VMRay Analyzer Report for Sample #526138
VMRay Analyzer
3.0.1
Process
1
3684
zzbdrimp2939.exe
2144
zzbdrimp2939.exe
"C:\Users\FD1HVy\Desktop\zzbdrimp2939.exe"
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\desktop\zzbdrimp2939.exe
Child_Of
Child_Of
Created
Opened
Opened
Opened
Process
2
3076
cmd.exe
3684
cmd.exe
C:\WINDOWS\system32\cmd.exe /c move /y C:\Users\FD1HVy\Desktop\zzbdrimp2939.exe C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe
C:\Users\FD1HVy\Desktop\
c:\windows\system32\cmd.exe
Opened
Opened
Opened
Opened
Opened
Process
4
1252
zzbdrimp5619.exe
3684
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -m
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Child_Of
Created
Opened
Opened
Opened
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Process
5
512
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Process
6
972
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Process
7
3508
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Process
8
3584
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Process
9
3068
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Process
10
4012
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Process
11
4076
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Process
12
3868
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Process
13
1960
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Process
14
2924
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Process
15
3544
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Process
16
3640
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Process
17
2108
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Process
18
1812
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Process
19
3412
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Process
20
3256
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Created
Opened
Process
21
2484
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Process
22
2556
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Process
23
3436
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Process
24
3500
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Moved
Opened
Process
25
1708
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Moved
Opened
Process
26
3676
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Moved
Opened
Process
27
4036
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Process
28
2696
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Process
29
3784
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Process
30
1756
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Process
31
3996
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Moved
Moved
Opened
Process
32
3936
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Moved
Moved
Opened
Process
33
3912
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Moved
Moved
Opened
Process
34
1128
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Moved
Moved
Moved
Opened
Process
35
3320
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Moved
Moved
Created
Opened
Process
36
3264
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Moved
Moved
Moved
Created
Opened
Process
37
3584
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Moved
Moved
Moved
Moved
Moved
Moved
Moved
Opened
Process
38
2028
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Moved
Opened
Process
39
1392
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Opened
Moved
Moved
Opened
Process
40
2924
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Opened
Opened
Opened
Opened
Opened
Moved
Opened
Process
41
3544
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
Process
42
3792
zzbdrimp5619.exe
1252
zzbdrimp5619.exe
C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe -i SM-zzbdrimp -s
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\appdata\local\temp\zzbdrimp5619.exe
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_INPUT_HANDLE
WinRegistryKey
Software\Policies\Microsoft\Windows\System
HKEY_CURRENT_USER
WinRegistryKey
Software\Microsoft\Command Processor
HKEY_LOCAL_MACHINE
DisableUNCCheck
EnableExtensions
DelayedExpansion
DefaultColor
CompletionChar
PathCompletionChar
AutoRun
WinRegistryKey
Software\Microsoft\Command Processor
HKEY_CURRENT_USER
DisableUNCCheck
EnableExtensions
DelayedExpansion
DefaultColor
CompletionChar
PathCompletionChar
AutoRun
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
documents and settings
documents and settings
c:\
c:\documents and settings
File
program files\microsoft office\root\client\appvisvstream32.dll
program files\microsoft office\root\client\appvisvstream32.dll
c:\
c:\program files\microsoft office\root\client\appvisvstream32.dll
dll
File
program files\microsoft office\root\client\appvisvstream64.dll
program files\microsoft office\root\client\appvisvstream64.dll
c:\
c:\program files\microsoft office\root\client\appvisvstream64.dll
dll
File
program files\microsoft office\root\client\appvisvsubsystems32.dll
program files\microsoft office\root\client\appvisvsubsystems32.dll
c:\
c:\program files\microsoft office\root\client\appvisvsubsystems32.dll
dll
File
program files\microsoft office\root\client\appvisvsubsystems64.dll
program files\microsoft office\root\client\appvisvsubsystems64.dll
c:\
c:\program files\microsoft office\root\client\appvisvsubsystems64.dll
dll
File
program files\microsoft office\root\client\c2r32.dll
program files\microsoft office\root\client\c2r32.dll
c:\
c:\program files\microsoft office\root\client\c2r32.dll
dll
File
program files\microsoft office\root\client\c2r64.dll
program files\microsoft office\root\client\c2r64.dll
c:\
c:\program files\microsoft office\root\client\c2r64.dll
dll
File
program files\microsoft office\root\office16\appvisvstream64.dll
program files\microsoft office\root\office16\appvisvstream64.dll
c:\
c:\program files\microsoft office\root\office16\appvisvstream64.dll
dll
File
program files\microsoft office\root\office16\appvisvsubsystems64.dll
program files\microsoft office\root\office16\appvisvsubsystems64.dll
c:\
c:\program files\microsoft office\root\office16\appvisvsubsystems64.dll
dll
File
program files\microsoft office\root\office16\c2r64.dll
program files\microsoft office\root\office16\c2r64.dll
c:\
c:\program files\microsoft office\root\office16\c2r64.dll
dll
File
program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\equation\appvisvstream32.dll
program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\equation\appvisvstream32.dll
c:\
c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\equation\appvisvstream32.dll
dll
File
program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\equation\appvisvsubsystems32.dll
program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\equation\appvisvsubsystems32.dll
c:\
c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\equation\appvisvsubsystems32.dll
dll
File
program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\equation\c2r32.dll
program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\equation\c2r32.dll
c:\
c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\equation\c2r32.dll
dll
File
program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\appvisvstream64.dll
program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\appvisvstream64.dll
c:\
c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\appvisvstream64.dll
dll
File
program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\appvisvsubsystems64.dll
program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\appvisvsubsystems64.dll
c:\
c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\appvisvsubsystems64.dll
dll
File
program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\c2r64.dll
program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\c2r64.dll
c:\
c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\c2r64.dll
dll
File
program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\equation\appvisvstream32.dll
program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\equation\appvisvstream32.dll
c:\
c:\program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\equation\appvisvstream32.dll
dll
File
program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\equation\appvisvsubsystems32.dll
program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\equation\appvisvsubsystems32.dll
c:\
c:\program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\equation\appvisvsubsystems32.dll
dll
File
program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\equation\c2r32.dll
program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\equation\c2r32.dll
c:\
c:\program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\equation\c2r32.dll
dll
File
program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\appvisvstream32.dll
program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\appvisvstream32.dll
c:\
c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\appvisvstream32.dll
dll
File
program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\appvisvsubsystems32.dll
program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\appvisvsubsystems32.dll
c:\
c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\appvisvsubsystems32.dll
dll
File
program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\c2r32.dll
program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\c2r32.dll
c:\
c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\c2r32.dll
dll
Mutex
MX-zzbdrimp
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
588bce7c90097ed212\1025\LocalizedData.xml.locked
588bce7c90097ed212\1025\LocalizedData.xml.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1025\LocalizedData.xml.locked
locked
File
588bce7c90097ed212\UiInfo.xml.locked
588bce7c90097ed212\UiInfo.xml.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\UiInfo.xml.locked
locked
File
588bce7c90097ed212\1044\LocalizedData.xml.locked
588bce7c90097ed212\1044\LocalizedData.xml.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1044\LocalizedData.xml.locked
locked
File
588bce7c90097ed212\1028\LocalizedData.xml.locked
588bce7c90097ed212\1028\LocalizedData.xml.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1028\LocalizedData.xml.locked
locked
File
588bce7c90097ed212\Client\Parameterinfo.xml.locked
588bce7c90097ed212\Client\Parameterinfo.xml.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\Client\Parameterinfo.xml.locked
locked
File
588bce7c90097ed212\3076\LocalizedData.xml.locked
588bce7c90097ed212\3076\LocalizedData.xml.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\3076\LocalizedData.xml.locked
locked
File
588bce7c90097ed212\2052\LocalizedData.xml.locked
588bce7c90097ed212\2052\LocalizedData.xml.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\2052\LocalizedData.xml.locked
locked
File
588bce7c90097ed212\netfx_Extended.mzz.locked
588bce7c90097ed212\netfx_Extended.mzz.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\netfx_Extended.mzz.locked
locked
Mutex
MX-zzbdrimp
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
588bce7c90097ed212\1029\LocalizedData.xml.locked
588bce7c90097ed212\1029\LocalizedData.xml.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1029\LocalizedData.xml.locked
locked
File
588bce7c90097ed212\1033\LocalizedData.xml.locked
588bce7c90097ed212\1033\LocalizedData.xml.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1033\LocalizedData.xml.locked
locked
File
588bce7c90097ed212\1043\LocalizedData.xml.locked
588bce7c90097ed212\1043\LocalizedData.xml.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1043\LocalizedData.xml.locked
locked
File
588bce7c90097ed212\1041\LocalizedData.xml.locked
588bce7c90097ed212\1041\LocalizedData.xml.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1041\LocalizedData.xml.locked
locked
File
588bce7c90097ed212\1031\LocalizedData.xml.locked
588bce7c90097ed212\1031\LocalizedData.xml.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1031\LocalizedData.xml.locked
locked
File
588bce7c90097ed212\2070\LocalizedData.xml.locked
588bce7c90097ed212\2070\LocalizedData.xml.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\2070\LocalizedData.xml.locked
locked
File
588bce7c90097ed212\1037\LocalizedData.xml.locked
588bce7c90097ed212\1037\LocalizedData.xml.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1037\LocalizedData.xml.locked
locked
File
588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu.locked
588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu.locked
locked
File
Boot\Fonts\kor_boot.ttf.locked
Boot\Fonts\kor_boot.ttf.locked
\??\\C:\
\??\\C:\Boot\Fonts\kor_boot.ttf.locked
locked
File
Boot\Fonts\jpn_boot.ttf.locked
Boot\Fonts\jpn_boot.ttf.locked
\??\\C:\
\??\\C:\Boot\Fonts\jpn_boot.ttf.locked
locked
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
588bce7c90097ed212\1049\LocalizedData.xml.locked
588bce7c90097ed212\1049\LocalizedData.xml.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1049\LocalizedData.xml.locked
locked
File
588bce7c90097ed212\1046\LocalizedData.xml.locked
588bce7c90097ed212\1046\LocalizedData.xml.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1046\LocalizedData.xml.locked
locked
File
588bce7c90097ed212\1032\LocalizedData.xml.locked
588bce7c90097ed212\1032\LocalizedData.xml.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1032\LocalizedData.xml.locked
locked
File
588bce7c90097ed212\Extended\Parameterinfo.xml.locked
588bce7c90097ed212\Extended\Parameterinfo.xml.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\Extended\Parameterinfo.xml.locked
locked
File
588bce7c90097ed212\1038\LocalizedData.xml.locked
588bce7c90097ed212\1038\LocalizedData.xml.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1038\LocalizedData.xml.locked
locked
File
588bce7c90097ed212\1053\LocalizedData.xml.locked
588bce7c90097ed212\1053\LocalizedData.xml.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1053\LocalizedData.xml.locked
locked
File
Boot\Fonts\cht_boot.ttf.locked
Boot\Fonts\cht_boot.ttf.locked
\??\\C:\
\??\\C:\Boot\Fonts\cht_boot.ttf.locked
locked
File
Boot\Fonts\chs_boot.ttf.locked
Boot\Fonts\chs_boot.ttf.locked
\??\\C:\
\??\\C:\Boot\Fonts\chs_boot.ttf.locked
locked
File
588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu.locked
588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu.locked
locked
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
588bce7c90097ed212\1036\LocalizedData.xml.locked
588bce7c90097ed212\1036\LocalizedData.xml.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1036\LocalizedData.xml.locked
locked
File
588bce7c90097ed212\Strings.xml.locked
588bce7c90097ed212\Strings.xml.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\Strings.xml.locked
locked
File
588bce7c90097ed212\ParameterInfo.xml.locked
588bce7c90097ed212\ParameterInfo.xml.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\ParameterInfo.xml.locked
locked
File
588bce7c90097ed212\1040\LocalizedData.xml.locked
588bce7c90097ed212\1040\LocalizedData.xml.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1040\LocalizedData.xml.locked
locked
File
588bce7c90097ed212\1030\LocalizedData.xml.locked
588bce7c90097ed212\1030\LocalizedData.xml.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1030\LocalizedData.xml.locked
locked
File
588bce7c90097ed212\netfx_Core.mzz.locked
588bce7c90097ed212\netfx_Core.mzz.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\netfx_Core.mzz.locked
locked
File
Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx.locked
Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx.locked
locked
File
Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx.locked
Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx.locked
locked
File
Boot\zh-TW\bootmgr.exe.mui.locked
Boot\zh-TW\bootmgr.exe.mui.locked
\??\\C:\
\??\\C:\Boot\zh-TW\bootmgr.exe.mui.locked
locked
File
588bce7c90097ed212\1049\eula.rtf.locked
588bce7c90097ed212\1049\eula.rtf.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1049\eula.rtf.locked
locked
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
588bce7c90097ed212\1035\LocalizedData.xml.locked
588bce7c90097ed212\1035\LocalizedData.xml.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1035\LocalizedData.xml.locked
locked
File
588bce7c90097ed212\1045\LocalizedData.xml.locked
588bce7c90097ed212\1045\LocalizedData.xml.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1045\LocalizedData.xml.locked
locked
File
588bce7c90097ed212\1042\LocalizedData.xml.locked
588bce7c90097ed212\1042\LocalizedData.xml.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1042\LocalizedData.xml.locked
locked
File
588bce7c90097ed212\Extended\UiInfo.xml.locked
588bce7c90097ed212\Extended\UiInfo.xml.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\Extended\UiInfo.xml.locked
locked
File
588bce7c90097ed212\Client\UiInfo.xml.locked
588bce7c90097ed212\Client\UiInfo.xml.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\Client\UiInfo.xml.locked
locked
File
588bce7c90097ed212\3082\LocalizedData.xml.locked
588bce7c90097ed212\3082\LocalizedData.xml.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\3082\LocalizedData.xml.locked
locked
File
588bce7c90097ed212\1055\LocalizedData.xml.locked
588bce7c90097ed212\1055\LocalizedData.xml.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1055\LocalizedData.xml.locked
locked
File
588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu.locked
588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu.locked
locked
File
588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu.locked
588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu.locked
locked
File
Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx.locked
Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx.locked
locked
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
Logs\System.evtx.locked
Logs\System.evtx.locked
\??\\C:\
\??\\C:\Logs\System.evtx.locked
locked
File
Logs\Microsoft-Windows-SettingSync%4Debug.evtx.locked
Logs\Microsoft-Windows-SettingSync%4Debug.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-SettingSync%4Debug.evtx.locked
locked
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
Boot\memtest.exe.locked
Boot\memtest.exe.locked
\??\\C:\
\??\\C:\Boot\memtest.exe.locked
locked
File
588bce7c90097ed212\RGB9RAST_x64.msi.locked
588bce7c90097ed212\RGB9RAST_x64.msi.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\RGB9RAST_x64.msi.locked
locked
File
Boot\Fonts\malgun_boot.ttf.locked
Boot\Fonts\malgun_boot.ttf.locked
\??\\C:\
\??\\C:\Boot\Fonts\malgun_boot.ttf.locked
locked
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx.locked
Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx.locked
locked
File
bootmgr.locked
bootmgr.locked
\??\\C:\
\??\\C:\bootmgr.locked
locked
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
Boot\Fonts\msjhn_boot.ttf.locked
Boot\Fonts\msjhn_boot.ttf.locked
\??\\C:\
\??\\C:\Boot\Fonts\msjhn_boot.ttf.locked
locked
File
588bce7c90097ed212\sqmapi.dll.locked
588bce7c90097ed212\sqmapi.dll.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\sqmapi.dll.locked
locked
File
Boot\bootvhd.dll.locked
Boot\bootvhd.dll.locked
\??\\C:\
\??\\C:\Boot\bootvhd.dll.locked
locked
File
588bce7c90097ed212\SetupUtility.exe.locked
588bce7c90097ed212\SetupUtility.exe.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\SetupUtility.exe.locked
locked
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
Boot\bg-BG\bootmgr.exe.mui.locked
Boot\bg-BG\bootmgr.exe.mui.locked
\??\\C:\
\??\\C:\Boot\bg-BG\bootmgr.exe.mui.locked
locked
File
Boot\uk-UA\bootmgr.exe.mui.locked
Boot\uk-UA\bootmgr.exe.mui.locked
\??\\C:\
\??\\C:\Boot\uk-UA\bootmgr.exe.mui.locked
locked
File
Boot\it-IT\bootmgr.exe.mui.locked
Boot\it-IT\bootmgr.exe.mui.locked
\??\\C:\
\??\\C:\Boot\it-IT\bootmgr.exe.mui.locked
locked
File
Boot\pt-PT\bootmgr.exe.mui.locked
Boot\pt-PT\bootmgr.exe.mui.locked
\??\\C:\
\??\\C:\Boot\pt-PT\bootmgr.exe.mui.locked
locked
File
Boot\fi-FI\bootmgr.exe.mui.locked
Boot\fi-FI\bootmgr.exe.mui.locked
\??\\C:\
\??\\C:\Boot\fi-FI\bootmgr.exe.mui.locked
locked
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
Boot\sl-SI\bootmgr.exe.mui.locked
Boot\sl-SI\bootmgr.exe.mui.locked
\??\\C:\
\??\\C:\Boot\sl-SI\bootmgr.exe.mui.locked
locked
File
Boot\pt-BR\bootmgr.exe.mui.locked
Boot\pt-BR\bootmgr.exe.mui.locked
\??\\C:\
\??\\C:\Boot\pt-BR\bootmgr.exe.mui.locked
locked
File
Boot\sv-SE\bootmgr.exe.mui.locked
Boot\sv-SE\bootmgr.exe.mui.locked
\??\\C:\
\??\\C:\Boot\sv-SE\bootmgr.exe.mui.locked
locked
File
Boot\da-DK\bootmgr.exe.mui.locked
Boot\da-DK\bootmgr.exe.mui.locked
\??\\C:\
\??\\C:\Boot\da-DK\bootmgr.exe.mui.locked
locked
File
Boot\en-US\bootmgr.exe.mui.locked
Boot\en-US\bootmgr.exe.mui.locked
\??\\C:\
\??\\C:\Boot\en-US\bootmgr.exe.mui.locked
locked
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
Boot\hr-HR\bootmgr.exe.mui.locked
Boot\hr-HR\bootmgr.exe.mui.locked
\??\\C:\
\??\\C:\Boot\hr-HR\bootmgr.exe.mui.locked
locked
File
Boot\lt-LT\bootmgr.exe.mui.locked
Boot\lt-LT\bootmgr.exe.mui.locked
\??\\C:\
\??\\C:\Boot\lt-LT\bootmgr.exe.mui.locked
locked
File
Boot\et-EE\bootmgr.exe.mui.locked
Boot\et-EE\bootmgr.exe.mui.locked
\??\\C:\
\??\\C:\Boot\et-EE\bootmgr.exe.mui.locked
locked
File
Boot\en-GB\bootmgr.exe.mui.locked
Boot\en-GB\bootmgr.exe.mui.locked
\??\\C:\
\??\\C:\Boot\en-GB\bootmgr.exe.mui.locked
locked
File
Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx.locked
Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx.locked
locked
File
Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx.locked
Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx.locked
locked
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
Boot\cs-CZ\bootmgr.exe.mui.locked
Boot\cs-CZ\bootmgr.exe.mui.locked
\??\\C:\
\??\\C:\Boot\cs-CZ\bootmgr.exe.mui.locked
locked
File
Boot\ro-RO\bootmgr.exe.mui.locked
Boot\ro-RO\bootmgr.exe.mui.locked
\??\\C:\
\??\\C:\Boot\ro-RO\bootmgr.exe.mui.locked
locked
File
Boot\lv-LV\bootmgr.exe.mui.locked
Boot\lv-LV\bootmgr.exe.mui.locked
\??\\C:\
\??\\C:\Boot\lv-LV\bootmgr.exe.mui.locked
locked
File
Boot\qps-ploc\bootmgr.exe.mui.locked
Boot\qps-ploc\bootmgr.exe.mui.locked
\??\\C:\
\??\\C:\Boot\qps-ploc\bootmgr.exe.mui.locked
locked
File
Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx.locked
Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx.locked
locked
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
Logs\Microsoft-Windows-MUI%4Admin.evtx.locked
Logs\Microsoft-Windows-MUI%4Admin.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-MUI%4Admin.evtx.locked
locked
File
Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx.locked
Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx.locked
locked
File
Logs\Microsoft-Windows-Known Folders API Service.evtx.locked
Logs\Microsoft-Windows-Known Folders API Service.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-Known Folders API Service.evtx.locked
locked
File
Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx.locked
Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx.locked
locked
File
Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx.locked
Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx.locked
locked
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx.locked
Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx.locked
locked
File
Logs\Microsoft-Windows-International%4Operational.evtx.locked
Logs\Microsoft-Windows-International%4Operational.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-International%4Operational.evtx.locked
locked
File
Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx.locked
Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx.locked
locked
File
Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx.locked
Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx.locked
locked
File
Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx.locked
Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx.locked
locked
File
Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx.locked
Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx.locked
locked
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx.locked
Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx.locked
locked
File
Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx.locked
Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx.locked
locked
File
Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx.locked
Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx.locked
locked
File
Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx.locked
Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx.locked
locked
File
Logs\Microsoft-Windows-Bits-Client%4Operational.evtx.locked
Logs\Microsoft-Windows-Bits-Client%4Operational.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx.locked
locked
File
Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx.locked
Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx.locked
locked
File
users\public\desktop\readme_locked.txt
users\public\desktop\readme_locked.txt
c:\
c:\users\public\desktop\readme_locked.txt
txt
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx.locked
Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx.locked
locked
File
Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx.locked
Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx.locked
locked
File
Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx.locked
Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx.locked
locked
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx.locked
Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx.locked
locked
File
Logs\Microsoft-Windows-Windows Defender%4Operational.evtx.locked
Logs\Microsoft-Windows-Windows Defender%4Operational.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx.locked
locked
File
Logs\Microsoft-Windows-User Profile Service%4Operational.evtx.locked
Logs\Microsoft-Windows-User Profile Service%4Operational.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx.locked
locked
File
Boot\ja-JP\bootmgr.exe.mui.locked
Boot\ja-JP\bootmgr.exe.mui.locked
\??\\C:\
\??\\C:\Boot\ja-JP\bootmgr.exe.mui.locked
locked
File
Boot\zh-CN\bootmgr.exe.mui.locked
Boot\zh-CN\bootmgr.exe.mui.locked
\??\\C:\
\??\\C:\Boot\zh-CN\bootmgr.exe.mui.locked
locked
File
Boot\qps-ploc\memtest.exe.mui.locked
Boot\qps-ploc\memtest.exe.mui.locked
\??\\C:\
\??\\C:\Boot\qps-ploc\memtest.exe.mui.locked
locked
File
Boot\pt-PT\memtest.exe.mui.locked
Boot\pt-PT\memtest.exe.mui.locked
\??\\C:\
\??\\C:\Boot\pt-PT\memtest.exe.mui.locked
locked
File
Boot\it-IT\memtest.exe.mui.locked
Boot\it-IT\memtest.exe.mui.locked
\??\\C:\
\??\\C:\Boot\it-IT\memtest.exe.mui.locked
locked
File
Boot\fi-FI\memtest.exe.mui.locked
Boot\fi-FI\memtest.exe.mui.locked
\??\\C:\
\??\\C:\Boot\fi-FI\memtest.exe.mui.locked
locked
File
Boot\sv-SE\memtest.exe.mui.locked
Boot\sv-SE\memtest.exe.mui.locked
\??\\C:\
\??\\C:\Boot\sv-SE\memtest.exe.mui.locked
locked
File
Boot\ja-JP\memtest.exe.mui.locked
Boot\ja-JP\memtest.exe.mui.locked
\??\\C:\
\??\\C:\Boot\ja-JP\memtest.exe.mui.locked
locked
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx.locked
Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx.locked
locked
File
Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx.locked
Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx.locked
locked
File
Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx.locked
Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx.locked
locked
File
Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx.locked
Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx.locked
locked
File
Boot\BOOTSTAT.DAT.locked
Boot\BOOTSTAT.DAT.locked
\??\\C:\
\??\\C:\Boot\BOOTSTAT.DAT.locked
locked
File
Boot\zh-HK\bootmgr.exe.mui.locked
Boot\zh-HK\bootmgr.exe.mui.locked
\??\\C:\
\??\\C:\Boot\zh-HK\bootmgr.exe.mui.locked
locked
File
Boot\fr-FR\memtest.exe.mui.locked
Boot\fr-FR\memtest.exe.mui.locked
\??\\C:\
\??\\C:\Boot\fr-FR\memtest.exe.mui.locked
locked
File
Boot\de-DE\memtest.exe.mui.locked
Boot\de-DE\memtest.exe.mui.locked
\??\\C:\
\??\\C:\Boot\de-DE\memtest.exe.mui.locked
locked
File
Boot\nb-NO\memtest.exe.mui.locked
Boot\nb-NO\memtest.exe.mui.locked
\??\\C:\
\??\\C:\Boot\nb-NO\memtest.exe.mui.locked
locked
File
Boot\sr-Latn-CS\memtest.exe.mui.locked
Boot\sr-Latn-CS\memtest.exe.mui.locked
\??\\C:\
\??\\C:\Boot\sr-Latn-CS\memtest.exe.mui.locked
locked
File
$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log.locked
$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log.locked
\??\\C:\
\??\\C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log.locked
locked
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
Logs\Microsoft-Windows-TWinUI%4Operational.evtx.locked
Logs\Microsoft-Windows-TWinUI%4Operational.evtx.locked
\??\\C:\
\??\\C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx.locked
locked
File
Boot\ko-KR\bootmgr.exe.mui.locked
Boot\ko-KR\bootmgr.exe.mui.locked
\??\\C:\
\??\\C:\Boot\ko-KR\bootmgr.exe.mui.locked
locked
File
Boot\el-GR\memtest.exe.mui.locked
Boot\el-GR\memtest.exe.mui.locked
\??\\C:\
\??\\C:\Boot\el-GR\memtest.exe.mui.locked
locked
File
Boot\hu-HU\memtest.exe.mui.locked
Boot\hu-HU\memtest.exe.mui.locked
\??\\C:\
\??\\C:\Boot\hu-HU\memtest.exe.mui.locked
locked
File
Boot\cs-CZ\memtest.exe.mui.locked
Boot\cs-CZ\memtest.exe.mui.locked
\??\\C:\
\??\\C:\Boot\cs-CZ\memtest.exe.mui.locked
locked
File
Boot\zh-CN\memtest.exe.mui.locked
Boot\zh-CN\memtest.exe.mui.locked
\??\\C:\
\??\\C:\Boot\zh-CN\memtest.exe.mui.locked
locked
File
588bce7c90097ed212\SplashScreen.bmp.locked
588bce7c90097ed212\SplashScreen.bmp.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\SplashScreen.bmp.locked
locked
File
588bce7c90097ed212\1049\SetupResources.dll.locked
588bce7c90097ed212\1049\SetupResources.dll.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1049\SetupResources.dll.locked
locked
File
boot\bcd.locked
boot\bcd.locked
c:\
c:\boot\bcd.locked
locked
Moved_To
File
boot\bcd
boot\bcd
c:\
c:\boot\bcd
Moved_From
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
Boot\pl-PL\memtest.exe.mui.locked
Boot\pl-PL\memtest.exe.mui.locked
\??\\C:\
\??\\C:\Boot\pl-PL\memtest.exe.mui.locked
locked
File
Boot\es-ES\memtest.exe.mui.locked
Boot\es-ES\memtest.exe.mui.locked
\??\\C:\
\??\\C:\Boot\es-ES\memtest.exe.mui.locked
locked
File
Boot\da-DK\memtest.exe.mui.locked
Boot\da-DK\memtest.exe.mui.locked
\??\\C:\
\??\\C:\Boot\da-DK\memtest.exe.mui.locked
locked
File
Boot\pt-BR\memtest.exe.mui.locked
Boot\pt-BR\memtest.exe.mui.locked
\??\\C:\
\??\\C:\Boot\pt-BR\memtest.exe.mui.locked
locked
File
Boot\ru-RU\memtest.exe.mui.locked
Boot\ru-RU\memtest.exe.mui.locked
\??\\C:\
\??\\C:\Boot\ru-RU\memtest.exe.mui.locked
locked
File
Boot\ko-KR\memtest.exe.mui.locked
Boot\ko-KR\memtest.exe.mui.locked
\??\\C:\
\??\\C:\Boot\ko-KR\memtest.exe.mui.locked
locked
File
Boot\zh-HK\memtest.exe.mui.locked
Boot\zh-HK\memtest.exe.mui.locked
\??\\C:\
\??\\C:\Boot\zh-HK\memtest.exe.mui.locked
locked
File
588bce7c90097ed212\1040\SetupResources.dll.locked
588bce7c90097ed212\1040\SetupResources.dll.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1040\SetupResources.dll.locked
locked
File
588bce7c90097ed212\1030\SetupResources.dll.locked
588bce7c90097ed212\1030\SetupResources.dll.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1030\SetupResources.dll.locked
locked
File
boot\bcd.log.locked
boot\bcd.log.locked
c:\
c:\boot\bcd.log.locked
locked
Moved_To
File
boot\bcd.log
boot\bcd.log
c:\
c:\boot\bcd.log
log
Moved_From
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
Boot\nl-NL\memtest.exe.mui.locked
Boot\nl-NL\memtest.exe.mui.locked
\??\\C:\
\??\\C:\Boot\nl-NL\memtest.exe.mui.locked
locked
File
Boot\en-US\memtest.exe.mui.locked
Boot\en-US\memtest.exe.mui.locked
\??\\C:\
\??\\C:\Boot\en-US\memtest.exe.mui.locked
locked
File
Boot\Fonts\segmono_boot.ttf.locked
Boot\Fonts\segmono_boot.ttf.locked
\??\\C:\
\??\\C:\Boot\Fonts\segmono_boot.ttf.locked
locked
File
Boot\zh-TW\memtest.exe.mui.locked
Boot\zh-TW\memtest.exe.mui.locked
\??\\C:\
\??\\C:\Boot\zh-TW\memtest.exe.mui.locked
locked
File
588bce7c90097ed212\Graphics\Setup.ico.locked
588bce7c90097ed212\Graphics\Setup.ico.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\Graphics\Setup.ico.locked
locked
File
588bce7c90097ed212\1031\SetupResources.dll.locked
588bce7c90097ed212\1031\SetupResources.dll.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1031\SetupResources.dll.locked
locked
File
588bce7c90097ed212\1046\SetupResources.dll.locked
588bce7c90097ed212\1046\SetupResources.dll.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1046\SetupResources.dll.locked
locked
File
588bce7c90097ed212\1045\SetupResources.dll.locked
588bce7c90097ed212\1045\SetupResources.dll.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1045\SetupResources.dll.locked
locked
File
588bce7c90097ed212\1025\SetupResources.dll.locked
588bce7c90097ed212\1025\SetupResources.dll.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1025\SetupResources.dll.locked
locked
File
588bce7c90097ed212\1028\SetupResources.dll.locked
588bce7c90097ed212\1028\SetupResources.dll.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1028\SetupResources.dll.locked
locked
File
588bce7c90097ed212\Graphics\stop.ico.locked
588bce7c90097ed212\Graphics\stop.ico.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\Graphics\stop.ico.locked
locked
File
588bce7c90097ed212\graphics\stop.ico.locked
588bce7c90097ed212\graphics\stop.ico.locked
c:\
c:\588bce7c90097ed212\graphics\stop.ico.locked
locked
Moved_To
File
588bce7c90097ed212\graphics\stop.ico
588bce7c90097ed212\graphics\stop.ico
c:\
c:\588bce7c90097ed212\graphics\stop.ico
ico
Moved_From
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
588bce7c90097ed212\SetupUi.xsd.locked
588bce7c90097ed212\SetupUi.xsd.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\SetupUi.xsd.locked
locked
File
588bce7c90097ed212\3082\SetupResources.dll.locked
588bce7c90097ed212\3082\SetupResources.dll.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\3082\SetupResources.dll.locked
locked
File
588bce7c90097ed212\1035\SetupResources.dll.locked
588bce7c90097ed212\1035\SetupResources.dll.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1035\SetupResources.dll.locked
locked
File
588bce7c90097ed212\1029\SetupResources.dll.locked
588bce7c90097ed212\1029\SetupResources.dll.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1029\SetupResources.dll.locked
locked
File
588bce7c90097ed212\1053\SetupResources.dll.locked
588bce7c90097ed212\1053\SetupResources.dll.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1053\SetupResources.dll.locked
locked
File
588bce7c90097ed212\1037\SetupResources.dll.locked
588bce7c90097ed212\1037\SetupResources.dll.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1037\SetupResources.dll.locked
locked
File
588bce7c90097ed212\3076\SetupResources.dll.locked
588bce7c90097ed212\3076\SetupResources.dll.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\3076\SetupResources.dll.locked
locked
File
588bce7c90097ed212\Graphics\warn.ico.locked
588bce7c90097ed212\Graphics\warn.ico.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\Graphics\warn.ico.locked
locked
File
BOOTSECT.BAK.locked
BOOTSECT.BAK.locked
\??\\C:\
\??\\C:\BOOTSECT.BAK.locked
locked
File
588bce7c90097ed212\1037\eula.rtf.locked
588bce7c90097ed212\1037\eula.rtf.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1037\eula.rtf.locked
locked
File
588bce7c90097ed212\1053\eula.rtf.locked
588bce7c90097ed212\1053\eula.rtf.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1053\eula.rtf.locked
locked
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
588bce7c90097ed212\1043\SetupResources.dll.locked
588bce7c90097ed212\1043\SetupResources.dll.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1043\SetupResources.dll.locked
locked
File
588bce7c90097ed212\2070\SetupResources.dll.locked
588bce7c90097ed212\2070\SetupResources.dll.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\2070\SetupResources.dll.locked
locked
File
588bce7c90097ed212\1036\SetupResources.dll.locked
588bce7c90097ed212\1036\SetupResources.dll.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1036\SetupResources.dll.locked
locked
File
588bce7c90097ed212\1044\SetupResources.dll.locked
588bce7c90097ed212\1044\SetupResources.dll.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1044\SetupResources.dll.locked
locked
File
588bce7c90097ed212\1055\SetupResources.dll.locked
588bce7c90097ed212\1055\SetupResources.dll.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1055\SetupResources.dll.locked
locked
File
588bce7c90097ed212\1033\SetupResources.dll.locked
588bce7c90097ed212\1033\SetupResources.dll.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1033\SetupResources.dll.locked
locked
File
588bce7c90097ed212\1041\SetupResources.dll.locked
588bce7c90097ed212\1041\SetupResources.dll.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1041\SetupResources.dll.locked
locked
File
Boot\Resources\en-US\bootres.dll.mui.locked
Boot\Resources\en-US\bootres.dll.mui.locked
\??\\C:\
\??\\C:\Boot\Resources\en-US\bootres.dll.mui.locked
locked
File
588bce7c90097ed212\2052\eula.rtf.locked
588bce7c90097ed212\2052\eula.rtf.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\2052\eula.rtf.locked
locked
File
588bce7c90097ed212\2070\eula.rtf.locked
588bce7c90097ed212\2070\eula.rtf.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\2070\eula.rtf.locked
locked
File
588bce7c90097ed212\1035\eula.rtf.locked
588bce7c90097ed212\1035\eula.rtf.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1035\eula.rtf.locked
locked
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
588bce7c90097ed212\DHtmlHeader.html.locked
588bce7c90097ed212\DHtmlHeader.html.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\DHtmlHeader.html.locked
locked
File
588bce7c90097ed212\1042\SetupResources.dll.locked
588bce7c90097ed212\1042\SetupResources.dll.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1042\SetupResources.dll.locked
locked
File
588bce7c90097ed212\1042\eula.rtf.locked
588bce7c90097ed212\1042\eula.rtf.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1042\eula.rtf.locked
locked
File
588bce7c90097ed212\1032\eula.rtf.locked
588bce7c90097ed212\1032\eula.rtf.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1032\eula.rtf.locked
locked
File
588bce7c90097ed212\1028\eula.rtf.locked
588bce7c90097ed212\1028\eula.rtf.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1028\eula.rtf.locked
locked
File
588bce7c90097ed212\1045\eula.rtf.locked
588bce7c90097ed212\1045\eula.rtf.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1045\eula.rtf.locked
locked
File
588bce7c90097ed212\1029\eula.rtf.locked
588bce7c90097ed212\1029\eula.rtf.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1029\eula.rtf.locked
locked
File
588bce7c90097ed212\1046\eula.rtf.locked
588bce7c90097ed212\1046\eula.rtf.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1046\eula.rtf.locked
locked
File
588bce7c90097ed212\1043\eula.rtf.locked
588bce7c90097ed212\1043\eula.rtf.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1043\eula.rtf.locked
locked
File
588bce7c90097ed212\1031\eula.rtf.locked
588bce7c90097ed212\1031\eula.rtf.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1031\eula.rtf.locked
locked
File
588bce7c90097ed212\Graphics\Save.ico.locked
588bce7c90097ed212\Graphics\Save.ico.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\Graphics\Save.ico.locked
locked
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
588bce7c90097ed212\2052\SetupResources.dll.locked
588bce7c90097ed212\2052\SetupResources.dll.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\2052\SetupResources.dll.locked
locked
File
588bce7c90097ed212\1041\eula.rtf.locked
588bce7c90097ed212\1041\eula.rtf.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1041\eula.rtf.locked
locked
File
588bce7c90097ed212\1025\eula.rtf.locked
588bce7c90097ed212\1025\eula.rtf.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1025\eula.rtf.locked
locked
File
588bce7c90097ed212\3076\eula.rtf.locked
588bce7c90097ed212\3076\eula.rtf.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\3076\eula.rtf.locked
locked
File
588bce7c90097ed212\1038\eula.rtf.locked
588bce7c90097ed212\1038\eula.rtf.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1038\eula.rtf.locked
locked
File
588bce7c90097ed212\1055\eula.rtf.locked
588bce7c90097ed212\1055\eula.rtf.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1055\eula.rtf.locked
locked
File
588bce7c90097ed212\header.bmp.locked
588bce7c90097ed212\header.bmp.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\header.bmp.locked
locked
File
588bce7c90097ed212\3082\eula.rtf.locked
588bce7c90097ed212\3082\eula.rtf.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\3082\eula.rtf.locked
locked
File
588bce7c90097ed212\Graphics\Print.ico.locked
588bce7c90097ed212\Graphics\Print.ico.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\Graphics\Print.ico.locked
locked
File
588bce7c90097ed212\Graphics\Rotate6.ico.locked
588bce7c90097ed212\Graphics\Rotate6.ico.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\Graphics\Rotate6.ico.locked
locked
File
588bce7c90097ed212\Graphics\Rotate3.ico.locked
588bce7c90097ed212\Graphics\Rotate3.ico.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\Graphics\Rotate3.ico.locked
locked
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log.locked
$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log.locked
\??\\C:\
\??\\C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log.locked
locked
File
Boot\updaterevokesipolicy.p7b.locked
Boot\updaterevokesipolicy.p7b.locked
\??\\C:\
\??\\C:\Boot\updaterevokesipolicy.p7b.locked
locked
File
588bce7c90097ed212\1040\eula.rtf.locked
588bce7c90097ed212\1040\eula.rtf.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1040\eula.rtf.locked
locked
File
588bce7c90097ed212\1030\eula.rtf.locked
588bce7c90097ed212\1030\eula.rtf.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1030\eula.rtf.locked
locked
File
588bce7c90097ed212\Graphics\SysReqNotMet.ico.locked
588bce7c90097ed212\Graphics\SysReqNotMet.ico.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico.locked
locked
File
588bce7c90097ed212\Graphics\Rotate2.ico.locked
588bce7c90097ed212\Graphics\Rotate2.ico.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\Graphics\Rotate2.ico.locked
locked
File
$GetCurrent\SafeOS\SetupComplete.cmd.locked
$GetCurrent\SafeOS\SetupComplete.cmd.locked
\??\\C:\
\??\\C:\$GetCurrent\SafeOS\SetupComplete.cmd.locked
locked
File
program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\help\1046\hxdsui.dll.locked
program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\help\1046\hxdsui.dll.locked
c:\
c:\program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\help\1046\hxdsui.dll.locked
locked
Moved_To
File
program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\help\1046\hxdsui.dll
program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\help\1046\hxdsui.dll
c:\
c:\program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\help\1046\hxdsui.dll
dll
Moved_From
File
program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\api-ms-win-crt-utility-l1-1-0.dll.locked
program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\api-ms-win-crt-utility-l1-1-0.dll.locked
c:\
c:\program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\api-ms-win-crt-utility-l1-1-0.dll.locked
locked
Moved_To
File
program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\api-ms-win-crt-utility-l1-1-0.dll
program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\api-ms-win-crt-utility-l1-1-0.dll
c:\
c:\program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\api-ms-win-crt-utility-l1-1-0.dll
dll
Moved_From
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
588bce7c90097ed212\1036\eula.rtf.locked
588bce7c90097ed212\1036\eula.rtf.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1036\eula.rtf.locked
locked
File
588bce7c90097ed212\1033\eula.rtf.locked
588bce7c90097ed212\1033\eula.rtf.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1033\eula.rtf.locked
locked
File
588bce7c90097ed212\Graphics\SysReqMet.ico.locked
588bce7c90097ed212\Graphics\SysReqMet.ico.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\Graphics\SysReqMet.ico.locked
locked
File
588bce7c90097ed212\Graphics\Rotate5.ico.locked
588bce7c90097ed212\Graphics\Rotate5.ico.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\Graphics\Rotate5.ico.locked
locked
File
588bce7c90097ed212\Graphics\Rotate1.ico.locked
588bce7c90097ed212\Graphics\Rotate1.ico.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\Graphics\Rotate1.ico.locked
locked
File
$GetCurrent\SafeOS\PartnerSetupComplete.cmd.locked
$GetCurrent\SafeOS\PartnerSetupComplete.cmd.locked
\??\\C:\
\??\\C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd.locked
locked
File
Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01637_.WMF.locked
Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01637_.WMF.locked
\??\\C:\
\??\\C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01637_.WMF.locked
locked
File
Program Files\Microsoft Office\root\Office16\MSIPC\nl\msipc.dll.mui.locked
Program Files\Microsoft Office\root\Office16\MSIPC\nl\msipc.dll.mui.locked
\??\\C:\
\??\\C:\Program Files\Microsoft Office\root\Office16\MSIPC\nl\msipc.dll.mui.locked
locked
File
Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\SYSTEM\MSMAPI\1033\MSMAPI32.DLL.locked
Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\SYSTEM\MSMAPI\1033\MSMAPI32.DLL.locked
\??\\C:\
\??\\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\SYSTEM\MSMAPI\1033\MSMAPI32.DLL.locked
locked
File
Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CMigrate.exe.locked
Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CMigrate.exe.locked
\??\\C:\
\??\\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CMigrate.exe.locked
locked
File
Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\110\msmgdsrv.dll.locked
Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\110\msmgdsrv.dll.locked
\??\\C:\
\??\\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\110\msmgdsrv.dll.locked
locked
File
program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\cmigrate.exe.locked
program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\cmigrate.exe.locked
c:\
c:\program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\cmigrate.exe.locked
locked
Moved_To
File
program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\cmigrate.exe
program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\cmigrate.exe
c:\
c:\program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\cmigrate.exe
exe
Moved_From
File
program files\microsoft office\root\vfs\programfilesx64\microsoft analysis services\as oledb\110\msmgdsrv.dll.locked
program files\microsoft office\root\vfs\programfilesx64\microsoft analysis services\as oledb\110\msmgdsrv.dll.locked
c:\
c:\program files\microsoft office\root\vfs\programfilesx64\microsoft analysis services\as oledb\110\msmgdsrv.dll.locked
locked
Moved_To
File
program files\microsoft office\root\vfs\programfilesx64\microsoft analysis services\as oledb\110\msmgdsrv.dll
program files\microsoft office\root\vfs\programfilesx64\microsoft analysis services\as oledb\110\msmgdsrv.dll
c:\
c:\program files\microsoft office\root\vfs\programfilesx64\microsoft analysis services\as oledb\110\msmgdsrv.dll
dll
Moved_From
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
588bce7c90097ed212\1044\eula.rtf.locked
588bce7c90097ed212\1044\eula.rtf.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\1044\eula.rtf.locked
locked
File
588bce7c90097ed212\Graphics\Rotate7.ico.locked
588bce7c90097ed212\Graphics\Rotate7.ico.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\Graphics\Rotate7.ico.locked
locked
File
588bce7c90097ed212\Graphics\Rotate4.ico.locked
588bce7c90097ed212\Graphics\Rotate4.ico.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\Graphics\Rotate4.ico.locked
locked
File
588bce7c90097ed212\Graphics\Rotate8.ico.locked
588bce7c90097ed212\Graphics\Rotate8.ico.locked
\??\\C:\
\??\\C:\588bce7c90097ed212\Graphics\Rotate8.ico.locked
locked
File
Program Files\Java\jre1.8.0_144\bin\decora_sse.dll.locked
Program Files\Java\jre1.8.0_144\bin\decora_sse.dll.locked
\??\\C:\
\??\\C:\Program Files\Java\jre1.8.0_144\bin\decora_sse.dll.locked
locked
File
Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ScriptDom.dll.locked
Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ScriptDom.dll.locked
\??\\C:\
\??\\C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ScriptDom.dll.locked
locked
File
Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\METCONV.TXT.locked
Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\METCONV.TXT.locked
\??\\C:\
\??\\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\METCONV.TXT.locked
locked
File
Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Csi.dll.locked
Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Csi.dll.locked
\??\\C:\
\??\\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Csi.dll.locked
locked
File
Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\110\msolui110.dll.locked
Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\110\msolui110.dll.locked
\??\\C:\
\??\\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\110\msolui110.dll.locked
locked
File
program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\smart tag\metconv.txt.locked
program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\smart tag\metconv.txt.locked
c:\
c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\smart tag\metconv.txt.locked
locked
Moved_To
File
program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\smart tag\metconv.txt
program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\smart tag\metconv.txt
c:\
c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\smart tag\metconv.txt
txt
Moved_From
File
program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\csi.dll.locked
program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\csi.dll.locked
c:\
c:\program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\csi.dll.locked
locked
Moved_To
File
program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\csi.dll
program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\csi.dll
c:\
c:\program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\csi.dll
dll
Moved_From
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.locked
Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.locked
\??\\C:\
\??\\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.locked
locked
File
Program Files\Microsoft Office\root\CLIPART\PUB60COR\NA02407_.WMF.locked
Program Files\Microsoft Office\root\CLIPART\PUB60COR\NA02407_.WMF.locked
\??\\C:\
\??\\C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\NA02407_.WMF.locked
locked
File
Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL.locked
Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL.locked
\??\\C:\
\??\\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL.locked
locked
File
program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\concrt140.dll.locked
program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\concrt140.dll.locked
c:\
c:\program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\concrt140.dll.locked
locked
Moved_To
File
program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\concrt140.dll
program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\concrt140.dll
c:\
c:\program files\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\concrt140.dll
dll
Moved_From
File
program files\microsoft office\root\vfs\programfilesx64\microsoft analysis services\as oledb\110\cartridges\hive.xsl.locked
program files\microsoft office\root\vfs\programfilesx64\microsoft analysis services\as oledb\110\cartridges\hive.xsl.locked
c:\
c:\program files\microsoft office\root\vfs\programfilesx64\microsoft analysis services\as oledb\110\cartridges\hive.xsl.locked
locked
Moved_To
File
program files\microsoft office\root\vfs\programfilesx64\microsoft analysis services\as oledb\110\cartridges\hive.xsl
program files\microsoft office\root\vfs\programfilesx64\microsoft analysis services\as oledb\110\cartridges\hive.xsl
c:\
c:\program files\microsoft office\root\vfs\programfilesx64\microsoft analysis services\as oledb\110\cartridges\hive.xsl
xsl
Moved_From
File
program files\microsoft office\root\vfs\programfilesx64\microsoft analysis services\as oledb\110\msolap110.dll.locked
program files\microsoft office\root\vfs\programfilesx64\microsoft analysis services\as oledb\110\msolap110.dll.locked
c:\
c:\program files\microsoft office\root\vfs\programfilesx64\microsoft analysis services\as oledb\110\msolap110.dll.locked
locked
Moved_To
File
program files\microsoft office\root\vfs\programfilesx64\microsoft analysis services\as oledb\110\msolap110.dll
program files\microsoft office\root\vfs\programfilesx64\microsoft analysis services\as oledb\110\msolap110.dll
c:\
c:\program files\microsoft office\root\vfs\programfilesx64\microsoft analysis services\as oledb\110\msolap110.dll
dll
Moved_From
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STUDIO\STUDIO.INF.locked
Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STUDIO\STUDIO.INF.locked
\??\\C:\
\??\\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STUDIO\STUDIO.INF.locked
locked
File
Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\SYSTEM\ole db\xmlrwbin.dll.locked
Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\SYSTEM\ole db\xmlrwbin.dll.locked
\??\\C:\
\??\\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\SYSTEM\ole db\xmlrwbin.dll.locked
locked
File
Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Cultures\OFFICE.ODF.locked
Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Cultures\OFFICE.ODF.locked
\??\\C:\
\??\\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Cultures\OFFICE.ODF.locked
locked
File
Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll.locked
Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll.locked
\??\\C:\
\??\\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll.locked
locked
File
Program Files\rempl\Logs\Remediation.003.etl.locked
Program Files\rempl\Logs\Remediation.003.etl.locked
\??\\C:\
\??\\C:\Program Files\rempl\Logs\Remediation.003.etl.locked
locked
File
program files\microsoft office\root\vfs\programfilesx64\microsoft analysis services\as oledb\110\msmdlocal.dll.locked
program files\microsoft office\root\vfs\programfilesx64\microsoft analysis services\as oledb\110\msmdlocal.dll.locked
c:\
c:\program files\microsoft office\root\vfs\programfilesx64\microsoft analysis services\as oledb\110\msmdlocal.dll.locked
locked
Moved_To
File
program files\microsoft office\root\vfs\programfilesx64\microsoft analysis services\as oledb\110\msmdlocal.dll
program files\microsoft office\root\vfs\programfilesx64\microsoft analysis services\as oledb\110\msmdlocal.dll
c:\
c:\program files\microsoft office\root\vfs\programfilesx64\microsoft analysis services\as oledb\110\msmdlocal.dll
dll
Moved_From
File
program files\microsoft office\root\vfs\programfilesx86\microsoft sql server\110\shared\msasxpress.dll.locked
program files\microsoft office\root\vfs\programfilesx86\microsoft sql server\110\shared\msasxpress.dll.locked
c:\
c:\program files\microsoft office\root\vfs\programfilesx86\microsoft sql server\110\shared\msasxpress.dll.locked
locked
Moved_To
File
program files\microsoft office\root\vfs\programfilesx86\microsoft sql server\110\shared\msasxpress.dll
program files\microsoft office\root\vfs\programfilesx86\microsoft sql server\110\shared\msasxpress.dll
c:\
c:\program files\microsoft office\root\vfs\programfilesx86\microsoft sql server\110\shared\msasxpress.dll
dll
Moved_From
File
users\public\desktop\readme_locked.txt
users\public\desktop\readme_locked.txt
c:\
c:\users\public\desktop\readme_locked.txt
txt
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\110\SQLDumper.exe.locked
Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\110\SQLDumper.exe.locked
\??\\C:\
\??\\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\110\SQLDumper.exe.locked
locked
File
Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\110\Resources\1033\msolui110.rll.locked
Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\110\Resources\1033\msolui110.rll.locked
\??\\C:\
\??\\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\110\Resources\1033\msolui110.rll.locked
locked
File
Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft.NET\ADOMD.NET\110\Microsoft.AnalysisServices.AdomdClient.dll.locked
Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft.NET\ADOMD.NET\110\Microsoft.AnalysisServices.AdomdClient.dll.locked
\??\\C:\
\??\\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft.NET\ADOMD.NET\110\Microsoft.AnalysisServices.AdomdClient.dll.locked
locked
File
Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\110\dbghelp.dll.locked
Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\110\dbghelp.dll.locked
\??\\C:\
\??\\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\110\dbghelp.dll.locked
locked
File
Program Files\Mozilla Firefox\dependentlibs.list.locked
Program Files\Mozilla Firefox\dependentlibs.list.locked
\??\\C:\
\??\\C:\Program Files\Mozilla Firefox\dependentlibs.list.locked
locked
File
Program Files\MSBuild\examined.exe.locked
Program Files\MSBuild\examined.exe.locked
\??\\C:\
\??\\C:\Program Files\MSBuild\examined.exe.locked
locked
File
Program Files\rempl\Unlock.xml.locked
Program Files\rempl\Unlock.xml.locked
\??\\C:\
\??\\C:\Program Files\rempl\Unlock.xml.locked
locked
File
Program Files\rempl\Logs\Remediation.002.etl.locked
Program Files\rempl\Logs\Remediation.002.etl.locked
\??\\C:\
\??\\C:\Program Files\rempl\Logs\Remediation.002.etl.locked
locked
File
Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Config_131491847713900000.json.locked
Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Config_131491847713900000.json.locked
\??\\C:\
\??\\C:\Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Config_131491847713900000.json.locked
locked
File
Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STUDIO\STUDIO.ELM.locked
Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STUDIO\STUDIO.ELM.locked
\??\\C:\
\??\\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STUDIO\STUDIO.ELM.locked
locked
File
program files\microsoft office\root\vfs\programfilesx64\microsoft.net\adomd.net\110\microsoft.analysisservices.adomdclient.dll.locked
program files\microsoft office\root\vfs\programfilesx64\microsoft.net\adomd.net\110\microsoft.analysisservices.adomdclient.dll.locked
c:\
c:\program files\microsoft office\root\vfs\programfilesx64\microsoft.net\adomd.net\110\microsoft.analysisservices.adomdclient.dll.locked
locked
Moved_To
File
program files\microsoft office\root\vfs\programfilesx64\microsoft.net\adomd.net\110\microsoft.analysisservices.adomdclient.dll
program files\microsoft office\root\vfs\programfilesx64\microsoft.net\adomd.net\110\microsoft.analysisservices.adomdclient.dll
c:\
c:\program files\microsoft office\root\vfs\programfilesx64\microsoft.net\adomd.net\110\microsoft.analysisservices.adomdclient.dll
dll
Moved_From
File
program files\microsoft office\root\vfs\programfilesx64\microsoft analysis services\as oledb\110\dbghelp.dll.locked
program files\microsoft office\root\vfs\programfilesx64\microsoft analysis services\as oledb\110\dbghelp.dll.locked
c:\
c:\program files\microsoft office\root\vfs\programfilesx64\microsoft analysis services\as oledb\110\dbghelp.dll.locked
locked
Moved_To
File
program files\microsoft office\root\vfs\programfilesx64\microsoft analysis services\as oledb\110\dbghelp.dll
program files\microsoft office\root\vfs\programfilesx64\microsoft analysis services\as oledb\110\dbghelp.dll
c:\
c:\program files\microsoft office\root\vfs\programfilesx64\microsoft analysis services\as oledb\110\dbghelp.dll
dll
Moved_From
File
program files\msbuild\examined.exe.locked
program files\msbuild\examined.exe.locked
c:\
c:\program files\msbuild\examined.exe.locked
locked
Moved_To
File
program files\msbuild\examined.exe
program files\msbuild\examined.exe
c:\
c:\program files\msbuild\examined.exe
exe
Moved_From
File
users\public\desktop\readme_locked.txt
users\public\desktop\readme_locked.txt
c:\
c:\users\public\desktop\readme_locked.txt
txt
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\110\Cartridges\trdtv2r41.xsl.locked
Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\110\Cartridges\trdtv2r41.xsl.locked
\??\\C:\
\??\\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\110\Cartridges\trdtv2r41.xsl.locked
locked
File
Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\110\msolui110.dll.locked
Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\110\msolui110.dll.locked
\??\\C:\
\??\\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\110\msolui110.dll.locked
locked
File
Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\VVIEWER.DLL.locked
Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\VVIEWER.DLL.locked
\??\\C:\
\??\\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\VVIEWER.DLL.locked
locked
File
program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\vviewer.dll.locked
program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\vviewer.dll.locked
c:\
c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\vviewer.dll.locked
locked
Moved_To
File
program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\vviewer.dll
program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\vviewer.dll
c:\
c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\vviewer.dll
dll
Moved_From
File
program files\mozilla firefox\freebl3.dll.locked
program files\mozilla firefox\freebl3.dll.locked
c:\
c:\program files\mozilla firefox\freebl3.dll.locked
locked
Moved_To
File
program files\mozilla firefox\freebl3.dll
program files\mozilla firefox\freebl3.dll
c:\
c:\program files\mozilla firefox\freebl3.dll
dll
Moved_From
File
program files\msbuild\microsoft\windows workflow foundation\v3.5\workflow.visualbasic.targets.locked
program files\msbuild\microsoft\windows workflow foundation\v3.5\workflow.visualbasic.targets.locked
c:\
c:\program files\msbuild\microsoft\windows workflow foundation\v3.5\workflow.visualbasic.targets.locked
locked
Moved_To
File
program files\msbuild\microsoft\windows workflow foundation\v3.5\workflow.visualbasic.targets
program files\msbuild\microsoft\windows workflow foundation\v3.5\workflow.visualbasic.targets
c:\
c:\program files\msbuild\microsoft\windows workflow foundation\v3.5\workflow.visualbasic.targets
targets
Moved_From
File
program files\msbuild\microsoft\windows workflow foundation\v3.5\workflow.targets.locked
program files\msbuild\microsoft\windows workflow foundation\v3.5\workflow.targets.locked
c:\
c:\program files\msbuild\microsoft\windows workflow foundation\v3.5\workflow.targets.locked
locked
Moved_To
File
program files\msbuild\microsoft\windows workflow foundation\v3.5\workflow.targets
program files\msbuild\microsoft\windows workflow foundation\v3.5\workflow.targets
c:\
c:\program files\msbuild\microsoft\windows workflow foundation\v3.5\workflow.targets
targets
Moved_From
File
program files\unp\campaignmanager\campaigncatalog.json.locked
program files\unp\campaignmanager\campaigncatalog.json.locked
c:\
c:\program files\unp\campaignmanager\campaigncatalog.json.locked
locked
Moved_To
File
program files\unp\campaignmanager\campaigncatalog.json
program files\unp\campaignmanager\campaigncatalog.json
c:\
c:\program files\unp\campaignmanager\campaigncatalog.json
json
Moved_From
File
program files\reference assemblies\tasks.exe.locked
program files\reference assemblies\tasks.exe.locked
c:\
c:\program files\reference assemblies\tasks.exe.locked
locked
Moved_To
File
program files\reference assemblies\tasks.exe
program files\reference assemblies\tasks.exe
c:\
c:\program files\reference assemblies\tasks.exe
exe
Moved_From
File
program files\unp\campaignmanager\campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\content1\el-gr\toastreviewsettings.xml.locked
program files\unp\campaignmanager\campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\content1\el-gr\toastreviewsettings.xml.locked
c:\
c:\program files\unp\campaignmanager\campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\content1\el-gr\toastreviewsettings.xml.locked
locked
Moved_To
File
program files\unp\campaignmanager\campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\content1\el-gr\toastreviewsettings.xml
program files\unp\campaignmanager\campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\content1\el-gr\toastreviewsettings.xml
c:\
c:\program files\unp\campaignmanager\campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\content1\el-gr\toastreviewsettings.xml
xml
Moved_From
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
Program Files\Microsoft Office\root\VFS\System\VEN2232.OLB.locked
Program Files\Microsoft Office\root\VFS\System\VEN2232.OLB.locked
\??\\C:\
\??\\C:\Program Files\Microsoft Office\root\VFS\System\VEN2232.OLB.locked
locked
File
Program Files\Microsoft Office\root\VFS\SystemX86\vccorlib140.dll.locked
Program Files\Microsoft Office\root\VFS\SystemX86\vccorlib140.dll.locked
\??\\C:\
\??\\C:\Program Files\Microsoft Office\root\VFS\SystemX86\vccorlib140.dll.locked
locked
File
Program Files\Mozilla Firefox\browser\blocklist.xml.locked
Program Files\Mozilla Firefox\browser\blocklist.xml.locked
\??\\C:\
\??\\C:\Program Files\Mozilla Firefox\browser\blocklist.xml.locked
locked
File
Program Files\Mozilla Firefox\ucrtbase.dll.locked
Program Files\Mozilla Firefox\ucrtbase.dll.locked
\??\\C:\
\??\\C:\Program Files\Mozilla Firefox\ucrtbase.dll.locked
locked
File
Program Files\rempl\rempl.xml.locked
Program Files\rempl\rempl.xml.locked
\??\\C:\
\??\\C:\Program Files\rempl\rempl.xml.locked
locked
File
Program Files\rempl\Logs\Remediation.001.etl.locked
Program Files\rempl\Logs\Remediation.001.etl.locked
\??\\C:\
\??\\C:\Program Files\rempl\Logs\Remediation.001.etl.locked
locked
File
Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\ca-ES\toastreviewsettings.xml.locked
Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\ca-ES\toastreviewsettings.xml.locked
\??\\C:\
\??\\C:\Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\ca-ES\toastreviewsettings.xml.locked
locked
File
Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\el-GR\index.html.locked
Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\el-GR\index.html.locked
\??\\C:\
\??\\C:\Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\el-GR\index.html.locked
locked
File
Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\en-PH\toastreviewsettings.xml.locked
Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\en-PH\toastreviewsettings.xml.locked
\??\\C:\
\??\\C:\Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\en-PH\toastreviewsettings.xml.locked
locked
File
program files\unp\campaignmanager\campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\content1\en-ph\toastreviewsettings.xml.locked
program files\unp\campaignmanager\campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\content1\en-ph\toastreviewsettings.xml.locked
c:\
c:\program files\unp\campaignmanager\campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\content1\en-ph\toastreviewsettings.xml.locked
locked
Moved_To
File
program files\unp\campaignmanager\campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\content1\en-ph\toastreviewsettings.xml
program files\unp\campaignmanager\campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\content1\en-ph\toastreviewsettings.xml
c:\
c:\program files\unp\campaignmanager\campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\content1\en-ph\toastreviewsettings.xml
xml
Moved_From
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi.locked
Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi.locked
\??\\C:\
\??\\C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi.locked
locked
File
Program Files\Mozilla Firefox\browser\chrome.manifest.locked
Program Files\Mozilla Firefox\browser\chrome.manifest.locked
\??\\C:\
\??\\C:\Program Files\Mozilla Firefox\browser\chrome.manifest.locked
locked
File
Program Files\Mozilla Firefox\freebl3.chk.locked
Program Files\Mozilla Firefox\freebl3.chk.locked
\??\\C:\
\??\\C:\Program Files\Mozilla Firefox\freebl3.chk.locked
locked
File
Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets.locked
Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets.locked
\??\\C:\
\??\\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets.locked
locked
File
Program Files\rempl\remsh.exe.locked
Program Files\rempl\remsh.exe.locked
\??\\C:\
\??\\C:\Program Files\rempl\remsh.exe.locked
locked
File
Program Files\Reference Assemblies\spies_circus_courage.exe.locked
Program Files\Reference Assemblies\spies_circus_courage.exe.locked
\??\\C:\
\??\\C:\Program Files\Reference Assemblies\spies_circus_courage.exe.locked
locked
File
Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\ca-ES\toastbeginupgradeth2.xml.locked
Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\ca-ES\toastbeginupgradeth2.xml.locked
\??\\C:\
\??\\C:\Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\ca-ES\toastbeginupgradeth2.xml.locked
locked
File
Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\el-GR\toastbeginupgradeth2.xml.locked
Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\el-GR\toastbeginupgradeth2.xml.locked
\??\\C:\
\??\\C:\Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\el-GR\toastbeginupgradeth2.xml.locked
locked
File
Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\en-PH\toastbeginupgrade.xml.locked
Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\en-PH\toastbeginupgrade.xml.locked
\??\\C:\
\??\\C:\Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\en-PH\toastbeginupgrade.xml.locked
locked
File
program files\reference assemblies\spies_circus_courage.exe.locked
program files\reference assemblies\spies_circus_courage.exe.locked
c:\
c:\program files\reference assemblies\spies_circus_courage.exe.locked
locked
Moved_To
File
program files\reference assemblies\spies_circus_courage.exe
program files\reference assemblies\spies_circus_courage.exe
c:\
c:\program files\reference assemblies\spies_circus_courage.exe
exe
Moved_From
File
program files\unp\campaignmanager\campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\content1\en-ph\toastbeginupgrade.xml.locked
program files\unp\campaignmanager\campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\content1\en-ph\toastbeginupgrade.xml.locked
c:\
c:\program files\unp\campaignmanager\campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\content1\en-ph\toastbeginupgrade.xml.locked
locked
Moved_To
File
program files\unp\campaignmanager\campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\content1\en-ph\toastbeginupgrade.xml
program files\unp\campaignmanager\campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\content1\en-ph\toastbeginupgrade.xml
c:\
c:\program files\unp\campaignmanager\campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\content1\en-ph\toastbeginupgrade.xml
xml
Moved_From
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\el-GR\toastbeginupgrade.xml.locked
Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\el-GR\toastbeginupgrade.xml.locked
\??\\C:\
\??\\C:\Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\el-GR\toastbeginupgrade.xml.locked
locked
File
Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\en-PH\toastbeginupgradeth2.xml.locked
Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\en-PH\toastbeginupgradeth2.xml.locked
\??\\C:\
\??\\C:\Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\en-PH\toastbeginupgradeth2.xml.locked
locked
File
program files\unp\campaignmanager\campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\content1\en-ph\toastbeginupgradeth2.xml.locked
program files\unp\campaignmanager\campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\content1\en-ph\toastbeginupgradeth2.xml.locked
c:\
c:\program files\unp\campaignmanager\campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\content1\en-ph\toastbeginupgradeth2.xml.locked
locked
Moved_To
File
program files\unp\campaignmanager\campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\content1\en-ph\toastbeginupgradeth2.xml
program files\unp\campaignmanager\campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\content1\en-ph\toastbeginupgradeth2.xml
c:\
c:\program files\unp\campaignmanager\campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\content1\en-ph\toastbeginupgradeth2.xml
xml
Moved_From
Analyzed Sample #526138
Malware Artifacts
526138
Sample-ID: #526138
Job-ID: #735259
This sample was analyzed by VMRay Analyzer 3.0.1 on a Windows 10 Redstone 2 system
100
VTI Score based on VTI Database Version 3.2
Metadata of Sample File #526138
Submission-ID: #888730
7bcd69b3085126f7e97406889f78ab74e87230c11812b79406d723a80c08dd26exe
MD5
7e3f8b6b7ac0565bfcbf0a1e3e6fcfbc
SHA1
b2a701225c8c7f839be3c5009d52b4421063d93e
SHA256
7bcd69b3085126f7e97406889f78ab74e87230c11812b79406d723a80c08dd26
Opened_By
Metadata of Analysis for Job-ID #735259
False
Maximum binlog size reached
True
240.163
NQDPDE
win10_64_rs2
x86 64-bit
Windows 10 Redstone 2
10.0.15063.540 (f6f48955-5489-4b24-b4df-942361f0730d)
FD1HVy
NQDPDE
This is a property collection for additional information of VMRay analysis
VMRay Analyzer
Anti Analysis
VTI rule match with VTI rule score 2/5
vmray_dynamic_api_usage_by_api
Resolves an unusually high number of APIs.
Resolves APIs dynamically to possibly evade static detection
Process
VTI rule match with VTI rule score 1/5
vmray_create_process_with_hidden_window
The process "C:\WINDOWS\system32\cmd.exe" starts with hidden window.
Creates process with hidden window
Process
VTI rule match with VTI rule score 1/5
vmray_create_process_with_hidden_window
The process "C:\Users\FD1HVy\AppData\Local\Temp\zzbdrimp5619.exe" starts with hidden window.
Creates process with hidden window
Process
VTI rule match with VTI rule score 1/5
vmray_install_ipc_endpoint
Creates mutex with name "MX-zzbdrimp".
Creates system object
Device
VTI rule match with VTI rule score 2/5
vmray_control_device_by_device_io_control
Controls device "C:\Documents and Settings" through API DeviceIOControl.
Sends control codes to connected devices
Device
VTI rule match with VTI rule score 2/5
vmray_control_device_by_device_io_control
Controls device "C:\Program Files\Microsoft Office\root\client\AppvIsvStream32.dll" through API DeviceIOControl.
Sends control codes to connected devices
Device
VTI rule match with VTI rule score 2/5
vmray_control_device_by_device_io_control
Controls device "C:\Program Files\Microsoft Office\root\client\AppvIsvStream64.dll" through API DeviceIOControl.
Sends control codes to connected devices
Device
VTI rule match with VTI rule score 2/5
vmray_control_device_by_device_io_control
Controls device "C:\Program Files\Microsoft Office\root\client\AppvIsvSubsystems32.dll" through API DeviceIOControl.
Sends control codes to connected devices
Device
VTI rule match with VTI rule score 2/5
vmray_control_device_by_device_io_control
Controls device "C:\Program Files\Microsoft Office\root\client\AppvIsvSubsystems64.dll" through API DeviceIOControl.
Sends control codes to connected devices
Device
VTI rule match with VTI rule score 2/5
vmray_control_device_by_device_io_control
Controls device "C:\Program Files\Microsoft Office\root\client\C2R32.dll" through API DeviceIOControl.
Sends control codes to connected devices
Device
VTI rule match with VTI rule score 2/5
vmray_control_device_by_device_io_control
Controls device "C:\Program Files\Microsoft Office\root\client\C2R64.dll" through API DeviceIOControl.
Sends control codes to connected devices
Device
VTI rule match with VTI rule score 2/5
vmray_control_device_by_device_io_control
Controls device "C:\Program Files\Microsoft Office\root\Office16\AppvIsvStream64.dll" through API DeviceIOControl.
Sends control codes to connected devices
Device
VTI rule match with VTI rule score 2/5
vmray_control_device_by_device_io_control
Controls device "C:\Program Files\Microsoft Office\root\Office16\AppvIsvSubsystems64.dll" through API DeviceIOControl.
Sends control codes to connected devices
Device
VTI rule match with VTI rule score 2/5
vmray_control_device_by_device_io_control
Controls device "C:\Program Files\Microsoft Office\root\Office16\C2R64.dll" through API DeviceIOControl.
Sends control codes to connected devices
Device
VTI rule match with VTI rule score 2/5
vmray_control_device_by_device_io_control
Controls device "C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\EQUATION\AppvIsvStream32.dll" through API DeviceIOControl.
Sends control codes to connected devices
Device
VTI rule match with VTI rule score 2/5
vmray_control_device_by_device_io_control
Controls device "C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\EQUATION\AppvIsvSubsystems32.dll" through API DeviceIOControl.
Sends control codes to connected devices
Device
VTI rule match with VTI rule score 2/5
vmray_control_device_by_device_io_control
Controls device "C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\EQUATION\C2R32.dll" through API DeviceIOControl.
Sends control codes to connected devices
Device
VTI rule match with VTI rule score 2/5
vmray_control_device_by_device_io_control
Controls device "C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AppvIsvStream64.dll" through API DeviceIOControl.
Sends control codes to connected devices
Device
VTI rule match with VTI rule score 2/5
vmray_control_device_by_device_io_control
Controls device "C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AppvIsvSubsystems64.dll" through API DeviceIOControl.
Sends control codes to connected devices
Device
VTI rule match with VTI rule score 2/5
vmray_control_device_by_device_io_control
Controls device "C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\C2R64.dll" through API DeviceIOControl.
Sends control codes to connected devices
File System
VTI rule match with VTI rule score 4/5
vmray_rename_user_files
Renames multiple user files. This is an indicator for an encryption attempt.
Renames user files
Device
VTI rule match with VTI rule score 2/5
vmray_control_device_by_device_io_control
Controls device "C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\EQUATION\AppvIsvStream32.dll" through API DeviceIOControl.
Sends control codes to connected devices
Device
VTI rule match with VTI rule score 2/5
vmray_control_device_by_device_io_control
Controls device "C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\EQUATION\AppvIsvSubsystems32.dll" through API DeviceIOControl.
Sends control codes to connected devices
Device
VTI rule match with VTI rule score 2/5
vmray_control_device_by_device_io_control
Controls device "C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\EQUATION\C2R32.dll" through API DeviceIOControl.
Sends control codes to connected devices
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\Java\jre1.8.0_144\bin\decora_sse.dll.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01637_.WMF.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\NA02407_.WMF.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ScriptDom.dll.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STUDIO\STUDIO.INF.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\Microsoft Office\root\Office16\MSIPC\nl\msipc.dll.mui.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\METCONV.TXT.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\SYSTEM\MSMAPI\1033\MSMAPI32.DLL.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\SYSTEM\ole db\xmlrwbin.dll.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Csi.dll.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Cultures\OFFICE.ODF.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\110\msolui110.dll.locked".
Modifies application directory
Device
VTI rule match with VTI rule score 2/5
vmray_control_device_by_device_io_control
Controls device "C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\AppvIsvStream32.dll" through API DeviceIOControl.
Sends control codes to connected devices
Device
VTI rule match with VTI rule score 2/5
vmray_control_device_by_device_io_control
Controls device "C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\AppvIsvSubsystems32.dll" through API DeviceIOControl.
Sends control codes to connected devices
Device
VTI rule match with VTI rule score 2/5
vmray_control_device_by_device_io_control
Controls device "C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\C2R32.dll" through API DeviceIOControl.
Sends control codes to connected devices
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\110\SQLDumper.exe.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\110\Resources\1033\msolui110.rll.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft.NET\ADOMD.NET\110\Microsoft.AnalysisServices.AdomdClient.dll.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\110\Cartridges\trdtv2r41.xsl.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\110\msolui110.dll.locked".
Modifies application directory
Information Stealing
VTI rule match with VTI rule score 1/5
vmray_recon_app_data_by_file
Possibly trying to gather information about application "Mozilla Firefox" by file.
Possibly does reconnaissance
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\VVIEWER.DLL.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\Microsoft Office\root\VFS\System\VEN2232.OLB.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\Microsoft Office\root\VFS\SystemX86\vccorlib140.dll.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\Mozilla Firefox\browser\chrome.manifest.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\Mozilla Firefox\browser\blocklist.xml.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\Mozilla Firefox\dependentlibs.list.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\Mozilla Firefox\freebl3.chk.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\Mozilla Firefox\ucrtbase.dll.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\rempl\remsh.exe.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\rempl\rempl.xml.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\rempl\Unlock.xml.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\rempl\Logs\Remediation.003.etl.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\rempl\Logs\Remediation.002.etl.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\rempl\Logs\Remediation.001.etl.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\ca-ES\toastreviewsettings.xml.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Config_131491847713900000.json.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\ca-ES\toastbeginupgradeth2.xml.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\el-GR\toastbeginupgrade.xml.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\el-GR\index.html.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\el-GR\toastbeginupgradeth2.xml.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_modify_application_dir_by_file
Modifies "\??\\C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STUDIO\STUDIO.ELM.locked".
Modifies application directory
File System
VTI rule match with VTI rule score 1/5
vmray_create_many_files
Creates an unusually large number of files.
Creates an unusually large number of files
File System
VTI rule match with VTI rule score 5/5
vmray_handle_with_malicious_files
File "C:\Users\FD1HVy\Desktop\zzbdrimp2939.exe" is a known malicious file.
Known malicious file