|
|
4/5
|
File System
|
Renames user files
|
Ransomware
|
|
|
-
Renames multiple user files. This is an indicator for an encryption attempt.
|
|
|
4/5
|
File System
|
Known malicious file
|
Trojan
|
|
|
-
File "C:\Users\CIiHmnxMn6Ps\Desktop\Kraken.exe" is a known malicious file.
|
|
|
3/5
|
Process
|
Creates an unusally large number of processes
|
-
|
|
|
-
Above average number of processes were monitored.
|
|
|
2/5
|
Anti Analysis
|
Tries to detect debugger
|
-
|
|
|
-
Check via API "IsDebuggerPresent".
|
|
|
2/5
|
Anti Analysis
|
Resolves APIs dynamically to possibly evade static detection
|
-
|
|
|
-
Resolves an unusually high number of APIs.
|
|
|
2/5
|
Device
|
Sends control codes to connected devices
|
-
|
|
|
-
Controls device "C:\Users\CIIHMN~1\AppData\Local\Temp\SDELTEMP" through API DeviceIOControl.
|
|
|
1/5
|
Process
|
Creates system object
|
-
|
|
|
-
Creates mutex with name "Microsoft-Kraken-LHNIWSJ".
|
|
|
-
Creates mutex with name "Global\.net clr networking".
|
|
|
1/5
|
Network
|
Performs DNS request
|
-
|
|
|
-
Resolves host name "ipinfo.io".
|
|
|
-
Resolves host name "download.sysinternals.com".
|
|
|
-
Resolves host name "127.0.0.1".
|
|
|
-
Resolves local IP "127.0.0.1".
|
|
|
1/5
|
Process
|
Creates process with hidden window
|
-
|
|
|
-
The process "C:\ProgramData\Safe.exe" starts with hidden window.
|
|
|
-
The process ""tasklist" /V /FO CSV" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe enum-logs > "C:\ProgramData\EventLog.txt"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "AirSpaceChannel"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Application"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "DirectShowFilterGraph"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "DirectShowPluginControl"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Els_Hyphenation/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "EndpointMapper"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "FirstUXPerf-Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "ForwardedEvents"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "General Logging"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "HardwareEvents"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "IHM_DebugChannel"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "InstallUXPerformance-Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Intel-iaLPSS-GPIO/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Intel-iaLPSS-I2C/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Internet Explorer"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Key Management Service"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "MF_MediaFoundationDeviceProxy"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "MedaFoundationVideoProc"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "MedaFoundationVideoProcD3D"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "MediaFoundationAsyncWrapper"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "MediaFoundationContentProtection"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "MediaFoundationDS"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "MediaFoundationDeviceProxy"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "MediaFoundationMediaEngine"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "MediaFoundationPerformance"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "MediaFoundationPerformanceCore"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "MediaFoundationPipeline"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "MediaFoundationPlatform"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "MediaFoundationSrcPrefetch"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Client-Licensing-Platform/Admin"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Client-Licensing-Platform/Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Client-Licensing-Platform/Diagnostic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-IE-ReadingView/Diagnostic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-IE/Diagnostic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-IEFRAME/Diagnostic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-JSDumpHeap/Diagnostic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-OneCore-Setup/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-PerfTrack-IEFRAME/Diagnostic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-PerfTrack-MSHTML/Diagnostic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-WS-Licensing/Admin"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-WS-Licensing/Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-WS-Licensing/Diagnostic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AAD/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AAD/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-ADSI/Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-ASN1/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-ATAPort/General"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-ATAPort/SATA-LPM"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-ActionQueue/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-All-User-Install-Agent/Admin"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AllJoyn/Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AllJoyn/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Anytime-Upgrade-Events/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Anytime-Upgrade/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AppHost/Admin"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AppHost/ApplicationTracing"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AppHost/Diagnostic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AppHost/Internal"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AppID/Operational"" starts with hidden window.
|
|
|
-
The process "cmd.exe" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AppLocker/EXE and DLL"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AppLocker/MSI and Script"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AppLocker/Packaged app-Deployment"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AppLocker/Packaged app-Execution"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AppModel-Runtime/Admin"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AppModel-Runtime/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AppModel-Runtime/Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AppModel-Runtime/Diagnostics"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AppModel-State/Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AppModel-State/Diagnostic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AppReadiness/Admin"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AppReadiness/Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AppReadiness/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AppSruProv"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AppXDeployment/Diagnostic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AppXDeployment/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AppXDeploymentServer/Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AppXDeploymentServer/Diagnostic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AppXDeploymentServer/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AppXDeploymentServer/Restricted"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-ApplicabilityEngine/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-ApplicabilityEngine/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Application Server-Applications/Admin"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Application Server-Applications/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Application Server-Applications/Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Application Server-Applications/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Application-Experience/Compatibility-Infrastructure-Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Trace"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Application-Experience/Program-Inventory"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Application-Experience/Program-Telemetry"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Application-Experience/Steps-Recorder"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-ApplicationResourceManagementSystem/Diagnostic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-ApplicationResourceManagementSystem/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AppxPackaging/Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AppxPackaging/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AppxPackaging/Performance"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AssignedAccess/Admin"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AssignedAccess/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AssignedAccessBroker/Admin"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AssignedAccessBroker/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AsynchronousCausality/Causality"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Audio/CaptureMonitor"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Audio/GlitchDetection"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Audio/Informational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Audio/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Audio/Performance"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Audio/PlaybackManager"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Audit/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Authentication User Interface/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Authentication/AuthenticationPolicyFailures-DomainController"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Authentication/ProtectedUser-Client"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Authentication/ProtectedUserFailures-DomainController"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Authentication/ProtectedUserSuccesses-DomainController"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-AxInstallService/Log"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-BackgroundTaskInfrastructure/Diagnostic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-BackgroundTaskInfrastructure/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-BackgroundTransfer-ContentPrefetcher/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Backup"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Base-Filtering-Engine-Connections/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Base-Filtering-Engine-Resource-Flows/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Battery/Diagnostic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Biometrics/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Biometrics/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-BitLocker-DrivePreparationTool/Admin"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-BitLocker-DrivePreparationTool/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-BitLocker-Driver-Performance/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-BitLocker/BitLocker Management"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-BitLocker/BitLocker Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-BitLocker/Tracing"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Bits-Client/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Bits-Client/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Bluetooth-MTPEnum/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-BranchCache/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-BranchCacheClientEventProvider/Diagnostic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-BranchCacheEventProvider/Diagnostic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-BranchCacheMonitoring/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-BranchCacheSMB/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-BranchCacheSMB/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-CAPI2/Catalog Database Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-CAPI2/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-CDROM/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-COM/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-COM/ApartmentInitialize"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-COM/ApartmentUninitialize"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-COM/Call"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-COM/CreateInstance"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-COM/ExtensionCatalog"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-COM/FreeUnusedLibrary"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-COMRuntime/Activations"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-COMRuntime/MessageProcessing"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-COMRuntime/Tracing"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-CertPoleEng/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-ClearTypeTextTuner/Diagnostic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-CloudStorageWizard/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-CloudStorageWizard/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-CmiSetup/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-CodeIntegrity/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-CodeIntegrity/Verbose"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-ComDlg32/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-ComDlg32/Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Compat-Appraiser/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Compat-Appraiser/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Connected-Search/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Connected-Search/Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Connected-Search/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-CoreApplication/Diagnostic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-CoreApplication/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-CoreApplication/Tracing"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-CoreSystem-SmsRouter-Events/Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-CoreSystem-SmsRouter-Events/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-CoreWindow/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-CoreWindow/Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-CorruptedFileRecovery-Client/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-CorruptedFileRecovery-Server/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Crashdump/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-CredProvHost/Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-CredUI/Diagnostic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-CredentialProviders/Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Crypto-BCRYPT/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Crypto-CNG/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Crypto-DPAPI/BackUpKeySvc"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Crypto-DPAPI/Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Crypto-DPAPI/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Crypto-DSSEnh/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Crypto-NCrypt/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Crypto-RNG/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Crypto-RSAEnh/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-D3D10Level9/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-D3D10Level9/PerfTiming"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-DAL-Provider/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-DAL-Provider/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-DAMM/Diagnostic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-DCLocator/Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-DLNA-Namespace/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-DNS-Client/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-DSC/Admin"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-DSC/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-DSC/Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-DSC/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-DUI/Diagnostic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-DUSER/Diagnostic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-DXGI/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-DXGI/Logging"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-DXP/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Data-Pdf/Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-DataIntegrityScan/Admin"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-DataIntegrityScan/CrashRecovery"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-DateTimeControlPanel/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-DateTimeControlPanel/Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-DateTimeControlPanel/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Deduplication/Diagnostic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Deduplication/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Deduplication/Performance"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Deduplication/Scrubbing"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Defrag-Core/Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Deplorch/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-DesktopActivityModerator/Diagnostic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-DesktopWindowManager-Diag/Diagnostic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-DeviceAssociationService/Performance"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-DeviceConfidence/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-DeviceSetupManager/Admin"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-DeviceSetupManager/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-DeviceSetupManager/Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-DeviceSetupManager/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-DeviceSync/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-DeviceSync/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-DeviceUx/Informational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-DeviceUx/Performance"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Dhcp-Client/Admin"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Dhcp-Client/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Dhcpv6-Client/Admin"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Dhcpv6-Client/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-DiagCpl/Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Diagnosis-AdvancedTaskManager/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Diagnosis-DPS/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Diagnosis-DPS/Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Diagnosis-DPS/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Diagnosis-MSDE/Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Diagnosis-PCW/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Diagnosis-PCW/Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Diagnosis-PCW/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Diagnosis-PLA/Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Diagnosis-PLA/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Diagnosis-Perfhost/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Diagnosis-Scheduled/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Diagnosis-Scripted/Admin"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Diagnosis-Scripted/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Diagnosis-Scripted/Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Diagnosis-Scripted/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Diagnosis-WDC/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Diagnosis-WDI/Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Diagnostics-Networking/Debug"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Diagnostics-Networking/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Diagnostics-PerfTrack/Diagnostic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Diagnostics-Performance/Diagnostic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Diagnostics-Performance/Operational"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Direct3D10/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Direct3D10_1/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Direct3D11/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Direct3D11/Logging"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Direct3D11/PerfTiming"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Direct3D12/Analytic"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Direct3D12/Logging"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Direct3D12/PerfTiming"" starts with hidden window.
|
|
|
-
The process "C:\Windows\system32\cmd.exe /c wevtutil.exe clear-log "Microsoft-Windows-Direct3D9/Analytic"" starts with hidden window.
|
|
|
1/5
|
File System
|
Modifies application directory
|
-
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\esl\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\1494870c-9912-c184-4cc9-b401-a53f4d8de290.pdf".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\agmgpuoptin.ini".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\add-account\images\icons.png".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\add-account\images\icons_ie8.gif".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\add-account\images\icons_retina.png".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\add-account\images\illustrations.png".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\add-account\images\illustrations_retina.png".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\add-account\images\new_icons.png".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\add-account\images\new_icons_retina.png".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\add-account\images\themes\dark\icons.png".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\aicuc\js\plugins\rhp\convertpdf-rna-selector.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\aicuc\js\plugins\rhp\convertpdf-rna-tool-view.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\aicuc\js\plugins\rhp\exportpdf-rna-selector.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\aicuc\js\plugins\rhp\exportpdf-rna-tool-view.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\aicuc\js\plugins\rhp\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\cpdf\plugin.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\cpdf\selector.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\cpdf\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\epdf\plugin.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\epdf\selector.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\epdf\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\aicuc\js\plugins\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\aicuc\js\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\aicuc\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\combinepdf\css\main-selector.css".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\combinepdf\css\main.css".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\combinepdf\css\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\combinepdf\images\example_icons2x.png".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\combinepdf\images\themes\dark\example_icons2x.png".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\combinepdf\images\themes\dark\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\combinepdf\images\themes\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\combinepdf\images\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\combinepdf\js\nls\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\combinepdf\js\nls\ar-ae\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\combinepdf\js\nls\ca-es\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\combinepdf\js\nls\ca-es\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\digsig\js\nls\en-il\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\digsig\js\nls\en-il\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\digsig\js\nls\es-es\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\digsig\js\nls\es-es\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\digsig\js\nls\eu-es\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\digsig\js\nls\eu-es\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\digsig\js\nls\fi-fi\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\digsig\js\nls\fi-fi\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\digsig\js\nls\fr-fr\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\digsig\js\nls\fr-fr\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\digsig\js\nls\fr-ma\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\digsig\js\nls\fr-ma\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\digsig\js\nls\he-il\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\digsig\js\nls\hr-hr\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\digsig\js\nls\hr-hr\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\digsig\js\nls\hu-hu\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\digsig\js\nls\hu-hu\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\img\tools\check_2x.png".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\img\tools\circle_2x.png".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\img\tools\text_2x.png".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\img\tools\@1x\themes\dark\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\img\tools\@1x\themes\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\img\tools\@1x\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\img\tools\themes\dark\check_2x.png".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\img\tools\themes\dark\circle_2x.png".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\img\tools\themes\dark\text_2x.png".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\img\tools\themes\dark\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\img\tools\themes\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\img\tools\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\img\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\faf-main.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\ar-ae\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\ca-es\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\ca-es\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\cs-cz\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\cs-cz\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\da-dk\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\da-dk\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\de-de\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\de-de\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\en-ae\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\en-gb\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\en-gb\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\en-il\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\es-es\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\es-es\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\eu-es\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\eu-es\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\fi-fi\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\fi-fi\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\fr-fr\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\fr-fr\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\fr-ma\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\he-il\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\hr-hr\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\hr-hr\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\hu-hu\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\hu-hu\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\it-it\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\it-it\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\ja-jp\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\ja-jp\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\ko-kr\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\ko-kr\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\nb-no\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\nb-no\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\nl-nl\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\nl-nl\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\pl-pl\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\pl-pl\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\pt-br\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\pt-br\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\ro-ro\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\ro-ro\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\root\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\root\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\ru-ru\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\ru-ru\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\sk-sk\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\sk-sk\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\sl-si\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\sl-si\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\sl-sl\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\sv-se\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\sv-se\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\tr-tr\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\tr-tr\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\uk-ua\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\uk-ua\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\zh-cn\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\zh-cn\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\zh-tw\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\zh-tw\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\generic-rhp-app\css\main-selector.css".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\generic-rhp-app\css\main.css".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\generic-rhp-app\css\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\generic-rhp-app\images\themes\dark\example_icons2x.png".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\generic-rhp-app\images\themes\dark\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\generic-rhp-app\images\themes\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\generic-rhp-app\images\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\generic-rhp-app\js\nls\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\example_icons2x.png".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\optimize_poster.jpg".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\optimize_poster2x.jpg".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\organize_poster.jpg".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\organize_poster2x-dark.jpg".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\organize_poster2x.jpg".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\protect_poster.jpg".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\protect_poster2x.jpg".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\redact_poster.jpg".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\redact_poster2x.jpg".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\scan_poster.jpg".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\scan_poster2x.jpg".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\on-boarding\images\themeless\localized_images\tr-tr\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\on-boarding\images\themeless\localized_images\zh-cn\appstore_icon.svg".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\on-boarding\images\themeless\localized_images\zh-cn\playstore_icon.svg".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\on-boarding\images\themeless\localized_images\zh-cn\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\on-boarding\images\themeless\localized_images\zh-tw\appstore_icon.svg".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\on-boarding\images\themeless\localized_images\zh-tw\playstore_icon.svg".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\on-boarding\images\themeless\localized_images\zh-tw\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\on-boarding\images\themeless\localized_images\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\on-boarding\images\themeless\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\on-boarding\images\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\on-boarding\js\plugin.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\on-boarding\js\selector.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\on-boarding\js\nls\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\on-boarding\js\nls\ar-ae\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\on-boarding\js\nls\ca-es\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\on-boarding\js\nls\ca-es\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\on-boarding\js\nls\cs-cz\ui-strings.js".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\on-boarding\js\nls\cs-cz\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\on-boarding\js\nls\da-dk\touch".
|
|
|
-
Modifies "c:\program files (x86)\google\chrome\application\58.0.3029.110\installer\chrome.7z".
|
|
|
-
Modifies "c:\program files (x86)\google\chrome\application\58.0.3029.110\installer\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\google\chrome\application\58.0.3029.110\locales\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\google\chrome\application\58.0.3029.110\visualelements\logo.png".
|
|
|
-
Modifies "c:\program files (x86)\google\chrome\application\58.0.3029.110\visualelements\logocanary.png".
|
|
|
-
Modifies "c:\program files (x86)\google\chrome\application\58.0.3029.110\visualelements\smalllogo.png".
|
|
|
-
Modifies "c:\program files (x86)\google\chrome\application\58.0.3029.110\visualelements\smalllogocanary.png".
|
|
|
-
Modifies "c:\program files (x86)\google\chrome\application\58.0.3029.110\visualelements\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\google\chrome\application\58.0.3029.110\widevinecdm\_platform_specific\win_x64\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\google\chrome\application\58.0.3029.110\widevinecdm\_platform_specific\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\google\chrome\application\58.0.3029.110\widevinecdm\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\google\chrome\application\58.0.3029.110\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\google\chrome\application\setupmetrics\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\google\chrome\application\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\google\chrome\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\google\crashreports\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\google\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\internet explorer\en-us\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\internet explorer\images\# how to decrypt files.html".
|
|
|
-
Modifies "c:\program files (x86)\internet explorer\signup\# how to decrypt files.html".
|
|
|
1/5
|
File System
|
Creates an unusually large number of files
|
-
|
|
|
-
Creates an unusually large number of files.
|
|
|
1/5
|
Network
|
Connects to remote host
|
-
|
|
|
-
Outgoing TCP connection to host "152.199.19.160:443".
|
|
|
1/5
|
PE
|
Drops PE file
|
Dropper
|
|
|
-
Drops file "C:\ProgramData\sdelete64.exe".
|
|
|
-
Drops file "C:\ProgramData\sdelete.exe".
|
|
|
-
Drops file "C:\ProgramData\Safe.exe".
|
|
|
1/5
|
PE
|
Executes dropped PE file
|
-
|
|
|
-
Executes dropped file "C:\ProgramData\sdelete.exe".
|
|
|
-
Executes dropped file "C:\ProgramData\Safe.exe".
|
