App Check- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files\Common Files\Services\verisign.bmp,,Restoration Failed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files (x86)\Common Files\Services\verisign.bmp,,Restoration Failed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Windows\searchfiles.exe,,Removed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Windows\ncler.txt,,Removed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files (x86)\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Users\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files\Bandizip\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files (x86)\Internet Download Manager\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files (x86)\Internet Explorer\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files (x86)\Internet Download Manager\defexclist.txt,,Restored,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files (x86)\Internet Download Manager\defexclist.txt.[ID]-IKv7+XEVkydb4X2[ID],,Removed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files\Internet Explorer\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files (x86)\Internet Download Manager\defexclist.txt,,Restored,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files (x86)\Windows Mail\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files (x86)\Windows Media Player\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files (x86)\Windows Multimedia Platform\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files (x86)\Windows Photo Viewer\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files\Windows Defender Advanced Threat Protection\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files (x86)\Windows Portable Devices\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files\Windows Mail\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files\Windows Media Player\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files\Windows Multimedia Platform\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files\Windows Portable Devices\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files\Windows Photo Viewer\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Recovery\WindowsRE\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files\Common Files\Services\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files\Common Files\Services\verisign.bmp.[ID]-IKv7+XEVkydb4X2[ID],,Removed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Users\Public\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files (x86)\Common Files\Services\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files (x86)\Common Files\Services\verisign.bmp.[ID]-IKv7+XEVkydb4X2[ID],,Removed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files (x86)\Internet Explorer\en-US\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files (x86)\Microsoft.NET\RedistList\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files\Internet Explorer\en-US\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files\Internet Explorer\images\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files\Internet Explorer\SIGNUP\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Internet Explorer\zh-CN\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Windows Media Player\Media Renderer\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Windows Media Player\Skins\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Windows Defender\zh-CN\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Windows Media Player\zh-CN\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\VMware\VMware Tools\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Windows NT\TableTextService\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Windows NT\Accessories\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Windows Defender Advanced Threat Protection\Classification\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Windows Defender\Offline\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Internet Download Manager\IDM Backup Manager\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Windows Photo Viewer\zh-CN\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Windows Defender Advanced Threat Protection\zh-CN\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Windows Defender\zh-CN\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Windows Media Player\Media Renderer\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Windows Media Player\Skins\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Windows NT\Accessories\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Windows NT\TableTextService\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Windows Media Player\Network Sharing\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Windows Media Player\zh-CN\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Windows Photo Viewer\zh-CN\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Windows Security\BrowserCore\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\ProgramData\regid.1991-06.com.microsoft\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\ProgramData\VMware\logs\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Users\Public\Desktop\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Users\Public\AccountPictures\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Users\Public\Desktop\Bandizip.lnk,,Restored,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Users\Public\Desktop\Bandizip.lnk.[ID]-IKv7+XEVkydb4X2[ID],,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Common Files\System\ado\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Windows NT\Accessories\zh-CN\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Windows NT\TableTextService\zh-CN\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Windows NT\Accessories\zh-CN\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Windows NT\TableTextService\zh-CN\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Windows Security\BrowserCore\en-US\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\ProgramData\Microsoft\AppV\Setup\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\ProgramData\Microsoft\Diagnosis\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\ProgramData\Microsoft\MF\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Users\virus\3D Objects\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Common Files\System\ado\zh-CN\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Users\Public\Desktop\Bandizip.lnk,,Restored,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\ProgramData\Microsoft\Crypto\SystemKeys\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Microsoft\EdgeUpdate\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Common Files\System\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\ProgramData\Microsoft\DiagnosticLogCSP\Collectors\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\ProgramData\Microsoft\EdgeUpdate\Log\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\ProgramData\Microsoft\Diagnosis\ScenariosSqlStore\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\ProgramData\VMware\VMware Tools\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\ProgramData\VMware\VMware Tools\manifest.txt,,Restored,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\ProgramData\VMware\VMware Tools\manifest.txt.[ID]-IKv7+XEVkydb4X2[ID],,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\ProgramData\VMware\VMware Tools\manifest.txt,,Restored,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\ProgramData\VMware\VMware VGAuth\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\zh-CN\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\Internet Explorer\SIGNUP\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\Internet Explorer\zh-CN\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Users\Public\Documents\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Users\Public\Downloads\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Users\Public\Pictures\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Users\Public\Music\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Users\Public\Libraries\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Users\Public\Videos\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.121.21\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Users\Public\Desktop\Microsoft Edge.lnk,,Restored,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Users\Public\Desktop\Microsoft Edge.lnk.[ID]-IKv7+XEVkydb4X2[ID],,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Users\Public\Desktop\Microsoft Edge.lnk,,Restored,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\Common Files\System\msadc\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\Common Files\System\Ole DB\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files\Bandizip\data\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files\Bandizip\data\ArkLicense.txt,,Restored,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files\Bandizip\data\ArkLicense.txt.[ID]-IKv7+XEVkydb4X2[ID],,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files\Bandizip\data\ArkLicense.txt,,Restored,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files\Bandizip\data\EULA.rtf,,Restored,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files\Bandizip\data\EULA.rtf.[ID]-IKv7+XEVkydb4X2[ID],,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files\Bandizip\data\EULA.rtf,,Restored,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files\VMware\VMware Tools\open_source_licenses.txt,,Restored,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files\VMware\VMware Tools\open_source_licenses.txt.[ID]-IKv7+XEVkydb4X2[ID],,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files\VMware\VMware Tools\open_source_licenses.txt,,Restored,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\ProgramData\VMware\VMware Tools\Unity Filters\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\ProgramData\VMware\VMware Tools\Unity Filters\Adobe{过}{滤}Flashcs3.txt,,Restored,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\ProgramData\VMware\VMware Tools\Unity Filters\Adobe{过}{滤}Flashcs3.txt.[ID]-IKv7+XEVkydb4X2[ID],,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\ProgramData\USOShared\Logs\User\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Comprehensive\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Simple\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\zh-CHS\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\zh-CHS\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\zh-CHS\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\Microsoft\Edge\Application\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\ProgramData\VMware\RawdskCompatibility\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\zh-CN\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Users\virus\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\zh-CN\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\Common Files\System\Ole DB\zh-CN\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\Internet Download Manager\tips.txt,,Restored,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\Internet Download Manager\tips.txt.[ID]-IKv7+XEVkydb4X2[ID],,Removed,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\Internet Download Manager\tips.txt,,Restored,RansomGuard
- 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\ProgramData\VMware\VMware Tools\Unity Filters\Adobe{过}{滤}Flashcs3.txt,,Restored,RansomGuard
- 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\ProgramData\VMware\VMware Tools\Unity Filters\adobephotoshopcs3.txt,,Restored,RansomGuard
- 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\ProgramData\VMware\VMware Tools\Unity Filters\adobephotoshopcs3.txt.[ID]-IKv7+XEVkydb4X2[ID],,Removed,RansomGuard
- 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\ProgramData\VMware\VMware Tools\Unity Filters\adobephotoshopcs3.txt,,Restored,RansomGuard
- 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\ProgramData\Microsoft\SmsRouter\MessageStore\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\ProgramData\Microsoft\Network\Downloader\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\ProgramData\Microsoft\IdentityCRL\INT\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:07 下午,Ransomware Behavior Detected,File,C:\Users\virus\Downloads\searchfiles.exe,bb8b076e29b4441390d282f66d7f6851,Blocked,RansomGuard
- 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Users\virus\Documents\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\ProgramData\kingsoft\office6\mtfont\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Program Files (x86)\Internet Download Manager\Toolbar\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Program Files (x86)\Internet Download Manager\Sounds\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Program Files\VMware\VMware Tools\plugins\vmusr\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Program Files\VMware\VMware Tools\plugins\common\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Program Files\VMware\VMware Tools\messages\de\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Program Files\VMware\VMware Tools\plugins\vmsvc\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Program Files (x86)\Internet Download Manager\Languages\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Program Files\Common Files\microsoft shared\MSInfo\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Program Files\Common Files\microsoft shared\ink\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Users\virus\Music\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Users\virus\Links\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Users\virus\Downloads\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Users\virus\Favorites\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Users\virus\Desktop\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Users\virus\Contacts\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Program Files (x86)\Microsoft\Edge\Application\80.0.361.109\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Program Files\Common Files\VMware\InstallerCache\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Program Files (x86)\Common Files\System\zh-CN\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\zh-HANS\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Simple\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Comprehensive\Decoding help.hta,,Removed,RansomGuard
- 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Program Files\VMware\VMware Tools\VMware VGAuth\Decoding help.hta,,Removed,RansomGuard
复制代码 |