office\root\Flattener\api-ms-win-core-file-l1-2-0.dll id-Br3n0G72wUb8CejT.LyaS, protection = PAGE_READWRITE, maximum_size = 0 |
|
1 | |
| Module | Map | \\?\C:\Program Files\Microsoft Office\root\Flattener\api-ms-win-core-file-l1-2-0.dll id-Br3n0G72wUb8CejT.LyaS, process_name = c:\users\ciihmnxmn6ps\desktop\crypt.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Thread 0x11ac
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\Google\Chrome\Application\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\Google\Chrome\Application\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x11e0
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x11e8
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x11ec
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\SKWQ hcEu5\00VOU0EWPYblCrlHdi\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\CIiHmnxMn6Ps\Pictures\SKWQ hcEu5\00VOU0EWPYblCrlHdi\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x11f0
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x11f4
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x120c
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.0\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x1210
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Oracle\Java\.oracle_jre_usage\How To Restore Files.hta, type = file_attributes |
|
2 |
Thread 0x1214
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Oracle\Java\installcache_x64\How To Restore Files.hta, type = file_attributes |
|
2 |
Thread 0x1220
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x1224
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x1228
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x122c
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x1230
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Thread 0x1234
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = \\?\C:\Users\All Users\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\How To Restore Files.hta, type = file_attributes |
|
1 | |
| File | Create | filename = \\?\C:\Users\All Users\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\How To Restore Files.hta, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 |
Process #2: cmd.exe
9
0
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" /c vssadmin delete shadows /all |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:01:15, Reason: Child Process |
| Unmonitor | End Time: 00:05:07, Reason: Terminated by Timeout |
| Monitor Duration | 00:03:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xcc0 |
| Parent PID | 0xfd8 (c:\users\ciihmnxmn6ps\desktop\crypt.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
CD4
0x
C78
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| cmd.exe | 0x00070000 | 0x000bffff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x040bffff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x00000000040c0000 | 0x040c0000 | 0x040dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000040c0000 | 0x040c0000 | 0x040cffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000040d0000 | 0x040d0000 | 0x040d3fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000040e0000 | 0x040e0000 | 0x040e1fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000040f0000 | 0x040f0000 | 0x04103fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000004110000 | 0x04110000 | 0x0414ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004150000 | 0x04150000 | 0x0424ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004250000 | 0x04250000 | 0x04253fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000004260000 | 0x04260000 | 0x04260fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000004270000 | 0x04270000 | 0x04271fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000042b0000 | 0x042b0000 | 0x042bffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x042c0000 | 0x0437dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000004380000 | 0x04380000 | 0x043bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000043f0000 | 0x043f0000 | 0x044effff | Private Memory | rw |
|
|
|
- |
| private_0x00000000044f0000 | 0x044f0000 | 0x045effff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004780000 | 0x04780000 | 0x0478ffff | Private Memory | rw |
|
|
|
- |
| wow64cpu.dll | 0x5baa0000 | 0x5baa7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x5bab0000 | 0x5bb22fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x5bb30000 | 0x5bb7efff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x74f40000 | 0x7502ffff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x75190000 | 0x75305fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x76f20000 | 0x76fddfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x776b0000 | 0x77828fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007f220000 | 0x7f220000 | 0x7f31ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007f320000 | 0x7f320000 | 0x7f342fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f344000 | 0x7f344000 | 0x7f344fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f348000 | 0x7f348000 | 0x7f34afff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f34b000 | 0x7f34b000 | 0x7f34bfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f34d000 | 0x7f34d000 | 0x7f34ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7dfc57b4ffff | Private Memory | r |
|
|
|
- |
| pagefile_0x00007dfc57b50000 | 0x7dfc57b50000 | 0x7ffc57b4ffff | Pagefile Backed Memory | - |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ffc57d12000 | 0x7ffc57d12000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Threads
Thread 0xcd4
9
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\cmd.exe, base_address = 0x70000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x74f40000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x74f82780 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
3 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 |
