#MalwareMustDie!
Checking of \windows\system32 for *.EXE by the Styx Exploit Kit Payload

"16:26:19.9135967","CreateFile","C:\WINDOWS\system32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"16:26:19.9136968","QueryDirectory","C:\WINDOWS\system32\*.exe","SUCCESS","Filter: *.exe, 1: append.exe"
"16:26:19.9138859","QueryDirectory","C:\WINDOWS\system32","SUCCESS","0: arp.exe, 1: asr_ldm.exe, 2: bootok.exe, 3: bootvrfy.exe, 4: chkdsk.exe, 5: chkntfs.exe, 6: cidaemon.exe, 7: ckcnv.exe, 8: comp.exe, 9: compact.exe, 10: control.exe, 11: convert.exe, 12: debug.exe, 13: diskperf.exe, 14: dllhst3g.exe, 15: doskey.exe, 16: drwatson.exe, 17: drwtsn32.exe, 18: dvdplay.exe, 19: edlin.exe, 20: esentutl.exe, 21: eventvwr.exe, 22: exe2bin.exe, 23: expand.exe, 24: fastopen.exe, 25: fc.exe, 26: find.exe, 27: finger.exe, 28: fixmapi.exe, 29: fsutil.exe, 30: gdi.exe, 31: hostname.exe, 32: ipsec6.exe, 33: label.exe"
"16:26:19.9142854","QueryDirectory","C:\WINDOWS\system32","SUCCESS","0: lights.exe, 1: lodctr.exe, 2: lpq.exe, 3: lpr.exe, 4: mem.exe, 5: mountvol.exe, 6: mpnotify.exe, 7: mrinfo.exe, 8: mscdexnt.exe, 9: msswchx.exe, 10: nbtstat.exe, 11: nlsfunc.exe, 12: ntsd.exe, 13: nw16.exe, 14: nwscript.exe, 15: pathping.exe, 16: ping6.exe, 17: print.exe, 18: rasautou.exe, 19: rasdial.exe, 20: recover.exe, 21: gpupdate.exe, 22: regedt32.exe, 23: regwiz.exe, 24: relog.exe, 25: replace.exe, 26: route.exe, 27: routemon.exe, 28: rsm.exe, 29: rsmsink.exe, 30: rsmui.exe, 31: rsopprov.exe, 32: rsvp.exe, 33: runas.exe, 34: sc.exe"
"16:26:19.9146676","QueryDirectory","C:\WINDOWS\system32","SUCCESS","0: setver.exe, 1: sfc.exe, 2: share.exe, 3: sprestrt.exe, 4: subst.exe, 5: syncapp.exe, 6: sysedit.exe, 7: syskey.exe, 8: systray.exe, 9: taskman.exe, 10: tcmsetup.exe, 11: tcpsvcs.exe, 12: tftp.exe, 13: tracert6.exe, 14: typeperf.exe, 15: unlodctr.exe, 16: user.exe, 17: verifier.exe, 18: vssadmin.exe, 19: vwipxspx.exe, 20: w32tm.exe, 21: winhlp32.exe, 22: winmsd.exe, 23: winspool.exe, 24: wowdeb.exe, 25: wowexec.exe, 26: wupdmgr.exe, 27: adddrv.exe, 28: deldrv.exe, 29: msimekey.exe, 30: msimelst.exe, 31: msimergn.exe, 32: msimeset.exe, 33: migpwd.exe"
"16:26:19.9150092","QueryDirectory","C:\WINDOWS\system32","SUCCESS","0: lnkstub.exe, 1: pentnt.exe, 2: usrmlnka.exe, 3: usrprbda.exe, 4: usrshuta.exe, 5: osuninst.exe, 6: smss.exe, 7: autochk.exe, 8: ntvdm.exe, 9: csrss.exe, 10: winlogon.exe, 11: ahui.exe, 12: services.exe, 13: lsass.exe, 14: svchost.exe, 15: spoolsv.exe, 16: userinit.exe, 17: ie4uinit.exe, 18: cmd.exe, 19: rundll32.exe, 20: regsvr32.exe, 21: imapi.exe, 22: ipconfig.exe, 23: msiexec.exe, 24: net.exe, 25: net1.exe, 26: defrag.exe, 27: dfrgfat.exe, 28: dfrgntfs.exe, 29: findstr.exe, 30: notepad.exe, 31: sort.exe, 32: winver.exe, 33: logonui.exe"
"16:26:19.9154528","QueryDirectory","C:\WINDOWS\system32","SUCCESS","0: actmovie.exe, 1: alg.exe, 2: asr_fmt.exe, 3: asr_pfu.exe, 4: at.exe, 5: atmadm.exe, 6: attrib.exe, 7: auditusr.exe, 8: autoconv.exe, 9: autofmt.exe, 10: autolfn.exe, 11: bootcfg.exe, 12: cacls.exe, 13: cipher.exe, 14: cisvc.exe, 15: cleanmgr.exe, 16: cliconfg.exe, 17: clipsrv.exe, 18: cmdl32.exe, 19: cmmon32.exe, 20: cmstp.exe, 21: conime.exe, 22: cscript.exe, 23: ddeshare.exe, 24: diantz.exe, 25: diskpart.exe, 26: dllhost.exe, 27: dmadmin.exe, 28: dmremote.exe, 29: dosx.exe, 30: dplaysvr.exe, 31: dpnsvr.exe, 32: dpvsetup.exe, 33: driverquery.exe"
"16:26:19.9158023","QueryDirectory","C:\WINDOWS\system32","SUCCESS","0: dumprep.exe, 1: dvdupgrd.exe, 2: dxdiag.exe, 3: dwwin.exe, 4: eudcedit.exe, 5: eventcreate.exe, 6: eventtriggers.exe, 7: extrac32.exe, 8: fontview.exe, 9: forcedos.exe, 10: fsquirt.exe, 11: ftp.exe, 12: getmac.exe, 13: gpresult.exe, 14: grpconv.exe, 15: help.exe, 16: netsetup.exe, 17: iexpress.exe, 18: ipv6.exe, 19: ipxroute.exe, 20: locator.exe, 21: logman.exe, 22: magnify.exe, 23: makecab.exe, 24: mmc.exe, 25: mmcperf.exe, 26: mobsync.exe, 27: mqbkup.exe, 28: mqsvc.exe, 29: mqtgsvc.exe, 30: stimon.exe, 31: mshta.exe, 32: napstat.exe, 33: narrator.exe"
"16:26:19.9164655","QueryDirectory","C:\WINDOWS\system32","SUCCESS","0: nddeapir.exe, 1: netdde.exe, 2: netsh.exe, 3: netstat.exe, 4: nslookup.exe, 5: ntbackup.exe, 6: odbcad32.exe, 7: odbcconf.exe, 8: openfiles.exe, 9: osk.exe, 10: packager.exe, 11: perfmon.exe, 12: ping.exe, 13: powercfg.exe, 14: progman.exe, 15: proquota.exe, 16: proxycfg.exe, 17: rasphone.exe, 18: rcimlby.exe, 19: rcp.exe, 20: redir.exe, 21: reg.exe, 22: rexec.exe, 23: rsh.exe, 24: rsnotify.exe, 25: rtcshare.exe, 26: runonce.exe, 27: savedump.exe, 28: scardsvr.exe, 29: schtasks.exe, 30: sdbinst.exe, 31: secedit.exe, 32: sethc.exe, 33: setup.exe"
"16:26:19.9167910","QueryDirectory","C:\WINDOWS\system32","SUCCESS","0: setupn.exe, 1: shmgrate.exe, 2: shrpubw.exe, 3: shutdown.exe, 4: sigverif.exe, 5: skeys.exe, 6: smbinst.exe, 7: smlogsvc.exe, 8: spiisupd.exe, 9: systeminfo.exe, 10: sysocmgr.exe, 11: taskkill.exe, 12: tasklist.exe, 13: taskmgr.exe, 14: telnet.exe, 15: tlntsess.exe, 16: tlntadmn.exe, 17: tlntsvr.exe, 18: tracerpt.exe, 19: tracert.exe, 20: tzchange.exe, 21: upnpcont.exe, 22: ups.exe, 23: utilman.exe, 24: verclsid.exe, 25: vssvc.exe, 26: wextract.exe, 27: wiaacmgr.exe, 28: wpabaln.exe, 29: wpnpinst.exe, 30: wscntfy.exe, 31: wscript.exe, 32: xcopy.exe, 33: ctfmon.exe"
"16:26:19.9172824","CreateFile","C:\WINDOWS\system32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"16:26:19.9173799","QueryDirectory","C:\WINDOWS\system32\*.exe","SUCCESS","Filter: *.exe, 1: append.exe"
"16:26:19.9175548","QueryDirectory","C:\WINDOWS\system32","SUCCESS","0: arp.exe, 1: asr_ldm.exe, 2: bootok.exe, 3: bootvrfy.exe, 4: chkdsk.exe, 5: chkntfs.exe, 6: cidaemon.exe, 7: ckcnv.exe, 8: comp.exe, 9: compact.exe, 10: control.exe, 11: convert.exe, 12: debug.exe, 13: diskperf.exe, 14: dllhst3g.exe, 15: doskey.exe, 16: drwatson.exe, 17: drwtsn32.exe, 18: dvdplay.exe, 19: edlin.exe, 20: esentutl.exe, 21: eventvwr.exe, 22: exe2bin.exe, 23: expand.exe, 24: fastopen.exe, 25: fc.exe, 26: find.exe, 27: finger.exe, 28: fixmapi.exe, 29: fsutil.exe, 30: gdi.exe, 31: hostname.exe, 32: ipsec6.exe, 33: label.exe"
"16:26:19.9179543","QueryDirectory","C:\WINDOWS\system32","SUCCESS","0: lights.exe, 1: lodctr.exe, 2: lpq.exe, 3: lpr.exe, 4: mem.exe, 5: mountvol.exe, 6: mpnotify.exe, 7: mrinfo.exe, 8: mscdexnt.exe, 9: msswchx.exe, 10: nbtstat.exe, 11: nlsfunc.exe, 12: ntsd.exe, 13: nw16.exe, 14: nwscript.exe, 15: pathping.exe, 16: ping6.exe, 17: print.exe, 18: rasautou.exe, 19: rasdial.exe, 20: recover.exe, 21: gpupdate.exe, 22: regedt32.exe, 23: regwiz.exe, 24: relog.exe, 25: replace.exe, 26: route.exe, 27: routemon.exe, 28: rsm.exe, 29: rsmsink.exe, 30: rsmui.exe, 31: rsopprov.exe, 32: rsvp.exe, 33: runas.exe, 34: sc.exe"
"16:26:19.9183345","QueryDirectory","C:\WINDOWS\system32","SUCCESS","0: setver.exe, 1: sfc.exe, 2: share.exe, 3: sprestrt.exe, 4: subst.exe, 5: syncapp.exe, 6: sysedit.exe, 7: syskey.exe, 8: systray.exe, 9: taskman.exe, 10: tcmsetup.exe, 11: tcpsvcs.exe, 12: tftp.exe, 13: tracert6.exe, 14: typeperf.exe, 15: unlodctr.exe, 16: user.exe, 17: verifier.exe, 18: vssadmin.exe, 19: vwipxspx.exe, 20: w32tm.exe, 21: winhlp32.exe, 22: winmsd.exe, 23: winspool.exe, 24: wowdeb.exe, 25: wowexec.exe, 26: wupdmgr.exe, 27: adddrv.exe, 28: deldrv.exe, 29: msimekey.exe, 30: msimelst.exe, 31: msimergn.exe, 32: msimeset.exe, 33: migpwd.exe"
"16:26:19.9186776","QueryDirectory","C:\WINDOWS\system32","SUCCESS","0: lnkstub.exe, 1: pentnt.exe, 2: usrmlnka.exe, 3: usrprbda.exe, 4: usrshuta.exe, 5: osuninst.exe, 6: smss.exe, 7: autochk.exe, 8: ntvdm.exe, 9: csrss.exe, 10: winlogon.exe, 11: ahui.exe, 12: services.exe, 13: lsass.exe, 14: svchost.exe, 15: spoolsv.exe, 16: userinit.exe, 17: ie4uinit.exe, 18: cmd.exe, 19: rundll32.exe, 20: regsvr32.exe, 21: imapi.exe, 22: ipconfig.exe, 23: msiexec.exe, 24: net.exe, 25: net1.exe, 26: defrag.exe, 27: dfrgfat.exe, 28: dfrgntfs.exe, 29: findstr.exe, 30: notepad.exe, 31: sort.exe, 32: winver.exe, 33: logonui.exe"
"16:26:19.9192751","CreateFile","C:\WINDOWS\system32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"16:26:19.9193721","QueryDirectory","C:\WINDOWS\system32\*.exe","SUCCESS","Filter: *.exe, 1: append.exe"
"16:26:19.9195455","QueryDirectory","C:\WINDOWS\system32","SUCCESS","0: arp.exe, 1: asr_ldm.exe, 2: bootok.exe, 3: bootvrfy.exe, 4: chkdsk.exe, 5: chkntfs.exe, 6: cidaemon.exe, 7: ckcnv.exe, 8: comp.exe, 9: compact.exe, 10: control.exe, 11: convert.exe, 12: debug.exe, 13: diskperf.exe, 14: dllhst3g.exe, 15: doskey.exe, 16: drwatson.exe, 17: drwtsn32.exe, 18: dvdplay.exe, 19: edlin.exe, 20: esentutl.exe, 21: eventvwr.exe, 22: exe2bin.exe, 23: expand.exe, 24: fastopen.exe, 25: fc.exe, 26: find.exe, 27: finger.exe, 28: fixmapi.exe, 29: fsutil.exe, 30: gdi.exe, 31: hostname.exe, 32: ipsec6.exe, 33: label.exe"
"16:26:19.9199403","QueryDirectory","C:\WINDOWS\system32","SUCCESS","0: lights.exe, 1: lodctr.exe, 2: lpq.exe, 3: lpr.exe, 4: mem.exe, 5: mountvol.exe, 6: mpnotify.exe, 7: mrinfo.exe, 8: mscdexnt.exe, 9: msswchx.exe, 10: nbtstat.exe, 11: nlsfunc.exe, 12: ntsd.exe, 13: nw16.exe, 14: nwscript.exe, 15: pathping.exe, 16: ping6.exe, 17: print.exe, 18: rasautou.exe, 19: rasdial.exe, 20: recover.exe, 21: gpupdate.exe, 22: regedt32.exe, 23: regwiz.exe, 24: relog.exe, 25: replace.exe, 26: route.exe, 27: routemon.exe, 28: rsm.exe, 29: rsmsink.exe, 30: rsmui.exe, 31: rsopprov.exe, 32: rsvp.exe, 33: runas.exe, 34: sc.exe"
"16:26:19.9203216","QueryDirectory","C:\WINDOWS\system32","SUCCESS","0: setver.exe, 1: sfc.exe, 2: share.exe, 3: sprestrt.exe, 4: subst.exe, 5: syncapp.exe, 6: sysedit.exe, 7: syskey.exe, 8: systray.exe, 9: taskman.exe, 10: tcmsetup.exe, 11: tcpsvcs.exe, 12: tftp.exe, 13: tracert6.exe, 14: typeperf.exe, 15: unlodctr.exe, 16: user.exe, 17: verifier.exe, 18: vssadmin.exe, 19: vwipxspx.exe, 20: w32tm.exe, 21: winhlp32.exe, 22: winmsd.exe, 23: winspool.exe, 24: wowdeb.exe, 25: wowexec.exe, 26: wupdmgr.exe, 27: adddrv.exe, 28: deldrv.exe, 29: msimekey.exe, 30: msimelst.exe, 31: msimergn.exe, 32: msimeset.exe, 33: migpwd.exe"
"16:26:19.9206627","QueryDirectory","C:\WINDOWS\system32","SUCCESS","0: lnkstub.exe, 1: pentnt.exe, 2: usrmlnka.exe, 3: usrprbda.exe, 4: usrshuta.exe, 5: osuninst.exe, 6: smss.exe, 7: autochk.exe, 8: ntvdm.exe, 9: csrss.exe, 10: winlogon.exe, 11: ahui.exe, 12: services.exe, 13: lsass.exe, 14: svchost.exe, 15: spoolsv.exe, 16: userinit.exe, 17: ie4uinit.exe, 18: cmd.exe, 19: rundll32.exe, 20: regsvr32.exe, 21: imapi.exe, 22: ipconfig.exe, 23: msiexec.exe, 24: net.exe, 25: net1.exe, 26: defrag.exe, 27: dfrgfat.exe, 28: dfrgntfs.exe, 29: findstr.exe, 30: notepad.exe, 31: sort.exe, 32: winver.exe, 33: logonui.exe"
"16:26:19.9211041","QueryDirectory","C:\WINDOWS\system32","SUCCESS","0: actmovie.exe, 1: alg.exe, 2: asr_fmt.exe, 3: asr_pfu.exe, 4: at.exe, 5: atmadm.exe, 6: attrib.exe, 7: auditusr.exe, 8: autoconv.exe, 9: autofmt.exe, 10: autolfn.exe, 11: bootcfg.exe, 12: cacls.exe, 13: cipher.exe, 14: cisvc.exe, 15: cleanmgr.exe, 16: cliconfg.exe, 17: clipsrv.exe, 18: cmdl32.exe, 19: cmmon32.exe, 20: cmstp.exe, 21: conime.exe, 22: cscript.exe, 23: ddeshare.exe, 24: diantz.exe, 25: diskpart.exe, 26: dllhost.exe, 27: dmadmin.exe, 28: dmremote.exe, 29: dosx.exe, 30: dplaysvr.exe, 31: dpnsvr.exe, 32: dpvsetup.exe, 33: driverquery.exe"
"16:26:19.9214539","QueryDirectory","C:\WINDOWS\system32","SUCCESS","0: dumprep.exe, 1: dvdupgrd.exe, 2: dxdiag.exe, 3: dwwin.exe, 4: eudcedit.exe, 5: eventcreate.exe, 6: eventtriggers.exe, 7: extrac32.exe, 8: fontview.exe, 9: forcedos.exe, 10: fsquirt.exe, 11: ftp.exe, 12: getmac.exe, 13: gpresult.exe, 14: grpconv.exe, 15: help.exe, 16: netsetup.exe, 17: iexpress.exe, 18: ipv6.exe, 19: ipxroute.exe, 20: locator.exe, 21: logman.exe, 22: magnify.exe, 23: makecab.exe, 24: mmc.exe, 25: mmcperf.exe, 26: mobsync.exe, 27: mqbkup.exe, 28: mqsvc.exe, 29: mqtgsvc.exe, 30: stimon.exe, 31: mshta.exe, 32: napstat.exe, 33: narrator.exe"
"16:26:19.9219162","QueryDirectory","C:\WINDOWS\system32","SUCCESS","0: nddeapir.exe, 1: netdde.exe, 2: netsh.exe, 3: netstat.exe, 4: nslookup.exe, 5: ntbackup.exe, 6: odbcad32.exe, 7: odbcconf.exe, 8: openfiles.exe, 9: osk.exe, 10: packager.exe, 11: perfmon.exe, 12: ping.exe, 13: powercfg.exe, 14: progman.exe, 15: proquota.exe, 16: proxycfg.exe, 17: rasphone.exe, 18: rcimlby.exe, 19: rcp.exe, 20: redir.exe, 21: reg.exe, 22: rexec.exe, 23: rsh.exe, 24: rsnotify.exe, 25: rtcshare.exe, 26: runonce.exe, 27: savedump.exe, 28: scardsvr.exe, 29: schtasks.exe, 30: sdbinst.exe, 31: secedit.exe, 32: sethc.exe, 33: setup.exe"
"16:26:19.9224141","CreateFile","C:\WINDOWS\system32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"16:26:19.9225102","QueryDirectory","C:\WINDOWS\system32\*.exe","SUCCESS","Filter: *.exe, 1: append.exe"
"16:26:19.9226842","QueryDirectory","C:\WINDOWS\system32","SUCCESS","0: arp.exe, 1: asr_ldm.exe, 2: bootok.exe, 3: bootvrfy.exe, 4: chkdsk.exe, 5: chkntfs.exe, 6: cidaemon.exe, 7: ckcnv.exe, 8: comp.exe, 9: compact.exe, 10: control.exe, 11: convert.exe, 12: debug.exe, 13: diskperf.exe, 14: dllhst3g.exe, 15: doskey.exe, 16: drwatson.exe, 17: drwtsn32.exe, 18: dvdplay.exe, 19: edlin.exe, 20: esentutl.exe, 21: eventvwr.exe, 22: exe2bin.exe, 23: expand.exe, 24: fastopen.exe, 25: fc.exe, 26: find.exe, 27: finger.exe, 28: fixmapi.exe, 29: fsutil.exe, 30: gdi.exe, 31: hostname.exe, 32: ipsec6.exe, 33: label.exe"
"16:26:19.9230977","QueryDirectory","C:\WINDOWS\system32","SUCCESS","0: lights.exe, 1: lodctr.exe, 2: lpq.exe, 3: lpr.exe, 4: mem.exe, 5: mountvol.exe, 6: mpnotify.exe, 7: mrinfo.exe, 8: mscdexnt.exe, 9: msswchx.exe, 10: nbtstat.exe, 11: nlsfunc.exe, 12: ntsd.exe, 13: nw16.exe, 14: nwscript.exe, 15: pathping.exe, 16: ping6.exe, 17: print.exe, 18: rasautou.exe, 19: rasdial.exe, 20: recover.exe, 21: gpupdate.exe, 22: regedt32.exe, 23: regwiz.exe, 24: relog.exe, 25: replace.exe, 26: route.exe, 27: routemon.exe, 28: rsm.exe, 29: rsmsink.exe, 30: rsmui.exe, 31: rsopprov.exe, 32: rsvp.exe, 33: runas.exe, 34: sc.exe"
"16:26:19.9234829","QueryDirectory","C:\WINDOWS\system32","SUCCESS","0: setver.exe, 1: sfc.exe, 2: share.exe, 3: sprestrt.exe, 4: subst.exe, 5: syncapp.exe, 6: sysedit.exe, 7: syskey.exe, 8: systray.exe, 9: taskman.exe, 10: tcmsetup.exe, 11: tcpsvcs.exe, 12: tftp.exe, 13: tracert6.exe, 14: typeperf.exe, 15: unlodctr.exe, 16: user.exe, 17: verifier.exe, 18: vssadmin.exe, 19: vwipxspx.exe, 20: w32tm.exe, 21: winhlp32.exe, 22: winmsd.exe, 23: winspool.exe, 24: wowdeb.exe, 25: wowexec.exe, 26: wupdmgr.exe, 27: adddrv.exe, 28: deldrv.exe, 29: msimekey.exe, 30: msimelst.exe, 31: msimergn.exe, 32: msimeset.exe, 33: migpwd.exe"
"16:26:19.9238254","QueryDirectory","C:\WINDOWS\system32","SUCCESS","0: lnkstub.exe, 1: pentnt.exe, 2: usrmlnka.exe, 3: usrprbda.exe, 4: usrshuta.exe, 5: osuninst.exe, 6: smss.exe, 7: autochk.exe, 8: ntvdm.exe, 9: csrss.exe, 10: winlogon.exe, 11: ahui.exe, 12: services.exe, 13: lsass.exe, 14: svchost.exe, 15: spoolsv.exe, 16: userinit.exe, 17: ie4uinit.exe, 18: cmd.exe, 19: rundll32.exe, 20: regsvr32.exe, 21: imapi.exe, 22: ipconfig.exe, 23: msiexec.exe, 24: net.exe, 25: net1.exe, 26: defrag.exe, 27: dfrgfat.exe, 28: dfrgntfs.exe, 29: findstr.exe, 30: notepad.exe, 31: sort.exe, 32: winver.exe, 33: logonui.exe"
"16:26:19.9242679","QueryDirectory","C:\WINDOWS\system32","SUCCESS","0: actmovie.exe, 1: alg.exe, 2: asr_fmt.exe, 3: asr_pfu.exe, 4: at.exe, 5: atmadm.exe, 6: attrib.exe, 7: auditusr.exe, 8: autoconv.exe, 9: autofmt.exe, 10: autolfn.exe, 11: bootcfg.exe, 12: cacls.exe, 13: cipher.exe, 14: cisvc.exe, 15: cleanmgr.exe, 16: cliconfg.exe, 17: clipsrv.exe, 18: cmdl32.exe, 19: cmmon32.exe, 20: cmstp.exe, 21: conime.exe, 22: cscript.exe, 23: ddeshare.exe, 24: diantz.exe, 25: diskpart.exe, 26: dllhost.exe, 27: dmadmin.exe, 28: dmremote.exe, 29: dosx.exe, 30: dplaysvr.exe, 31: dpnsvr.exe, 32: dpvsetup.exe, 33: driverquery.exe"
"16:26:19.9255505","QueryDirectory","C:\WINDOWS\system32","SUCCESS","0: dumprep.exe, 1: dvdupgrd.exe, 2: dxdiag.exe, 3: dwwin.exe, 4: eudcedit.exe, 5: eventcreate.exe, 6: eventtriggers.exe, 7: extrac32.exe, 8: fontview.exe, 9: forcedos.exe, 10: fsquirt.exe, 11: ftp.exe, 12: getmac.exe, 13: gpresult.exe, 14: grpconv.exe, 15: help.exe, 16: netsetup.exe, 17: iexpress.exe, 18: ipv6.exe, 19: ipxroute.exe, 20: locator.exe, 21: logman.exe, 22: magnify.exe, 23: makecab.exe, 24: mmc.exe, 25: mmcperf.exe, 26: mobsync.exe, 27: mqbkup.exe, 28: mqsvc.exe, 29: mqtgsvc.exe, 30: stimon.exe, 31: mshta.exe, 32: napstat.exe, 33: narrator.exe"
"16:26:19.9260145","QueryDirectory","C:\WINDOWS\system32","SUCCESS","0: nddeapir.exe, 1: netdde.exe, 2: netsh.exe, 3: netstat.exe, 4: nslookup.exe, 5: ntbackup.exe, 6: odbcad32.exe, 7: odbcconf.exe, 8: openfiles.exe, 9: osk.exe, 10: packager.exe, 11: perfmon.exe, 12: ping.exe, 13: powercfg.exe, 14: progman.exe, 15: proquota.exe, 16: proxycfg.exe, 17: rasphone.exe, 18: rcimlby.exe, 19: rcp.exe, 20: redir.exe, 21: reg.exe, 22: rexec.exe, 23: rsh.exe, 24: rsnotify.exe, 25: rtcshare.exe, 26: runonce.exe, 27: savedump.exe, 28: scardsvr.exe, 29: schtasks.exe, 30: sdbinst.exe, 31: secedit.exe, 32: sethc.exe, 33: setup.exe"
"16:26:19.9263372","QueryDirectory","C:\WINDOWS\system32","SUCCESS","0: setupn.exe, 1: shmgrate.exe, 2: shrpubw.exe, 3: shutdown.exe, 4: sigverif.exe, 5: skeys.exe, 6: smbinst.exe, 7: smlogsvc.exe, 8: spiisupd.exe, 9: systeminfo.exe, 10: sysocmgr.exe, 11: taskkill.exe, 12: tasklist.exe, 13: taskmgr.exe, 14: telnet.exe, 15: tlntsess.exe, 16: tlntadmn.exe, 17: tlntsvr.exe, 18: tracerpt.exe, 19: tracert.exe, 20: tzchange.exe, 21: upnpcont.exe, 22: ups.exe, 23: utilman.exe, 24: verclsid.exe, 25: vssvc.exe, 26: wextract.exe, 27: wiaacmgr.exe, 28: wpabaln.exe, 29: wpnpinst.exe, 30: wscntfy.exe, 31: wscript.exe, 32: xcopy.exe, 33: ctfmon.exe"
---
#MalwareMustDie!